Windows Group Policy to Run a Script with Privilege.
- October 22nd, 2015
- Posted in Documentation
- Write comment
Sometimes you need to make a change to a lot of desktops, and you need to use an account with administrator level privilege. The best way I found to do this other running a script that would make the changes remotely was to add it to the startup script option in the a Group Policy.
I wrote the script (and tested it, obviously), and saved it with the logon scripts so it would replicate to all the domain controllers.
Then, I identified a current policy and edited it. This is a Computer Configuration policy that causes the script to be run upon reboot. You want to change the properties (add your script/command) for:
Computer Configuration/Policies/Windows Settings/Scripts/Startup
Click Add…
Browse…
You can run the script from anywhere, but I chose the logon script directory for redundancy and efficiency.
This is where I stored the script and referenced:
\\DOMAIN.LOCAL\SysVol\DOMAIN.LOCAL\Scripts\MyScript.cmd
Another option is store the script with the policy which might even be a better choice:
\\DOMAIN.LOCAL\SysVol\DOMAIN.LOCAL\Policies\{12345678-ABCD-1234-ABCD-123456789012}\Machine\Scripts\Startup
Once you’ve added the script, click Ok and close the Group Policy Management Editor.
No comments yet.