[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 516
  • Last Modified:

need a user to be able to run only one program as admin and to always be run as admin without giving them rights

Hi all,

i need a program on a users desktop to be always run as admin, but i dont want them to have rights, is there anythign i can do to make that program always run as admin for them?

or give them rights to run only that program as admin?

im running server 2008 r2 on windows 7 machines if that helps

Thanks
0
awilderbeast
Asked:
awilderbeast
  • 7
  • 6
  • 2
  • +1
1 Solution
 
Chris DentPowerShell DeveloperCommented:

In theory.

Set up a scheduled task for the program, set that to run with the highest privileges. Then give the user a shortcut to execute the scheduled task.

Chris
0
 
awilderbeastAuthor Commented:
hoping for a simpler solution but ill go for that and do it now

Cheers
0
 
Chris DentPowerShell DeveloperCommented:

It may well be as simple as you'll get. Presumably you want to execute this without giving them an admin account.

The alternative is that you re-configure whatever rights the system requires so it no longer needs to run as Administrator.

Chris
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
awilderbeastAuthor Commented:
how do i give them a shortcut to the task?

ive created the task on the local computer account then went into c:\win\sys32 then created shortcut to my named task on teh desktop then when i run it asks to be open with a program, am i dong somethign wrong?

Thanks
0
 
Chris DentPowerShell DeveloperCommented:
Try:

schtasks /run /tn "Whatever Task"

If that works, you could create a short-cut that executes that command.

Chris
0
 
RamiasOHGCommented:
Right-click the icon that you use to run the program, and then click Run as administrator.
When you are prompted for an administrator password or for a confirmation, type the administrator password, or click Continue. \\ worked for me.
0
 
Chris DentPowerShell DeveloperCommented:

That kind of conflicts with "but i dont want them to have rights". If they have the administrative username and password they can do as they please.

Chris
0
 
RamiasOHGCommented:
ah.  sorry.  early morning.  can you set it up by right clicking file, properties, shortcut, advanced, and check run as administrator and it do what you want?
0
 
JBond2010Commented:
I'm guessing the user profile on the Windows 7 machine does not have administrative rights for installing programs. So, you could install the program using the administrator profile and then the user will have access to the program.
0
 
awilderbeastAuthor Commented:
@ramiasOHG i think your barking up the wrong tree completely here, where tryign to make an automated task so i dont have to go to a computer and run it as admin everytime the user wants to use it

@Chris i think the command works but im having trouble creating my task, ive set the action to run the program, general is set to run as me with highest privilges,but when i run the task nothign happens, do i need to create a trigger? and what trigger does it need to be?

Thanks
Alex
0
 
Chris DentPowerShell DeveloperCommented:

This is what we're striving for:

http://huddledmasses.org/vista-setuid-how-to-elevate-without-prompting/

It may not be right, because it may still be too reliant on the rights of the current account. That is, if we start it with another account it's quite likely to will run in that accounts session, not the current users session.

Chris
0
 
awilderbeastAuthor Commented:
ok i cant be doing something right, i have my screens exactly like the ones in that article, i did before i even read that article

ive even created a test task on my pc to just run cmd

when i press run, it fails, whats missing from making it work?

when i look at histroy too it says its running, but theres no command prompt anywhere to be seen :S
task-1.PNG
task1a.PNG
task-2.PNG
task-2a.PNG
task-3.PNG
0
 
Chris DentPowerShell DeveloperCommented:

Hmm looks like this isn't going to work out.

There are alternatives, you might consider grabbing CPAU, that should let you create an encrypted file with an administrator level password in it. Letting you run the command without handing out that password.

I guess modifying permissions so the program does not need admin rights is out of the question?

Chris
0
 
awilderbeastAuthor Commented:
ok i got CPAU and have the followign command

\\domain.local\share\IT\CPAU -u DOMAIN\MyName -p Password -ex cmd.exe

and that works and brings up cmd but it didnt look like it was brung up as admin also i have to put my password in there, if i put it in a bat file all someone would have to do is edit the bat file to see the password?

how do i create an encrypted file was admin password in it?

could you show me an example of how to use it?
0
 
awilderbeastAuthor Commented:
ok ive created the job file but i dont know how to run it now
0
 
awilderbeastAuthor Commented:
figured it out, thanks chris
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 7
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now