I like scripting.
Most of the users on my network do not have privileges to install software, so this affects how some of my scripts function.
I discovered that setting GPO to install applications with elevated privileges doesn't mean that the logon scripts also get processed the same way. This annoyed me, and I quickly found a solution.
Introduce CPAU, from http://www.joeware.net/. A neat little utility that takes the place of RUNAS, and very easy to use.
The following line encodes a file that will run logon.cmd using the credentials provided it.
\\mydc\netlogon\cpau.exe -u mydomain\UserWithPermissions -p UserWithPermissionsPassword -ex \\mydc\netlogon\logon.cmd -file \\mydc\netlogon\logon.txt -enc
The following line runs this file, which in turn fires logon.cmd with elevated priveledges.
\\mydc\netlogon\cpau.exe -hide -file \\mydc\netlogon\logon.txt -dec -lwp
It's important to note that you should use UNC, and if you need local access, use -lwp.
RTFM for more info on his site.
TIP: Place drive and print mapping duties to a script that runs under the users credentials, i.e., NOT using CPAU. From the site:
Another thing that confused people is security of network drives. When you spawn a process in another security context, you lose access to your current network drives. This is a security function Microsoft has been implementing. It wasn't the case in Windows NT and I know of no way to help you get it re-enabled because you can't. You should use UNC's as much as possible for connecting to remote file shares. See http://support.microsoft.com/kb/180362
PS: He has MANY other great tools available!