I have to run two vbscripts using wise script. the first vbscript should run with user rights and the second one with admin rights. I am deploying this via SCCM.

How to write a script to use "run as" command in wise? when I can enter domain/username and password?

I am using wise package studio 7

 

5 Comments   [ + ] Show Comments

Comments

  • Your best bet is to invoke psexec.exe through the wise script with the apt parameters.
  • The challange is I have to deploy this as a EXE file to 50K + user machines. After deployment I need to get the status report. psexec.exe will not help me in this case. can we perform this via a script or WISE? Please help
  • - If you're using SCCM, why not just run the VBSes as they are, via Task Sequence? You can set one to run in user context and the other in admin.
    - How are you gathering status reports?
  • I think mose of you know this. but there is a program called .net Bootstrapper where you can create an executable for both VBscripts. And the second part of it deploying it through SCCM means u already have the admin privileges. It works like charm to me everytime.
  • If you have all Windows 7 computers, why not use Run Advertised Programs with vbscripts converted to exes or a WISE script that will utilize the system account to add the user temporarily? Retrieve the user account by running two programs chained together. The first would be in user context to store the domain\user id, the second system context to grab the domain\userid (from the hidden file used to store the domain\userid) and add the user. Add a countdown with an agreed upon time, say, like an hour, then remove the user from the administrators group. This method will invoke the UAC prompt and the user can use their login to move forward with administrative privileges until the time is up and they are removed from the group. You also may want to limit the number of times a day in which you can run this program by logging each run with username-time-date in another hidden file or the registry that can be read each time the program is run to limit abuse of the program. Perform the appropriate cleanup so the end users will not easily be able to figure out the program by "crumbs" left on the system. Ensure that a GPO is applying the appropriate Local Administrator group memberships as a safety net so the user will be removed. One caveat. If the user is installing software and is prompted for a restart, there will need to be an immediate cleanup before the computer is restarted with the user account remaining in the local administrators group. This can possibly be done with a scheduled task to trigger when a disconnection to the user's(User the started the program in RAP) session occurs.

    On the other hand, BeyondTrust makes an excellent product. ;)

    -Bob
Please log in to comment

There are no answers at this time

Answers

Answer this question or Comment on this question for clarity