Post by MarcusBWhat I want is that script will be run by persson who do not have
"Administrator Account" rights. I will give to that persson login and
password with such a rights.
Just so we are clear, if you give a person who does not have administrator
rights the account name and password of an account that has administrator
rights (or just account manager rights) then they do have administrator
rights.
If you give a user a sufficiently privileged account name and password for
the purpose of running a script such as you are looking for, and, if you do
not want that person to logon to that account interactively, you will have
to do something to prevent that account from logging in interactively
Post by MarcusBI want that script will ask for login and password and than run it with
this credentials. How to do it?
I do not need include login and password in the script if it so big risk
aacording you.
As I said previously, "Easiest would be to have a batch file build the runas
command". Here is an example you might be able to adapt to your needs:
@echo off
(set/p adminuser=Enter name of privileged account: )
runas /user:%adminuser% "%~dpn0.vbs"
If you put the above script in a file called, for example, "setpass.cmd" it
will first ask the user to enter the name of the privileged account to be
used. The runas command will prompt for the password of this account, and,
if entered correctly, will run a script called "setpass.vbs" located in the
same folder under the credentials of the privileged account.
If it does not work as I suggest it should, you might need to try some of
the options of the runas command.
/Al
Post by MarcusBMarcusB
Post by Al DunbarPost by MarcusBI do not think it is a bigger risk to embedding creddencials in the
script. I am encrypting whole script and you can not read it contents
If you are encrypting with screnc.exe that will certainly make it
difficult to read - but NOT impossible for a determined hacker to
http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en
Post by MarcusBand she/he to start the script have to know the password, because
script ask also for password before running.
what password does it ask for? If it is a password hardcoded in the
script, the determined hacker will know it. If it is the password of the
privileged account you are using, why not just have your user run the
script with runasÉ
Post by MarcusBHot to embed credentials to be able to run objUser.SetInfo,. How to
make script understand that it is different user than the user running
the script?
If the user has to input a password anyway, the simplest would be to
have the user run the script with runas. Easiest would be to have a
batch file build the runas command - the only input from the user would
then be the password of the account being run as.
Post by MarcusBMarcusB
Post by Al DunbarPost by MarcusBI need simple script for our secretary for resetting password, account
expiration.
She do not belong to account operator group therefore I need that
script will be run as another user with rights to change user password
etc. User and passwor dcould be encoded in script.
Is there any ready script? It will be nice if script will check if
account exist and will allow reset password by writing it two
times(avoid mistakes)
Doeas any of you have already such vbs script?
Embedding the credentials of a member of the account operator group in a
script is more of a risk than giving the secretary exclusive use of an
operator account created for her and making her accountable for its use.
If a password were to be changed by your script, you would not have any
idea who actually made the change. And even if the password was not
stored in plain text, its presence would be a liability.
/Al