/bundles/itninjaweb/img/Breadcrumb_cap_w.png

Hi all,

I need to let people install software in our corporate environment (by clicking a SharePoint webpage link) who may not be administrators.  I was wondering what the best way was to do this.  Can I pass domain level admin details in a script?  If so, how do I encrypt this so users don't see what they are.  Any help or other suggestions are much appreciated.

Hoodathunkut

0 Comments   [ - ] Hide Comments

Comments

Please log in to comment

Community Chosen Answer


Answers

5

you could try using a scripting framework like AutoIT that allows you to compile into exe

This will allow you to shield the login data from your users.

Answered 08/16/2012 by: pjgeutjens
Red Belt

  • I use this method when KACE and AD are not an option.
Please log in to comment
Answer this question or Comment on this question for clarity

Answers

3

You can also setup the kace 1000 user portal.

http://www.kace.com/solutions/systems-deployment.aspx

Answered 08/16/2012 by: SMal.tmcc
Red Belt

  • We are currently looking at KACE but that will be sometime away.
Please log in to comment
2

You could also put it into a VBS script and use Microsoft script encoder to hide the details. http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Microsoft-Script-Encoder.shtml

Answered 08/16/2012 by: alphabeta
Fifth Degree Brown Belt

  • these kinds of scripts are not hard to decode back to human-readable form though.
Please log in to comment
2

Not recommended but if you want to batch it you can do this: (you will need to run as script since it takes an admin/system to make someone an admin)

make them an admin

1. net localgroup administrator /add domain\%UserName%

(not sure if it would be immediate or you need to force a logoff)

2. run the install start /wait msiexec /i

or if you have to make them logoff

2a. poke the current users runonce

start /wait reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v installsoftware /d \\server\share\install.bat

shutdown /l /f (forces logoff)

In the install.bat put the  install as 1st line, net localgroup administrator /delete domain\%UserName% as the 2nd line and shutdown /l /f as the 3rd line.

3. if the rights change are immediate you would need

start /wait net localgroup administrator /delete tmccadmn\%UserName%

You will need to test if the group addition/deletion change take effect immediatly or after logoff

Answered 08/16/2012 by: SMal.tmcc
Red Belt

Please log in to comment
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja

Share