Reputation: 117
Creating an install script on a locked-down computer
We have a group of users that I need to run a flash installer on, the computers are locked down and you need to run any installer as the local admin for it to succeed.
I'm looking for a way to let a end user run a powershell/cmd script and have that script execute as the local admin, without storing any plain text passwords within the script. Is there a way to do this?
Thanks.
Upvotes: 0
Views: 169
Answers (2)
Reputation: 13493
Just to put it in an answer, @Frode F. is right, the best way to do this is to use Group Policy to install it.
At my org, we use GPO's to install Flash, Reader, Office, etc. and it's done in thousands of companies. Not only is it fairly easy to create, but also allows you to control the versions and updates of products that you install, and best of all, you need no passwords or anything (the Domain Controller is the administrator to your computers)
There are dozens of guides out there to do this, for ex. See: Deploy Adobe Flash Player With Group Policy
Upvotes: 1
Reputation: 4838
You should be able to achieve this by providing a PowerShell script which connects using PowerShell Remoting to the local computer through a specifically configured endpoint. You would then configure that endpoint to run as a user which will have the necessary permissions but the endpoint will also be constrained to execute only the command(s) which you have created (which would install flash, for example).
For more information about session configurations, I suggest reading up on
Get-Help about_session_configurations
Get-Help about_session_configuration_files
Get-Command *sessionconfiguration*
Or, to get a list of which things you can read up more on (in case it changes between versions), just run the following two commands:
Get-Help *session_configuration*
Get-Help *sessionconfiguration*
Edit: Do be sure to create the session configuration file using the -LanguageMode NoLanguage parameter to make sure the user is not allowed to run anything at all other than what you have provided as explicitly allowed. From the help-file regarding that parameter with that value:
-- NoLanguage: Users may run cmdlets and functions, but are not permitted to use any language elements, such as script blocks, variables, or operators.
Upvotes: 0
Related Questions
- Install software using powershell script
- Installing Program remotely through Remote PowerShell
- How to install programs as admin in Powershell
- How can I use powershell to run through an installer?
- Remote installation of exe using powershell
- Silent installation by using Powershell scripting
- Powershell Script to Remotely Install Software (Microsoft Office)
- Creating a simple PowerShell based installer with elevated privileges
- Installing an .exe on a remote machine from PowerShell
- Automate Application Installation with Powershell