|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Running a script remotely under admin credentials
printer from numerous PCs. strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colInstalledPrinters = objWMIService.ExecQuery _ ("Select * from Win32_Printer where DeviceID = 'ScriptedPrinter'") For Each objPrinter in colInstalledPrinters objPrinter.Delete_ Next First, I modified it to echo the device ID to make sure the syntax of the printer name was correct. While testing it on my PC, it works great. The problem is that it will need to run on client machines under admin credentials (it's executed when users logon to the domain via a group policy setting), as the domain user accounts do not have sufficient privileges to delete it (it fails when tested on an actual client machine & user account). I've not found an example at the MS script center that uses alternative user credentials. Can anyone point me in the right direction? TIA... Buzz Hello,
Just replace your "Set objWMIService statement" to the following 2 lines of code: --------------------------------------------------------------------------- Set objLocator = CreateObject("WbemScripting.SWbemLocator") Set objWMIService = objLocator.ConnectServer(strComputer, "root\cimv2", strUserid, strPasswd) --------------------------------------------------------------------------- Note that strUserid and strPasswd should contain your alternative user credentials. HTH, Ato Show quote "Buzz Fenner" <bfen***@jonesborocwl.org> wrote in message news:u8pHZF5kFHA.2920@TK2MSFTNGP14.phx.gbl... > I'm starting with this script from the TechNet site to delete a particular > printer from numerous PCs. > > strComputer = "." > Set objWMIService = GetObject("winmgmts:" _ > & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") > > Set colInstalledPrinters = objWMIService.ExecQuery _ > ("Select * from Win32_Printer where DeviceID = 'ScriptedPrinter'") > > For Each objPrinter in colInstalledPrinters > objPrinter.Delete_ > Next > > First, I modified it to echo the device ID to make sure the syntax of the > printer name was correct. While testing it on my PC, it works great. The > problem is that it will need to run on client machines under admin > credentials (it's executed when users logon to the domain via a group policy > setting), as the domain user accounts do not have sufficient privileges to > delete it (it fails when tested on an actual client machine & user account). > I've not found an example at the MS script center that uses alternative user > credentials. Can anyone point me in the right direction? TIA... > > Buzz > > Ato Bisda wrote:
> Hello, Yes, this will work remotely, but if you read the original post more> > Just replace your "Set objWMIService statement" to the following 2 lines of code: > --------------------------------------------------------------------------- > Set objLocator = CreateObject("WbemScripting.SWbemLocator") > Set objWMIService = objLocator.ConnectServer(strComputer, "root\cimv2", strUserid, strPasswd) > --------------------------------------------------------------------------- > Note that strUserid and strPasswd should contain your alternative user credentials. > Hi, closely, he wants to run the script in a logon script (oddly enough the OP calls this remotely I think), then the above will not work. The OP might get something to work with a Runas product: Different RunAs products listed here, some free and some not, some with encryption option for the password as well: http://groups.google.co.uk/groups?selm=3FE0B42C.773CA875%40hydro.com Other ones not mentioned in the link above: SUperior SU (free, has a command line iterface) http://www.stefan-kuhr.de/supsu/main.php3 LSrunas/LSrunasE (the latter with password encryption) http://www.linkselection.com/lsrunas.asp You may also want to check out PolicyMaker Application Security (previously NeoExec), the main difference is that it does not require the use of a second account, as most other RunAs derivatives requires. PolicyMaker Application Security http://www.desktopstandard.com/PolicyMakerApplicationSecurity.aspx -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx > Different RunAs products listed here, some free and some not, some Hi,> with encryption option for the password as well: i found a runas tool with passoword encryption on http://www.robotronic.de/runasspcEn.html It looks like easy to use. Why is this tool not in your list. Is it not a good one? Robi Ravandel wrote:
>>Different RunAs products listed here, some free and some not, some Thanks, I will add it to my list...>>with encryption option for the password as well: > > > Hi, > i found a runas tool with passoword encryption on > http://www.robotronic.de/runasspcEn.html > It looks like easy to use. > Why is this tool not in your list. > Is it not a good one? > Hi, -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx Yes,
I finally found documentation under the "Hey, Scripting Guy" dealing with alternate credentials and lo & behold saw that what I'm trying to do will not work under WMI. Long story short, since this issue affects only about 12 client boxes, I may make the required changes manually. Thanks to all for the responses. Buzz Show quote "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message news:%233INExBlFHA.3096@TK2MSFTNGP10.phx.gbl... > Ato Bisda wrote: > >> Hello, >> >> Just replace your "Set objWMIService statement" to the following 2 lines >> of code: >> --------------------------------------------------------------------------- >> Set objLocator = CreateObject("WbemScripting.SWbemLocator") >> Set objWMIService = objLocator.ConnectServer(strComputer, "root\cimv2", >> strUserid, strPasswd) >> --------------------------------------------------------------------------- >> Note that strUserid and strPasswd should contain your alternative user >> credentials. >> > Hi, > > Yes, this will work remotely, but if you read the original post more > closely, he wants to run the script in a logon script (oddly enough > the OP calls this remotely I think), then the above will not work. > > > The OP might get something to work with a Runas product: > > Different RunAs products listed here, some free and some not, some > with encryption option for the password as well: > > http://groups.google.co.uk/groups?selm=3FE0B42C.773CA875%40hydro.com > > Other ones not mentioned in the link above: > > SUperior SU (free, has a command line iterface) > http://www.stefan-kuhr.de/supsu/main.php3 > > LSrunas/LSrunasE (the latter with password encryption) > http://www.linkselection.com/lsrunas.asp > > You may also want to check out PolicyMaker Application Security > (previously NeoExec), the main difference is that it does not require > the use of a second account, as most other RunAs derivatives requires. > > PolicyMaker Application Security > http://www.desktopstandard.com/PolicyMakerApplicationSecurity.aspx > > > > -- > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway > Administration scripting examples and an ONLINE version of > the 1328 page Scripting Guide: > http://www.microsoft.com/technet/scriptcenter/default.mspx  |
|||||||||||||||||||||||
Other interesting topics