I had to run one vbs script on Windows 7 with UAC enabled. This script was implemented as part of Run/RunOnce technology in Windows. When you want some script/application to run everytime you log in or just once you log in, you can use this technology built-in Windows. You can read about it here. Implementation of these registry keys was easy. Problem raised when I found out that script doesn’t run in elevated mode – without administrative privileges.
If you need to run some script in elevated mode, you can right-click on script and select “Run as administrator”. This is fine, but what about script that is part of registries? There is no way to right-click 🙂 You have to use UNDOCUMENTED parameter “runas” of parameter ShellExecute of object Shell.Application. It’s really undocumented on official sites!
Another bad thing of running script in elevated mode is that you cannot access network drives which you have mapped. You need to remap them and then you can use them.
There are nice articles which describe how to run scripts in elevated mode:
-
-
Second is nice
.bat script to remap network drives and run it in elevated mode
This saved me couple hours of fight with scripts 🙂
Categories: Microsoft, Programming, Security, VBS Scripting, Windows Tags: bat, elevated, network drives, remap, script, undocumented, vbs
When you need to find out what path is the running script located at you can use following script:
Dim strFullPath, strPath
strFullPath = WScript.ScriptFullName
strPath = Left(strFullPath, InStrRev(strFullPath,”\”))
Enjoy,
When administrators implement Roaming Profiles they define folder where roaming profile should be stored on fileserver. By default file permissions for the newly generated profile are full control for the user, full control to SYSTEM and no file access for the administrators group. You can not access this profiles with administrator account and clean it up. First you had to take ownership and then you can change ACL, but this is not what you want, because owner should be user.
You can fix this in two steps:
New roaming profile folders
You can change default behaviour on new profile folder creation. It can be changed by applying GPO to domain controllers with following setting Enabled:
Change ACLs for existing profile folders
This will be in couple steps:
-
- Download PsExec
- Log into fileserver where profiles are stored
- Run cmd.exe under SYSTEM account by running command
psexec -sid cmd.exe
- In new cmd.exe window go into directory where roaming profiles are stored. For example: cd G:\Profiles\
- Add BUILTIN\Administrators into ACLs of roaming profiles by running following command:
subinacl /subdirectories=directoriesonly G:\Profiles\*.* /GRANT=Administrators=F
Enjoy accessible roaming profile folders 🙂
At one of my customer I had following request. They have Exchange server inside their network. They have two Internet connections. All mail communication goes via primary Internet connection. Second Internet connection is used for Internet browsing.
Internal IP network is 10.0.0.0/24. First Internet connection is called primary and there is default gateway at 10.0.0.1/24. Second Internet connection is called backup Internet connection and it’s default dateway is 10.0.0.2/24. Exchange server has IP address 10.0.0.21/24 and it had default gateway 10.0.0.1/24. MX records are registered to public IP address of primary Internet connection. Problem is when primary line goes down. E-mail communication stops completely – e-mails don’t come and don’t leave company.
To solve this problem we need to make two changes:
Read more…
V poslednej dobe sa hovorí čo raz viac o Disaster Recovery plánoch. Sú to predpripravené scenáre ak sa niečo stane v budúcnosti. Napríklad požiar v hlavnom dátovom centre a pod.
Read more…
Recent Comments