0

We have a need for a GPO to store admin scripts locally on Windows workstations (7 and above), and I was wondering if Microsoft has any recommendations or if you have any experience or thoughts on which path would be most suitable to store such scripts? I have searched the net for a recommendation but have been unsuccessful so far.

I realize that this might be a bit unusual, but it is for managing wireless connections on laptops before users log on hence the need to store the scripts locally.

Edit (additional info from comments): Creating a C:\scripts and creating a new folder in C:\users were both proposed and rejected. Creating a folder inside C:\users\public was not outright rejected, but does not seem ideal. The essence of my question is where does it make the most sense to store these script files?

optic
  • 121
  • 1
  • 2
  • 11
  • It's your choice, on my side I use c:\script (folder manualy created) – yagmoth555 Jan 28 '16 at 16:51
  • Thanks, yagmoth555. That was one of the proposed solutions, but I understand that some admins on campus (we have a decentralized IT structure) did not like that. Some people proposed creating a folder in c:\users, but I didn't like that either. – optic Jan 28 '16 at 16:54
  • In c:\users is not a good choice (unless in the public/all user profile), as It's a computer gpo ou want to do, thus can run under any useraccount. C:\windows in worst case if the idea of creating a folder afraid them. (or in %programfiles%\UnivercityNAME, that would look cute to have a folder, in case you deploy other tool for the students/teachers) – yagmoth555 Jan 28 '16 at 17:22
  • Thanks again. Agreed that public user profile would be the least bad option in the users folder. I like the idea of %programfiles% though! – optic Jan 28 '16 at 17:34
  • @yagmoth555 please suggest the folder in %programfiles% as an answer as well, if you'd like. I'm going to give it a day or two and then pick the best answer. Thanks! – optic Jan 28 '16 at 18:29

3 Answers3

0

In practice make a hidden folder off of C:\ called C:\$admin.000

I am not aware of a way to restrict the access such that the user would be able to run the scripts located therein, but not be able to read them, or list the contents of the folder. Of course, in *nix, that is a non-issue.

User4.159
  • 1
  • 1
  • As I read the question, the idea is more, does Microsoft suggest a placeholder for such script, as their admin does not want to guess a location. – yagmoth555 Jan 28 '16 at 17:27
  • Yes, if there is any existing suggestion/guideline from Microsoft would be ideal, but real world experience is also helpful. In essence, where does it make the most sense to put these files? – optic Jan 28 '16 at 17:44
0

There is no standard or recommendation. Whatever you choose, you probably want to consider the following:

  • easy to remember
  • documented
  • backed up
  • possibly added to a PATH env var.
gWaldo
  • 11,957
  • 8
  • 42
  • 69
  • Thank you for providing some confirmation that there is no standard or recommendation, and for the additional considerations! – optic Jan 28 '16 at 17:55
  • If this was helpful to you, please consider upvoting and marking as the answer. – gWaldo Jan 28 '16 at 18:21
  • It was helpful and I had already upvoted (it's not visible yet because I don't have 15 reputation yet). I'm just going to give it a day or two to see if there are any other possible answers before I choose one as the best answer. Thanks! – optic Jan 28 '16 at 18:27
0

There is no per-defined location, but as your admin does not want a created path on the c:, like c:\script I suggest using %programfiles%\UnivercityNAME, that way if someday you deploy new application or script, it's a location easy to give to your user to execute them.

As talked I don't recommend in the user profile, as it's a policy to be run on as a computer script.

A list of good documented variable exist there: https://technet.microsoft.com/en-ca/library/cc749104%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • 1
    All the answers were very helpful, but I think that this one may be the most suitable for our use. Thank you! – optic Jan 29 '16 at 23:11