I have been searching around the internet and I can't find a consensus on
this topic.  I have a batch file (.bat)  that does a silent install of a
software program we use.  I am able to run this batch file computer by
computer but, it will take forever.  Since I have done a few computers with
the batch file, I know it works correctly.  My question is in regards to GP.
Can I setup the batch file to be called one time per computer at either 1)
computer start up or 2) at logon?

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

thanks for the info.  I'll give it a shot.  One follow up question to that.
Does it process with administrator rights or do I need to tell it to run as
the administrator?  If so, how?



Show quoteHide quote

I believe it runs under the context of the user.

but if it's under the computer configuration portion of the GPO, it runs as
the computer which has essentally "admin rights"? Correct?


Show quoteHide quote

It's not running by any GPO, as the "run once" entries in the registry are
windows features, not domain features. Because of where this is located in
the registry:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

I would think that it runs under the credentials of "NT AUTHORITY\SYSTEM"
when windows starts up, and before anyone logs in.

/Al

Show quoteHide quote

Show quote Hide quote No!
1. All "Run" and "RunOnce" entries are evaluated at login and
2. run with the credentials of the user logging in.

Only machine startup scripts, scheduled tasks or services are run at
startup.

Stefan

Show quote Hide quote Oops, guessed wrong, my bad.

Thanks for straightening me out on these details.

/Al


Show quoteHide quote

James Brister wrote:

If the batch file installs something for the users, and can be run by the
users (they have sufficient permissions), it can be run as a logon script.
Otherwise it should be run as a startup script. Logon script run with the
permissions of the user. Startup scripts run with system permissions on the
local computer, and with the permissions of the computer object elsewhere in
the domain.

In either case you can design the script to run once; once per user for
logon scripts, once per computer for startup scripts. The script can check
for the existence of a file or registry setting, for example, that only
exists if the script has already been run. I like to use "flag" files saved
on a network share, so that I can monitor progress remotely and tell when
the code is no longer required. A batch file can easily create such a file
when it completes. If the file is saved in a network share it should be
uniquely named after the computer/user.

Another option (if the deployment is to each computer rather than each user)
is to install remotely yourself. If the batch file runs silently with no
user intervention (and no messages), you can use WMI to deploy it remotely.
The routine to deploy can either loop through a text file of computer names,
or loop through the computer members of a group. I have an example VBScript
program that does this linked here:

http://www.rlmueller.net/Deploy.htm

Continued xcopy script
xcopy errorlevel problem in script
File monitoring
Monitor redundent processes running on the Windows Server
Batch file to delete files dynamically
Help with VBscript
powershell storage management
Bulldog (Need help with script downloaded from script center)
Stored Passwords in Internet Explorer
How to run a script by a domain user ?