From: "Mayer, Jonathan" on
Hello,



Has anyone got any ideas how I might add a user to a local group on a
remote networked Windows machine via a PHP script? The idea is to make
an automated tool where users can request access to a shared folder via
our intranet, and after suitable approval the system add them to a group
which has read privileges for the folder in question.



If I run apache using an account with suitable privileges, I've been
able to do it with COM, but for security reasons I'd like to be able to
authenticate through the script instead, and leave apache running on the
standard local system account.



Perhaps COM is the wrong way to go about the problem - perhaps exec? Any
ideas gladly appreciated!



Thanks,

Jon.

From: "Mayer, Jonathan" on
-----Original Message-----
From: tedd [mailto:tedd.sperling(a)gmail.com]
Sent: 04 June 2010 15:34
To: Mayer, Jonathan; php-general(a)lists.php.net
Subject: Re: [PHP] Script to add domain users to local groups on remote
machines

At 11:16 AM +0100 6/4/10, Mayer, Jonathan wrote:
>Hello,
>
>Has anyone got any ideas how I might add a user to a local group on a
>remote networked Windows machine via a PHP script? The idea is to make
>an automated tool where users can request access to a shared folder via
>our intranet, and after suitable approval the system add them to a
group
>which has read privileges for the folder in question.
>
>If I run apache using an account with suitable privileges, I've been
>able to do it with COM, but for security reasons I'd like to be able to
>authenticate through the script instead, and leave apache running on
the
>standard local system account.
>
>Perhaps COM is the wrong way to go about the problem - perhaps exec?
Any
>ideas gladly appreciated!
>
>Thanks,
>
>Jon.

Jon:

The concept is pretty simple.

1. Have a database set up for users with logons and passwords, such as:

http://php1.net/a/edit-db-demo <-- just add logon and password fields.

2. Have a method of approving users for access to the documents. Such
as providing them with the password via email, phone, mail, or an act
such as providing a real email address (i.e., subscribing):

http://webbytedd.com/b/sub-email/

3. Provide an url that checks for authorization before providing the
document(s), such as:

http://webbytedd.com/b/password-db/index.php

or

http://webbytedd.com/ccc/protected-download1/

4. Provide a method for users to find the document(s) for download:

http://php1.net/b/zip-files/

You throw all of that together and you have a way to solve your
problem. Here's a working example I wrote for a client:

http://webbytedd.com/ccc/protected-download1

The password is: 'a'
The email address is: 'tedd(a)sperling.com'

Also, the access of the data is registered (IP/Date) and an email is
sent to me that someone accessed the file. So you can get as
elaborate as you want.

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

-------------------------------


Thanks for your detailed answer tedd,

I agree that that would be a sensible solution if I were to create an
online file access tool from scratch. Unfortunately, however, the tool
I'm creating has to work in the way I described because I am trying to
put together a tool to simplify the maintenance of a system that is
already in place. Once the users have access, they will also expect to
be able to access these folders via Windows rather than using an online
interface.

Cheers,
Jon.
From: Nathan Rixham on
Mayer, Jonathan wrote:
> Hello,
>
> Has anyone got any ideas how I might add a user to a local group on a
> remote networked Windows machine via a PHP script? The idea is to make
> an automated tool where users can request access to a shared folder via
> our intranet, and after suitable approval the system add them to a group
> which has read privileges for the folder in question.
>
> If I run apache using an account with suitable privileges, I've been
> able to do it with COM, but for security reasons I'd like to be able to
> authenticate through the script instead, and leave apache running on the
> standard local system account.
>
> Perhaps COM is the wrong way to go about the problem - perhaps exec? Any
> ideas gladly appreciated!

You can probable find a good in road via LDAP, and quite possible
http://adldap.sourceforge.net/

not a definitive answer but hopefully help you in your quest.

regards,

nathan
 | 
Pages: 1
Prev: convert files utf8
Next: PHP Udate MySQL command