/build/static/layout/Breadcrumb_cap_w.png

"Run As" using wise script

I have to run two vbscripts using wise script. the first vbscript should run with user rights and the second one with admin rights. I am deploying this via SCCM.

How to write a script to use "run as" command in wise? when I can enter domain/username and password?

I am using wise package studio 7

 

Asked 10 years ago 4020 views
5 Comments   [ + ] Show comments
  • Your best bet is to invoke psexec.exe through the wise script with the apt parameters. - blacklisted_packager 10 years ago
  • The challange is I have to deploy this as a EXE file to 50K + user machines. After deployment I need to get the status report. psexec.exe will not help me in this case. can we perform this via a script or WISE? Please help - Hariharan 10 years ago
  • - If you're using SCCM, why not just run the VBSes as they are, via Task Sequence? You can set one to run in user context and the other in admin.
    - How are you gathering status reports? - anonymous_9363 10 years ago
  • I think mose of you know this. but there is a program called .net Bootstrapper where you can create an executable for both VBscripts. And the second part of it deploying it through SCCM means u already have the admin privileges. It works like charm to me everytime. - Sidhugadu 10 years ago
  • If you have all Windows 7 computers, why not use Run Advertised Programs with vbscripts converted to exes or a WISE script that will utilize the system account to add the user temporarily? Retrieve the user account by running two programs chained together. The first would be in user context to store the domain\user id, the second system context to grab the domain\userid (from the hidden file used to store the domain\userid) and add the user. Add a countdown with an agreed upon time, say, like an hour, then remove the user from the administrators group. This method will invoke the UAC prompt and the user can use their login to move forward with administrative privileges until the time is up and they are removed from the group. You also may want to limit the number of times a day in which you can run this program by logging each run with username-time-date in another hidden file or the registry that can be read each time the program is run to limit abuse of the program. Perform the appropriate cleanup so the end users will not easily be able to figure out the program by "crumbs" left on the system. Ensure that a GPO is applying the appropriate Local Administrator group memberships as a safety net so the user will be removed. One caveat. If the user is installing software and is prompted for a restart, there will need to be an immediate cleanup before the computer is restarted with the user account remaining in the local administrators group. This can possibly be done with a scheduled task to trigger when a disconnection to the user's(User the started the program in RAP) session occurs.

    On the other hand, BeyondTrust makes an excellent product. ;)

    -Bob - bpauls 10 years ago

Answers (0)

Be the first to answer this question

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ