Group policy logon script copies files to client PC but does not execute exe
Solution 1
Using group policy you could add the .exe to run on start up on its own, not via a .bat file? Will still allow you to have your parameters etc.
User Configuration > Windows Settings > Scripts(Log on/Log off) Just add the exe here with the parameters.
Solution 2
Hate to answer so late to the party, but this is worth noting...
c:\stinger_dl\psexec.exe /accepteula -u domain\admin -p MagicPassword .exe...
A login script must of course be on the network where users' accounts can see it. While the chance of most users having both the curiosity and the resourcefulness to find it is low, it's still there, where anyone can read it should they trip over the correct network share.
It's a good idea to not use your 'main' domain administrator anytime credentials must be stored in scripts. Create a temporary domain admin (or power user when it'll do) with a different password, disabling the account when the need passes--the sooner the better. If you have a similar need in a few weeks, change the password before re-enabling the account.
The last thing you want is giving domain admin creds to that jerk in accounting who got fired from helpdesk for yelling at customers. :-)
Related videos on Youtube
08 : 04
11 : 11
06 : 54
02 : 10
01 : 53
ProfessionalAmateur
Updated on September 18, 2022Comments
-
ProfessionalAmateur over 1 year
We are trying to copy 3 files from our domain controller to a user PC and have it execute from a .bat file when a user logs in via
Active Directory.When we associate the .bat file to a user in AD for their logon, the PC copies down the 2 files, but the executable isn't launched.
Am I doing something wrong here?
Here is the script in question:
mkdir c:\stinger_dl copy \\DC01\netlogon\install\PsExec.exe c:\stinger_dl\ copy \\DC91\netlogon\install\stinger.exe c:\stinger_dl\ c:\stinger_dl\psexec.exe /accepteula -u domain\admin -p MagicPassword -d -h c:\stinger_dl\stinger.exe --SILENT --ADL --GO --RPTALL --DELETE --REPORTPATH=c:\stinger_dlWe had a nasty virus outbreak last Friday (current virus protection missed it) and are trying to force a scan on all user PCs with Stinger when they login tomorrow.
Anyone interested, this is the virus that got us
-
ProfessionalAmateur about 11 yearsWe tried that, we finally got Win7 and XP to work, but Win8 was still giving us fits. We only have 5 Win8 machines at this point so Im calling it a night.
-
Dan about 11 yearsWhat did you do to make it work on both xp & 7?
-
ProfessionalAmateur about 11 yearsThe XP worked from the start. Once we removed the PSEXEC call it worked on Win7 straight from a .bat file. Win8 still seems to prompt with some form of UAC regardless... Its really odd.
-
Falcon Momot almost 10 yearsI believe it is possible to create a user whose only administrative permission is to add machines to the domain.
-
zedmelon almost 10 years@FalconMomot Good point; that sounds correct, but my AD-Fu is not very strong. If that concept can be extrapolated to relegating a user to copying files or running precisely one executable, it'll drain my Chicken Little post of a little gravity.
