neophob.com

Stan­dard user’s in big com­pa­nies usu­ally runs as unpriv­i­leged users, thus they can­not exe­cute admin tasks. But some­times it’s nec­es­sary to run a task with admin rights (auto­mated soft­ware deploy) — runas, in some sit­u­a­tions, is a bad idea because it needs a user and a clear text pass­word (and no, the pass­word com­piled in an exe file is not very safe!).

So my idea is, let those tasks run as sys­tem user with the task sched­uler. Microsoft pro­vides a great tool, jt.exe, an extended at.exe com­mand line task sched­uler. The sched­uled task will be cre­ated with­out a sched­ule (funny eh?) and will be exe­cuted man­u­ally by the user. Here is the step by step instruc­tion:

1) Instal­la­tion phase (as admin­is­tra­tor):
We cre­ate a sched­uler con­fig file with this content:

To get detailed help what those switches means, have a look at jt.exe’s help func­tion. The most impor­tant stuff is, this sched­uled task should exe­cute a file called c:123.cmd as sys­tem user.

Now cre­ate the job itself:

Exam­ple output:

The Job file is now cre­ated, you can ver­ify it by brows­ing to %windir%tasks, there should be a new jobname.job file. Now, here comes the impor­tant task, change the file per­mis­sion of the jobname.job file and add write access (change right) for your users (every­one, users or what­ever you prefer).

Of course you should now edit the file c:123.cmd and add some more or less intel­li­gent content.

2) User Phase
The user can now run C:123.cmd as SYSTEM user by enter­ing this command:

That’s it! Feel free to post your experiences..

Down­load jt.exe here (Microsoft FTP).