Announcement

Collapse
No announcement yet.

Create script to install script in scripts\startup in gpedit

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Create script to install script in scripts\startup in gpedit

    can or how do you create a script that i could run that would install a script in local computer policy\windows setting\scripts\startup?


    i have a script installed on startup to map a drive

    net use A: \\xx.x.xx.xx\xxxx and it works, just don't want to go to each computer and go to gpedit etc.etc.etc.

    None of the computers are on a domain.

  • #2
    Re: Create script to install script in scripts\startup in gpedit

    If your PCs aren't domain members, there's no central security authority they all talk to, so you'd have to log into each machine at any rate, even using RDP with the target PC's admin creds.

    How many machines are you talking about? For applying the same setting to multiple machines like this, create the desired policy on one machine, then export that machine's policy as a template (*.inf file) and then import that to each target machine. But the import would have to be done under admin authority on each target.

    You could try using PSExec to run the 'secedit' command on each PC in turn. PSExec is one of a collection of tools from Microsoft when they bought SysInternals. There's lots of info thru Google about how to use it for remote code execution.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: Create script to install script in scripts\startup in gpedit

      it might help if i mention that i'm talking about a terminal server that is part of a domain Sorry about that.
      what i meant to say was that none of the computers are part of a domain, they log into ts's.

      So if a ts client log's in, a script would run only on that clients computer. if i wanted multiple clients with the same script, i assume i would have to have those users to be part of a group.

      Comment


      • #4
        Re: Create script to install script in scripts\startup in gpedit

        It would make more sense to say that this script would run only when someone logs into the TS, right? But should it be running on the remote host or the Term Server itself?

        Or permanently set up the A: net path to a particular share from the TS point of view?

        Not sure what you're ultimately trying to do with the script. TS can be set to attach the drives physically present on the remote host's PC into the remote user's TS session--RDP does it all the time if you want it to.
        *RicklesP*
        MSCA (2003/XP), Security+, CCNA

        ** Remember: credit where credit is due, and reputation points as appropriate **

        Comment


        • #5
          Re: Create script to install script in scripts\startup in gpedit

          sorry for the confusion, if i have 25 users, but split up into diffrent OU'S, and i wanted to run a script for 10 of those 25 users that are spread across those OU'S, could and how would i do that?

          Comment


          • #6
            Re: Create script to install script in scripts\startup in gpedit

            You have users in a domain structure in different OU's, logging into a Terminal Server from non-domain PCs, and you want a particular script to run on those non-domain PCs based on who the user is (domain group or OU membership)? And you want to set this up in such a way so as not to have to configure each client PC individually? Am I understanding that correctly?

            Ultimately, if your PCs are not domain members, Group Policy won't help you. You may get away with giving the TS local admin rights on each client PC to push the script, but you'd still have to log onto each PC in turn to set that up. Maybe copying the script to a location on each client before a session login might help as well so no copy is needed, but there's still the ultimate problem of executing the code when the domain-centric policy says to, on a device that doesn't recognize the authority of that policy.

            The most certain way I can think of to enforce it is to set up a policy on each client, such that a script runs at each logon, compares the username against a predefined list and executes your script on a match. But on the client PCs I'm guessing the local security is such that it's too easy for that to be altered. And if the groups or names change, that's every client to be updated each time.

            All hail AD!

            Sorry I can't offer a rosier picture, but if someone else has a way to solve this, it's gone beyond me.
            *RicklesP*
            MSCA (2003/XP), Security+, CCNA

            ** Remember: credit where credit is due, and reputation points as appropriate **

            Comment


            • #7
              Re: Create script to install script in scripts\startup in gpedit

              no, the terminal server is part of a domain, that is controlled by active directory. i would like a script to run for certain users on their terminal server profile.

              Comment


              • #8
                Re: Create script to install script in scripts\startup in gpedit

                Two notes,
                Firstly, when you have configured a script to run during startup of the server it will run when the computer(s) starts. That is before any user can log in and therefore it can never set to run or don't run depending on who is logging on.
                Secondly, you cannot map a drive with a start up script.
                For both you'll need a user log-on script


                If you insist on using a local policy on the terminal server(s), then configure it a a user logon script. Then, either configure the acl on the script file or on the script's folder, so that only the specific users can Read the script. Or... write a condition in the script code, so the script will continue only if it matches one of the selected users.

                Else, use a GPO instead of local policy,
                Create a GPO and enable 'Loopback processing of Group Policy'. Then configure the script to run as a user logon script.
                Then, either configure the security filter on the gpo. Or... write a condition in the script code, so the script will continue only if it matches one of the selected users.




                Originally posted by Kobe 310 View Post
                i have a script installed on startup to map a drive
                Code:
                net use A: \\xx.x.xx.xx\xxxx
                and it works, just don't want to go to each computer and go to gpedit etc.etc.etc.
                Did you configured this test on the desktop (which is not a domain member) or on the server (which is a domain member)??? You do want the drive mapping to show up in the rdp/ica session on the server or maybe I didn't understand what you try to accomplish and for what special reason.
                If the drive should be mapped on the local computer, use the 'All Users' 'Startup'-folder (location on a Windows 7 computer: %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup). And set Read permisions on the shortcut or file only for the specific users. (you can use a setup script for easy installation on the workgroup computers. The script can copy the batch, create local groups and add local accounts to the group and set the acl.


                /Rems
                Last edited by Rems; 17th April 2012, 18:23.

                This posting is provided "AS IS" with no warranties, and confers no rights.

                __________________

                ** Remember to give credit where credit's due **
                and leave Reputation Points for meaningful posts

                Comment

                Working...
                X