The information in this article applies to:
SUMMARYThis article describes how to let normal users perform a task or run a program on their computers that requires administrative privileges without changing the users' current security settings. MORE INFORMATION
You can use the Task Scheduler tool that runs on every Windows 2000-based computer to schedule certain Microsoft Management Console (MMC) tools or other programs to run on a user's computer in the context of the SYSTEM account. This allows a normal user to manually perform those tasks without allowing the user to perform any other unauthorized administrative task.
Because Task Scheduler, by default, is run using the local SYSTEM account, certain tasks that require domain credentials cannot be performed. To test which tasks can and cannot be performed using this method, use the following procedure on a test computer to schedule a command prompt:
For example, running the Dsa.msc (Active Directory) console from the command prompt does not work because you do not have domain credentials, but the Dfrg.msc (Disk Defragmenter) console does run because it requires only local credentials. Using this method, you could schedule Setup for a program on a floppy disk or CD-ROM that would normally require administrative privileges to install, without visiting the computer locally. CAUTION: Be careful not to schedule anything that can be terminated by the user at the computer that leaves a working command prompt. If the program you need to run does not require any user input, leave the /interactive switch off so that the program runs in silent mode and is not accessible to the user. Microsoft recommends thorough testing before using this method to ensure you cover any security risks. Additional query words:
Keywords : kbenv kbtool |
Last Reviewed: December 29, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |