|
Hmm. you make good points, Richard.
I like the idea of never passing the password back to the script. However, in this case there would be limited functionality as to what the Crytpo object could be used for. I can think of a few methods that might be handy.
Starting with:
$Crypto=CreateObject("KixFunctions.Crypto")
$Crypto.Password="lshdf872lads"
1. mapping shares
$ret=$Crypto.Use("S:","\\SERVER\SHARE","Administrator")
2. running a program that requires different permissions
$ret = $Crypto.Run("file.bat","domain1\Administrator")
3. Accessing an object that might otherwise not be able to be accessed
$ret = $Crypto.GetObject("....{whatever}....")
The only problem I see with doing it this way is that it is only secure if it can only be run in the context of a logon script. Otherwise, what would prevent someone from simply writing their own script and copying in the encoded password to do whatever it is they wanted to do with full admin rights? Also, it may be helpful if the info was domain-specific...
Brian
| 
