Hmmm....didnt think of that one. Will check it out. Ta.
G. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 7 July 2005 10:21 PM To: [email protected] Cc: [email protected]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: Delegating managment rights over data drives Hi Glenn You could have a batch file that creates a scheduled task and then launches that task 5 minutes later. The task can run with different credentials. The batcht will need the password coded into it tho. --Create it-- schtasks /create /s Comp_Name /tn "Job_Name" /tr "c:\script_torun " /sc once /st 23:55:00 /RU domain\username rp password --Run it ahead of schedule -- schtasks /run /s Comp_Name /tn Job_Name --Delete it -- schtasks /delete /s Comp_Name /TN "Job_Name /F Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] "Glenn Corbett" <[EMAIL PROTECTED] To: <[email protected]> au> cc: (bcc: James Day/Contractor/NPS) Sent by: Subject: [ActiveDir] OT: Delegating managment rights over data drives [EMAIL PROTECTED] tivedir.org 07/07/2005 06:26 PM ZE10 Please respond to ActiveDir All, As per the subject, we are attempting to delegate management of home directories to another management area, but have a couple of restrictions in that these users should actually not have access to the drives once they are created. We have looked at a number of options, and the current one is to launch a process as a user with higher privledges that does the actual setting of the permissions to the drive, locking out the user running the application. Question I have then, is the RunAs command doesnt allow passing in of a user name and password on the command line (only a user name). The person running this script / application wont know the password of the account used to make these changes. Is there a way via script or batch file to launch a process as another user that sets these permissions ? I've been hunting around, and I've found the Win32 API call I need, but looks like a large amount of overkill. Alternatively, can the NTFS permissions be set in such a way that a person has the ability to create subdirectories and files, change permissions, and then not have access to the directory structure they just created ? (I'm presuming by removing themselves from the permissions list, but what if inheritance is turned on ?) Thanks Glenn List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
