run a .bat as admin

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi -
I don't know if AD has any possibilities of helping with this problem, but
here's what I need:
Our network is all XP workstations and 2003 servers - we are using AD and
GP's. None of our users are set up as local users, so we have no local power
users or administrators. We now have our main vendor who when applying
upgrades or hotfixes, needs the users to run a batch file for it to apply -
however they need local Admin rights.

Any ideas how we can do this using AD or group policies? or is there a way
to put that batch file in the log in script and "run as" an administrator?
NEED HELP!
We've recently applied an upgrade and 2 hotfixes in the past month - ther
is another one ready and we don't want to do this manually another time!
Thanks for any hlep or suggetions - I really appreciate it!!

--
Cindy B
1 answer Last reply
More about admin
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Cindy,

    I would suggest using the SANUR tool for the deployment of this batch. What
    this is is a modified RUN AS command that allows you to specify a password.
    Then you can put this in the logon script and it'll work.

    I would suggest creating an admin account specifically for this and leaving
    it disabled most of the time. The most secure way would be to create an
    account with no network permissions in the servers/ AD and add him to the
    Restricted Groups to assign him as a local admin on all the workstations.
    Then use the SANUR tool there.

    Sanur can be found at:
    http://www.commandline.co.uk/sanur_unsupported/index2.html


    --
    Ryan Hanisco
    MCSE, MCDBA
    FlagShip Integration Services
    Chicago, IL

    "Cindy B" <benedett@brainerd.net> wrote in message
    news:E2BAD23B-AA26-4C9C-83A6-B862D250617F@microsoft.com...
    > Hi -
    > I don't know if AD has any possibilities of helping with this problem, but
    > here's what I need:
    > Our network is all XP workstations and 2003 servers - we are using AD and
    > GP's. None of our users are set up as local users, so we have no local
    > power
    > users or administrators. We now have our main vendor who when applying
    > upgrades or hotfixes, needs the users to run a batch file for it to
    > apply -
    > however they need local Admin rights.
    >
    > Any ideas how we can do this using AD or group policies? or is there a
    > way
    > to put that batch file in the log in script and "run as" an administrator?
    > NEED HELP!
    > We've recently applied an upgrade and 2 hotfixes in the past month - ther
    > is another one ready and we don't want to do this manually another time!
    > Thanks for any hlep or suggetions - I really appreciate it!!
    >
    > --
    > Cindy B
Ask a new question

Read More

Active Directory Windows