Running Powershell scripts pushed from AD GPO as admin on domain computers

active-directory powershell group-policy startup-scripts administrative-privileges

Needed some help getting a simple task done at work.

I have about 30 machines in my work domain that i want to run a power-shell script on at startup. I have created a GPO that runs the script on all machines at startup and all machines have the GPO applied successfully. The power-shell script is supposed to lookup a service on the machine and if it finds it, it starts it up and that's it. If the service does not exist, the script continues running and copies a file stored on a shared folder in the domain into the machine and then creates the service then starts it up.

MY PROBLEM: the script does not run automatically on all machines.

After some troubleshooting i found out that running scripts on the machines with the domain user logged in is not allowed and when i try to run the script manually on each machine i get an error that says running scripts is disabled, so i created a GPO that enables running scripts on the machines by enabling the Turn on Script Execution Policy. Regardless the script did not do it's job after restarting the machines and i still get the same error when i try manually. Then i tried to run the script manually as admin on the machines and the script performed it's work perfectly.

Also tried adding the following two commands -based on suggestions from other people having similar problems- in the beginning of the power-shell script, the first to elevate the script to run as admin and the second to allow running scripts on the machine and it did not make any change. COMMAND #1: start-process powershell –verb runAs COMMAND #2: Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

Currently the number of device is going to get close to 200 and i need to get this script to run as admin on all machines from the applied GPO. Waiting to read some solutions from you shortly

Thanks in advance.


Try this implementation approach:

  • Use GPO to run your script via Task Scheduler as SYSTEM, not a user
  • Give Domain Computers AD group access to a share for the script to be able to copy file from it

Related

My custom fail2ban jail fails to load even though fail2ban-regex suggests that it should work?
What is the difference between zone and domain and domain name in DNS terminology?
Nginx not maching url against valid Regex (it looks valid to me and online regex testers)
Does Linux md-raid store backup metadata anywhere on the disk?
How can I make a redstone signal go more than 15 blocks?
Where and how can I earn Heart Scales?
Color changing orbs dropped by enemies in The Legend of Zelda Wind Waker HD
Am I missing something with managing happiness?
Are bounties infinite?
Why is the bottom lane called the safelane?
Which characters are in which weight groups?
How is XP calculated in Don't Starve?