VB Script + Permission problem

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi, I have had help creating a VB logon script that that is now causing me sleepless nights. The problem is when I log in as a user I get the following error
‘\\Domain\sysvol\Domain\policies\-{45d4c1be-ect ect\user\scripts\logon\profile scripts.vbs
Line: 41
Char: 11
Error: Permission Denied
Code: 800a0046’

However if I log on as Administrator everything works as a dream

My question is 'How do I get the logon script to run as administrator. I am sure there is syntax like run as domain = user = pass =' or is that just wishing

As this script is delivered automatically there must be no user interaction so run as is out of the question.

Next question is where will the syntax go i.e. before declaring variables?

Help will be most appreciated as I am starting to panic now

Thanks

MAZDAN

'PS This is a school with approx 300 computers . . .What the script does - Basically looks at a local variable held on each computer and if the local variable is < the hard coded one 'in the script' a copy routine is executed replacing the application shortcuts within the all users folder'

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I don't suppose you could post the script here? Might help a bit.

Just found this tidbit in the help files "Logon scripts are run as User, not Administrator, and their rights are limited accordingly."

Just going out on a limb here but it might have something to do with the users can't modify the all users folder and the admin can.

 

I hope there is a way to achieve this as I am totally in the doo doo if I cant do it lol

Here is the script:-

Code:

Dim nCurrentUpdate,nDesiredUpdate,WshShell,objFSO
nDesiredUpdate = 1
sCopyFromFolder = "x:\templates\start menu"  'Set to whatever your desired directory is.
sCopyToFolder = "C:\Documents and Settings\All Users\start menu"
Set WshShell = CreateObject("Wscript.Shell")
Set colUserEnvVariables = WshShell.Environment("System")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network") 
objNetwork.MapNetworkDrive "X:", "[url="file://\weasrv01ADMINTemplates"]\\weasrv01\ADMIN\Templates[/url]"
If colUserEnvVariables("Update") <> "" Then
     nCurrentUpdate = colUserEnvVariables("Update")
Else
     nCurrentUpdate = 0
End If
If CInt(nCurrentUpdate) < nDesiredUpdate Then
     'wscript.echo "do copy"
     RecursiveFolderCopy sCopyFromFolder,sCopyToFolder     
     
     'Set the update number to the current value
          colUserEnvVariables("Update") = nDesiredUpdate
End If
'Cleanup
Set WshShell = Nothing
Set objFSO = Nothing
Set colUserEnvVariables = Nothing
Sub RecursiveFolderCopy(sCopyFolderPath,sTargetFolderPath)
     Dim objFolder, objFile,objSubFolder
     
     'Create the target directory if it doesn't already exist
     If Not objFSO.FolderExists(sTargetFolderPath) Then
          objFSO.CreateFolder(sTargetFolderPath)
     End If
     
     'Copy Files from original location to target location
     Set objFolder = objFSO.GetFolder(sCopyFolderPath)
     For each objFile in objFolder.Files
          objFSO.CopyFile objFile.Path,sTargetFolderPath & "\" & objFile.Name,True
     Next
     'If there are any sub folders, recursively call this subroutine
     For each objSubFolder in objFolder.SubFolders
          RecursiveFolderCopy objSubFolder.Path,sTargetFolderPath & "\" & objSubFolder.Name
     Next
     
     Set objFolder = Nothing
     Set objFile = Nothing
     Set objSubFolder = Nothing
End Sub
 
wscript.echo "All Done!"

Thanks

 

OK I have a little more info for you. Logon scripts will only run using whatever level of permissions have been set for you on the machine. Therefore if you cannot manually run the scripts then you will not be able to automate the task either.

However, have you thought of using the task scheduler? When you use the task scheduler the scripts will run using whatever security permissions assigned to the task scheduler (by default Local System). This might work as it is, but if not then you would have to set up another account with enough permissions to run vbs scripts. Then configure the task scheduler service to use this account to run the script.

Configure the schedule to run at a specific time when you know no-one is logged on i.e. 6 AM, everyday. As the task scheduler can also run when you are logged off, this shouldn't be a problem.

With a little creativity you might be able to configure a logoff script to trigger this too.

Hope this helps.

 

Thank you very much for your reply, I was starting to think it was an impossible task. A task scheduler is a good idea but wouldn’t I have to set that on every machine?



I will give it a test today and let you know how it goes.



Someone mentioned to me that you can compile vbs to vbe (an executable). Does any one know how to do this and would this be another solution?

 

I remember reading something about that on the M$ scripting site. Have a nosey around there if you have the time.

 

I found a workaround that should work on pretty much any computer. Instead of running your routine as a Login script, run it as a shutdown or startup script. While login scripts run with the permissions of the user, shutdown/startup scripts runs with the permissions of the local machine. (Which should have access to make changes to the all users folder)

This added with some test to see if the script has been run yet, and if not then to initiate shutdown.exe, displaying a message to the user, could allow you to have the same effect as a logon script, but having enough priveledges.