ViciousXUSMC Posted October 22, 2015 Share Posted October 22, 2015 Just curious, if you have a task that needs administrator rights to work but the user executing the script is only a user what kind of tricks/tips have we collectively gathered to make this happen?I know we have RunAs() this would work well except the part I do not like is its not to run the current script, its to run another program. Is there a creative way to have it self reference the script that contains it?We have a few other UDF's out there for like Run as System, Install as Service, but they are pretty old and complicated so seems like it may be prone to error on newer OS or in various environments.My ultimate goal would be being able to use a domain admin account but not have the credentials in plain text in the script (does not need to be super complicated, a simple regread() with one of our Crypt() functions would probably be more than enough in my case. So that I can have users run a script off the desktop or at startup to do tasks they would be blocked from due to user level permissions. Link to comment Share on other sites More sharing options...
AutoBert Posted October 22, 2015 Share Posted October 22, 2015 My ultimate goal would be being able to use a domain admin account but not have the credentials in plain text in the script (does not need to be super complicated, a simple regread() with one of our Crypt() functions would probably be more than enough in my case. So that I can have users run a script off the desktop or at startup to do tasks they would be blocked from due to user level permissions.Just make a smal Gui whith 2 Input's one for the Adminaccount and the other for the password, Link to comment Share on other sites More sharing options...
JohnOne Posted October 22, 2015 Share Posted October 22, 2015 Depends what your environment is.There will be many ways to tackle this. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
ViciousXUSMC Posted October 22, 2015 Author Share Posted October 22, 2015 (edited) @AutoBert that will not work the users are running the script and or the script will run at loginI need them to have admin privileges for limited tasks, they will never know the admin credentials, that is why RegRead() would be used to pull them down, and I can push that registry key via AD easily to change it as needed. Users also have no rights to open RegEdit or CMD so it would be very hard for them to find the key even if they knew it was there, and if they did it would still be encrypted My best idea for now is to push these kind of jobs in twos, one compiled .exe for the actual work, and another for the RunAs that will call the Admin Account to run.I would be interested in some of your ideas JohnOne.For the most part I can run anything as System because I have the Dell K1000 to push scripts and they run as System but for dynamic on the fly breakfix kind of stuff for these guys working Fire Trucks and Ambulances I want to give them the ability to self fix certain things that they do not have rights for. Edited October 22, 2015 by ViciousXUSMC Link to comment Share on other sites More sharing options...
AutoBert Posted October 23, 2015 Share Posted October 23, 2015 @AutoBert that will not work the users are running the script and or the script will run at loginMy best idea for now is to push these kind of jobs in twos, one compiled .exe for the actual work, and another for the RunAs that will call the Admin Account to run.Yes and so you must know a Password of an User with Adminprivileges. My best idea is to give the user's correct privileges, so they can do what they have to do or all this jobs must be done by a Admin Link to comment Share on other sites More sharing options...
JohnOne Posted October 23, 2015 Share Posted October 23, 2015 I would create a script that executes another script on admin PC and returns the data needed, or even just a request for the admin PC to execute the script.That way, no passwords ever touch user PC in script compiled or not. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now