Hi all,

I need to let people install software in our corporate environment (by clicking a SharePoint webpage link) who may not be administrators.  I was wondering what the best way was to do this.  Can I pass domain level admin details in a script?  If so, how do I encrypt this so users don't see what they are.  Any help or other suggestions are much appreciated.

Hoodathunkut

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

5

you could try using a scripting framework like AutoIT that allows you to compile into exe

This will allow you to shield the login data from your users.

Answered 08/16/2012 by: pjgeutjens
Red Belt

  • I use this method when KACE and AD are not an option.
Please log in to comment

Answers

3

You can also setup the kace 1000 user portal.

http://www.kace.com/solutions/systems-deployment.aspx

Answered 08/16/2012 by: SMal.tmcc
Red Belt

  • We are currently looking at KACE but that will be sometime away.
Please log in to comment
2

You could also put it into a VBS script and use Microsoft script encoder to hide the details. http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Microsoft-Script-Encoder.shtml

Answered 08/16/2012 by: alphabeta
Third Degree Brown Belt

  • these kinds of scripts are not hard to decode back to human-readable form though.
Please log in to comment
2

Not recommended but if you want to batch it you can do this: (you will need to run as script since it takes an admin/system to make someone an admin)

make them an admin

1. net localgroup administrator /add domain\%UserName%

(not sure if it would be immediate or you need to force a logoff)

2. run the install start /wait msiexec /i

or if you have to make them logoff

2a. poke the current users runonce

start /wait reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v installsoftware /d \\server\share\install.bat

shutdown /l /f (forces logoff)

In the install.bat put the  install as 1st line, net localgroup administrator /delete domain\%UserName% as the 2nd line and shutdown /l /f as the 3rd line.

3. if the rights change are immediate you would need

start /wait net localgroup administrator /delete tmccadmn\%UserName%

You will need to test if the group addition/deletion change take effect immediatly or after logoff

Answered 08/16/2012 by: SMal.tmcc
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja

Share