none
Run a logon script as administrator for standard domain users RRS feed

  • Question

  • Hi all

    I am trying a to run a batch script as administrator using GPO (User configuration > Windows settings > Logon) and have been unsuccessful. I have also tried to run the script as a startup script and have failed. I require this batch script to run as administrator for standard domain users, is this possible?

    Thanks 

    Thursday, June 29, 2017 11:55 AM

Answers

  • I am trying a to run a batch script as administrator using GPO (User configuration > Windows settings > Logon) and have been unsuccessful. I have also tried to run the script as a startup script and have failed. I require this batch script to run as administrator for standard domain users, is this possible?

    No, that is not possible. This is because a logon script runs as the user and not elevated. This is by design.


    -- Bill Stewart [Bill_Stewart]

    Thursday, June 29, 2017 2:44 PM
    Moderator

All replies

  • Hey moe

    If I want to run a script, I would do it with the task scheduler and run it at logon. For me, it's the easiest way. 

    Regards
    Fahiko

    Thursday, June 29, 2017 12:04 PM
  • Logon scripts cannot be elevated.  Only an admin can elevate a script.

    It would be better if you said what the scrip needs to do that requires admin privileges.  Most things can be done by GP once you know what it is you are trying to do.


    \_(ツ)_/


    • Edited by jrv Thursday, June 29, 2017 12:12 PM
    Thursday, June 29, 2017 12:11 PM
  • Hi

    I am trying to run a batch script vaccine for the new NotPetya ransomware outbreak. The batch script creates some files in the Windows directory which requires elevated privileges. I have to do this for over a 1000 workstations! Details are in the article below:

    https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

    Thank you 

    Thursday, June 29, 2017 12:32 PM
  • Note also that the latest release of the MS security notification verifies that the March Windows patch also covers the Petya variant. You do not need any other inoculations.

    See: https://blogs.technet.microsoft.com/msrc/2017/06/28/update-on-petya-malware-attacks/


    \_(ツ)_/

    Thursday, June 29, 2017 12:56 PM
  • I will also note that advanced behaviors I  the "Petya" varieties seem to make this "vaccine" useless in preventing distribution.  The MS patch blocks the protocol hole that it uses.


    \_(ツ)_/

    Thursday, June 29, 2017 1:01 PM
  • I am trying a to run a batch script as administrator using GPO (User configuration > Windows settings > Logon) and have been unsuccessful. I have also tried to run the script as a startup script and have failed. I require this batch script to run as administrator for standard domain users, is this possible?

    No, that is not possible. This is because a logon script runs as the user and not elevated. This is by design.


    -- Bill Stewart [Bill_Stewart]

    Thursday, June 29, 2017 2:44 PM
    Moderator