|
In line with improving my networks, I have gone down the route of not making domain users a member of the local administrators group on the pc the employee logs onto.
I have modified the kixtart script to use the hkey-local-machine registry setting and have this running in the startup script for any settings that are not being applied because domain users don't have local admin rights.
All well and good, however, I have a couple of registry settings that need to be applied per user, not per computer and I cannot apply the settings unless they are local admins on their pc.
There are many different suggestions out there with regards to how to run the script with elevated privileges, but some such as runas or SU are quite dated and also not very secure.
I have looked on the kixtart forum in best practices etc to see what is the recommended way of running scripts with elevated privileges. I don't need the entire script to run elevated. I think there are only 8 settings that need to be applied per user.
It might also be interesting to see if there are any best practices guides with regards to running things in the startup script or using the runonce setting in the registry (obviously that would run in the context of the logged on user, which would presumably be the administrator).
In short, can someone point me to where the best practice for running a script as admin is, as the only one that looked relevant was the scriptlogic one where all the links no longer work unfortunately. Thank you.
| 
