Refresh Cache after GrpMaint.exe - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Refresh Cache after GrpMaint.exe

Page 1 of 1

1

Topic Options

#162748 - 2006-06-02 12:40 AM Refresh Cache after GrpMaint.exe
BayouJeff BayouJeff Fresh Scripter Registered: 2002-05-29 Posts: 16 Loc: McMinnville, TN	My goal is to add the current user (who does not have administrative rights) to the local administrators group on the PC, execute the script, and then remove the user from the local administrators group. The code below will do that. Code: SHELL '\\server\runnas.exe /user:@WKSTA\administrator "\\server\GrpMaint.exe --sam \\@WKSTA --name Administrators --add --member Domain\@userID" /password:xxxx' The problem I have is that even though the user is added to the local Administrator group, the registry changes are not being made. I "assume" the reason is because group membership is determined at the point of login and not at the point of script processing. So, after that long description, my question is: Is it possible to have the system "refresh" its cache of group membership after executing GrpMaint.exe? And if so, what would that code look like?
Top

#162749 - 2006-06-02 01:41 AM Re: Refresh Cache after GrpMaint.exe
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	This does not look like a good approach to what you are attempting to accomplish. What is the true problem you are attempting to solve? _________________________ Home page: http://www.kixhelp.com/hb/
Top

#162750 - 2006-06-02 03:53 AM Re: Refresh Cache after GrpMaint.exe
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Group cache has nothing to do with it. It is all about the user's security token which the user had picked up before the script started. Your plan is flawed. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#162751 - 2006-06-02 05:03 AM Re: Refresh Cache after GrpMaint.exe
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	As Les says. Part of the logon process is to obtain a Security Token from the authenticating server. This token contains (for illustrative purposes) all the keys that user currently owns. After logon, if you add a new key to a new door, well that user doesn't see or know it until they log out and then log back in. Another problem you could have is that even if you removed the user - if they don't log off well their token still says they have Admin rights locally until they log off and back on again. Someone that knows you're doing this would simply wait for your script to end and then create a local account of their own with Admin rights and you wouldn't even know it. Then they could add or do anything on the computer they wanted to. I HIGHLY recommend you find another way to do what it is you're wanting to do.
Top

#162752 - 2006-06-02 03:37 PM Re: Refresh Cache after GrpMaint.exe
BayouJeff BayouJeff Fresh Scripter Registered: 2002-05-29 Posts: 16 Loc: McMinnville, TN	OK, I will rethink my approach. But where can I find a list of what registry keys can and cannot be modified with administrative rights?
Top

#162753 - 2006-06-02 03:55 PM Re: Refresh Cache after GrpMaint.exe
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	There is not such list afaik. HKEY_CLASSES_ROOT HKEY_LOCAL_MACHINE HKEY_CURRENT_CONFIG all require admin privileges. Parts of HKEY_USERS also require admin privileges if they are not owned by the user wanting to do something with it. HKEY_CURRENT_USER Does not require admin privileges. This is on a WinXP pro SP2 box. _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#162754 - 2006-06-02 03:55 PM Re: Refresh Cache after GrpMaint.exe
Björn Björn Korg Regular Registered: 2005-12-07 Posts: 953 Loc: Stockholm, Sweden.	In general HKEY_LOCAL_MACHINE is locked for admins only. HKEY_CURRENT_USER should be a bit self-explaining. HKEY_USERS , well, depending on user and level of user. HKEY_CLASSES_ROOT smells like admin/power user only, not certain tho. should be a kb-article from ms regarding that. _________________________ as long as it works - why fix it? If it doesn't work - kix-it!
Top

#162755 - 2006-06-02 03:58 PM Re: Refresh Cache after GrpMaint.exe
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Why do you need to modify the registry in a logon script? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Who's Online

0 registered and 657 anonymous users online.

Newest Members

M_Moore, BeeEm, min_seow, Audio, Hoschi
17883 Registered Users

Generated in 0.125 seconds in which 0.062 seconds were spent on a total of 12 queries. Zlib compression enabled.

click tracking