[wpkg-users] role of installation user

[Malte Starostik]

[Resent w/o attachments as they were rejected.  The files are available here 
instead: http://malte.homeip.net/wpkg/peruser/
]
Am Montag, 17. August 2009 10:18:13 schrieb Johannes.Brix at evidian.com:
> Hello again,

;-)

> just another topic: user rights.
>
> Everyboda will agree that best way to install software is
> using a user with local rights for installing software.
>
> But in parallel I need to to some configurations in relation to users.
>
> How can I handle this job avoiding to give users administration rights
> to execute software installation and do the update in the user context.
>
> Seperating these two roles would be fine, but I cannot see how
> to configure it in wpkg.

Depending on what exactly you need to do, the attached script may be of help.  
It executes a given command for each user account on the system with the 
user's registry hive temporarily made available.  I use it to modify files or 
registry keys in the users' profiles.
The script is invokes like
cscript /nologo PATH\TO\peruser.wsf /exec:"command to run for each user"

The given command will be run with the environment variables USERPROFILE and 
APPDATA set as expected and an additional env var USERREGKEY that contains the 
name of the registry subkey under HKEY_USERS where the user's registry hive is 
loaded.

Caveats:
* ***** The command still runs in the execution context of the user running 
wpkg.js, i.e. usually with high privleges ***** Only the env vars and registry 
setup makes it user specific.

* When midifying the users' registry, you MUST use HKEY_USERS\%USERREGKEY% 
instead of HKEY_CURRENT_USER, so beware of what your script does.

* The command given to /exec should be rather simple - i.e. just a batch file 
or another WSH script (with cscript prepended) - and quoted if it contains 
spaces.  As Windows' idea of command line arguments and env var expansion is 
rather limited, there seems to be no way to cause delayed expansion or to 
escape quotes etc. like one could do with a typical UN*X shell.

* The script has not been tested with roaming profiles and I'd expect some 
funky behaviour there.

Dependencies:
* peruser.wsf requires the also attached file util.js in a subdirectory called 
include.  You might as well change the reference to match your directory 
layout, remove it and instead copy the functions Array.fromCollection and 
Array.prototype.forEach directly into peruser.wsf or rewrite the last line of 
peruser.wsf to only user what WSH provides.

* it requires the ActiveX object RegObj.Registry which can be found on the 
'net (search for regobj.dll) and can be installed by copying it to 
%SystemRoot%\system32 and registering it via regsvr32.  This dependency can of 
course be installed via WPKG :-)  It's needed because neither WScript.Shell 
nor Wbem provide a working way to retrieve REG_EXPAND_SZ values from the 
registry without expanding them.

Cheers,
Malte

PS: the contents of util.js are mostly surrogates for JavaScript 1.5 functions 
not included in Microsoft's JScript engine and inspired from the MDC website.  
The exacty implementation as well as peruser.wsf were written by me and are 
hereby provided to the public domain AS IS with no warranties if they fry your 
systems or kill your cat.