Hey all, Let me first start by saying everything is working as expected so far! This is about my login script being shared from the netlogon directory. My XP client sees and executes the 99% of the script. The last little bit is permissions-related. In my logon.vbs script I am attempting to set the registry key to disable offline folder syncs. A "Domain User" cannot uncheck this box, nor can they modify this registry key. This can only been done by a privileged user. On a Win2k3 server the netlogon service account has the ability to execute these types of changes on behalf of the user. The problem is that the script executes using 'test user' account entered at logon time. This was verified by putting in a 60 second wait time somewhere in the script; then you can to to the task manager and see the username running the logon script. This does not emulate the windows process. My question: How would I go about assigning a privileged user, like the netlogon service account, to my logon.vbs script so that it is able to make those registry key modifications for any domain user logging into Samba 3.0.3 ? Thanks in advance, Thomas
Am Sunday 26 April 2009 20:35:12 schrieb Todd E Thomas:> Hey all, > > Let me first start by saying everything is working as expected so far! > This is about my login script being shared from the netlogon directory. > > My XP client sees and executes the 99% of the script. The last little > bit is permissions-related......> The problem is that the script executes using 'test user' account > entered at logon time. This was verified by putting in a 60 second wait > time somewhere in the script; then you can to to the task manager and > see the username running the logon script. > > This does not emulate the windows process. > > My question: How would I go about assigning a privileged user, like the > netlogon service account, to my logon.vbs script so that it is able to > make those registry key modifications for any domain user logging into > Samba 3.0.3 ?A commonly used (but questionable, security-wise) approach would be using cpau to elevate privileges of the script. It just makes it "run as" the selected (admin) user with encrypted password, so that's not visible to users who try to later connect to the netlogon share "out of interest".
Seemingly Similar Threads
- [netlogon] section being ignored
- file name starting with [0-9]* not synchronized (!?)
- issue and solution : samba 4.9.4 and win10 1809 : windows could not connect to user profile service aka the home drive letter semi-colon is missing
- How to run VBscript using wine?
- trying to run a visual basic script via WINE - need help.