Hi all,

I need to let people install software in our corporate environment (by clicking a SharePoint webpage link) who may not be administrators.  I was wondering what the best way was to do this.  Can I pass domain level admin details in a script?  If so, how do I encrypt this so users don't see what they are.  Any help or other suggestions are much appreciated.


0 Comments   [ + ] Show comments


Community Chosen Answer


you could try using a scripting framework like AutoIT that allows you to compile into exe

This will allow you to shield the login data from your users.

Answered 08/16/2012 by: pjgeutjens
Red Belt

  • I use this method when KACE and AD are not an option.

All Answers


You can also setup the kace 1000 user portal.


Answered 08/16/2012 by: SMal.tmcc
Red Belt

  • We are currently looking at KACE but that will be sometime away.

You could also put it into a VBS script and use Microsoft script encoder to hide the details. http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Microsoft-Script-Encoder.shtml

Answered 08/16/2012 by: alphabeta
Fifth Degree Brown Belt

  • these kinds of scripts are not hard to decode back to human-readable form though.

Not recommended but if you want to batch it you can do this: (you will need to run as script since it takes an admin/system to make someone an admin)

make them an admin

1. net localgroup administrator /add domain\%UserName%

(not sure if it would be immediate or you need to force a logoff)

2. run the install start /wait msiexec /i

or if you have to make them logoff

2a. poke the current users runonce

start /wait reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v installsoftware /d \\server\share\install.bat

shutdown /l /f (forces logoff)

In the install.bat put the  install as 1st line, net localgroup administrator /delete domain\%UserName% as the 2nd line and shutdown /l /f as the 3rd line.

3. if the rights change are immediate you would need

start /wait net localgroup administrator /delete tmccadmn\%UserName%

You will need to test if the group addition/deletion change take effect immediatly or after logoff

Answered 08/16/2012 by: SMal.tmcc
Red Belt