 |
2.) Create a text file that contains the logon information from a (domain- ) administrator.
4.) Copy the files into the netlogon folder (or any other shared folder).
5.) Insert the “runadminbat” start command into the (existing) logon script.
Step 1.)
Create a batch file. The batch file contains commands that require administrative
privileges. Please keep in mind, that the logon user is not the user
that will execute the commands in the batch file. These commands will
be executed by the administrative account. Every programme file must
be accurately defined with the exact path. Sample of commands in a batch
file :
C:\WINNT\System32\xcopy.exe \\s2dc01\NETLOGON\Update\lmhost*.* C:\WINNT\System32\drivers\etc /y
net stop "Scheduled Task"
\\s2dc01\NETLOGON\Update\Windows2000-KB883114-x86-EN.EXE /quiet /norestart
\\s2dc01\NETLOGON\Update\installer.msi /q /noreboot
Start a line with comments with “rem”, “#” or “;” . “Runadminbat” tries to execute the content of every other line in the batch file. It is highlyrecommended that you test every batch file before starting a bulk update.
Step 2.)
To run the commands that require administrative privileges you have
to create a text file that contains the logon information of a (domain
-) administrator account. Additionally you have to insert the name of
the batch file (created in step 1) into the text file. Later this text
file will be encrypted. Enter the logon name of the administrator account
into the first line of the text file, second line is the name of the
domain, third line is the password of the administrator account and
the fourth line is the name of the batch file (created in step 1). You
don’t have to add a path for the batch file because the batch
file must be in the same directory than the “runadminbat”
programme file. Sample of the text file:
Updateadminaccount
domainname
secretPassword
start.bat
Step 3.)
Encrypt the text file created in step 2 with the programme “cy.exe”.
Use the simple file manager to browse to the text file (created in step
2) and klick “ok”. Enter then the path and name of the encrypted
file into the text field.
Security advice: To run every command on every client in the domain you should use an account with domain administrator privileges. The file with the encrypted logon information’s is in the netlogon folder or another shared folder. For security reasons you should use this account only once and deactivate it after a successful update. With adequate cost it is possible to decrypt the file. Use complex passwords and usernames.
Step 4.)
Copy the file “runadminbat.exe”, the batch file and the
file with the encrypted logon information’s into a subfolder in
your netlogon folder (or any other shared folder that is accessible
for the logon user). The batch file and the “runadminbat.exe”
must be in the same directory, the file with the encrypted logon information’s
may be in another accessible shared folder.
Step 5.)
Create a entry into the users logon script to start the “runadminbat.exe”.
The entry must contain the exact path of the “runadminbat.exe”
and the file with the encrypted logon information’s. See the sample:
\\s2dc01\NETLOGON\Update\runadminbat.exe \\s2dc01\NETLOGON\Update\batch.cy
Caution: As in the batch file, the path and file names must be exact.
Copyright © 2004