Novell Home

Granting Temporary Administrative Rights to Users

Novell Cool Solutions: Tip
By Paul de Yturralde

Digg This - Slashdot This

Posted: 20 Aug 2003
 

Running NAL applications as ?Secure System User? or ?Unsecure System User? can sometimes fail if the application involves scripting where one application executes another application. I have come up with a workaround to grant temporary Administrative rights to users in order to install these applications, or you could use portions of this solution to simply add a user to the Administrators group.

The process involves running the following types of NAL applications in the order given. (Tested with ZFD 3.2)

NAL Application 1: Add logged-in user to Administrators group by issuing a "net localgroup administrators /add %USERNAME%", as Unsecure System User, and run once. Note: You can replace %USERNAME% with INTERACTIVE in order to grant any future logged-in user Administrative privileges.

NAL Application 2: Remove logged-in user from Administrators group by issuing a "net localgroup administrators /delete %USERNAME%", as Unsecure System User, run once, and with a dependency on Application 4 being already run. The dependency can be made by ensuring that a file distributed by NAL Application 4 be present before NAL Application 2 can be run, or by some other dependency.

NAL Application 3: Run the application that requires Administrative privileges as run once, and with a dependency on Application 4 being already run.

NAL Application 4: Copy Logoff.exe (available on Windows Resource Kit, also found a similar program searching on Google) to somewhere on the local hard drive as Unsecure System User, and run once.

NAL Application 5: Execute ?Logoff.exe /N /F?, as Unsecure System User, and run once.

What will happen?

  1. User will login, Applications 1, 4, & 5 will launch (2 & 3 can not launch until 4 has been run), user will be logged off without a prompt.
  2. User logs in Applications 2 & 3 launch which removes the user from the administrators group, and runs the installation program.

The reason why a user must be logged off the workstation, is that a group membership change for the currently logged-in user requires a logoff or a restart. You could force a restart in NAL Application 1, and avoid using logoff.exe but a logoff would be faster.

If you have any questions you may contact Paul at ptdey@yahoo.com


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell