Group policy startup script needs elevated priviledges
Scripts placed in Computer Configuration\Windows Settings\Scripts (Startup/Shutdown) are run as Local System which is usually all that's required for installing programs etc. The same is true of MSIs deployed using Group Policy.
Do you know what privileges your script requires? What is your script doing that requires these privileges?
Grab a copy of Process Monitor from Sysinternals and, using a standard user account, monitor your script to find out what it's doing and what extra privileges it needs to be able to run. You can then use that information to find out why the Local System account isn't able to run it.
EDIT: An option available to you is for you to use your Startup script to run a net shell command
netsh interface ipv4 set subinterface interface="Local Area Connection" mtu=1400
It's a single liner you need in your script. Any use?
Lewis
Related videos on Youtube
Phil
Updated on September 18, 2022Comments
-
Phil almost 2 years
I have a script that I want to run at startup but that requires elevated priviledges. Is there a way of doing this with Group Policy?
I tried adding it in as a startup script using GPO but it doesn't appear to run. If I run it from a standard cmd prompt then it gives access denied but if I right click the command prompt and select "Run as Administrator" then it works fine so I suspect it is a permission issue.
The script is setting the MTU on each NIC to be 1400 as follows
Dim strDNSDomain Dim strComputer Dim strID Dim strKeyPath Dim strValueName Dim strDWValue Const HKEY_LOCAL_MACHINE = &H80000002 Const DEFAULT_MTU_Size = 1400 const KEY_SET_VALUE = &H0002 '==== Gets the Setting for MTU from the command line in the form of /MTU:1500 ==== Set colNamedArguments = Wscript.Arguments.Named strComputer = "." Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv") set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") strDWValue = DEFAULT_MTU_SIZE Set colAdapters = objWMIService.ExecQuery ("SELECT * FROM Win32_NetworkAdapterConfiguration") For each objAdapter in colAdapters strDNSDomain = objAdapter.DNSDomain if Instr(1, strDNSDOmain, strTemp) >0 then strID = objAdapter.SettingID strKeyPath = "SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\" & strID strValueName = "MTU" oReg.CheckAccess HKEY_LOCAL_MACHINE, strKeyPath, KEY_QUERY_VALUE, bHasAccessRight If bHasAccessRight = True Then oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue WScript.Echo strKeyPath & " value " & strValueName & " contains " & dwValue oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strDWValue WScript.Echo strKeyPath & " value " & strValueName & " changing to " & strDWValue oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue WScript.Echo strKeyPath & " value " & strValueName & " changed to " & dwValue Else WScript.Echo "Cannot set registry value - access denied" End if End if Next
-
Greg Askew about 13 yearsWhat is the script doing?
-
-
Phil about 13 yearsIt is setting the MTU for each NIC to 1400 - see edit to question for the script
-
Dave M about 13 years+1 Startup/shutdown works well for this.