Launching a KIX script with admin rights - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » Launching a KIX script with admin rights

Page 1 of 1

1

Topic Options

#203180 - 2011-09-29 05:13 PM Launching a KIX script with admin rights
AlphaVII AlphaVII Just in Town Registered: 2011-09-21 Posts: 1 Loc: Belgium	Hello, For your information, here's how we run our KIX scripts with administrator rights using PSEXEC in our network. We're using a batch script to launch a KiX script launching another KiX script with admin rights. The admin user can be either the local admin (if it's the same on all your PCs) or a domain admin user, which is however less secure. It is important to always tokenize the launcher script to prevent your users from reading the admin password from it. PSEXEC.EXE has to be present in the same folder as your KiX script. Note the workaround to pass the username to the main script avoid having @USERID returning the admin username. In your main script (mainscript.kx), you'll need to use $UserID instead of @USERID if you need to get the name of the user which is running your script instead of the psexec admin user. Comments are welcome. Best regards, Olivier * LAUNCHER.BAT (logon script for all users, stored in NETLOGON$) Code: @echo off WKIX32.EXE kixlauncher.kx * KIXLAUNCHER.KX Code: ;*********************************************************************** ; Script Name: KixLauncher ; Author: Olivier ; Date: 6/01/2011 ; Description: Launches KIX with admin rights. ; WARNING ; This script should NEVER be stored in clear text on NETLOGON ; ;*********************************************************************** ;Script Options Break OFF Shell @LSERVER + "\netlogon\psexec -accepteula -e -w %logonserver%\netlogon -u youradminuser -p yourpassword wkix32.exe //nologo %logonserver%\netlogon\mainscript $UserID=@USERID" If @ERROR ; ? " ! Launcher returned error code " + @ERROR Exit(@ERROR) EndIf
Top

#203197 - 2011-10-03 11:16 AM Re: Launching a KIX script with admin rights [Re: AlphaVII]
It_took_my_meds It_took_my_meds Hey THIS is FUN Registered: 2003-05-07 Posts: 273 Loc: Sydney, Australia	It looks to me that you are using a logon script to run administrative tasks on machines. I firmly believe that logon scripts should only be used for user based changes. If that is the case, may I suggest using a group policy start-up script (which runs as SYSTEM) for machine based changes? What we do in our environment is to have a group policy startup script create a scheduled task with SYSTEM privileges on all our machines. That scheduled task calls a KiX script in a sub folder the sysvol share on the domain controllers that does our machine based changes.
Top

#203199 - 2011-10-03 02:53 PM Re: Launching a KIX script with admin rights [Re: AlphaVII]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Originally Posted By: AlphaVII It is important to always tokenize the launcher script to prevent your users from reading the admin password from it. My understanding of PSEXEC is that even though you can obfuscate the password in the script, it will still be passed as clear text over the network ready to be picked off with a sniffer. http://technet.microsoft.com/en-us/sysinternals/bb897553 Quote: Note that the password is transmitted in clear text to the remote system _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 323 anonymous users online.

Newest Members

Audio, Hoschi, Comet, rrosell, PatrickPinto
17880 Registered Users

Generated in 0.051 seconds in which 0.024 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking