#171954 - 2006-12-23 01:50 AM
Re: @error handling? and redirection to a text file (append)
[Re: NTDOC]
|
itdaddy
Starting to like KiXtart
Registered: 2006-12-19
Posts: 145
Loc: Wisconsin
|
oy your users could have FULL admin rights in no time with that method.
Just add a few commands of their own to the file. Boot from a Windows PE and take rights to that folder if needed. Then add or remove stuff as they see fit without you ever being the wiser.
CD boots disabled! on all workstations! in bios! 2nd please explain where the commands they will run if i have RUN disable in policy! dont slam me too much; i am not that dumb! hee hee but explain NTDOC where they will run the commands from if i have CD diabled form boot and (though you can use BartPE from boot up windows! the job scheduler is admin rights the machine is not. run is removed CD boot is disable as well as USB disabled in bios
so explain where i may have said something wrong
WIP: MCSE buut i do not see my security breach explain big guy! oh yeah i have the cacls file deleted when done and the setup.exe deleted when done
Edited by itdaddy (2006-12-23 01:52 AM)
_________________________
Robert A+, CCNA, MCP Network Admin Credit Union Wisconsin
|
Top
|
|
|
|
#171957 - 2006-12-23 02:11 AM
Re: @error handling? and redirection to a text file (append)
[Re: NTDOC]
|
itdaddy
Starting to like KiXtart
Registered: 2006-12-19
Posts: 145
Loc: Wisconsin
|
The issue is that you should not have a file that contains commands that will run with elevated Privileges residing on the local box (imho)
NTDOC i see what you mean but we run Defrag with admin rights cause you have to. but when the job is done i make sure it deletes them. when the copy takes place from the server it copies setup.exe and cacls1.bat program to local pc and runs with admin rights at night time when all are gone.
i am aware of programs that can run on local machines and do things to Active Directory as well. i have seen them...but in this case i am still looking for a MSI package which would prefer and yes, the Self healing technology i like as well. i dont want to use zap files and publish them; it needs to be done at night so all is ready in the morning. so i am still looking for the gpo way. nice that big MS$$ didnt make and MSI installer to package stuff up and to allow addes switches. But i think even MCSEs have to sort of jerry rigs stuff; but since my files are delete when done off of each pc and the job will be disabled; i feel okay; but like i said i am looking for the gPO way cause it is slick and self healing is great. this software package we have is cheesy! but my scripting works. the only thing is the install via job schedular with admin rights while all are gone home. and then deletes self. and disble job ! so doing my best; i have talked with cert mcse and they even say theyhave had to do stuff like that! but echo what i do try to get msi. amem to that!
Merry christmas guys! hey NTDOC next time before you slam me; be easy! big guy! WIP means work in progress and get all the facts i have done my homework and disable many things in bios and password out with our admin pass word for our admins on each pc so i am working it!
have agood one dude!
Robert(itdaddy)
_________________________
Robert A+, CCNA, MCP Network Admin Credit Union Wisconsin
|
Top
|
|
|
|
#171960 - 2006-12-23 03:00 AM
Re: @error handling? and redirection to a text file (append)
[Re: itdaddy]
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11624
Loc: CA
|
|
Top
|
|
|
|
#172036 - 2006-12-26 08:11 PM
Re: tcLib Help
[Re: itdaddy]
|
Glenn Barnas
KiX Supporter
Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
|
1. READ the document in the DOCS folder from the ZIP you downloaded - it has a lot of examples, including a step-by-step process for defining, deleting, and changing a task event.
2. Make sure you place JT.EXE into the \Windows folder, or some other folder that is in your PATH. It will NOT WORK otherwise, unless you modify the tcInit() udf, as shown below.
; Define the path to the JE.EXE command. This should be simply 'jt.exe'
; if JT.EXE is in the system PATH.
$tcJTEXE = 'jt.exe'
3. Like any other UDF, you need to place it into your script, either directly or via call or include statements.
If you simply want to interactvely run a task using alternate credentials, look for the runnas.exe tool, which works like RunAs, but accepts the password on the command line.
Glenn
_________________________
Actually I am a Rocket Scientist!
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 718 anonymous users online.
|
|
|