You can open a command prompt with run-as. I never run specific tools with run-as, I always go the command prompt direction.
But Deji is right in that something could be grabbing what you type so be careful. Of course, if you don't let your users have enhanced rights on the desktop, you are in much better shape there. Also note that you can't use a delegated ID for running NET USER. The NET API requires admin or acc op rights. I totally spaced on that. However you can use vbscript or admod or dsmod to do it with delegated rights. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, October 04, 2005 5:14 PM To: [email protected] Subject: RE: [ActiveDir] Access to ADUC from anywhere Run-what-AS? There is no admin tool on the client computer. In response to: "Also, those guys should be logged with their id and and should have reset password right for users in question." and: "The goal is to allow them to reset passwords while out on the floor working with users" This is how we used to snag admin passwords back in the days :). Get a keylogger, pretend that you've broken something on your computer, call helpdesk and have them log into your computer. Wham-o. I always tell my helpdesk folks : Never log into a user's desk with your admin account. I am not saying your users are malicious, but ....... Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Phil Renouf Sent: Tue 10/4/2005 12:55 PM To: [email protected] Subject: Re: [ActiveDir] Access to ADUC from anywhere It would be better to just do a RUNAS for a cmd prompt if you are going to be doing this at many desktops. Phil On 10/4/05, Kamlesh Parmar <[EMAIL PROTECTED]> wrote: just my .02$... /DOMAIN in command is literal, you don't have to replace with your domain name... it should be as it is /DOMAIN I had once given this solution, to Helpdesk guys and they were replacing /DOMAIN with actual domain name. Also, those guys should be logged with their id and and should have reset password right for users in question. -- Kamlesh On 10/5/05, joe <[EMAIL PROTECTED]> wrote: Is password reset all they need? If so, they don't need the GUI. NET USER USERID password /DOMAIN If the machine isn't in the same domain as the userid, then you can use changepwd or cusrmgr or even a 3 line vbscript. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Figueroa, Johnny Sent: Tuesday, October 04, 2005 12:17 PM To: [email protected] Subject: [ActiveDir] Access to ADUC from anywhere I am looking to provide access to Active Directory Users and Computers MMC to some folks that move around a lot and may not have access to their computers. The goal is to allow them to reset passwords while out on the floor working with users. I've tried a customized MMC but it looks like you need to Adminpak. MSI or at least parts of it: http://support.microsoft.com/default.aspx?scid=kb;en-us;314978 Do I have any other options? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Fortune and Love befriend the bold" ~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
