Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

reboot in script as non admin 1

Status
Not open for further replies.
mwiner

mwiner

IS-IT--Management
Oct 24, 2002
266
US
I am trying to use the "shutdown -r" command in a script. But of course the user is not a local administrator so the command cannot be run. However the user has the ability to click Start > Shutdown and can reboot or shutdown the computer from there.

I understand there is probably some security risk but this is only being used for an unattended windows installation.

Thanks!

-Matt
 
Sort by date Sort by votes
an unattended windows installation
without local administration privilege ?

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244
 
Upvote 0 Downvote
Well the issue is that I need to run the DSMOD command from a RUNONCE script but DSMOD doesn't work unless you are logged into the domain. And since I don't want to be using domain admin accounts for the unattended logins the user the logs in to run the DSMOD command is not a local admin yet. Once it runs DSMOD and puts the machine into the group and reboots that user will now be a local admin. But I can't get it to reboot.

thanks!
 
Upvote 0 Downvote
You may consider runas and SendKeys.
In a console windows type runas /?.

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244
 
Upvote 0 Downvote
The problem with the runas is that you have to type in the password:
Code: 
c:\>runas /user:domain\username cmd {enter}
Please enter the password for domain\username
there is no way to enter a password in the script.

I guess that you can change the password for the local admin account before you run the script, then create a registry entry so when the user logs in again another script will run to reset the password. This is just a thought and I would look into it more before useing this solution. You could create a at job to reboot the computer or have your script register another script as a service and reboot the computer that way. I am rambeling, just trying to give you ideas.

-How important does a person have to be before they are considered assissinated instead of just murdered?

 
Upvote 0 Downvote
i dont get the issue, i thought the first logon after an unattended windows installation was done by the local administrator. this local administrator can then run a script to do whatever you want, GuiRunOnce or whatever M$ now recommends.

the script could add a restrictive domain account to the local admin, set an autoadmin logon, and then restart the computer. the logonscript of the autoadmin logon restrictive domain account then wanders off and does cool stuff like install lots of software and hotfixes, setups the user environment or whatever
 
Upvote 0 Downvote
I guess I dont understand when this script is going to run. I do not see anything about an unattended windows installation. When (at what stage) is this script going to be run? Who is running the script? How is the script being started. Just some questions that would help me better help you.

Timgerr

-How important does a person have to be before they are considered assissinated instead of just murdered?

 
Upvote 0 Downvote
MrMovie you have inspired me.

I started using runas in a vbscript with a SENDKEY. Which I believe is just a sloppy way to do it, but it was working in my tests.

I decided to add the user to the local admin group with:
net localgroup administrators /add username

By doing this I am able to run shutdown -r

Thank you everybody for your help.



If you care I will answer some of the other questions that were asked of me so that people can understand what I am doing.

I am doing an unattended installation off a cuztomized CD. After windows installs it goes though a few reboots and using RunOnceEX I launch applications and scripts.

Boot 1: (logon as local admin)
Install as many apps as I can that do not require a network connection Such as Antivirus, etc, etc.
Now it prompts the user for the new computer name, the OU the machine belongs in, and the group it belongs in (this is the only user interaction for the entire install)
Join the domain and put the machine in the correct OU

Boot 2: (logon as local admin)
Rename the computer
Add a domain account to the local Admin group

Boot 3: (logon as domain user)
Finish installing apps from the network

Boot 4: (logon as domain user)
Cleanup install files
Add the machine to the correct group
replicate AD

 
Upvote 0 Downvote
if you want to add the computer to the domain then add this to your unattended.txt file.
we create out unattended.txt files on the fly.
i dont like a password being in a txt file so we encrypt ours but im not sure it is req as the domain account only has rights to add computer accounts,,perhaps that is serious enough, who knows

[Identification]
JoinDomain=domainnamehere
CreateComputerAccountInDomain=Yes
DomainAdmin=domfsc01\accountnamehere
DomainAdminPassword=passwordhere
MachineObjectOU="OU=pcs,OU=Workstations,OU=UK-Butlins,DC=dom,DC=net
 
Upvote 0 Downvote
Believe me I would LOVE to do that. It would save me a reboot. But because of company policy I CANNOT have the machine on the network without the latest security patches and antivirus.

So when the prompt is asked for the computer name, group, and OU. It also check for network connectivity and will prompt to plug the computer into the network.

But thanks.

-Matt
 
Upvote 0 Downvote
mrmovie, how do you encrypt your passwords?
timgerr

-How important does a person have to be before they are considered assissinated instead of just murdered?

 
Upvote 0 Downvote
timgerr, the unattended.txt file is encrypted so you cant see the password inside it.

it all sounds rather great. however if you stop/interrupt the installation half way through, and look hard enough, you can find the unencrypted unattended.txt file locally! to make matters worse the process which creates the unattended.txt file on the fly reads the information from a flat file!!! still, our hearts are in the right place if nothing else. i think it came about cause the security dept insisted the unattended.txt file had to be encrypted, so, some encrypted it :)
 
Upvote 0 Downvote
OK that is what I thought. I was looking for a way to encrypt a password so it can then be in a flat file.

Thanks,
Timgerr

-How important does a person have to be before they are considered assissinated instead of just murdered?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bdwilcox
  • Locked
  • Question
Script seeing input variable value as blank but sees hard-coded value 4
Replies
6
Views
972
bdwilcox
bdwilcox
wchull
  • Locked
  • Question
How do I resolve this permissions error in my script?
Replies
0
Views
428
wchull
wchull
bdwilcox
  • Locked
  • Question
Trying to adapt VBScript to search if machine is in an AD group 6
Replies
8
Views
1K
SoftwareRT
SoftwareRT
Alexvb6
  • Locked
  • Question
Deprecation of VBScript + Classic ASP: How to Ask Microsoft to cancel their planned craziness
Replies
0
Views
677
Alexvb6
Alexvb6
skrall
  • Locked
  • Question
script to create shortcuts of several folders in another folder
Replies
1
Views
292
Don Child
Don Child

Part and Inventory Search

Sponsor

Back
Top