A Fast Yet Secure Way to Open MMCs Using Alternative Credentials
If you use high-privilege credentials to open Microsoft Management Consoles (MMCs), here's a clever way you can spend less time entering those credentials. All you need are some simple batch files.
September 25, 2007
Like Serge Bedard in the Reader to Reader article "Access Remote Files with iexplore.exe" (June 2007, InstantDoc ID 95445), I also use a standard account for logging onto my workstation and a high-privilege account for performing network-related tasks in various Microsoft Management Consoles (MMCs). Constantly using the
Run As command to open the MMCs with the high-privilege account proved to be tedious and time-consuming. To reduce the amount of time spent entering alternative credentials, I wrote a series of batch files for the following consoles:
Active Directory Users & Computers (adusers.msc), which is a customized console for the MMC Active Directory Users and Computers snap-in that has all our domains loading in one pane
MMC ADSI Edit (adsiedit.msc)
MMC Computer Management (compmgmt.msc)
DHCP (dhcp.msc), which is a customized console for the MMC DHCP snap-in that has all our DHCP servers loading in one pane.
DNS (dns.msc), which is a customized console for the MMC DNS snap-in that has all our DNS servers loading in one pane.
Group Policy Object Editor (gpedit .msc)
The batch files are pretty simple. They typically look like the batch file in Listing 1, which opens the Active Directory Users & Computers console. When the batch file executes, all you need to do is provide the password for your privileged account. The console then opens and loads the appropriate snap-in.
The batch file to open the Computer Management console is slightly different. As Listing 2 shows, this batch file first prompts you for a server name, then prompts you for the privileged account password. If both are correct, the Computer Management console opens with that computer name already loaded.
To make it easy to execute the batch files, I placed them on a network share, along with the console files they're linked to. I then created shortcuts to the batch files on my Quick Launch bar. So, to run an MMC, all I need to do is click the appropriate shortcut and enter the password (or server name and password).
The batch files turned out to be so convenient that I wrote a set of them for each member of our IT team. These batch files not only save our team a ton of time but also help us comply with the company's administrative security policies.
—Joel Hluszko, Senior Network Administrator, Kingsway Financial Services
About the Author
You May Also Like