Granting NT Admin Authority to Users
Novell Cool Solutions: Trench
By Craig Wilson
Digg This -
Posted: 21 Jul 1999
Craig Wilson from the US Navy offers this creative approach to letting other people do admin tasks on a locked-down NT workstation. The kicker? His method lets them do their tasks whenever they jolly well feel like it, not at a specific time using workstation manager. Which is apparently an important edge in an organization like Craig's, where Rank Hath Brig-throwing Privileges. Here's what he does.
I was requested to discover a way to allow a user on a locked down NT station to run specific actions with full admin authority on the PC whenever they desired to perform those tasks.
Normally this can only be done through a job scheduled through workstation manager to occur at specific times, not times determined by the user. I have discovered that I can call a secure batch file at system startup that will start auto-minimized on the taskbar which gives a user a list of permitted actions she can run anytime with full admin authority. The list can be easily modified for different users. Also, if the batch file is ever terminated, the cmd session with system authority is terminated.
Below is my method.
Setup a scheduled task that calls the go.bat batch file with full system authority.
Start "ADMIN PC" /min cmd.exe /cn:%5Capps%5Cicdata%5Cwm%5Cinstall.bat
@echo 1) Install Printer
@echo 2) Install/Remove Programs
@echo 3) Modify Services
choice /c:123 "Please Select 1,2, or 3?"
if errorlevel 3 goto services
if errorlevel 2 goto programs
if errorlevel 1 goto printers
start n:%5Capps%5Cicdata%5Cwm%5Cservices.lnk (a short cut to the services icon in
control appwiz.cpl (calls the add/remove programs)
Control printers (calls the add/remove printers program)
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com