Hi Glenn
You could have a batch file that creates a scheduled task and then
launches that task 5 minutes later. The task can run with different
credentials. The batcht will need the password coded into it tho.
--Create it--
schtasks /create /s Comp_Name /tn "Job_Name" /tr "c:\script_torun "
/sc once /st 23:55:00 /RU domain\username rp password
--Run it ahead of schedule --
schtasks /run /s Comp_Name /tn Job_Name
--Delete it --
schtasks /delete /s Comp_Name /TN "Job_Name /F
Regards;
James R. Day
Active Directory Core Team
Office of the Chief Information Officer
National Park Service
(202) 354-1464 (direct)
(202) 371-1549 (fax)
[EMAIL PROTECTED]
"Glenn Corbett"
<[EMAIL PROTECTED] To:
<[email protected]>
au> cc: (bcc: James
Day/Contractor/NPS)
Sent by: Subject: [ActiveDir] OT:
Delegating managment rights over data drives
[EMAIL PROTECTED]
tivedir.org
07/07/2005 06:26 PM
ZE10
Please respond to
ActiveDir
All,
As per the subject, we are attempting to delegate management of home
directories to another management area, but have a couple of restrictions
in that these users should actually not have access to the drives once they
are created.
We have looked at a number of options, and the current one is to launch a
process as a user with higher privledges that does the actual setting of
the permissions to the drive, locking out the user running the application.
Question I have then, is the RunAs command doesnt allow passing in of a
user name and password on the command line (only a user name). The person
running this script / application wont know the password of the account
used to make these changes. Is there a way via script or batch file to
launch a process as another user that sets these permissions ? I've been
hunting around, and I've found the Win32 API call I need, but looks like a
large amount of overkill.
Alternatively, can the NTFS permissions be set in such a way that a person
has the ability to create subdirectories and files, change permissions, and
then not have access to the directory structure they just created ? (I'm
presuming by removing themselves from the permissions list, but what if
inheritance is turned on ?)
Thanks
Glenn
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
