/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


Script to grant admin and then remove it after a designated time

10/27/2016 1094 views
Hi, I'm new to all of this but have been asked by my manager to start to learn how to write config scripts for KACE. What I would like to write is a script I can run on any computer on the domain that will grant administrator permissions. But then wait and after a designated time, say 1.5 hours; remove admin from the same computer automatically. I would also like to be able to change this 'wait' time if necessary for longer tasks to say 4hours. Possibly I will need two scripts

Any help would be appreciated,

Thanks,

Marc
2 Comments   [ + ] Show comments

Comments

  • Yes, someone reminded me of the reboots. So if the script looks correct; I need to find a way for Kace to do the pausing and then run the remove script: http://www.itninja.com/blog/view/understanding-pipe-commands-to-enhance-your-scripts
  • @SMal.tmcc

    Yes that could work, but again 'm new to all of this, but I understand when you somefile.exe to represent the name of the file but near the end of the command you put ### what is that for?

All Answers

0
I am guessing you want to do this for the current logged in user?  To make anyone else or a group an admin just requires a GPO.

For the current logged in user we do this with 2 scripts.

One to grant and one to revoke.  It requires a reboot to make the change.

This is the shell script to add current user
wmic computersystem get username /format:list > C:\ProgramData\Dell\KACE\user\Cuser.txt

for /f "tokens=2 delims== skip=2" %%G in ('type C:\ProgramData\Dell\KACE\user\Cuser.txt') DO net localgroup administrators /add %%G

del C:\ProgramData\Dell\KACE\user\Cuser.txt /q

shutdown -r -t 10

This is the shell script to delete the current user

wmic computersystem get username /format:list > C:\ProgramData\Dell\KACE\user\Cuser.txt

for /f "tokens=2 delims== skip=2" %%G in ('type C:\ProgramData\Dell\KACE\user\Cuser.txt') DO net localgroup administrators /delete %%G

del C:\ProgramData\Dell\KACE\user\Cuser.txt /q

shutdown -r -t 10

Answered 10/27/2016 by: SMal.tmcc
Red Belt

  • Yes we already have scripts to run to both grant and the remove. The problem is; often we forget to go back and remove admin. What I'm trying to do is grant and then after a set time, remove. I intend to make two scripts that can be 'run now' under scripting; one that grants and then removes after 1.5 hours, the second one, grants and removes after 4 hours. The second one is to allow more time for the lengthy install of our software locally on the computer. The first one is only for small tasks like installing a printer driver or similar.

    Thanks for your input
  • Thanks for the above info. I I have a case script in place now that works to both add and then remove admin, unless the user reboots. Previously I mentioned that the second script will use ksleep (thanks for that; it was in one of your previous posts) to pause for 4 hours to allow the user to install our software. The problem is, this install requires several reboots; and any reboot between granting permissions and then removing them, breaks the combined scripts.
    • since you need to do reboots I suggest using schtasks.exe to create a scheduled task that will run the delete script as a batch file. https://msdn.microsoft.com/en-us/library/windows/desktop/bb736357(v=vs.85).aspx Create a one time task
      • Thanks again! Schtasks I put in after kesleep. It looks like there are a lot of switches to try and figure out what I need. I have a 'working script now that does what I want but I need a forced reboot after admin is granted then some wild card or whatever to make it continue where it left off
      • my shell script has a reboot in it, The best thing to do is poke the run once to run a batch file after the reboot to do anything you want after that to happen.

        reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v somename /d "C:\ProgramData\Dell\KACE\kbots_cache\packages\kbots\###\somefile.bat"

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ