Re: Registry Change to 6 services_denied
- From: "Gaurhoth" <gaurhoth@xxxxxxxx>
- Date: Wed, 13 Dec 2006 09:46:52 -0500
Quickest that comes to mind is:
@echo off
REM Scripting RunAs Example.
echo Password > pwd.txt
runas /user:domain\username cmd.exe < pwd.txt
del pwd.txt
echo done
Having given the example, I strong suggest you find some alternative way to accomplish this. After re-reading, it looks like you are just trying to force certain services to a specific startup type. This is the kind of thing that Group Policies are made for. If you look under Computer Configuration > Windows Settings > Security Settings > System Services of a group policy, you'll see that you can configure any of the common system services to whatever state you want to. You avoid handing out admin credentials to everyone on your network and accomplish similar goals.
gaurhoth
"IT Jeff" <ITJeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4EF4701A-DF49-434B-8141-0FBB3A25623E@xxxxxxxxxxxxxxxx
I tried to run the script at both startup and shutdown... but the change
doesn't seem to take effect. All I'm trying to do is import 6 registry
changes from a file-server... While I'm against embedding a
username/password - at this point I'm willing to do it just to get this
accomplished! I'd obviously come up with some ridiculously complicated
password just in case the script does run visible (which it doesn't), but I
can't get it to accept the embedded pswd... it wants to ask for one... please
keep in mind that I'm doing this as either a batch file or a .cmd file... can
you provide an example?
thanks.
"Gaurhoth" wrote:
To the best of my knowledge, Logon/Logoff scripts will run with the logged
on users' permission levels... short of 'scripting' a runas command which
would mean embedding the elevated accounts password (BAD)... I don't know of
any way to accomplish this with logon/logoff script.
Alternatives are 1) Remotely connect to the registry from a central server
using an account that has administrative rights on the workstations. 2)
Deploy a Startup/Shutdown script via Group Policy. These run at computer
boot and shutdown (not logon/logoff) and run under SYSTEM account which has
permission to make the registry changes you mention.
gaurhoth
"IT Jeff" <ITJeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:391A5EC8-7C9B-40D8-9291-0CECDB85E3EF@xxxxxxxxxxxxxxxx
> I've written a logoff script to import a few registry changes on every
> machine in our AD2000 network. Low-Level users are prohibited from > making
> these changes. Win2K gives errors, WinXP doesn't give errors, but it
> doesn't
> make the changes either. I am changing several services from "Manual" > or
> "Disabled" to "Automatic". Users with minimal permissions are getting
> errors
> (all 6 changes are failing). I have tried to utilize everything I can
> think
> of, but even RunAs requires the user to enter a password... I cannot > have
> this. I have been unable to get the script to autofill the password and
> accept. Any advice you can offer would be GREATLY appreciated.
>
> If possible, I would first like to determine if the parameters I want > to
> change NEED to be changed. If not, I would like to end the script.
>
> I would be using a .bat or.cmd script.
>
> Or if you can suggest another way to accomplish this I'd be greatful.
>
> Startup/Shutdown scripts won't work either.
>
> Thanks in advance!!
> Jeff
>
.
- References:
- Re: Registry Change to 6 services_denied
- From: Gaurhoth
- Re: Registry Change to 6 services_denied
- Prev by Date: Re: i want to add a promt to a batch command.
- Next by Date: Re: Changing the login script for all user objects in OU
- Previous by thread: Re: Registry Change to 6 services_denied
- Next by thread: Problem obtaining disk stats from 2K server(s) using WMI
- Index(es):
Relevant Pages
|
