All,
As per the subject,
we are attempting to delegate management of home directories to another
management area, but have a couple of restrictions in that these users should
actually not have access to the drives once they are
created.
We have looked at a number of options, and the current one is to launch a process as a user with higher privledges that does the actual setting of the permissions to the drive, locking out the user running the application.
Question I have
then, is the RunAs command doesnt allow passing in of a user name and password
on the command line (only a user name). The person running this script /
application wont know the password of the account used to make these
changes. Is there a way via script or batch file to launch a process as
another user that sets these permissions ? I've been hunting around, and I've
found the Win32 API call I need, but looks like a large amount of
overkill.
Alternatively, can
the NTFS permissions be set in such a way that a person has the ability to
create subdirectories and files, change permissions, and then not have access to
the directory structure they just created ? (I'm presuming by removing
themselves from the permissions list, but what if inheritance is turned on
?)
Thanks
Glenn
