Re: Running commands on workstations from domain controller

Thor (Hammer of God) wrote:
> PSExec allows you to remotely execute code.
>
> http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx


As Thor suggests, I'd recommend using psexec.

Using a tool like dsquery, with a couple of lines of script you could 
quite happily run a script on all the machines in a particular OU, and 
generate a list of the machine accounts the command didn't work on.

See 
http://blog.sapien.com/current/2006/11/28/command-line-one-liners.html 
for some hints on how to query for machines by OU and OS.. See 
http://tinyurl.com/2hp43y (windowsitpro.com) for an example of the same 
task carried out using 'net view' instead of dsquery.

Using a login script would work, but you have less control over it, it's 
harder to audit, it's slower, and it may require giving your users too 
many privileges. Which you choose largely depends upon what sort of 
'command' this is and what context it needs to be executed under..

 - James.

--
  James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org

   "All at sea again / And now my hurricanes
   Have brought down this ocean rain / To bathe me again"

 https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--

smime.p7s
Description: S/MIME Cryptographic Signature