RE: Script to add domain users to local groups on remote machines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----Original Message-----
From: tedd [mailto:tedd.sperling@xxxxxxxxx] 
Sent: 04 June 2010 15:34
To: Mayer, Jonathan; php-general@xxxxxxxxxxxxx
Subject: Re:  Script to add domain users to local groups on remote
machines

At 11:16 AM +0100 6/4/10, Mayer, Jonathan wrote:
>Hello,
>
>Has anyone got any ideas how I might add a user to a local group on a
>remote networked Windows machine via a PHP script? The idea is to make
>an automated tool where users can request access to a shared folder via
>our intranet, and after suitable approval the system add them to a
group
>which has read privileges for the folder in question.
>
>If I run apache using an account with suitable privileges, I've been
>able to do it with COM, but for security reasons I'd like to be able to
>authenticate through the script instead, and leave apache running on
the
>standard local system account.
>
>Perhaps COM is the wrong way to go about the problem - perhaps exec?
Any
>ideas gladly appreciated!
>
>Thanks,
>
>Jon.

Jon:

The concept is pretty simple.

1. Have a database set up for users with logons and passwords, such as:

http://php1.net/a/edit-db-demo <-- just add logon and password fields.

2. Have a method of approving users for access to the documents. Such 
as providing them with the password via email, phone, mail, or an act 
such as providing a real email address (i.e., subscribing):

http://webbytedd.com/b/sub-email/

3. Provide an url that checks for authorization before providing the 
document(s), such as:

http://webbytedd.com/b/password-db/index.php

or

http://webbytedd.com/ccc/protected-download1/

4. Provide a method for users to find the document(s) for download:

http://php1.net/b/zip-files/

You throw all of that together and you have a way to solve your 
problem. Here's a working example I wrote for a client:

http://webbytedd.com/ccc/protected-download1

The password is: 'a'
The email address is: 'tedd@xxxxxxxxxxxx'

Also, the access of the data is registered (IP/Date) and an email is 
sent to me that someone accessed the file. So you can get as 
elaborate as you want.

Cheers,

tedd

-- 
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

-------------------------------


Thanks for your detailed answer tedd,

I agree that that would be a sensible solution if I were to create an
online file access tool from scratch. Unfortunately, however, the tool
I'm creating has to work in the way I described because I am trying to
put together a tool to simplify the maintenance of a system that is
already in place. Once the users have access, they will also expect to
be able to access these folders via Windows rather than using an online
interface.

Cheers,
Jon.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux