Should you empower the user to make the necessary changes? You might as well open Pandora's Box. Locking down company desktops prevents misguided and disgruntled users from doing all sorts of damage. Many users envision the Web as a pristine frontier ripe for downloads.
Should you get an IT tech support person? Modifying one machine at a time isn't an efficient use of professional staff.
So what should you do? One cost-effective solution is to empower the user with security. Develop simple in-house problem-solving tools that run by the user and for the user but not as the user.
There are many good desktop control packages to suse for the following examples. Whatever your choice, be sure it supports a flexible RunAs feature and utilizes simple control statements. The sample code snippets shown in the examples below demonstrate the WinBatch development tool. Each sample solves a different practical problem. This package is freely downloadable (sans compiler). Because executable code runs in privileged mode, when the user clicks, the change sticks.
Practical examples
E-Mail problem: Management wants staff to read their e-mail from anywhere
Solution: Automated e-mail configuration
Code snippet:
Runline = "\\mailserver\mail folder\odk-idk\custom.prf"
Flag = ShellExecute(Runline,"","",@NORMAL,"")
(Tip: This snippet uses the Microsoft Outlook ODK-LDK setup utility)
Printer problem: Management wants staff to print from anywhere to anywhere
Solution: Automated network printer install
Code snippet:
Printername = AskName("Install", "Which printer do you want?")
Runline = StrCat("\\printserver\",printername)
Flag = ShellExecute(Runline,"", "",@NORMAL,"")
(Tip: Block access to the CEO's printer suite!)
Training problem: Management requires mandatory staff training
Solution: Automated training shortcuts
Code snippet:
List = StrCat("Training1",@TAB,"Training2")
Select = AskItemList("Training", List,@TAB,@SORTED,@SINGLE)
Source = StrCat("\\fileserver\", Select,".url")
Target = "pathname"
Flag = FileCopy(Source, Target, @FALSE)
(Tip: This is especially useful for HIPAA regulations and sexual harassment training.)
Policy problem: Management wants to remove embarrassing home pages
Solution: Automated home page reset
Code snippet:
newpage = "http://corporatewebsite"
Flag = RegSetvalue(@REGCURRENT,"Software\Microsoft\ Internet Explorer\Main\[StartPage],"newpage)
(Tip: Put code in a login or a global.bat script. Adapt to other browsers as necessary)
The previous examples showed typical uses and didn't need special privileges, but the following examples do. They run by the user and for the user but not as the user. The task is performed under a privileged account for all and only the task at hand. Security is maintained and the necessary job gets done.
The following examples use the SetAdmin subroutine that gives special rights.
Tip: Grant Execute but not Read permission so the password remains hidden.
Code snippet:
:SetAdmin
Runas_user = "privileged account"
Runas_pw = "account password"
Runas_domain = "."
Parameters = ""
:Return
Privileged practical examples
Install problem: Management wants a special application on the desktop
Solution: Automated application install
Code snippet:
GoSub SetAdmin
Source = \\servername\application_name"
RunWithLogin(Source, Parameters,"",@NORMAL,@WAIT, Runas_user, Runas_domain, Runas_pw, 0)
(Tip: Bandwidth too small for a network install? Copy the file first then install locally.)
Parameter problem: Management must reset certain desktop parameters
Solution: Automated parameter change
Code snippet:
GoSub SetAdmin
Command = "command_name"
Flags = "values"
RunWithLogin(Command, Flags,"",@NORMAL,@WAIT, Runas_user, Runas_domain, Runas_pw, 0)
General tip: The above tools resolve a typical Catch-22 problem: Tech support can't fix a bad connection remotely because they cannot make a connection to fix the bad connection. Now the user can fix the problem themselves on demand.
Deployment tip: Develop and accumulate your own set of useful utilities. Place them in a common network share or Web page. It will save your staff time and your company money.
Doctor Lee Ratzan is a systems analyst at a New Jersey health care agency and teaches at Rutgers University. Contact him at lratzan@scils.rutgers.edu