none
Logon script does not run with elevated rights

    Question

  • Hi, all,

    I am using Win 2008 R2 as domain and Win7 x64 SP1 as clients.

    I have assigned logon script for specific user with local admin rights (Profile tab from Properties of user). And when my user logs on, he can see "Access denied" error. I tried to use VBS and cmd scripts.

    Script is just to copy files from share source folder to %public%\desktop location. I've check if my user can run scripts with no errors, if I use "run as admin" option script works as expected.

    Please advise.

    Monday, July 04, 2011 9:34 AM

Answers

  • Hi,

     

    I suggest you use Process Monitor to trace any trouble encountered when applying the logon script. Refer to:

     

    First, please log on with the administrator account, take the following steps:

     

    1. Visit the following Web site: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx  

    2. Click Download Process Monitor, and then click Save to save the package to the hard disk.

    3. Open the folder where you saved the downloaded file. Right-click the file, and then click Extract All.

    4. Select to extract the contents of the tool to "this folder," and then click Extract.

    5. After the contents is extracted, double-click the Procmon file to start Process Monitor.

     

    6. Use the “Switch user” option, log on with the problematic user account. Then, the access denied error will appear. Log off and log back to the administrator account.

     

    7. Go to the Process Monitor window, and then click the microscope icon in the toolbar to stop the capture.

     

    Any clues?

     

    Thanks.

    Nina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, July 11, 2011 6:54 AM

All replies

  • Hi,

     

    Please take the following suggestion on one Windows 7 client first to help narrow down the issue:

     

    1. Click Start, type regedit in the Start Search box, and then press Enter.

    2. Locate and then right-click the following registry subkey:

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

     

    3. Point to New, and then click DWORD Value.

    4. Type EnableLinkedConnections, and then press Enter.

    5. Right-click EnableLinkedConnections, and then click Modify.

    6. In the Value data box, type 1, and then click OK.

    7. Exit Registry Editor, and then restart the computer to check the results.

     

    For more information, please refer to the following links:

     

    Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or in Windows 7

    http://support.microsoft.com/kb/937624/en-us   

     

    Deploying Group Policy Using Windows Vista

    http://technet.microsoft.com/en-us/library/cc766208(WS.10).aspx   

     

    Thanks.

    Nina
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, July 05, 2011 6:59 AM
  • @Nina:
    Thanks for your help, but I have the same after changes: access is denied. 
    Tuesday, July 05, 2011 7:59 AM
  • Any ideas? Anyone?
    Wednesday, July 06, 2011 4:13 PM
  • Hi,

    Can you ask that user to run the script manually?

    If it runs properly then ckeck the permission on the script in GPO

     


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, July 07, 2011 7:06 AM
  • Hi,

     

    I suggest you use Process Monitor to trace any trouble encountered when applying the logon script. Refer to:

     

    First, please log on with the administrator account, take the following steps:

     

    1. Visit the following Web site: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx  

    2. Click Download Process Monitor, and then click Save to save the package to the hard disk.

    3. Open the folder where you saved the downloaded file. Right-click the file, and then click Extract All.

    4. Select to extract the contents of the tool to "this folder," and then click Extract.

    5. After the contents is extracted, double-click the Procmon file to start Process Monitor.

     

    6. Use the “Switch user” option, log on with the problematic user account. Then, the access denied error will appear. Log off and log back to the administrator account.

     

    7. Go to the Process Monitor window, and then click the microscope icon in the toolbar to stop the capture.

     

    Any clues?

     

    Thanks.

    Nina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, July 11, 2011 6:54 AM