Share via

AD and scripts on user accounts without administrator rights.

Anonymous
2024-05-21T20:58:52+00:00

Hi.

I like to make my life easier with scripts. Unfortunately, some actions require administrator privileges. Why doesn't the GPO startup script run with these permissions?

For example, installing some program. The script itself runs in the context of the user configuration.

I tried in GPO in the computer configuration to add a task to the task scheduler that runs the script as a specific user. Highest permissions - further message about lack of permissions.

Of course, I can install the program in the GPO itself, but that's not what I want. I have more control in the script. Sometimes I need to check in advance whether the program is running - if so, kill the process. Then it happens that I have to uninstall another program, install the correct one, copy the configuration files if they are different and only then run the program again.

The order of activities performed is important and I have full control over them in the script. The program installation and file copying options in GPO do not allow me to do this.

As an Active Directory administrator, how can I freely automate actions on workstations without granting users administrator privileges?

Windows for business | Windows Server | Directory services | Deploy group policy objects

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-05-22T02:44:57+00:00

    Hi Adkwiat,

    Thank you for posting in the Microsoft Community Forums.

    Using Group Policy (GPO) allows administrators to configure a variety of settings and scripts on computers within a domain.

    To create or edit a GPO.

    Open the Group Policy Management Console.

    Right-click on the Domain or Organizational Unit (OU) and select “Create a GPO in this domain and link it here”.

    Name the new GPO and click OK.

    Configure the startup/logon script:

    Edit the new or existing GPO and navigate to “Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown)” or “User Configuration -> Policies -> Windows Settings -> Scripts (Logon/Logoff)”.

    Add startup or logon scripts (e.g. PowerShell scripts) that will be executed when the computer starts up or the user logs on.

    Configure the task schedule:

    In GPO, navigate to “Computer Configuration -> Preferences -> Control Panel Settings -> Scheduled Tasks”.

    Create a new scheduled task and configure triggers and actions to run specific scripts or programs.

    Best regards

    Neuvi Jiang

    0 comments
  2. Anonymous
    2024-05-22T13:32:33+00:00

    Thank you. I know that. I'm asking how to run this script with administrator rights.

    0 comments