1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Running a logon script using admin rights

Discussion in 'Networking' started by Jeckler, Feb 6, 2005.

Thread Status:
Not open for further replies.
  1. Jeckler

    Jeckler Thread Starter

    Jun 1, 2001
    I'm currently tasked to run a registry command to update domain suffix search orders so that a certain server can resolve correctly. I want to be able to automate the process through the domain logon script. I've been doing onesy-twosy's to make sure the command works, so now we want to deploy it across the campus. The users do not have admin rights on their machines. I have close to 180 machines to update.
    What I've been using is psexec to run the command from my workstation, using a domain admin account to ensure it runs correctly. I'm not 100% sure this will work on their machines through the logon script, since it will run on their local machine, using a domain account, back to their local machine. I've been looking at using RUNAS instead. What I'll do is create a temp domain account with admin priviledges, but no password, and use it to run the command.
    My real question is on how to properly use RUNAS. Comand line options are:

    RUNAS [/profile] [/env] [/netonly] /user:<UserName> program

    /profile if the user's profile needs to be loaded
    /env to use current environment instead of user's.
    /netonly use if the credentials specified are for remote access only.
    /user <UserName> should be in form [email protected] or DOMAIN\USER
    program command line for EXE. See below for examples

    > runas /profile /user:mymachine\administrator cmd
    > runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
    > runas /env /user:[email protected] "notepad \"my file.txt\""

    NOTE: Enter user's password only when prompted.
    NOTE: [email protected] is not compatible with /netonly.
    Since I'm not using a password, the first NOTE: is irrelevant for my needs. And I don't think /netlonly applies. However, I'm not sure what environment I should run it in. The command I want to run is:
    REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SearchList /t REG_SZ /d xxx.com,yyy.com,zzz.com /f

    Since I'm adding it to local machine, I'm thinking I can use the /env switch. So, my command would be thus:
    RUNAS /env /user:domain\dnsadd REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SearchList /t REG_SZ /d xxx.com,yyy.com,zzz.com /f

    Does anybody have any other suggestions for what I'm doing? Or does this look like it'll work.

    Thanks, Andy
  2. squidboy


    Dec 29, 2004
    It appears sound. How do you currently deploy apps? SMS, or visit each workstation, or something else? I ask because that might prove useful. If you package an .MSI it can temporarily elevate permissions to accomplish this task.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Similar Threads - Running logon script
  1. ODucks
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/327294

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice