Prev: convert files utf8
Next: PHP Udate MySQL command
From: "Mayer, Jonathan" on 4 Jun 2010 06:16 Hello, Has anyone got any ideas how I might add a user to a local group on a remote networked Windows machine via a PHP script? The idea is to make an automated tool where users can request access to a shared folder via our intranet, and after suitable approval the system add them to a group which has read privileges for the folder in question. If I run apache using an account with suitable privileges, I've been able to do it with COM, but for security reasons I'd like to be able to authenticate through the script instead, and leave apache running on the standard local system account. Perhaps COM is the wrong way to go about the problem - perhaps exec? Any ideas gladly appreciated! Thanks, Jon.
From: "Mayer, Jonathan" on 4 Jun 2010 11:14 -----Original Message----- From: tedd [mailto:tedd.sperling(a)gmail.com] Sent: 04 June 2010 15:34 To: Mayer, Jonathan; php-general(a)lists.php.net Subject: Re: [PHP] Script to add domain users to local groups on remote machines At 11:16 AM +0100 6/4/10, Mayer, Jonathan wrote: >Hello, > >Has anyone got any ideas how I might add a user to a local group on a >remote networked Windows machine via a PHP script? The idea is to make >an automated tool where users can request access to a shared folder via >our intranet, and after suitable approval the system add them to a group >which has read privileges for the folder in question. > >If I run apache using an account with suitable privileges, I've been >able to do it with COM, but for security reasons I'd like to be able to >authenticate through the script instead, and leave apache running on the >standard local system account. > >Perhaps COM is the wrong way to go about the problem - perhaps exec? Any >ideas gladly appreciated! > >Thanks, > >Jon. Jon: The concept is pretty simple. 1. Have a database set up for users with logons and passwords, such as: http://php1.net/a/edit-db-demo <-- just add logon and password fields. 2. Have a method of approving users for access to the documents. Such as providing them with the password via email, phone, mail, or an act such as providing a real email address (i.e., subscribing): http://webbytedd.com/b/sub-email/ 3. Provide an url that checks for authorization before providing the document(s), such as: http://webbytedd.com/b/password-db/index.php or http://webbytedd.com/ccc/protected-download1/ 4. Provide a method for users to find the document(s) for download: http://php1.net/b/zip-files/ You throw all of that together and you have a way to solve your problem. Here's a working example I wrote for a client: http://webbytedd.com/ccc/protected-download1 The password is: 'a' The email address is: 'tedd(a)sperling.com' Also, the access of the data is registered (IP/Date) and an email is sent to me that someone accessed the file. So you can get as elaborate as you want. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com ------------------------------- Thanks for your detailed answer tedd, I agree that that would be a sensible solution if I were to create an online file access tool from scratch. Unfortunately, however, the tool I'm creating has to work in the way I described because I am trying to put together a tool to simplify the maintenance of a system that is already in place. Once the users have access, they will also expect to be able to access these folders via Windows rather than using an online interface. Cheers, Jon.
From: Nathan Rixham on 4 Jun 2010 17:35 Mayer, Jonathan wrote: > Hello, > > Has anyone got any ideas how I might add a user to a local group on a > remote networked Windows machine via a PHP script? The idea is to make > an automated tool where users can request access to a shared folder via > our intranet, and after suitable approval the system add them to a group > which has read privileges for the folder in question. > > If I run apache using an account with suitable privileges, I've been > able to do it with COM, but for security reasons I'd like to be able to > authenticate through the script instead, and leave apache running on the > standard local system account. > > Perhaps COM is the wrong way to go about the problem - perhaps exec? Any > ideas gladly appreciated! You can probable find a good in road via LDAP, and quite possible http://adldap.sourceforge.net/ not a definitive answer but hopefully help you in your quest. regards, nathan
|
Pages: 1 Prev: convert files utf8 Next: PHP Udate MySQL command |