Re: creating "runas" shortcut through vb script
- From: "Al Dunbar" <AlanDrub@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Nov 2007 20:58:50 -0700
Not very elegant from the point of view of security, and the principle of
least privilege.
Our experience is that when someone (i.e. the developer of the software)
says that the users need to have admin privs, this is because they did a
poor job of designing the security in properly in the first place. Quite
often, however, the user does not actually need full admin privs, but only a
subset. Sometimes this is read/write access to a specific application file
or folder, sometimes read/write access to a registry key.
In one case (dragon naturally speaking) we found that we could make the end
user a local administrator, use her account to do the install and run the
application once, permit a specific folder read/write to the user, then
demote her account to a reqular user. Unfortunately, it can be quite tricky
to track down what the required accesses are, which is why the lazy
developers avoid doing this by taking the easy way out and saying the user
must be an administrator.
/Al
"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:%23UPoW%23gLIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx
A more elegant method might be to make all domain users
members of the local "Administrators" group. This would
remove the need for any "runas" stuff.
"Josh Nikle" <jnikle@xxxxxxxxx> wrote in message
news:0d0be697-d7bb-4784-9746-7ff806189e5e@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Good afternoon. Currently I have to give all my users admin rights on
their machines for the sake of a few programs, so I've started playing
around with runas. Specifically I want a script that will create a
shortcut for a given program that runs it with different credentials.
I've been piecing bits of code together, and so far I've arrived at
the below script which creates the shortcut on my desktop, but for
whatever reason I can not get the application path correct. It
insists on putting a leading quote in the path name no matter what I
do.
Should be: runas /user:<my domain>\<the user> "<some program file
path>"
Getting instead: "runas /user:<my domain>\<the user> "<some program
file path>""
I've tried many iterations of the strAppPath line, but no luck.
Anyone have any ideas?
Option Explicit
Dim objShell, objDesktop, objLink
Dim strAppPath, strWorkDir, strIconPath
strWorkDir ="%SystemRoot%\system32"
strAppPath ="runas /user:<my domain>\<the user> ""<some program file
path>"""
strIconPath = "%SystemRoot%\system32\SHELL32.dll,5"
Set objShell = CreateObject("WScript.Shell")
objDesktop = objShell.SpecialFolders("Desktop")
Set objLink = objShell.CreateShortcut(objDesktop &
"\ShortcutTest.lnk")
' ---------------------------------------------------
' Section which adds the shortcut's key properties
objLink.IconLocation = strIconPath
objLink.TargetPath = strAppPath
objLink.WindowStyle = 3
objLink.WorkingDirectory = strWorkDir
objLink.Save
WScript.Quit
-Josh
.
- Follow-Ups:
- Re: creating "runas" shortcut through vb script
- From: Josh Nikle
- Re: creating "runas" shortcut through vb script
- From: Pegasus \(MVP\)
- Re: creating "runas" shortcut through vb script
- References:
- creating "runas" shortcut through vb script
- From: Josh Nikle
- Re: creating "runas" shortcut through vb script
- From: Pegasus \(MVP\)
- creating "runas" shortcut through vb script
- Prev by Date: Re: how to invoke a VBScript to run after Remote Desktop login (ideally with a timed-delay)
- Next by Date: Re: creating "runas" shortcut through vb script
- Previous by thread: Re: creating "runas" shortcut through vb script
- Next by thread: Re: creating "runas" shortcut through vb script
- Index(es):
Relevant Pages
|
