We use a Bomgar Remote Support Appliance, which has the nifty feature of having a back end command shell that can be used from the SysAdmin/HelpDesk side and not show up on the User's desktop.

The problem with this is that it runs as the Local System Account.

What I need to do is give our SysAdmin/HelpDesk the ability to run commands such as Net Use to temporarily map drives using Admin credentials to access shares that contain IT files/folders/docs etc. that the normal user credentials would not have access to.

Is their a way to run a script that would basically have the Local System Account impersonate and Admin Account to run the needed commands?

This might not be a great explanation of what I'm trying to accomplish, but maybe it's a start.
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity



Don't know your support app, but maybe you could use PsExec from PsTools?! Is more or less the same, but I believe you can RunAs any account in this tool, but I'm not sure..


Bo Urskov
Answered 07/13/2011 by: bourskov
Senior Yellow Belt

Please log in to comment
I came across a similar problem a few days ago and this was my solution:
On the server which has the folder shared we've created a new user account which has the needed permissions to the share.
In my script i've connected the network share with the net use /user:useraccount@servername PASSWORD
It wouldn't be a good idea to have those account data in clear text in a script so I've created a vb.net exe which runs the net use command. This .exe is then called in the script.

I hope it is relatively clear what i mean.
Answered 07/14/2011 by: Teitan
Senior Purple Belt

Please log in to comment