Thursday 17 March 2016

install programs as a domain user in command prompt

Came across this scenario at work today.

- You need to install a program (e.g flash player) on a machine at work.
  • The only way you have access is remotely via a program called BeAnywhere , which is one time session software with no admin privileges.
  • They don't have team viewer or logmein installed. 
  • The user logged in, is a domain user with no admin privileges.
  • There's no admin users onsite to help out.
  • Because of security you don't want to give out admin passwords over the phone to log on as a different user.
  • You don't know local admin account details.
  • There's an option for admin rights in beanywhere but this doesn't work because of the UAC splash screen asking for admin username and password

Things you do have/could do.
  • it is on the domain and you have domain admin details.
  • You have a third party tool which can reset the local admin password but this is very time consuming.
  • You can send an engineer to site to logon as a domain admin.(again time consuming)
  • You could install the packages via MSI but again this is time consuming, so what's the quickest method.

What do you do? 
sounds like there's no solution right?
Well..there is. If you as an administrator haven't disabled command prompt for domain users.
It's possible to install programs via a domain users command prompt. Even though the command prompt isn't opened with elevated rights.

What to do:
Open command prompt without elevated rights.
Then type:
runas /noprofile /user:DOMAIN\adminaccount "C:\Users\domainuser\Downloads\installpath.exe"

alternatively install a .msi file.

runas /noprofile /user:NGA\cbsadmin "msiexec /i \"C:\Users\localadmin\Downloads\logmein.msi""

This will in turn ask for the domain admin password.

Example below:

No comments:

Post a Comment