Using WSH login scripts to assign temp local system admin previllegeI achiev this by using the SU command from the Resource Kit.  To use it do something like this:

Set wshShell = WScript.CreateObject("WScript.Shell")
Command = "cmd /c net time /set /y"
nReturnCode = wshShell.Run("password|c:\winnt\system32\su.exe ADMINISTRATOR" & Command & "DOMAIN")

a better solution is to put a batch file as part of the command line so that yopu can run all commands that require admin.  Obviously this presents a security risk since it transmits the password in plain text and is stored in a user-readable file.

Another alternative is to use the scheduler service to run commands in the context of the system account, however this will not work in this case because the user must have domain access which the system account does not.

Hope this is helpful.

  Hi All,

  Can I use WSH login scripts to let local users (they are not currently assigned with local admin right)to be granted local system admin previllege temperoraly while the script is run that will sych their local system time with the time server (by using wscript.shell run method). I don't want to grant local users system admin rights. Is that possible? thanks.                        

Lee

I achiev this by using the SU command from the Resource Kit.  To use it do
something like this:

Set wshShell = WScript.CreateObject("WScript.Shell")
Command = "cmd /c net time /set /y"
nReturnCode = wshShell.Run("password|c:\winnt\system32\su.exe ADMINISTRATOR"
& Command & "DOMAIN")

a better solution is to put a batch file as part of the command line so that
yopu can run all commands that require admin.  Obviously this presents a
security risk since it transmits the password in plain text and is stored in
a user-readable file.

Another alternative is to use the scheduler service to run commands in the
context of the system account, however this will not work in this case
because the user must have domain access which the system account does not.

Hope this is helpful.

Hi All,
Can I use WSH login scripts to let local users (they are not currently
assigned with local admin right)to be granted local system admin previllege
temperoraly while the script is run that will sych their local system time
with the time server (by using wscript.shell run method). I don't want to
grant local users system admin rights. Is that possible? thanks.

Using WSH login scripts to assign temp local system admin previllegeHi All,

Can I use WSH login scripts to let local users (they are not currently
assigned with local admin right)to be granted local system admin previllege
temperoraly while the script is run that will sych their local system time
with the time server (by using wscript.shell run method). I don't want to
grant local users system admin rights. Is that possible? thanks.