1

I don't have group policy installed to deploy firewall rules from there, so in the meantime I want to be able to run a batch file to update my firewall to allow Spiceworks to conduct scans on my machines without errors. I have the batch file to change the inbound rules but I cant run them on every computer separately it would not be time efficient. So how would I be able to have this batch file run as administrator via the network without the user seeing the admin password? I'm running XP on some machines and 7 on others.

I've tried my best to edit this question because I'm new to programming

4

1 回答 1

2

There isn't a way that I know of to do what you want in a login script but you can do it all at once from your workstation using PsExec This is the command I'd use:

psexec -c -f -s -h /accepteula \\* "c:\path\to\your\batfile.bat"

That will run it against all computers on your domain with the system account and copy your batch file to each computer before running it. If, like me, you have a large domain and you only want to run it against a specific OU, here is a script I wrote to do that. 

@echo off
setlocal enabledelayedexpansion

:: User Defined Variables
set FilterOU=TRUE
set OU=Environmental
if %FilterOU%==TRUE (
set qComp=wmic /NAMESPACE:\\root\directory\ldap PATH ds_computer Where "ds_distinguishedname like '%%%OU%%%'" get ds_name
) ELSE (
set qComp=wmic /NAMESPACE:\\root\directory\ldap PATH ds_computer get ds_name
) 

Echo.
Echo Getting list of computers.
Echo.
for /f "skip=1" %%c in ('%qComp%') do ( 
  For /f %%d in ("%%c") do (
    ping -n 1 %%d | find "TTL=">nul && set r="up"||set r="down"
    if /i !r!=="up" (
       psexec -c -f -s -h /accepteula \\%%d "C:\scripts\yourbatchfile.bat" 
    )  
  )
)
exit /b
于 2013-06-03T18:42:31.860 回答