Standard user 1

[nileshmorker]

I need to allow a restricted user to logon to server locally(done) and run only a single application from server. I have changed the logon locally policy to allow this user, but when runninng applicarion i do get errors ?

Nilesh

 

[markdmac]

Wow, bad move in my opinion.

Why do you need this particular user to run the program on the server? Can't it be scheduled?

Most likely your solution will be to use RunAs but since you can't store the password they would need to know an admin password.

There are a few scripting solutions for storing a password for RunAs. If you do a search on "Sanur RunAs vbscript" you should find some solutions. Sanur is no longer supported but their web site has links to other similar solutions.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[nileshmorker]

Thanks for that tip, but we need user to logon on locally to run a specific application and delete any quarantine emails, thus requires user to be on console. Unfortunately the quarantine manager cannot be installed on a different pc.

 

[markdmac]

What is the application? Are you using IMF?

If so you should look at

http://www.thespidersparlor.com/downlaods/imfspam.zip.

Otherwise a script such as this also works as a scheduled task:

'==========================================================================
'
' NAME: CleanBadMail.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL   : [URL unfurl="true"]http://www.thespidersparlor.com[/URL]	
' COPYRIGHT (c) 2003 All rights reserved
' DATE  : 09/10/2003
'
' COMMENT: 
'
' This script will list all filtered and quarantined SPAM mail, check that 
' the files are more than 30 days old and then delete them.
' This file is to be scheduled to run each day.
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'=====================================

Path1 = "E:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail"
Path2 = "E:\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive"
'This third path is not used unless you modify the script below
Path3 = "E:\Program Files\Quarantine"

Dim fso 
Dim oFolder
Dim oFile
Dim oSubFolder

  Set fso = createobject("Scripting.FileSystemObject")
  
   Set oFolder = fso.GetFolder(Path1)
  
  For Each oFile In oFolder.files
   	If DateDiff("d", oFile.DateCreated,Now) > 30 Then
    	oFile.Delete True
    End If
  Next


Set oFolder = fso.GetFolder(Path2)
  For Each oFile In oFolder.files
   	If DateDiff("d", oFile.DateCreated,Now) > 30 Then
    	oFile.Delete True
    End If
  Next

Set oFolder = Nothing

'The script will stop running here.  
'Remove the next line if you need to delete subdirectories from a given path.
Wscript.Quit

'If you need to delete sub folders instead of files from a directory, the below code will do that for you.
Set oFolder = fso.GetFolder(Path3)
Set colSubfolders = oFolder.Subfolders

For Each oSubfolder in colSubfolders
   	If DateDiff("d", oSubFolder.DateCreated,Now) > 30 Then
		fso.DeleteFolder(oSubFolder)
	End If
Next

Set oSubFolder = Nothing
Set oFolder = Nothing
Set fso = Nothing

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[nileshmorker]

Thanks for that response. I have used badmail utility before to empty specific folder. What i really need is a specific application which is using CA SCM quaranine manager which comes with the latest version. I have escalated issue to CA and they have confirmed that the application will only work from server. i will have to investigate about using OU's and applying specific restrictions.

Nilesh

 

[markdmac]

And what about allowing the user to run the program in a TS session rather than giving them log on locally rights?

How about configuring a TS session that will ONLY launch that one application so the user can not see any other server details?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[nileshmorker]

thanks Mark for that response, i will try that and post a feedback.
Nilesh

 

[nileshmorker]

I used above recommendation and that works, only problem is user is member of administrator, so that is scarry as they can logon elsewhere. But should be fine.

Nilesh

 

[markdmac]

You should be able to remove the admin rights and assign rights to the program files and data files of your application. Then set the right to "Access this computer from the network" in the local policy.

Local Computer Policy
+Computer Configuration
++Windows Settings
+++Security Setting
++++Local Policies
+++++User Rights Assignment

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript