/build/static/layout/Breadcrumb_cap_w.png

Pass encrypted administrator details in batch file

Hi all,

I need to let people install software in our corporate environment (by clicking a SharePoint webpage link) who may not be administrators.  I was wondering what the best way was to do this.  Can I pass domain level admin details in a script?  If so, how do I encrypt this so users don't see what they are.  Any help or other suggestions are much appreciated.

Hoodathunkut


0 Comments   [ + ] Show comments

Answers (4)

Posted by: pjgeutjens 11 years ago
Red Belt
5

you could try using a scripting framework like AutoIT that allows you to compile into exe

This will allow you to shield the login data from your users.


Comments:
  • I use this method when KACE and AD are not an option. - RandomITPro 11 years ago
Posted by: SMal.tmcc 11 years ago
Red Belt
3

You can also setup the kace 1000 user portal.

http://www.kace.com/solutions/systems-deployment.aspx


Comments:
  • We are currently looking at KACE but that will be sometime away. - hoodathunkut 11 years ago
Posted by: alphabeta 11 years ago
Black Belt
2

You could also put it into a VBS script and use Microsoft script encoder to hide the details. http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Microsoft-Script-Encoder.shtml


Comments:
  • these kinds of scripts are not hard to decode back to human-readable form though. - pjgeutjens 11 years ago
Posted by: SMal.tmcc 11 years ago
Red Belt
2

Not recommended but if you want to batch it you can do this: (you will need to run as script since it takes an admin/system to make someone an admin)

make them an admin

1. net localgroup administrator /add domain\%UserName%

(not sure if it would be immediate or you need to force a logoff)

2. run the install start /wait msiexec /i

or if you have to make them logoff

2a. poke the current users runonce

start /wait reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v installsoftware /d \\server\share\install.bat

shutdown /l /f (forces logoff)

In the install.bat put the  install as 1st line, net localgroup administrator /delete domain\%UserName% as the 2nd line and shutdown /l /f as the 3rd line.

3. if the rights change are immediate you would need

start /wait net localgroup administrator /delete tmccadmn\%UserName%

You will need to test if the group addition/deletion change take effect immediatly or after logoff

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ