I have a VBscript that runs the Quest Client Profile Updating Utility for migrating Outlook e-mail profiles to a new Exchange Server. For this tool to work it must be run using the User's security context when the user is logged onto the computer. What I have found is that the script fails to run because SCCM is running the script with elevated privileges. The program is set with 'Only when a user is logged on' and a run mode of 'Run with user's rights'. The advertisement is set to run from a distribution point and has two mandatory re-occuring schedules (Logon, and at 6:00 a.m. every day).
To test what is happening I created a separate Program that has the same program settings but only runs 'Cmd.exe /k echo' for the command line. If I run this SCCM program as a user who is not a member of the local administrators group I can execute privileged programs like regedit.exe. If I run the Command Prompt from the Start\Accessories folder and try to run Regedit I receive an 'Access denied' message. It appears SCCM is running with elevated privileges.
Does SCCM run a program with elevated privileges? How can I make a program run without elevated privileges.
thank you for your help.