#162023 - 2006-05-18 02:50 AM
Mitchell OnDemand5
|
jeremyschubert
Getting the hang of it
Registered: 2005-09-17
Posts: 89
|
Hi Everyone,
At our school, the automotives shop uses a program called Mitchell OnDemand 5. The data for the program is kept on two DVD drives. And the program is installed locally on each box. But users still need read/write access to a share on the server (mitchell$). And to top it off, they need to be local administrators on their box! (I've talked to their tech support - there's no way around this)
So, I've created a condition in the login script that only allows access to the share if the user is in the automotives group and the user is logging on to one of the computers in the automotive lab. Is there a way I can put a restriction on the time of day that the share is accessed?
Thanks,
Jeremy
_________________________
---
Bishop Grandin Technology Department
'Either we're on time, or we're late'
|
|
Top
|
|
|
|
|
#162024 - 2006-05-18 02:59 AM
Re: Mitchell OnDemand5
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
You want to put a restriction in the login script ? Like
Code:
If (they are in the Automotive group) AND (if its between 6am and 6pm)
; then map the drive
Endif
Or you looking for some other kind of share restriction mechanism (outside of the login script simply not mapping the drive).
|
|
Top
|
|
|
|
|
#162025 - 2006-05-18 03:00 AM
Re: Mitchell OnDemand5
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11628
Loc: CA
|
Well the boys at Mitchell be lying to you.
If you head over to http://www.sysinternals.com you'll find some nice little snooping tools that wil help you to locate and find what the programs are accessing and what methods are used and you can then modify those permissons to include a group of your choosing with the specific rights.
This is a bit of an advanced method, but it can be done.
As for a time being applied to the SHARE, not that I'm aware of.
|
|
Top
|
|
|
|
|
#162027 - 2006-05-18 06:47 AM
Re: Mitchell OnDemand5
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11628
Loc: CA
|
I believe Les is referencing this util
Elevated Privileges Application Launcher by Microsoft
http://www.microsoft.co.ke/downloads/det...;displaylang=en
Quote:
Overview
The Elevated Privileges Application Launcher (EPAL) tool is designed to assist a fairly narrow spectrum of the application compatibility issues. With EPAL the network administrator now has the ability of only giving the user local user privileges on their systems and have the application execute and some higher privilege level on the local system that they are currently logged on with.
|
|
Top
|
|
|
|
|
#162029 - 2006-05-18 10:14 AM
Re: Mitchell OnDemand5
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11628
Loc: CA
|
Ship me a working copy of Mitchell OnDemand 5 and I'll make it work and post the fix back to you  
|
|
Top
|
|
|
|
|
#162030 - 2006-05-18 04:10 PM
Re: Mitchell OnDemand5
|
jeremyschubert
Getting the hang of it
Registered: 2005-09-17
Posts: 89
|
Hi Doc,
If you're serious, I can ship a copy. Can I ftp it to you or put it up on a website?
I will definitely search www.sysinternals.com to see what snooping tools I can get from them. In the meantime, although I can't restrict them from saving to the server share while they're logged on, I thought of the following two possibilities.
1. To limit the time of day they have access to the share, is it possible to add a statment that looks like
$time=@time
if @time = 09:00 10:00 then...
Is there a command for searching a range? Would I have to use the instr function?
Maybe I could even add the line
if $time<> then shell 'net localgroup administrators 047automotive /delete'
But then I'd have to figure out a way to get the group back in the administrators group. Maybe I could use AT on the local machines to run such a script?
2. Maybe I could enter the line
$random=
Have the student input the random number assigned by the teacher.
if $random=...
Jeremy
_________________________
---
Bishop Grandin Technology Department
'Either we're on time, or we're late'
|
|
Top
|
|
|
|
|
#162033 - 2006-05-18 07:55 PM
Re: Mitchell OnDemand5
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11628
Loc: CA
|
Quote:
If you're serious, I can ship a copy. Can I ftp it to you or put it up on a website?
Thanks, but that's okay was just kidding. That would be illegal guy.
Now, what is the bigger picture here on the setup?
1. Why do you care or want to prevent access at certain times of the day?
2. What OS is the Server this is installed on?
3. What version of OS are the workstations?
I'm sure with a little tweaking it can be made to work.
|
|
Top
|
|
|
|
|
#162034 - 2006-05-18 08:04 PM
Re: Mitchell OnDemand5
|
jeremyschubert
Getting the hang of it
Registered: 2005-09-17
Posts: 89
|
I kind of figured you were joking :>> But I thought just for evealuation purposes...
Anyway, I'm just trying to lock down the time of day so that the students in the automotive group don't have access to that share except for the one hour they have automotives class. So they can't dump anything in to it (since they need full read and write access to make it work).
But I'm going to check out sysinternals for some tools to see what I can do (like you suggested). I'm also going to try epal as was suggested. I hope a combination of those two will solve my problem.
I am using W2K3 server with 2000 and xp clients.
Thanks Doc (and everyone else) for all of the great help.
Jeremy
_________________________
---
Bishop Grandin Technology Department
'Either we're on time, or we're late'
|
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 874 anonymous users online.
|
|
|
