Page 1 of 1 1
Topic Options
#44771 - 2003-09-04 01:14 PM Installing Windows Service packs wiht user that don't have admin-rights
zigi Offline
Fresh Scripter

Registered: 2003-09-04
Posts: 27
hello,

i'm really new to kix.

my question is:
is it possible to install with kix different service packs for win2k or office automatically on clients where the useraccounts don't have admin-rights?

if it's possible, can you please tell my how to do it.

i would be very greatful
thanks for your time

zigi

Top
#44772 - 2003-09-04 01:24 PM Re: Installing Windows Service packs wiht user that don't have admin-rights
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22298
Loc: OK
ok...
can I ask, are you wanting to do this via logonscript or adminscript?

the difference is that with logonscript you most likely need to expose admin password.
and in worst case, distrib even a domain-admin account.
in admin script the script is ran by your rights by you and it uses your rights when connects to the clients and executes what ever command you wish.
like, timed SP install.

admin script might be little harder to come up with but there is always that question about security...
_________________________
!

download KiXnet

Top
#44773 - 2003-09-04 01:47 PM Re: Installing Windows Service packs wiht user that don't have admin-rights
zigi Offline
Fresh Scripter

Registered: 2003-09-04
Posts: 27
thank you for your quick answer.

with logonscript means, that our users would see or had to know the admin-password, right?
that's what we want to avoid.

can you tell me a little bit more what the differences are between the two options admin- and logonscript?

my imagination was, that we could put a kix script into our existing logonscripts. with that option we would be secure that every client gets the skript for execution.

Top
#44774 - 2003-09-04 01:54 PM Re: Installing Windows Service packs wiht user that don't have admin-rights
Chris S. Offline
MM club member
*****

Registered: 2002-03-18
Posts: 2368
Loc: Earth
During the recent Welchia/Nachi attack I rolled out the hotfixes and in some cases Windows 2000 SP4 through the login script.

I first tested whether the user had admin rights, and if so installed the required patches.

If the user did not have admin rights, I used TcqRunAs to build an encrypted package that contained the password to the service account that installed the patches on the system.

Similarly, when it came time to run the virus removal tools (that required admin rights to run) I used the same process.

[ 04. September 2003, 13:56: Message edited by: Chris S. ]

Top
#44775 - 2003-09-04 02:19 PM Re: Installing Windows Service packs wiht user that don't have admin-rights
zigi Offline
Fresh Scripter

Registered: 2003-09-04
Posts: 27
chris can you please tell me something more about tcqrunas, because your link doesn't work.
Top
#44776 - 2003-09-04 03:05 PM Re: Installing Windows Service packs wiht user that don't have admin-rights
Chris S. Offline
MM club member
*****

Registered: 2002-03-18
Posts: 2368
Loc: Earth
Hmm. Worked for me. http://www.quimeras.com/default.asp?control=1

Basically, with TqcRunas you can:

  • Impersonate a user account on a local or remote computer
  • Run a process synchronously or asynchronously on a local or remote computer
  • Do the above and still have access rights to the network (thus allowing you to run a process on a remote computer where the exe is on a network share)
  • Build an encrypted package that contains the commands required to do the above, allowing you to call it from a script but never reveal the account or password in plain text.

Top
#44777 - 2003-09-04 04:42 PM Re: Installing Windows Service packs wiht user that don't have admin-rights
zigi Offline
Fresh Scripter

Registered: 2003-09-04
Posts: 27
ok. now it works. don't know what the problem was.

would it be possible, that you can publish your script from your welchia-activities with the tcqrunas?

i need some examples to get quicker to my wished results.

this would be very helpful for me.

Top
#44778 - 2003-09-04 05:39 PM Re: Installing Windows Service packs wiht user that don't have admin-rights
Chris S. Offline
MM club member
*****

Registered: 2002-03-18
Posts: 2368
Loc: Earth
Sure, here is the code I'm using to start the FixWelch.exe. The FixWelch.tqc file contains the command, the arguments, the user account to impersonate, and the password.

code:
If Exist("%WINDIR%\@WKSTA_FixWelch.log") AND Not Exist("%WINDIR%\@WKSTA_FixWelch.txt")
Copy "%WINDIR%\@WKSTA_FixWelch.log" "%WINDIR%\@WKSTA_FixWelch.txt"
Copy "%WINDIR%\@WKSTA_FixWelch.log" "\\SERVER\WELCHIA_LOGS"
EndIf
If Not Exist("%WINDIR%\@WKSTA_FixWelch.log")
$=MessageBox("Running Welchia Scanning Tool. Please allow this scanning tool to "+
"complete. We are monitoring the progress of this utility.","Welchia Scanning Tool")
Copy '\\$sServer\Update\Welchia\FixWelch.exe' '%TEMP%'
If InGroup('@WKSTA\Administrators')
Run '%TEMP%\FixWelch.exe /start /log=%WINDIR%\@WKSTA_FixWelch.log'
Else
$objAdminGrp = GetObject("WinNT://@WKSTA/Administrators")
If @ERROR
$=MessageBox("Unable to verify administrative account.","Welchia Scanning Tool")
Exit 1
EndIf
If $objAdminGrp.IsMember("WinNT://@DOMAIN/Domain Admins")
Run '@SCRIPTDIR\TQCRunas\TQCRunas.exe -f @SCRIPTDIR\TQCRunas\FixWelch.tqc'
Else
$=MessageBox("Unable to install under administrative account.","Welchia Scanning Tool")
EndIf
EndIf
EndIf



[ 04. September 2003, 17:41: Message edited by: Chris S. ]

Top
#44779 - 2003-09-09 08:48 AM Re: Installing Windows Service packs wiht user that don't have admin-rights
zigi Offline
Fresh Scripter

Registered: 2003-09-04
Posts: 27
sorry for my late answer. i had a few busy days.

thanks for your help chris. i think with your script i will have a good starting point.

zigi

Top
#44780 - 2003-09-12 12:43 AM Re: Installing Windows Service packs wiht user that don't have admin-rights
Anonymous
Unregistered


I'm a bit stumped....I've followed the thread and have the tcqrunas. Unfortunately their helpfile is not too helpful. Looking at your FixWelch script, i see it calling the .tcq file.

If possible can you answer the questions below either here or e-mail ...my head hurts from banging against the wall.....an optical mouse gave its life in my frustration.. [Confused]

thanks,
Mark

markjohnson90@hotmail.com

Q: When running tcqrunas initially, do you point the program to the fixwelch.exe ?
Q: Does fixwelch.exe have to be in the same directory as tcqrunas ?
Q: Does your script check to see if patch has already been applied ?
Q: Can I use the same format to check and install if necessary windows critical updates ?

Top
#44781 - 2003-09-12 11:58 AM Re: Installing Windows Service packs wiht user that don't have admin-rights
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
mahjohn,

take a look at:

Runas like SU... Scripted without console!!!
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 37 anonymous users online.
Newest Members
FlyHorton, mschwj, Barchester, Evgeniy, kvanacker
17498 Registered Users

Generated in 0.033 seconds in which 0.01 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org