hi,

I'm new to the forum and I want to make my case maybe they can help.
First: English is not my first language.

I have a samba PDC server which has about 200 XP users, 150 new computers were purchased, I was testing with W7 and everything satisfactory result. create a standard CD for installation, WPI, joined W7 to the domain, use Kixtart to create policies for the new machines in them intend modify the registry on W7 to block certain functions of the domain users, my problem is not find a way to assign the privileges necessary to do the logon script. only works if I make the user a local administrator of the computer, so all the things I want are blocked. I tried to post called "Step by Step guide to running a script with elevated privileges or admin" but I can not. if you have any suggestions I'll read with pleasure.

 Code:
;---------------------------
; These are my Logon Script
;---------------------------

@ECHO OFF

ver | findstr /i "5\.1\." > nul
IF %ERRORLEVEL% EQU 0 goto ver_XP
ver | findstr /i "6\.1\." > nul
IF %ERRORLEVEL% EQU 0 goto ver_Win7
ver | findstr /i "6\.2\." > nul
IF %ERRORLEVEL% EQU 0 goto ver_Win8

goto end

:ver_Win7
%0\..\kix32.exe NTConfigw7_Generales.kix <----------- These are my policies (W7)
%0\..\kix32.exe NTConfigw7_Grupos.kix <-----------
goto end

:ver_XP
%0\..\initstd.exe <----- this is my policies (XP)
goto end

:ver_Win8
goto end

:end


 Code:
;--------------------------
; This is a fragment of the policies that I use
;--------------------------

BREAK OFF
$ = SETTITLE("Domain Login")
BIG
COLOR G/N
?@DOMAIN
?
SMALL
COLOR W/N
?@TIME " - " @WKSTA " - " @USERID
?"Do not close this window, it will automatically close"
?

/* Ocultar Disco "C" */

$ = WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\", "NoDrives", "4", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive", "4", "REG_DWORD")

/* Bloqueo de PC en 2 Mins */

$ = WriteValue("HKEY_CURRENT_USER\Control Panel\Desktop\", "ScreenSaverIsSecure", "1", "REG_SZ")
$ = WriteValue("HKEY_CURRENT_USER\Control Panel\Desktop\", "ScreenSaveActive", "1", "REG_SZ")
$ = WriteValue("HKEY_CURRENT_USER\Control Panel\Desktop\", "ScreenSaveTimeOut", "300", "REG_SZ")

/* Fondo de Pantalla */

$ = WriteValue("HKEY_CURRENT_USER\Control Panel\Desktop", "Wallpaper", "%LOGONSERVER%\netlogon\fondo.bmp", "REG_SZ")

/* Deshabilitar accesso a USB */

$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "Type", "1", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "Start", "4", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "ErrorControl", "1", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "DisplayName", "Dispositivo de almacenamiento masivo de datos USB", "REG_SZ")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "ImagePath", "73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\ 00,52,00,2e,00,53,00,59,00,53,00,00,00", "REG_EXPAND_SZ")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor\Enum", "Count", "0", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor\Enum", "NextInstance", "0", "REG_DWORD")


Edited by Mart (2014-07-29 01:17 PM)
Edit Reason: Please use code tags when posting code.