Board index » VB/WinAPI

All times are UTC



 Grant Admin Rights to an Application? 
Author Message
Rick Cardarell
#1 / 3
 Grant Admin Rights to an Application?

Our manufacturing line has locked down NT workstations for the users but
certain tasks such as setting the time needs administrator rights.

Does anyone know how I can shell a program and grant my admin rights?  What
I would like to do is write a little program, pass in the admin account name
and password then launch an exe with those rights.

Can it be done?  Any source code laying around?

Many thanks, Rick



Tue, 28 May 2002 03:00:00 GMT  
Mike Rec
#2 / 3
 Grant Admin Rights to an Application?
Take a look at the SU.EXE utility.  I'm not sure where it is under NT.  It
doesn't install by default.  Mayne it's on the CD.  SU.EXE is a program that
can take command line arguements to temporarily change the current user to
the Administrator.  SU will create a DOS window and any application from
that window has Administrative rights.

Be aware that this utility replaces the HKEY_CURRENT_USER tree in the
registry to the Administrator's Tree so the User's settings are not
availiable from here.  You have to dig through HKEY_USERS.

Here is a screen list of the options:

C:\>su -?
SU for Windows NT v2.00 Aug 30 1996 22:46:13

Usage: su <User> "[cmdline]" [domain] [[Winsta\]Desktop] [options]
  -cb do not create new console (do not use with redirected passwords)
  -e disables environment preparation (Inherit parent environment)
  -g force GUI option prompting with supplied commandline arguments
  -l disables loading of the user registry hive (use .Default)
  -v verbose output to stdout
  -w do not wait on child (registry hive will remain loaded)

One of the following logon types may be specified.  Default is interactive.
  -b batch, target user needs SeBatchLogonRight
  -i interactive, target user needs SeInteractiveLogonRight
  -s service, target user needs SeServiceLogonRight
  -n network, target user needs SeNetworkLogonRight (WinNT 4.0 only)

Not specifying a cmdline invokes the default command processor (%comspec%)
Not specifying a domain causes account lookup in the following order:
  Well-known, built-in, local accounts, primary domain, trusted domains
Specifying . as the domain limits the LogonUser search to the local machine
Not specifying Winsta\Desktop launches child on current Winsta\Desktop
  Winsta0\Default is the user default interactive Windowstation and desktop

Hope this helps,
Mike Reck


Quote:
> Our manufacturing line has locked down NT workstations for the users but
> certain tasks such as setting the time needs administrator rights.

> Does anyone know how I can shell a program and grant my admin rights?
What
> I would like to do is write a little program, pass in the admin account
name
> and password then launch an exe with those rights.

> Can it be done?  Any source code laying around?

> Many thanks, Rick



Sun, 02 Jun 2002 03:00:00 GMT  
Rick Cardarell
#3 / 3
 Grant Admin Rights to an Application?
Thank you Mike, I will look into this utility.


Quote:
> Take a look at the SU.EXE utility.  I'm not sure where it is under NT.  It
> doesn't install by default.  Mayne it's on the CD.  SU.EXE is a program
that
> can take command line arguements to temporarily change the current user to
> the Administrator.  SU will create a DOS window and any application from
> that window has Administrative rights.

> Be aware that this utility replaces the HKEY_CURRENT_USER tree in the
> registry to the Administrator's Tree so the User's settings are not
> availiable from here.  You have to dig through HKEY_USERS.

> Here is a screen list of the options:

> C:\>su -?
> SU for Windows NT v2.00 Aug 30 1996 22:46:13

> Usage: su <User> "[cmdline]" [domain] [[Winsta\]Desktop] [options]
>   -cb do not create new console (do not use with redirected passwords)
>   -e disables environment preparation (Inherit parent environment)
>   -g force GUI option prompting with supplied commandline arguments
>   -l disables loading of the user registry hive (use .Default)
>   -v verbose output to stdout
>   -w do not wait on child (registry hive will remain loaded)

> One of the following logon types may be specified.  Default is
interactive.
>   -b batch, target user needs SeBatchLogonRight
>   -i interactive, target user needs SeInteractiveLogonRight
>   -s service, target user needs SeServiceLogonRight
>   -n network, target user needs SeNetworkLogonRight (WinNT 4.0 only)

> Not specifying a cmdline invokes the default command processor (%comspec%)
> Not specifying a domain causes account lookup in the following order:
>   Well-known, built-in, local accounts, primary domain, trusted domains
> Specifying . as the domain limits the LogonUser search to the local
machine
> Not specifying Winsta\Desktop launches child on current Winsta\Desktop
>   Winsta0\Default is the user default interactive Windowstation and
desktop

> Hope this helps,
> Mike Reck



> > Our manufacturing line has locked down NT workstations for the users but
> > certain tasks such as setting the time needs administrator rights.

> > Does anyone know how I can shell a program and grant my admin rights?
> What
> > I would like to do is write a little program, pass in the admin account
> name
> > and password then launch an exe with those rights.

> > Can it be done?  Any source code laying around?

> > Many thanks, Rick



Thu, 06 Jun 2002 03:00:00 GMT  
 
 Page 1 of 1
  [ 3 post ] 

 Relevant Pages 

1. Temporary grant Admin rights in prog.

2. Granting Admin Rights on Lock-down PC

3. Granting user security rights in VB

4. Grant Logon as a Service right?

5. Granting "User Rights"

6. Defrag without admin rights + SFImpersonator

7. Finding out if user has NT Admin rights

8. Verify NT domain Admin right

9. Script with admin rights

10. Running a vb script with admin rights

11. Admin rights

12. Unable to register OCX in 2000 users with no admin rights

  

 
Powered by phpBB® Forum Software