1

Windows 7, 64bit.

I have two simple .bat scripts created, one which runs at logon, the other at logoff. The .bat files are located in C:\bat. Other users have access to this folder.

The contents of each .bat file are below (basically disable/enable a specific device using devcon.exe);

disable.bat

devcon disable "FTDIBUS\COMPORT&VID_0D2C&PID_032A"

enable.bat

devcon enable "FTDIBUS\COMPORT&VID_0D2C&PID_032A"

I set the group policy logon/logoff script by doing the following;

  • logged into my PC as the local administrator
  • start > run > gpedit.msc
  • user configuration > windows settings
  • scripts (Logon/Logoff)
  • added my two .bat files to Logon/Logoff respectively

The scripts do work but only when I am logged in as the local administrator (the user that created the policy). When another (non-admin) user logs on, the scripts seem to be ignored.

How can I set this up so that the scripts run for each and every user that logs on to the PC?

This PC is part on an AD domain which I have no control over.

I'm unable to run the .bat files manually when logged in as a non-admin user. Presumably this is because the .bat files are trying to disable a device in device manager. Non-admin users can't disable devices in device manager, I receive an error when trying to do that.

Any help is appreciated.

Improve this question
2
  • Where are the .bat file located exactly? Do non-local admins have access to this location? What are the login script doing exactly? Do the non-admin accounts have access to run these commands? To test, sign on as a non-local admin, run the scripts from a command line, and see what happens. Do you get access denied on trying to access the .bat files? Do you get access denied when you run the .bat files? Open command line, and then run the .bat files from there or else double-clicking may make them disappear quickly with no detail so review.
    – Vomit IT - Chunky Mess Style
    Commented Feb 11, 2016 at 15:14
  • Basically, you need to ensure your accounts with the issue have 1.) access to EXECUTE the batch script files where those exist, and 2.) access to run any and all commands that the batch script executes. I'll be happy to add this as an answer if it helps you resolve the issue.
    – Vomit IT - Chunky Mess Style
    Commented Feb 11, 2016 at 15:19

1 Answer 1

Reset to default
1

Non-admin users can't disable devices in device manager, I receive an error when trying to do that.

Give the below steps a shot and then test to confirm you can run the EXE as the non-admin account after you complete that as a local admin.

Source Article

You may try to give the administrator privileges to the file ‘devcon.exe’.

To give administrator privileges

  1. Browse to the location where you have the file ‘devcon.exe’

  2. Right click and select Properties

  3. Go to Compatibility tab

  4. Put a check mark for the option that says ‘Run this program as an administrator’

  5. Apply the settings and check if you are able to the ‘devcon.exe’ using the command prompt.

Try just checking [below] here first Run this program as an administrator and testing with the non-admin account afterwards to see if it can launch and use the EXE, but if that doesn't work, see below options.

enter image description here

If above doesn't work

If the above options do not work, then select the Change settings for all users option, and then check the Run this program as an administrator option from there. Apply those changes, and then test further with the non-admin account to see if it can launch and use the EXE.

enter image description here

enter image description here

Improve this answer
2
  • Thanks but none of your suggestions work. I think the issue is because the non admin user is trying to make changes to the device manager and they aren't permitted to do so. WHen I am logged in as a non admin and try open device manager I receive an err'er You do not have permission to change any of the device manager settings etc .. etc .. Thanks
    – jonboy
    Commented Feb 11, 2016 at 16:19
  • OK thanks for this. Just another update - I added the non admin user into the 'Administrators' group and it now works. I'd rather not have to do this though! So it must definitely be a permissions issue. I only want non admins to have the ability to toggle devices status in device manager.
    – jonboy
    Commented Feb 11, 2016 at 16:48

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .