What security context does the Group Policy engine run under on Windows?

windows active-directory group-policy

More specifically…

I would like to create a policy that runs a login script to copy a file from a share to a local folder.

What account do I need to grant access to on the share in order for the logon script to get the file?


If you're applying the script as part of the computer startup, you need to grant access to the computer object on the share (you can add a computer to a group just like a user account, as they are both valid objects that can authenticate on the domain).

If you're running the script at user logon, it runs under the user's own security context, so you users will need to be able to access the remote location you host the file from, and have access to the local folder on the machine that you want to copy to.

If you can't grant your user access to both of those locations, it's usually preferable to run the copy from the machine startup script, instead of the user logon.


User logon scripts run under the user's context (the user logging on, to which the User Configuration settings (including the logon script) in the GPO are being applied).

Related

Is there a safer way to stop mysql(d)?
LDAP User Management Tool for Mac 10.7.1 [closed]
Can too much network transfer break a Windows Server 2008 machine?
Apache 1 virtual host definition listening on 2 ips - how?
KVM second private network (bridged), how to get working?
SAN replication
How to enable system restart on BSOD from commandline
PostgreSQL EC2 Backup Strategy
How to DISable display sleep on Dell PowerEdge R310
apt-get error: "locale: Cannot set LC_CTYPE to default locale: No such file or directory"
Any Integrated Mangement Tools out there? (DRAC, iLO, RAC)
Nginx - Email Forwarders