如何使用域用户通过 GPO 运行登录 .bat 脚本

Question

I'm trying to set up logon script to my domain computers in Default Domain Politics. I use fusioninventory-agent.bat script that install FI agent and sent data do GLPI every time when user log on. When I login to domain computers with administrator account it works fine, after few minutes, computer is visible in GLPI. But when I login with normal domain user account without administrator's privileges this script does not run.

In GPO I add script runLogonScirpt.bat in User Configuration > System Windows > Scripts > Logon in path \\xxx.local\\sysvol\\xxx.local\\Policies{id_policies}\\User\\Scripts\\Logon

and folder FusionInventory-Agent where is script that I want to use fusioninventory-agent and dictionaries like certs, data, docs, etc, logs, perl, share, var.

My runlogonScirpt.bat looks like:

pushd \\xxx.local\sysvol\xxx.local\Policies\{id_policies}\User\Scripts\Logon\FusionInventory-Agent
fusioninventory-agent.bat
popd

My fusioninventory script:

@echo off
for%%p in (".") do pushd "$$~fsp"
cd /d "%~dp0\perl\bin"
perl.exe --fusioninventory-agent --conf-file="..\..\etc\agent.cfg" %*
popd

I also change folder permissions (/FusionInventory-agent && /Logon) for domain users, folder sysvol is mounting for a short while and disconnecting without script execution. Of course for admin accounts script is running and works correctly.

Answer 1

It's likely to be a permission problem the user GPO \\User\\Scripts\\Logon can't be assigned Admin privilege by design.

As others have suggested to run as a Scheduled Task where admin permissions are allowed.