Hi,
I'm currently reading a Powershell Toolmaking book, and was wondering about tools and security... What would be a 'best practice' to accomplish the following:
I want to write a tool to add a printer to our print-server. The tool would do several things to accomplish it's final goal (add a printer):
- create a DHCP lease in a predefined DHCP scope (normally exected as user DOM\dhcp-admin)
- create a TCP/IP printer port and shared printer on the print-server (normally executed as user DOM\print-admin)
Now, I am able to write such a script, and it works when run as a domain-admin (DOM\administrator). But I want to delegate the creation of new printers to someone else, who doesn't have domain admin access (DOM\someguy).
What would be the best approach? I could give the user that runs the script the necessary rights to DHCP and the printer server, but actually I don't want to... If I want to run a function as another user (let's say I could run the function 'add-DOMDhcpLease' as user dhcp-admin), how could I do that without giving away the password for this user in plain text (in the powershell script)?
Any thoughts or advise on this subject?
Tnx, Erik