Jump to content

Logon scripts via Group Policy, who do they run as ?


Fatboy40

Recommended Posts

I've never been 100% certain in regards to under what user a logon script is run as when it is called via a group policy ? (for this example its a Windows Server 2003 network with XP clients).

Does a login script run under the account of the user who is logging in, and therefore come under the effect of the various rights that they have localy on their PC ?. For example if they are just in the local users group and a script calls for files to be copied to the local PC will the copy fail ?.

Thanks :)

Link to comment
Share on other sites


I think that there are only 2 possible account candidates: the user account of the person logging on or the SYSTEM account. My gut feeling would go with the SYSTEM account. Anyone care to offer an alternative suggestion?

Edit:

After much Google-ing, it seems that Startup and Shutdown scripts certainly use the SYSTEM account, so maybe a Logon script uses the account of the person logging on; hence the name?

Edited by FAT64
Link to comment
Share on other sites

For example if they are just in the local users group and a script calls for files to be copied to the local PC will the copy fail ?.

If you configure a loginscript via group policy. This script will be executed if the user is a member of the OU where the GPO w/ the loginscript is linked.

So if the user is just in the local users group (client XP machine), the loginscript will not be executed.

edit: I didn't get your question right :-)

Edited by bennebiest
Link to comment
Share on other sites

For example if they are just in the local users group and a script calls for files to be copied to the local PC will the copy fail ?

If you're trying to copy the file to a location where regular users don't have write access, yes, it will fail.

We use SMS here at work, but unfortunately I don't have direct access to create/push packages using it (it's a complicated setup...). What we came up with was to use AdminScriptEditor to package scripts to run with alternate privileges. We've been using this to deploy updates to our PCs via the logon script with great success.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...