Pass encrypted administrator details in batch file
Hi all,
I need to let people install software in our corporate environment (by clicking a SharePoint webpage link) who may not be administrators. I was wondering what the best way was to do this. Can I pass domain level admin details in a script? If so, how do I encrypt this so users don't see what they are. Any help or other suggestions are much appreciated.
Hoodathunkut
Answers (4)
you could try using a scripting framework like AutoIT that allows you to compile into exe
This will allow you to shield the login data from your users.
Comments:
-
I use this method when KACE and AD are not an option. - RandomITPro 12 years ago
Comments:
-
We are currently looking at KACE but that will be sometime away. - hoodathunkut 12 years ago
You could also put it into a VBS script and use Microsoft script encoder to hide the details. http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Microsoft-Script-Encoder.shtml
Comments:
-
these kinds of scripts are not hard to decode back to human-readable form though. - pjgeutjens 12 years ago
Not recommended but if you want to batch it you can do this: (you will need to run as script since it takes an admin/system to make someone an admin)
make them an admin
1. net localgroup administrator /add domain\%UserName%
(not sure if it would be immediate or you need to force a logoff)
2. run the install start /wait msiexec /i
or if you have to make them logoff
2a. poke the current users runonce
start /wait reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v installsoftware /d \\server\share\install.bat
shutdown /l /f (forces logoff)
In the install.bat put the install as 1st line, net localgroup administrator /delete domain\%UserName% as the 2nd line and shutdown /l /f as the 3rd line.
3. if the rights change are immediate you would need
start /wait net localgroup administrator /delete tmccadmn\%UserName%
You will need to test if the group addition/deletion change take effect immediatly or after logoff
