Thought I'd share a little scripty goodness!
Task: Allow end users to add printers without elevating their privileges.
My solution: A pair of (encoded) vbscripts.
Script 1:
Set objshell = CreateObject("WScript.Shell")
strRun1 = "c:\windows\system32\rundll32 printui.dll,PrintUIEntry /il"
set objExec = objShell.Exec(strRun1)
do until objExec.Status
wscript.sleep 50
loop
(Note: Go the command from here)
Script 2:
Set objshell = CreateObject("WScript.Shell")
objshell.Run "runas.exe /env /user:AdminUserNameHere "_
& chr(34) & "cscript Script 1.vbs"_
& chr(34)
WScript.Sleep 333
objshell.AppActivate "runas.exe"
objshell.AppActivate "runas.exe"
objshell.AppActivate "runas.exe"
if
objshell .AppActivate("runas.exe") then
objshell .Sendkeys "password"
objshell .Sendkeys "~"
end if
(Notes: Put a real username and password in. And replace Script 1 with the name of the first script - the one you need to run with elevated privileges. And the appactivate command is there 3 times because it needs to be 100% sure that it's activated and the password is hidden)
I tested by running Script 2 - if Script 1 started - awesome! It did. Then I encoded Script 1 using the Microsoft Script Encoder, changed the script name in Script 2, and tested again - still started! Final step is to encode Script 2 (and test yet again). All that's left to do now is put the encoded scripts out on a network share and let the Tier 1 helpdesk folks know where it is.
Geek on!
0 comments:
Post a Comment