Script with elevated rights.

[MasterRacker]

I want to develop a script that certain users can run to enable/disable an AD account assigned to a vendor for VPN purposes. I can script the account portion just fine. Where I have an issue is that the users who will be running this do not have account management privileges.

How can I set this script to operate with elevated rights? Runas won't work unless there is some way for me to feed the password hidden from the end users.

(I'd like to keep this in VBS if I can for the purposes of future maintenance by a non-programmer IT type who might take it over after I win the lottery and retire. ;-) )

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]

 

[tsuji]

I would suggest you check out the free download joeware's cpau.exe. It is quite a satisfactory solution.

http://www.joeware.net/freetools/tools/cpau/index.htm

[1] The administrator(s) scripts out a job file. The whole job file is encrypted. Credential is the elevated permission user (or the admin him/herself) with his/her password inputted during its creation. The process to be executed is fixed in the job file as well. Hence, users of lower permissions are restricted and authorized to start only that process.
[2] Hand out/deploy to the user the job file and the cpau.exe and whatever external executables with the permissions to allow the user read/execute rights. And that is about it.