Sometimes it is necessary to run a script in an elevated mode which can be done through a startup script. The startup script runs locally as a local system account as has all the permissions of the Local System Account.
Here the domain controller is a Windows Server 2012 R2 Standard and the target computer is windows 10 enterprise.
- Create a GPO object and click edit and navigate to Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown) and double click startup.
- Click on show files and it should open the GPO policies folder under sysvol. The path are something like this – SysVol\tech-servepro.com\Policies\{D319D534-28DC-47F3-97D1-9DE900FE8C56}\Machine\Scripts\Startup. Copy the script that we want to run in this folder. Here I have copied the script as an in-built administrator account.
- Then click Add and type the script name only, no need to browse to that folder. And add the script parameter if any.
- Next, we will link the GPO to an OU and apply security filtering. And the target computer is restarted for the GPO to take effect. We can check if the GPO is applied by running the command in the target computer – gpresult /r /scope computer.
- KB170072
