Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Grant Users ADMIN Rights Automaticaly; Install SW/Run Scripts; Remove ADMIN Rights Automatically

Posted on 2000-03-15
7
Medium Priority
?
1,720 Views
Last Modified: 2013-12-28
I support over 200 NT Workstations and I'm looking for an Automated way for the users to Connect to an NT Server to access Softwars Install Pgms/Patches;  and then execute Software Installs/Patches.
Unfortunately, with NT they'll need ADMIN Rights (locally) to install the SW. Ideally, I'd like an automated way for them to: 1) be Granted ADMIN Rights (locally) 2) Execute the Install/Patches and 3) Revoke their ADMIN Rights (locally).
If MSUSRMGR.exe is a possible solution, what would be the proper Command Line syntax to execute these procedures in a Batch file (or VBScript?). If Windows Scripting Host is a possible solution, is there any sample code available to perform these operations?
0
Comment
Question by:BFU2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 2619914
Something like SMS or WinInstall is designed to do this.
They're far more secure.
This way, a service account (which has constant admin rights) does all the installs.
If users are given admin rights, for no matter how long, who knows what they'll get up to - don't go there !
0
 
LVL 5

Expert Comment

by:j_powers
ID: 2620172
SMS does not grant user rights. They only PUSH software as admins.

Do the users have to be logged on for the patches to be successful?
0
 
LVL 7

Expert Comment

by:frache
ID: 2620193

In my opinion there is a way with "system account", and scheduled job with AT command.

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:bdemarzo
ID: 2620221
In the NT Resource Kit, use the SU utility when running your packages. From the RK: "SU provides the ability to start a process running as an arbitrary user."  It takes a little setup and preparation but once in place it's a great way to run packages and other tools from a user's desktop as an Administrator (or other user account).
0
 

Author Comment

by:BFU2
ID: 2620227
I believe the answer would be "Yes" - they'd have to be logged on to the NT domain so they could access the SW Installation programs on the NT Server. Ideally, we were thinking:

1) User  logons to their workstation as usual.
2) They'd go to an NT Server to access a Batch File/ Script.
3) The Batch File / Script would Grant the User temporary ADMIN Rights (Locally) so they could install any software patches.
4) After all installs are done, the local ADMIN Rights would be taken away(via the Script!).

The company is trying to avoid the costs if buying additional programs (like Winstall).

We'd like to do something like what SuNT does but, with an inexpensive, built-in option - like Windows Scripting Host. We're also looking for a "streamlined" approach where multiple reboots are not required (LOL).
0
 
LVL 4

Accepted Solution

by:
wlaarhov earned 160 total points
ID: 2624885
What I did for a customer was create a service on each workstation with instsrv and srvany from the NT reskit.
This service runs under an account that has local admin rights, and thus can install any software package.
The script that the service starts can be maintained central (one script for all users) and because the service is set to automatic startup the installation starts even before the user can logon to the workstation.
What you can and cannot do: (if you don't want to spend money on SMS)
- you can install any software, as long as no GUI interaction is required
- in most cases you cannot prevent a reboot in the case a manual installation (of the software)requires one, supressing a reboot can leave a system unstable.
- you 100% sure want to use winstall or wise install (i use the last one very often), sysdiff can do something for you, but doesn't see every change to a system, and cannot install services.
- you cannot make changes to the user environment direct, what I do in such a case is split the installation in 2 sections (where the Current_user settings are a different file) and run the user section from the login script.

I use these methods with success for the last 3 years with 2 of my customers, with a large number of connected workstations. (2000 for one customer and 500 for the other spread around 14 countries in europe).

Greetings
Wim
0
 
LVL 5

Expert Comment

by:carmine
ID: 2636113
The above suggestions are good.

Just remember if you try the method you outlined, that if you assign admin rights to the users account, the user will have to logoff/on for these rights to take effect.  Also when removing the rights from the account the user would have to logoff/on again for this to take to take effect.

Mark
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question