I’ve been over the Internet many times over trying to find a free solution to run certain programs as administrator without giving the end user full blown administrator rights. An example of this is adding fonts. This task requires administrator rights to do…but do I really need to give the end user full blown admin rights to add fonts?
The answer is no. Meet: AutoIT. This is free solution that includes a nifty RunAs command. As an example we can do this:
RunAs(“srvaccount”, “your_domain”, “Pa$$W0RD”, 4, “C:\fonts\nexusfont.exe”)
Then we can compile that into a nice little EXE which hides the command line from the end user and then we give them that EXE: In this example, I’m using NexusFont since it’s a free font management solution. NexusFont includes an option to “Copy fonts to system font folder”. Since NexusFont is running under an account with Administrator rights, it has no problems doing this.
Make sure you give the end users read and execute only rights to the folder and EXE file so they cannot switch it out with another file.
Also, it is possible to reverse engineer the process if you are sophisticated enough and get the password, so don’t use a super sensitive password. Assumption is that normal users aren’t going to be that sophisticated and there are probably easier ways of gaining admin rights then reverse engineering executables
– Soli Deo Gloria