Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Mar 2007 16:07:53 -0500
Poor word choice on my part. Logon on to the machine and run on the local
machine as the domain authenticated user and see if it works.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Nicholas Whitesel" <nicholas.whitesel@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:4AADAB49-59AF-4243-8D6E-1BE29F5709BB@xxxxxxxxxxxxxxxx
The script I am running is located on a network drive with read/excecute
priveleges granted to members of the Domain Users security group.
I am more interested in running the script as a domain user rather than a
local user. I have tried running the script using a raoming profile and a
local profile (both with non-elevated permissions.) I also tried using
the
ADSIEDIT.MSC tool to grant list and read priveleges to the Domain Users
group; however, the only thing that seems to work is adding the user to
the
Domain Admins security group. I must be missing something...
--
Nicholas Whitesel
MIS Support / Help Desk
"Paul Bergson [MVP-DS]" wrote:
The easiest way to test to see if a script can be run as a local user is
once logged on run it locally. I see no special calls in the script you
pointed to that require special rights.
Where is the script located that it is failing in the logon script?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"wheresITat" <wheresITat@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D2628800-C136-4328-B3AA-DB9AFE0F70C3@xxxxxxxxxxxxxxxx
I recently tried to deploy a logon script using VBScript that uses an
LDAP
query to gain knowledge about the currently logged on user's group
membership. The script then maps drives based on the user's group
membership.
The problem I encountered is that when I try running the script as a
user
who is not a member of the Domain Admins security group, the script
fails.
When logged in as an administrator, the script runs to perfection.
What specific security setting can I change to allow members of the
Domain
Users security group permission to run the script?
Here is the URL of the article containing the script:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/dec04/hey1210.mspx
.
- Follow-Ups:
- Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- From: Nicholas Whitesel
- Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- References:
- Re: Drive Mapping Script Based on Group Membership Fails Due to LDAP Q
- From: Paul Bergson [MVP-DS]
- Re: Drive Mapping Script Based on Group Membership Fails Due to LDAP Q
- Prev by Date: Re: To Many 'Object Acess' events in DC Security Log
- Next by Date: Re: NT-->2003 migration (step by step please??)
- Previous by thread: Re: Drive Mapping Script Based on Group Membership Fails Due to LDAP Q
- Next by thread: Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- Index(es):
Relevant Pages
|
