Ahh yes, remotely executing something that requires administrative
priviledges...don't bet on accomplishing that with login scripts.

Just today I was poised with a similar and critical dilemna. We
detected a worm that entered our network. Even though it involved just
one known machine, we decided to take proactive action anyway and
execute the cleanup tool from Symantec. Much to the software
administrator's dismay, it required administrative rights on the
machines, so he could not drop it into a startup/login script and be
done with it (that is, without exposing the administrator
password...bad dog, bad, you should never do that!).

You will probably discover as well that remote execution of whatever
involving 3 hosts (i.e. the file to be executed sits on a share, you
will be unable to execute it even with administrative priviledges since
doing so will require delegation). At least, that was the case when I
was working on it with WMI and had to work around it by copying the
file to the target machine first.

Here's some hints that may prove helpful:

Enumerate the target computers in Active Directory or generate a list.

Copy the executable to the machine by some means from a server logged
in as administrator using the list
Execute it using WMI.

Of course, doing it this way means that all machines will have to
already be on as a prerequisite. I suppose that one could use a magic
packet and use WOL before doing this.

Here are snippets of code that may help (vbScript):

Enumerating Computers from Active Directory (adapted from Windows
Script Center):

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://" & strOU & strDomain & "' " _
& "where objectClass='computer'"
objCommand.Properties("Page Size") = MAX_PCS
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
On Error Resume Next
Set objRecordSet = objCommand.Execute
if Err.Number <> 0
' put your error handling here
end if


dim index
dim AD_Computer()
redim AD_Computer(MAX_PCS)

Do Until objRecordSet.EOF
AD_Computer(index) = objRecordSet.Fields("Name").Value

where MAXPCS is equal to or greater than the number of computers you
wish to enumerate, strDomain is your domain in LDAP format
("DC=some,DC=domain,DC=com" for some.domain.com), strOU is the OU you
wish to enumerate (leave it blank to enumerate the entire directory,
and use LDAP convention here too, "OU=some_sub_OU,OU=someOU", and
AD_Computer is the array that will hold all of the computer names.

Copying a file:

Set oExec = WshShell.Exec("cmd /C copy " & strPath & strFile & " \\" &
strName & "\C$\" & strPath)

where strPath is the path to the file, File is the filename, strName is
the name of the target computer, and strPath is the target destination.

This assumes that you have administrative shares enabled on the
machines and that Win2K/XP is installed on C
(they are by default).

Executing it:

Set objWMIService = GetObject("winmgmts:\\" & strName &
On Error Resume Next
Error = objWMIService.Create(Remote_Command, null, null, intProcessID)
If Err.Number = 0 Then
' Success, do whatever you need to here
' Failure, perhaps logging it would be a good idea

End If

where Remote_Command is the path and file with commandline options that
you wish to execute.