Jump to content

Execute vbs as normal user


Recommended Posts

I know this question has probably been asked before but the solutions ive read so far, either doesnt fit our scenario or i may not know how to go about certain areas... so any links to external source/help where i could try would be good.

I have an application that has been deployed to some users. I need to change a file within the program files directory. Of course standard/normal users dont have access to this directory to make changes.

I have a vbs script that makes these changes but when deployed to users the error "Permission Denied" is listed. I looked at File System with AD Security GPO but the file is not on my system so not sure how i should go about configuring this without the app on my system (remember the app is only on users system). Any other "easy" way to execute this batch with elevated permissions (without having to add everyone in Domain admins and then remove this permission once done)?

All users are running Win XP.

Thanks

Link to comment
Share on other sites


Is it possible to make them local admins rather than domain and remove this once done? I know the script allows something similar to this but trying to ensure no user interaction is required?

Edited by Bad boy Warrior
Link to comment
Share on other sites

Yes, but a group change requires a logoff to take effect. This isn't easy to script, either.

The real question is, why does the user need to make a change to a file in Program Files? Can this be done via a script run from another management tool that runs as admin?

Link to comment
Share on other sites

Run as a startup script via AD GPO?

Use the preferences in a GPO to change the file permissions. If you need the file on your machines just copy from another machine and make the appropriate folder structure to hold it. No need to install the app.

Link to comment
Share on other sites

That would be my suggestion - machine startup script, or loosen permissions right down to that specific location on the box and live with the reduced security. Apps that require users to write to protected areas of a machine should be thrown out as soon as possible anyway, or at least the developers drawn and quartered in public, and then replaced with competent ones that care about security.

Link to comment
Share on other sites

Apps that require users to write to protected areas of a machine should be thrown out as soon as possible anyway

That answers why i have this issue. Once users get hooked onto an app they dont let go. Itll have to go down the machine stratup script.

Thanks everyone

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...