Win 7 logon script workaround

[Henners2099]

Due to a crazy sysadmin, we need to stop the network knowing we are connected by blocking certain logon scripts.We then want to create a boot memory stick to run the file as soon as its put into the computer.
The system is a .net framework if that helps at all.​

 

[Lexluethar]

You would have to log into the PC locally with a local account. The only way to bypass a logon script that is pushed through active directory would be to disassociate the PC from the domain and log in locally.

You can't tell the logon scripts to just not run on that PC from that machine, it would be like telling it to partially authenticate with the domain but not fully. Only the administrator would be able to disable the logon scripts and that would have to be done from the domain controller.

Or just log in locally.

 

[Henners2099]

Im pretty sure it could be done, but am unsure of the precise method. I do not wish to disassociate the PC from the domain just simply stop some of the logon scripts outgoing connections.

Maybe this could be done by stoppping the script through cmd?

 

[Lexluethar]

You can't access the CMD unless you are logged in - once you are logged in the script has already run. Realize that once the PC / User authenticates with the domain the very first thing that is run is the logon scripts which are physically stored on the server itself.

Even if you booted to something like a USB you still couldn't stop the script because it's PUSHED from the server. Talk to the admin.

 

[Henners2099]

I dont have to block the script from running, i know thats practically impossible, instead i just want it to be blocked at any point in time, the memory stick is simply to make access a lot easier if i use it regularly.

 

[Lexluethar]

Explain to me how you can block something at any point in time if as you said it is practically impossible?

It can't be done - otherwise there would be thousands of PC's at risk because you could easily bypass logon scripts from running in an Domain environment running microsoft ADDS. Logon scripts run tons of things from security patches, software updates to general active directory commands.

Something tells me they've thought of this before you and have circumvented it at one point or another.

 

[KSoD]

Due to a crazy sysadmin, we need to stop the network knowing we are connected by blocking certain logon scripts.We then want to create a boot memory stick to run the file as soon as its put into the computer.
The system is a .net framework if that helps at all.​

The underlined word says it all. This is a work domain and they have every right to control what they want, when they want. As per the very rules of this site:

Tech-Forums is here for informative purposes only. We are not here to help bypass, or otherwise negate, security or any other measures put in place by a Employer, School or Parent.

We will not help you get around your SysAdmin knowing what you are doing on their network. If they want to know who is connected to their network at all times, that is their right being the Administrators of that network. Stop trying to do something that you are not supposed to be doing. If they wanted this option to be available, it would be. Since it is not available, that means they dont want people to be able to stop the script from operating. Their network, their rules.

Topic Closed.