RES WM 2011 – Dynamic privileges


Dynamic privileges

…a short review…

A new cool feature in RES workspace manager 2011 is the possibility to use Dynamic privileges. To understand what dynamic privileges are we first have to understand what issues we run into when designing user environments.

User environment are built around applications, user settings, drive mappings and of course basic things like printers. Microsoft Windows is designed so that Bill thought that users would always be a local administrator (I’m on thin ice here, I know).

If users are local administrator they will not experience any issues installing printers, changing time or any other task requiring elevated rights. In the real world though users are just users and will not poses administrative rights, thus not being able to do simple tasks like adding printers or changing time.

With workspace management solutions like RES we can handle printers just fine as long as the printer is a network printer.  With local printers where drivers need to be installed and ports needs to be created RES had an issue prior to the 2011 version.

Now, the 2011 version….

With RES Workspace manager 2011 Dynamic privileges is introduced for managed applications.

It’s pretty simple to change the settings, after adding a managed application you can change the dynamic privileges within Security. Options are to add or remove the administrative rights for an application.

When the application has administrative rights only that application has elevated rights, the extra tasks that you can add to the application under Configuration will not be started with elevated rights.

A feature request has been filed with RES to add this to the next version. I understand that this feature comes close to functionality of RES Automation manager where tasks can be started on any managed workplace under elevated rights.

Settings that can be added under configuration are useful for they can be a drive mapping or nearly anything else you would ever want around an application start up.

Execute Command – %Script%

One other nice feature is with the Execute command option in RES workspace manager 2011.

Instead of creating a script, saving it as a command file it’s now possible to do this without the need to save a command file. By adding a %Script% entry in the command line the next TAB “Script” becomes active.

The script can be written directly in the box and will be executed on demand as set in the properties TAB. It saves a lot of moving around of scripts and makes management a lot easier.

The script extension is changeable, I haven’t actually tested which extensions do work. I the documentation I found no reference of this…need to test it.

Documentation

The scripts you create will be documented in the instant report you run from the installation, as seen in the picture below.

 

It’s a small write up but then again there’s not so much to tell about these features for they are “still” limited in their use.


5 Responses

  1. Thanks for this write up Rob! Very groovy feature set & really pleased that RES had the forethought to create such a helpful & long overdue ability to make Administrative Overhead lower for all the trench warriors!

  2. Nice review of some of the new features Rob, thanks!
    Is the script-tab also included in the reports? So we automatically have the used scripts part of the documentation?
    Do you know which types of scripts are supported (or can you use any kind, as the file extension box is a tekstbox, not selection list?)

  3. AndrewMorgan says:

    Hi Rob,

    Wonderful idea with the scripts, not only does it integrate these external tasks into the console it will also provide some level of auditing in if the current external scripts are changed. May I be bold enough to suggest you consider powershell scripts in this solution if not already confirmed working?

    Alot of work with registry, ini files etc I'm cmd require external exe's to be authorized whereas PoweShell can do so without these additions.

  4. admin says:

    True, powershell would have been another option. Fact was that we tried to built the whole solution around one console. We got some sort of a working solution, I'm not satisfied but then again I never am.

  5. admin says:

    Hi,

    Yes the scripts are included in the reports, I've added a sample in the write-up.
    Next week I have a meeting with RES, I'll ask them what kind of script they support.

Leave a Reply

https://tracking.cirrusinsight.com/869c29e2-3a9b-48c5-9232-0b95e7993ae8/controlup-com-pixel-php