Logon Scripts run with Admin privileges

[LJ]

I am trying to find a way for logon scripts through an AD
policy with admin privileges.

For example. The anti-virus software we have does not
always auto update consistently. So during times of HIGH
alert for viruses I would like to enforce a logon script
through AD to copy the most recent signature file from a
network resource to the local PC. However the signature
file must be copied to the Program Files folder in which
the normal user does not have rights to. I do not want to
give out local admin priveleges to do this.

I have a script that works on SYSTEM STARTUP but some PC's
throughout the company can go weeks or months without
being restarted. How can I get a logon script to run with
admin priveleges?

Thanks in advance.

LJ

 

[Chriss3]

Hi LJ. One Solution is may schedule a restart during the night out of
business hours daily within the script se the link below for some samples.


Script Center
Task Scheduling
http://www.microsoft.com/technet/community/scriptcenter/schedule/default.mspx

 

[LJ]

A scheduled task would be a good idea on some of the PC's
in the company. However we have several call centers that
must be available 24/7 and shutting down and restarting
the PC in mid-call is a no-no. Any other options out
there?

 

[Chriss3]

LJ , a good question is if we add a scheduled task within the Startup Script
since it runs under the Local System Account. Then may the task are created
by Local System Account. What we then can do here is to use this scheduled
to execute your script under the System Account context. But I'm sorry I
have working a few days without no sleep at all. I'm also going in school. I
going try this out later because I'm not sure it works. Thanks for asking.

 

[Andy Cadley]

Hmm, tricky. What I would do is run a script on one of your servers to copy
the files to the machines rather than trying to do it the other way around.

Alternatively, a script such as this can be used to run a command on a
remote machine as Admin (I think it needs XP clients though as I'm not sure
SCHTASKS is available on previous OS versions), where %1 is the machine
name:

set installpath=\\server\share\

SCHTASKS /Create /S %1 /SC ONCE /TN VirusUpdate /RU domain\Administrator /RP
password /ST 23:00:00 /TR "%installpath%MyBatchFile.bat"
SCHTASKS /Run /S %1 /TN VirusUpdate
SLEEP 1
SCHTASKS /Delete /S %1 /F /TN VirusUpdate

Creating another script to enumerate computers from AD and run the script
with the appropriate parameters should be trivial. Depending on your network
you might need to tweak the SLEEP value to avoid the task being deleted
before it has started.

Andy