locked
Batch file RRS feed

  • Question

  • Hi to all

    i want help to run a batch file with this command IPCONFIG /REGISTERDNS
    this batch file have to running in user login by group policy but give me this error

    The requested operation requires elevation.

    what do i?

    Wednesday, February 12, 2014 10:37 PM

Answers

  • No one would ever recommend storing a privileged account and it's password in plain text.  ESPECIALLY a domain account.  

    If you're doing this, why bother with a 'V3ry_H87d_P8$w0rd'?  It's plain text.  Complexity is worthless.

    You can accomplish the same thing through a scheduled task.  The task runs elevated, with a privileged account.  It can open CMD and run a command. 

    The same thing as what you're recommending, but secure.


    - Chris Ream -

    **Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**


    Wednesday, February 19, 2014 2:37 AM

All replies

  • You can set it as a scheduled task to kick off on user logon.  The scheduled task can be enabled to run with high privledges possible (aka UAC).

    Are your clients using DHCP or are they all static?  This should be happening automatically.  If you're having to manually do this, you have some other issue going on that you should check into.


    - Chris Ream -

    **Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**

    Wednesday, February 12, 2014 10:45 PM
  • Please check, user must have permission to run the batch file.



    Regards, Damodar


    Thursday, February 13, 2014 4:39 AM
  • Thanks

    your Solution dont working(permission error)

    Friday, February 14, 2014 7:16 AM
  • You can not have a mass batch that requires an elevated CMD Prompt. This would require administrator privileges. In order to run and administrative level CMD you must type a username and password, which can not be added into a batch file.
    Saturday, February 15, 2014 6:11 PM
  • This can be done but you have to create a scheduled task, with the box for elevation checked, and the account used to launch the task has to be an administrator of the local box.

    I'm curious about what your real goal is.  IPCONFIG /registerdns isn't something you need to run from every workstation all the time.

    What's the real issue?


    - Chris Ream -

    **Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**

    Saturday, February 15, 2014 7:00 PM
  • He is attempting to launch this via GPO. I do not believe there is a GPO that allows for an elevated batch script.

    -SMeier

    Saturday, February 15, 2014 7:13 PM
  • I see.  

    So when making this a computer start up script (not user logon script), he's getting errors?  It should be starting as system.  Where are the error logs showing?


    - Chris Ream -

    **Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**

    Saturday, February 15, 2014 7:32 PM
  • I'm not sure i am waiting for a response to yours, due to the fact that like you said this should go automatically registering dns. If its not he has much larger issues. Primarily with the DNS server if this is all of the PC on his network.

    -SMeier

    Saturday, February 15, 2014 7:41 PM
  • It's not the most secure way, but it works. Make a new AD account with higher access, and run this as a bat script.

    RUNAS /userD:DOMAIN\Username /passwordD:V3ry_H87d_P8$$w0rd cmd

    ipconfig /REGISTERDNS

    and run this on logon. It may work, it may not as I have had different experiences with this.

    Let me know if it works.

    Ed

    • Proposed as answer by Edward Goodall Tuesday, February 18, 2014 6:26 PM
    Tuesday, February 18, 2014 6:26 PM
  • No one would ever recommend storing a privileged account and it's password in plain text.  ESPECIALLY a domain account.  

    If you're doing this, why bother with a 'V3ry_H87d_P8$w0rd'?  It's plain text.  Complexity is worthless.

    You can accomplish the same thing through a scheduled task.  The task runs elevated, with a privileged account.  It can open CMD and run a command. 

    The same thing as what you're recommending, but secure.


    - Chris Ream -

    **Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**


    Wednesday, February 19, 2014 2:37 AM
  • That password was just in my clipboard so it was just easy to put in. I've always done it like that but put settings on the account so it can't be used to login. Your idea sounds better and secure though!
    Thursday, February 20, 2014 9:25 AM