Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows Server 2003 / Group Policy / October 2008

Tip: Looking for answers? Try searching our database.

Group Policy and Windows 2008

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Paul Bergson [MVP-DS] - 10 Oct 2008 16:51 GMT
I have a group policy that runs a script at machine startup for a group of
servers within an OU.  In the past this has worked just fine but as I begin
to look at 2008 this script no longer works as expected.  It appears the
machine account must have separate tokens similar to a user which has
elevated permissions.  I am referring to this in reference to the UAC.

I am running a copy script to enforce local machine policy and it fails
since the destination location needs elevated privileges to write.

Does anyone know with certainty that, that is the case?  Has anyone worked
on this to get it to work w/o disabling UAC?

What I believe is happening to the machine account, similar to the user
account.
http://blog.stealthpuppy.com/group-policy/group-policy-scripts-can-fail-due-to-uac

Signature

Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

Reply to this Message
Paul Bergson [MVP-DS] - 10 Oct 2008 20:07 GMT
Disregard,, forgot about the new "Preferences" options built into gpo.  This
makes my scripts mute, since I can now do with the gpo itself.

Signature

Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

>I have a group policy that runs a script at machine startup for a group of
>servers within an OU.  In the past this has worked just fine but as I begin
[quoted text clipped - 11 lines]
> account.
> http://blog.stealthpuppy.com/group-policy/group-policy-scripts-can-fail-due-to-uac
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.