Fun Stuff With Imported Objects
Novell Cool Solutions: Trench
By Bryan Berns
Digg This -
Posted: 29 Aug 2001
How to allow distribution scripts / unsecure applications to access network drives:
By adding file trusteeships to your Workstation Object or its parent OU, you allow the workstation to access those resources. In actuality, when you run a distribution script / unsecure application, you're running it as local user: SYSTEM, NetWare user: <YOUR WORKSTATION OBJECT> (if it exists). Therefore an imported object with file rights to all servers would have the same drive accessibility as the user would. These network connections can still be referenced as the system-mounted drive letters.
(Note: I'm working on a program that temporally assigns the workstation rights to the current user's home directory, because users could possibly invade other user's home directory if the workstation object is given complete server access.)
How to authenticate as two different users:
Using this same "separate authenticated space" concept, I actually managed to log in as two different users. It was entertaining to see two ConsoleOne windows open: one as Admin, and one as our applications management user. This can be done by:
- Create an application launching cmd.exe as an unsecure user.
- From there launch c:\winnt\system32\loginw32.exe /ns
- Login as desired user.
- "Net use" or "map" any needed network resources or run desired administration program.
(Note: Since the workstation object has been logged out, the object will no longer have workstation-assigned rights, and I have not yet found a way to re-login the workstation object. The workstation will have to be restarted for it to regain its rights.)
If you have any questions you may contact Bryan at firstname.lastname@example.org
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com