We use a Bomgar Remote Support Appliance, which has the nifty feature of having a back end command shell that can be used from the SysAdmin/HelpDesk side and not show up on the User's desktop.

The problem with this is that it runs as the Local System Account.

What I need to do is give our SysAdmin/HelpDesk the ability to run commands such as Net Use to temporarily map drives using Admin credentials to access shares that contain IT files/folders/docs etc. that the normal user credentials would not have access to.

Is their a way to run a script that would basically have the Local System Account impersonate and Admin Account to run the needed commands?

This might not be a great explanation of what I'm trying to accomplish, but maybe it's a start.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Hi...

Don't know your support app, but maybe you could use PsExec from PsTools?! Is more or less the same, but I believe you can RunAs any account in this tool, but I'm not sure..

http://technet.microsoft.com/en-us/sysinternals/bb896649

Cheers
Bo Urskov
Answered 07/13/2011 by: bourskov
Senior Yellow Belt

Please log in to comment
0
I came across a similar problem a few days ago and this was my solution:
On the server which has the folder shared we've created a new user account which has the needed permissions to the share.
In my script i've connected the network share with the net use /user:useraccount@servername PASSWORD
It wouldn't be a good idea to have those account data in clear text in a script so I've created a vb.net exe which runs the net use command. This .exe is then called in the script.

I hope it is relatively clear what i mean.
Answered 07/14/2011 by: Teitan
Senior Purple Belt

Please log in to comment
Answer this question or Comment on this question for clarity