In Windows 10 on a desktop or laptop, what is the best place to put a command prompt program that I wrote myself or acquired from the net. I have one admin account on each of my computers, a standard account for my own routine use, and additional standard accounts for each friend or visitor. I want the admin account to be able to modify the program, and the standard accounts to be able to execute it.
I'm leaning toward putting it in the public folder and setting custom permissions so standard users will only be able to execute. Is this the best choice?
I'm reasonably experienced with Windows 8.1 but just bought a new laptop with 10.
Public User folder and restrict it with sharing options or security and set accessbility to administrator, define who can execute or edit.
Related
Recently I decided to split My Pc into two Users one for gaming and one for work to increase my work productivity. Now I am wondering is there a way to:
run a PowerShell script on UserLogin Opening Certain Apps/Programs and maybe even putting in custom input like login info for immediate login.
run different scripts depending on the logged-in User.
We have Windows 10 tablets being used in the field by our reps and some customers. They log in with an account that doesn't have administrative privileges. From time to time we have to send them new software updates. These installers need to run elevated to work properly. We don't want to give the reps admin passwords so ideally we want to white list certain installers that they can elevate themselves when run from a standard account without the user entering a password.
I hope this makes sense. The best we have come up with is to write and install a Windows service that runs elevated and would run our installers.
But I wonder if there is a better solution. Ideally I would like to tell Windows that it should auto-elevate installers from a certain publisher or something similar.
Any ideas?
I'm a novice with AS/400. I have a bit of coding experience and know that there's always an access to the backend if you're clever enough. But developers in my organisation said that it's hard to communicate with the server and make it run things remotely.
So I'm wondering if you anyone's got any ideas how I can schedule a simple task. I login to the "Personal Communication", which is the client app. Then I go to a certain menu, ie I543, enter a parameter "1". And Press "ENTER" to run a report which have a file output.
I know there is that "Macro" function within Personal Communication. But that relies on send keys which does not work on a locked screen, nor do I want to activate it manually, which really defies the point of automation.
I was hoping I can schedule a simple call command somehow to activate some kind of procedure. Just need to know if possible and where to start looking? Thanks.
Last millennium's AS/400 and today's IBM i both have a basic job scheduler built in.
From a command line WRKJOBSCDE.
You need to find out what happens when you select menu I543 option 1. Assuming it's a simple CALL MYRPT or SBMJOB CMD(CALL MYRPT) then adding a scheduled job to run the report is easy.
However, you probably don't have the authority to do so. Nor should your developers necessarily be able to do so. Your system administrator is the right person. In a small shop, that might be the guy doing development. In a large one, it's another person or team.
But your developers should have at least pointed you toward the admin and the job scheduler.
I want to provide some administrative services that will be implemented against the Office365 PowerShell, but I don't want to store decryptable administrators credentials - is there any option for authenticating without direct usage of the credentials? I am thinking about something like OAuth or another application key system.
Not 100% clear from the question but since you don't want to store creds I assume that this will be running on client computers rather than on systems that are directly under your control. I can think of two options but they both add considerably to the complexity of a script like this.
Option 1
Split your script into 2 pieces, one set up as a web listener on a server that is running with elevated privileges and the other running on the system where you want the script to be placed that makes REST calls to your web listener, this lets you only expose the functions that you actually want the lower-privileged script to have access to without having to deal with storing the creds. This is more complex to set up but doesn't require anything third-party to be in place.
Option 2
Use a privledged identity management system(I'm most familiar with CyberArk but any of them should be ok for this purpose) to store the creds, You would then sign your script with a certificate and set the identity manager to only allow a process signed with that cert and connecting from a known valid IP to access the credential, again using a web call. This is easier to do once you get the PIM installed but that can be a massive headache to do properly, not to mention expensive.
Hope I understood the problem correctly and that one of these methonds helps you.
I need to add Relying parties in ADFS everytime a new client comes on. I would like to automate this by just specifying either the url to the federation metadata or a file picker for the admin to load the federation metadata file.
I have been following the instructions on this site Adding a New Relying Party Trust
However I get the following error
ADMIN0120: The client is not authorized to access the endpoint
net.tcp://localhost:1500/policy.
The client process must be run with elevated administrative privileges.
not sure what I am doing wrong. I guess the bigger question is : is this the best way to set up Relying parties and Claims using code or should I use powershell commands?
This error doesn't means you have code issue. It is something related to the privilege. Test it by right mouse click the client and "Run as administrator" to see if it goes through.
As per your link, there are three ways:
Using the AD FS 2.0 Management console
Using the Windows PowerShell command-line interface
Programmatically using the AD FS 2.0 application programming interface (API)
All three are equally valid - the only difference is how much work you have to do for each e.g. the wizard is lots of mouse clicks.
What I do is set up the RP the first time via the wizard and then save the setup using PowerShell (Get RP, Get Claims etc.) and then use these to set up subsequent ones as you migrate from dev. to test. to staging etc.