/build/static/layout/Breadcrumb_cap_w.png

Running the application with the Domain Admin account

I have an application which is accessing the database from the Network location and the application users will have the access to the Network location. But when i try to install it manually it is working fine and installed successfully. When i try to deploy it using Matrix tool the installation is failed with an Error 1317. And it says that Could not able to access with the network location. This is because permission has given to my ID to install so only the application is installing and able to access the database while installing. So can we have any script to run an exe with the Domain Admin account. I mean to say when we push the application to users it should run with the Domain Admin Account. can we have some Batch script for this scenario.

Thanks in Advance.
Asked 9 years ago 1736 views
2 Comments   [ + ] Show comments
  • Hi VBScab,

    Thanks for the reply.

    So do i need to create another Administrator account which can only handle the installation and also able to access the Q drive. I that is the case then can you please post the comand how to run an exe using RUNAS Command

    Thanks in Advance - hispeed 9 years ago
  • Thinking outside the box, how about using a batch file to run SUBST to create a local Q drive mapping to a local folder, and then copy a minimalist database file into this location. Then run the install which should now see the database and complete. Finally, delete the local DB file and clear the SUBST command. No security issues. - EdT 9 years ago

Answers (7)

Posted by: anonymous_9363 9 years ago
Red Belt
1
Use the 'RunAs' command.

In your position, I'd set up a domain account whose sole purpose is to install this application and restrict its privileges accordingly. That way, if its credentials were to "leak" somehow, it would be useless for any other purpose.

Once that's done, you can begin educating the brain-dead vendor in how to deploy enterprise-level software.
Posted by: anonymous_9363 9 years ago
Red Belt
0
>Please Suggest
How about PSExec? It's designed for remote execution of programs but is perfectly happy to run locally, it's free and the license allows commercial use.
Posted by: anonymous_9363 9 years ago
Red Belt
0

>I have tried with the below command line but didn't work
Just think - for just a nanosecond - about how PSExec is going to handle the command line you've entered.

If you're still struggling after that thought, type 'PSEXEC /?' and all will be revealed.

Posted by: EdT 9 years ago
Red Belt
0
Just thinking outside the box, would it be possible to use "subst" to create a local Q drive and just copy a minimalist database file to the faked Q drive just prior to installation, then clean up after the install is complete?  This presents no security issues and should be easy to implement with a batch file.
Posted by: EdT 9 years ago
Red Belt
0
Just thinking outside the box, would it be possible to use "subst" to create a local Q drive and just copy a minimalist database file to the faked Q drive just prior to installation, then clean up after the install is complete?  This presents no security issues and should be easy to implement with a batch file.
Posted by: hispeed 9 years ago
Orange Senior Belt
0
Hi VBScab,
 
Thanks for the reply. 

So do i need to create another Administrator account which can only handle the installation and also able to access the Q drive. If that is the case then can you please post the comand how to run an exe using RUNAS Command using username and password 

Thanks in Advance
Posted by: anonymous_9363 9 years ago
Red Belt
0

My apologies. Forget RunAs - it's a command line tool which will prompt for a password. It may be possible to pass the password to it using a pipe but, given the initial question, I think that's a step too far for you. 

The main point is that you should use an explicit account for installing from your tool. I know nothing about Matrix: I've not even heard of it or seen it mentioned anywhere. If it can't be set up to run commands using alternative credentials, then you need to consider an alternative route. Bear in mind that that account will also need to be granted access to the database. Hopefully, such access can be organised through AD group membership, as hard-coded database user IDs are a nightmare to administer.

Posted by:

hispeed Orange Senior Belt
Ninja since: 11 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Scripting Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ