BFU2
asked on
Grant Users ADMIN Rights Automaticaly; Install SW/Run Scripts; Remove ADMIN Rights Automatically
I support over 200 NT Workstations and I'm looking for an Automated way for the users to Connect to an NT Server to access Softwars Install Pgms/Patches; and then execute Software Installs/Patches.
Unfortunately, with NT they'll need ADMIN Rights (locally) to install the SW. Ideally, I'd like an automated way for them to: 1) be Granted ADMIN Rights (locally) 2) Execute the Install/Patches and 3) Revoke their ADMIN Rights (locally).
If MSUSRMGR.exe is a possible solution, what would be the proper Command Line syntax to execute these procedures in a Batch file (or VBScript?). If Windows Scripting Host is a possible solution, is there any sample code available to perform these operations?
Unfortunately, with NT they'll need ADMIN Rights (locally) to install the SW. Ideally, I'd like an automated way for them to: 1) be Granted ADMIN Rights (locally) 2) Execute the Install/Patches and 3) Revoke their ADMIN Rights (locally).
If MSUSRMGR.exe is a possible solution, what would be the proper Command Line syntax to execute these procedures in a Batch file (or VBScript?). If Windows Scripting Host is a possible solution, is there any sample code available to perform these operations?
SMS does not grant user rights. They only PUSH software as admins.
Do the users have to be logged on for the patches to be successful?
Do the users have to be logged on for the patches to be successful?
In my opinion there is a way with "system account", and scheduled job with AT command.
In the NT Resource Kit, use the SU utility when running your packages. From the RK: "SU provides the ability to start a process running as an arbitrary user." It takes a little setup and preparation but once in place it's a great way to run packages and other tools from a user's desktop as an Administrator (or other user account).
ASKER
I believe the answer would be "Yes" - they'd have to be logged on to the NT domain so they could access the SW Installation programs on the NT Server. Ideally, we were thinking:
1) User logons to their workstation as usual.
2) They'd go to an NT Server to access a Batch File/ Script.
3) The Batch File / Script would Grant the User temporary ADMIN Rights (Locally) so they could install any software patches.
4) After all installs are done, the local ADMIN Rights would be taken away(via the Script!).
The company is trying to avoid the costs if buying additional programs (like Winstall).
We'd like to do something like what SuNT does but, with an inexpensive, built-in option - like Windows Scripting Host. We're also looking for a "streamlined" approach where multiple reboots are not required (LOL).
1) User logons to their workstation as usual.
2) They'd go to an NT Server to access a Batch File/ Script.
3) The Batch File / Script would Grant the User temporary ADMIN Rights (Locally) so they could install any software patches.
4) After all installs are done, the local ADMIN Rights would be taken away(via the Script!).
The company is trying to avoid the costs if buying additional programs (like Winstall).
We'd like to do something like what SuNT does but, with an inexpensive, built-in option - like Windows Scripting Host. We're also looking for a "streamlined" approach where multiple reboots are not required (LOL).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The above suggestions are good.
Just remember if you try the method you outlined, that if you assign admin rights to the users account, the user will have to logoff/on for these rights to take effect. Also when removing the rights from the account the user would have to logoff/on again for this to take to take effect.
Mark
Just remember if you try the method you outlined, that if you assign admin rights to the users account, the user will have to logoff/on for these rights to take effect. Also when removing the rights from the account the user would have to logoff/on again for this to take to take effect.
Mark
They're far more secure.
This way, a service account (which has constant admin rights) does all the installs.
If users are given admin rights, for no matter how long, who knows what they'll get up to - don't go there !