JSI Tip 1068. How do I allow selected users to schedule jobs on my server, without granting any rights?


Establish a folder on your server and share it. I use C:\UserAT, shared as UserAT$. Create a Log sub folder (C:\UserAT\Log). Set the following permissions:


\\ServerName\UserAT$ - You can leave the default of Everyone - Full Control
C:\UserAT            - Administrators - Full Control
                       System         - Full Control
                       Creator Owner  - Change
                       Selected users - Add

C:\UserAT\Log        - Administrators - Full Control 
                       System         - Full Control
When a selected users wishes to schedule a job, they copy a filename.bat file to the share using the UNC name or a mapped drive letter. In the filename.bat, they must have a REM statement (the first REM statement) that has the following format:

REM UserName HH:MM \[/INTERACTIVE\] \[ /EVERY:date\[,...\] | /NEXT:date\[,...\]\]

Once a minute, UserAT.bat on your server, will wake-up and schedule the job(s) in C:\UserAT. Users must use a HH:MM that is at least 2 minutes greater than the time they submit the job (if they want it to run today).

UserAT.bat requires Sleep from the resource kit. You can start UserAT.bat at boot time using Autoexnt, or schedule it, or start it manually.

UserAT.bat performs the following, prior to scheduling the job:

1. Copies the C:\UserAT\filename.bat file to C:\UserAT\Log\YYYYMMDD.HHMM.cnt.filename.bat, where cnt is an internal counter, to guarantee uniqueness.

2. Verifies the existance of the REM statement. Jobs without a REM are deleted from C:\UserAT.

3. Verifies that UserName exists. This is just for documentation.

4. Schedules the job with (the following is one line):

AT HH:MM \[/INTERACTIVE\] \[ /EVERY:date\[,...\] | /NEXT:date\[,...\]\] cmd /c
"C:\UserAT\Log\YYYYMMDD.HHMM.Seq.filename.bat"

5. Deletes the job from C:\UserAT.

UserAT.bat contains:

@echo off
setlocal
REM set folder to the local <Drive:>\UserAT folder name
set folder=C:\UserAT
set /a cnt=0
:loop
sleep 60
for /f "tokens=1,2,3,4* delims=/ " %%i in ('date /t') do set TDDAY=%%i&set TDMM=%%j&set TDDD=%%k&set TDYY=%%l
if not exist %folder%\*.bat goto loop
for /f "Tokens=*" %%i in ('dir %folder%\*.bat /b /a-d') do call :JOBS "%%i"
goto loop
:JOBS
set /a cnt=%cnt% + 1
set file=%1
set file=%file:"=%
for /f "Tokens=1,2 Delims=:" %%i in ('time /t') do set hh=%%i&set mm=%%j
set mm=%mm: =0%
set hh=%hh: =0%
copy "%folder%\%file%" "%folder%\log\%TDYY%%TDMM%%TDDD%.%hh%%mm%.%cnt%.%file%"
set REM=N
for /f "Tokens=*" %%i in ('type "%folder%\%file%"') do set string=%%i&call :JOBSREM 
goto end
:JOBSREM
if \{%REM%\}

\{Y\} goto end if /i not "%string:~0,4%"

"REM " goto end set REM=Y set string=%string:~4,250% for /f "Tokens=1* Delims= " %%i in ('@echo %string%') do set user=%%i&set AT=%%j&call :JOBSUSER goto end :USEROK if "%DEL%"

"Y" goto end if %1

"User" set DEL=Y goto end :JOBSUSER set DEL=N for /f "Tokens=1" %%i in ('net user "%user%"') do call :USEROK "%%i" del /f /q "%folder%\%file%" if "%DEL%"=="N" goto end AT %AT% cmd /c "%folder%\log\%TDYY%%TDMM%%TDDD%.%hh%%mm%.%cnt%.%file%" :end

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish