Re: Registry Change to 6 services_denied
- From: IT Jeff <ITJeff@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Feb 2007 08:12:01 -0800
Hopefully you'll see this and respond. I had spaced and was able to do what
I needed using GP... But now I've run into a new issue that requires a
global registry change (of about 1500 computers). remoting into each or
walking up to each is out of the question... I've taken your previously
supplied example and can get it to do ALMOST everything I need... except
enter the correct password. It creates the "pwd.txt" with the correct
password in it, but the change I'm trying to implement failes: "1326 Logon
failure: unknown user name or password." I know that it is using the correct
username - the account lockout policy jumps into effect and I have to unlock
the account I'm using w/in A.D. I also know that the password is correct. I
made an attempt to create and OU that Blocks Policy inheritance and even went
so far as to tell it that there is NO minimum password lenght (we have a
minimum # of characters) in an attempt to use NO password, as much as I don't
like that thought. I will be changing the username throughout this
deployment AND using and obsurd cluster of letters/numbers as both the
username & password and then deleting when done... so I'm not concerned about
those possible issues (or at least not enough to not do this :) ). If I
remove the "autoentering" password piece and type the password, it works...
it's just a matter of getting it to accept the password automatically.
PLEASE HELP !!!
"Gaurhoth" wrote:
Quickest that comes to mind is:.
@echo off
REM Scripting RunAs Example.
echo Password > pwd.txt
runas /user:domain\username cmd.exe < pwd.txt
del pwd.txt
echo done
Having given the example, I strong suggest you find some alternative way to
accomplish this. After re-reading, it looks like you are just trying to
force certain services to a specific startup type. This is the kind of thing
that Group Policies are made for. If you look under Computer Configuration >
Windows Settings > Security Settings > System Services of a group policy,
you'll see that you can configure any of the common system services to
whatever state you want to. You avoid handing out admin credentials to
everyone on your network and accomplish similar goals.
gaurhoth
"IT Jeff" <ITJeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4EF4701A-DF49-434B-8141-0FBB3A25623E@xxxxxxxxxxxxxxxx
I tried to run the script at both startup and shutdown... but the change
doesn't seem to take effect. All I'm trying to do is import 6 registry
changes from a file-server... While I'm against embedding a
username/password - at this point I'm willing to do it just to get this
accomplished! I'd obviously come up with some ridiculously complicated
password just in case the script does run visible (which it doesn't), but
I
can't get it to accept the embedded pswd... it wants to ask for one...
please
keep in mind that I'm doing this as either a batch file or a .cmd file...
can
you provide an example?
thanks.
"Gaurhoth" wrote:
To the best of my knowledge, Logon/Logoff scripts will run with the
logged
on users' permission levels... short of 'scripting' a runas command which
would mean embedding the elevated accounts password (BAD)... I don't know
of
any way to accomplish this with logon/logoff script.
Alternatives are 1) Remotely connect to the registry from a central
server
using an account that has administrative rights on the workstations. 2)
Deploy a Startup/Shutdown script via Group Policy. These run at computer
boot and shutdown (not logon/logoff) and run under SYSTEM account which
has
permission to make the registry changes you mention.
gaurhoth
"IT Jeff" <ITJeff@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:391A5EC8-7C9B-40D8-9291-0CECDB85E3EF@xxxxxxxxxxxxxxxx
I've written a logoff script to import a few registry changes on every
machine in our AD2000 network. Low-Level users are prohibited from
making
these changes. Win2K gives errors, WinXP doesn't give errors, but it
doesn't
make the changes either. I am changing several services from "Manual"
or
"Disabled" to "Automatic". Users with minimal permissions are getting
errors
(all 6 changes are failing). I have tried to utilize everything I can
think
of, but even RunAs requires the user to enter a password... I cannot
have
this. I have been unable to get the script to autofill the password and
accept. Any advice you can offer would be GREATLY appreciated.
If possible, I would first like to determine if the parameters I want
to
change NEED to be changed. If not, I would like to end the script.
I would be using a .bat or.cmd script.
Or if you can suggest another way to accomplish this I'd be greatful.
Startup/Shutdown scripts won't work either.
Thanks in advance!!
Jeff
- Prev by Date: Re: Working with dates ...
- Next by Date: Re: Adding multiple UO's in AD tree
- Previous by thread: Re: Working with dates ...
- Next by thread: Re: Adding multiple UO's in AD tree
- Index(es):
Relevant Pages
|
