FW: user logon script context....
- From: Murad Talukdar <talukdar_m@xxxxxxxxxx>
- Date: Fri, 10 Mar 2006 09:33:06 +1000
I was testing a script file and was not actually expecting it to run in the
way it did. It wrote to the c:\ drive when I fully expected it to write to
the user's profile. This stumped me. So then I started to think maybe I had
learnt it wrong that scripts run as the user OR there are permissions set
that should not have been. Which looks likely on this one machine
Thanks for all the help-especially the pointers to the apps which let me run
scripts as different users/contexts-I can see where it was getting the
ability to write to the c drive when I believed it shouldn't be able to.
Regards
Murad Talukdar
-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm@xxxxxxxx]
Sent: Thursday, March 09, 2006 10:12 PM
To: Murad Talukdar; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: user logon script context....
Murad,
It is not possible to run logon scripts under a different context. You
might be able to change the context in the script with runas, but this
will require using a password in a script.
You might want to look at using computer startup scripts. These will
run in the context of local system; however, you will not be able to
know what user will be on the system.
Denny
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@xxxxxxxxxx]
Sent: Thursday, March 09, 2006 1:35 AM
To: 'Murad Talukdar'; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: user logon script context....
Okay a further google showed me the answer--but some clarification would
be
great-can logon scripts be set to run under a chosen context?
Ie, if I don't want it to run under either SYSTEM or localadmin, can
this be
done? (I get the feeling this could be no).
Regards
Murad Talukdar
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@xxxxxxxxxx]
Sent: Thursday, March 09, 2006 4:31 PM
To: 'focus-ms@xxxxxxxxxxxxxxxxx'
Subject: user logon script context....
Hi guys,
Can anyone point me to a paper detailing what security context a User
logon
script runs under?
I want to know what kind of permissions a script(well, I understand that
it
doesn't have permissions itself but runs AT a certain level of access)
has
when that user logs one.
For instance, if the user is just a restricted user locally, should I be
able to call a .exe in the script which loads and writes to the c drive?
All
this to be done through a GPO.
Kind Regards
Murad Talukdar
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Follow-Ups:
- Re: FW: user logon script context....
- From: Nicolas RUFF
- Re: FW: user logon script context....
- Prev by Date: RE: user logon script context....
- Next by Date: Automate group membership validation
- Previous by thread: RE: user logon script context....
- Next by thread: Re: FW: user logon script context....
- Index(es):
Relevant Pages
|
