Re: Running commands on workstations from domain controller





Thor (Hammer of God) wrote:
PSExec allows you to remotely execute code.

http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx


As Thor suggests, I'd recommend using psexec.

Using a tool like dsquery, with a couple of lines of script you could quite happily run a script on all the machines in a particular OU, and generate a list of the machine accounts the command didn't work on.

See http://blog.sapien.com/current/2006/11/28/command-line-one-liners.html for some hints on how to query for machines by OU and OS.. See http://tinyurl.com/2hp43y (windowsitpro.com) for an example of the same task carried out using 'net view' instead of dsquery.

Using a login script would work, but you have less control over it, it's harder to audit, it's slower, and it may require giving your users too many privileges. Which you choose largely depends upon what sort of 'command' this is and what context it needs to be executed under..

- James.

--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

"All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again"

https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature