{"id":1361,"date":"2015-10-22T17:58:48","date_gmt":"2015-10-23T00:58:48","guid":{"rendered":"http:\/\/jim-zimmerman.com\/?p=1361"},"modified":"2015-10-22T17:58:48","modified_gmt":"2015-10-23T00:58:48","slug":"windows-group-policy-to-run-a-script-with-privilege","status":"publish","type":"post","link":"https:\/\/jim-zimmerman.com\/?p=1361","title":{"rendered":"Windows Group Policy to Run a Script with Privilege."},"content":{"rendered":"<p>Sometimes you need to make a change to a lot of desktops, and you need to use an account with administrator level privilege.  The best way I found to do this other running a script that would make the changes remotely was to add it to the startup script option in the a Group Policy. <\/p>\n<p>I wrote the script (and tested it, obviously), and saved it with the logon scripts so it would replicate to all the domain controllers.<\/p>\n<p>Then, I identified a current policy and edited it.  This is a Computer Configuration policy that causes the script to be run upon reboot.  You want to change the properties (add your script\/command) for:<\/p>\n<p>Computer Configuration\/Policies\/Windows Settings\/Scripts\/Startup<br \/>\nClick Add&#8230;<br \/>\nBrowse&#8230;<br \/>\nYou can run the script from anywhere, but I chose the logon script directory for redundancy and efficiency.<\/p>\n<p>This is where I stored the script and referenced:<br \/>\n\\\\DOMAIN.LOCAL\\SysVol\\DOMAIN.LOCAL\\Scripts\\MyScript.cmd<\/p>\n<p>Another option is store the script with the policy which might even be a better choice:<br \/>\n\\\\DOMAIN.LOCAL\\SysVol\\DOMAIN.LOCAL\\Policies\\{12345678-ABCD-1234-ABCD-123456789012}\\Machine\\Scripts\\Startup<\/p>\n<p>Once you&#8217;ve added the script, click Ok and close the Group Policy Management Editor.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sometimes you need to make a change to a lot of desktops, and you need to use an account with administrator level privilege. The best way I found to do this other running a script that would make the changes remotely was to add it to the startup script option in the a Group Policy. [&#038;hellip<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[416,417,418,36],"class_list":["post-1361","post","type-post","status-publish","format-standard","hentry","category-documentation","tag-gpmc","tag-group-policy","tag-startup","tag-windows"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1361","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1361"}],"version-history":[{"count":1,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1361\/revisions"}],"predecessor-version":[{"id":1362,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1361\/revisions\/1362"}],"wp:attachment":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1361"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1361"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1361"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}