We are trying to copy 3 files from our domain controller to a user PC and have it execute from a .bat file when a user logs in via Active Directory.
When we associate the .bat file to a user in AD for their logon, the PC copies down the 2 files, but the executable isn't launched.
Am I doing something wrong here?
Here is the script in question:
mkdir c:\stinger_dl
copy \\DC01\netlogon\install\PsExec.exe c:\stinger_dl\
copy \\DC91\netlogon\install\stinger.exe c:\stinger_dl\
c:\stinger_dl\psexec.exe /accepteula -u domain\admin -p MagicPassword -d -h c:\stinger_dl\stinger.exe --SILENT --ADL --GO --RPTALL --DELETE --REPORTPATH=c:\stinger_dl
We had a nasty virus outbreak last Friday (current virus protection missed it) and are trying to force a scan on all user PCs with Stinger when they login tomorrow.
Anyone interested, this is the virus that got us
Using group policy you could add the .exe to run on start up on its own, not via a .bat file? Will still allow you to have your parameters etc.
User Configuration > Windows Settings > Scripts(Log on/Log off) Just add the exe here with the parameters.
Hate to answer so late to the party, but this is worth noting...
A login script must of course be on the network where users' accounts can see it. While the chance of most users having both the curiosity and the resourcefulness to find it is low, it's still there, where anyone can read it should they trip over the correct network share.
It's a good idea to not use your 'main' domain administrator anytime credentials must be stored in scripts. Create a temporary domain admin (or power user when it'll do) with a different password, disabling the account when the need passes--the sooner the better. If you have a similar need in a few weeks, change the password before re-enabling the account.
The last thing you want is giving domain admin creds to that jerk in accounting who got fired from helpdesk for yelling at customers. :-)