Nobody else will be able to do this My point is this - i can manually runas cmd.exe from system32 on any computer i am on regardless of whether or not i am in the local administrators group - because i know the local admin credentials When i try to do the same thing programmatically it only lets me do it if i am a member of local administrators. other users do not I am therefor trying to be able to ""runas" cmd.exe" from any computer i am on and put in the local admin password when asked. The only difference is that i am trying to do it prgrammatically rather than manually By design, runaas requires keyboard input for a password. To run something with eleveated priveleges. Jinzai, this is what the runas command is there for. A system that is easy to use is also the most vulnerable to outside attacks. Security makes things harder to do, especially 'normal' and easy/simple things.
So, I am saying that all the ducks need to be in a row. I certainly would never entertain the notion of making it possible to elevate privileges programmatically that is begging for trouble from would-be hackers.
In my scheme of things, I would be more likely to trust someone at the machine itself than I would code running either locally, or remotely. When you do it manually, you must provide log-in isn't surprising that you would need to do so when you try it programmatically. It would make no sense and provide zero security if such an obvious backdoor remained in the OS. In other words, the user running your application must be a member of the administrators group for every machine you want elevated privileges for. Wscript.I do not think it is possible to raise the effective level of permission above what the application is running as. and call it like this: If IsAdmin("LocalAccount") Then IsAdmin = InStr(RetrieveUsers("MachineName", "Administrators"), user) > 0 You can then write a function to see if a user is in the list.
Mbrlist = mbrlist & vbTab & mbr.name & vbCrLf ' Loop through the group membership and build a string containing the names Set GrpObj = GetObject("WinNT://" & domainName & "/" & grpName & ",group") ' Build the ADSI query and retrieve the group object
This article has a nice chunk of code on how to enumerate the members of a group (copied here for convenience and edited to not use email address): Function RetrieveUsers(domainName,grpName)
0 kommentar(er)
