Well... for task #2, without admin rights, it would be hard to create a share and set ACLs. He also wants a 100% KiX solution without external utilities. If you were to elevate to admin, and you use external ultils, someone might be able to replace the utility with something they could use to give themselves more rights.
The way to do this (the rmtshare) is to have a central admin script that has the rights, and the limited user can only pass parms to it. I would not like to see that sort of thing done for password resets though because that could be easily abused and the audit trail lost.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
