Scripting Question

Pass encrypted administrator details in batch file

08/15/2012 4636 views

Hi all,

I need to let people install software in our corporate environment (by clicking a SharePoint webpage link) who may not be administrators.  I was wondering what the best way was to do this.  Can I pass domain level admin details in a script?  If so, how do I encrypt this so users don't see what they are.  Any help or other suggestions are much appreciated.


0 Comments   [ + ] Show comments


Community Chosen Answer


you could try using a scripting framework like AutoIT that allows you to compile into exe

This will allow you to shield the login data from your users.

Answered 08/16/2012 by: pjgeutjens
Red Belt

  • I use this method when KACE and AD are not an option.

All Answers


You can also setup the kace 1000 user portal.


Answered 08/16/2012 by: SMal.tmcc
Red Belt

  • We are currently looking at KACE but that will be sometime away.

You could also put it into a VBS script and use Microsoft script encoder to hide the details. http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Microsoft-Script-Encoder.shtml

Answered 08/16/2012 by: alphabeta
Black Belt

  • these kinds of scripts are not hard to decode back to human-readable form though.

Not recommended but if you want to batch it you can do this: (you will need to run as script since it takes an admin/system to make someone an admin)

make them an admin

1. net localgroup administrator /add domain\%UserName%

(not sure if it would be immediate or you need to force a logoff)

2. run the install start /wait msiexec /i

or if you have to make them logoff

2a. poke the current users runonce

start /wait reg.exe add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v installsoftware /d \\server\share\install.bat

shutdown /l /f (forces logoff)

In the install.bat put the  install as 1st line, net localgroup administrator /delete domain\%UserName% as the 2nd line and shutdown /l /f as the 3rd line.

3. if the rights change are immediate you would need

start /wait net localgroup administrator /delete tmccadmn\%UserName%

You will need to test if the group addition/deletion change take effect immediatly or after logoff

Answered 08/16/2012 by: SMal.tmcc
Red Belt

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ