Running logon scripts with the standard user access token?

2

2

I have a powershell script which executes after I logon to my account. This is done by a group policy logon script.

Because I am in the Administrator group this script is run with elevated rights which I don't want. I want it to run without the elevated rights and run it with the standard user access token. Is this possible and how can I achieve this?

UPDATE:

I need to have the script run with UAC virtualization.

Thanks in advance.

Martijn B

Posted 2011-11-27T00:07:34.970

Reputation: 241

Failing a more elegant solution, I suppose you could write a logon script that adds an entry into the RunOnce key so that Explorer will run the powershell. You'd probably need to make the logon script synchronous, to avoid a race condition. – Harry Johnston – 2011-12-04T00:44:48.757

@HarryJohnston Thanks for your alternative but I need to know if it's possible with a group policy. In the meantime I already use a other alternative: a scheduled task, but it also works from a batch file in my startup folder. – Martijn B – 2011-12-05T17:12:01.730

Answers

0

Use the -l option of psexec to launch your powershell script.

longneck

Posted 2011-11-27T00:07:34.970

Reputation: 372

I tried your option but it doesn't give me the expected results. The -l option does run it without administrator rights but not with UAC virtualization. – Martijn B – 2011-12-05T16:42:04.600

Asked: 2011-11-27T00:07:34.970

Viewed: 819 times

Active: 2011-12-05T16:43:22.057