MCA,
I like your short reaction. What it will be when longer ? 
Anyway, to clear a little the soapbox (well, mine especially), read another time what i have in mind
It's like the IE Redistribution kit do, but instead of getting uncompress in a temp dir, it goes directly to ram. A single exe file will contain the needed kix.exe (and dll if 9x systems are present), the script(s), and all these one compressed, encrypted, ... what you want. And if necessary, the kix.exe could be launched under the "run as" serviceAnother idea was adding some parameters to check for before unpacking kix and the scripts. They could be the domain name, or other things, so it will only work in a particuliar network and nowhere else. And of course, encrypted into the exe package. You could even add a forced reboot if it not what wanted
Something else too : scan when executed for thread name to seek particuliar programs, the most common (like ?Ice, or other memory dump utilities) to defeat less-experimented hackers
Remember that nothing won't resist longer to an experimented hacker, but as said, they work for us 
If correctly done, it can be a little more heavy than 150k (well, 200-250), but i think it will be the cost to
1) secure scripts with full admin password within
2) No trouble with a Kix.exe trojan, as it will always be executed from the whole package
3) No other IT altering some stuff and resulting after with dozens of call from users saying : it doesn't work!!!
4)Possibility to have kix run under admin right
It's not really good for slow WAN connections, but at this point seems we don't have choice if we don't want to handle the possible kix trojan.
Last days i put everything on paper to get a little clearer, if you are interested
[ 15 October 2001: Message edited by: Popovk ]
