Problem with deploying Batch File, which requires elevated prompt and network rights

Good morning. I unfortunately have a uncomfortable problem , which i did not get solved yet. I must deploy a Batch File, which needs an elevated prompt (which consists with use of the System user anyway - I´ve heard) and also Needs Network Access / Network rights :sweat:
So, as the System user do not have rights in network, I try many things to solve this problem. But nothing helps yet. As example i´ve tried to call the commands in the Batch file, which Needs admin rights, with Runas and a user which have network rights, but it do not works - because it is not possible to admit a password. And so on…

Can anyone help me with this issue? Or does anyone has had the same problem in the Past and solved it maybe?

Thanks a lot,
Greetings

It is possible to deploy actions in IEM with a Secure Parameter (usually a password), but it’s not all that common. There are some examples of it at bigfix.me related to setting Local Account passwords. ( Change local user account password)

You don’t indicate what it is you are trying to do (why network rights are required). If you can give a more detailed description of what you are trying to do, I’m willing to try and help you sort it out. I don’t claim to know everything about IEM, but I’ve used it for a few years.

If these clients are part of a Domain, you actually could get their SYSTEM account to access a network share. I presume you’re trying to save or restore a file to a UNC share?

On the server hosting the share, ensure “Domain Computers” and “Domain Controllers” are included in the “Access this computer from the network” user right.
Ensure “Domain Computers” and “Domain Controllers” are included in both the Share permissions and in the NTFS permissions.

“Domain Computers” and “Domain Controllers” do not overlap; a Domain Controller itself is not included in the “Domain Computers” group.
On both the User Rights assignment, the Share permissions, and the NTFS permissions, you can replace “Domain Computers / Domain Controllers” with a more restrictive group, if you add the necessary Computer accounts to the group you should be good to go.

I’m using this on several domains to preserve some data that is unique to each client, that needs to be saved/restored, and is too sensitive to deploy through the BigFix hierarchy.

I have a similar issue.

I need to be able to deploy a program, silently, to a PC that does a memory capture for our security team’s incident response program. This is kicked off with a group of files that I extract on the PC and I’ve gone through and done all that leg work.

My problem that arises is, I guess, that the account used to run the required file is not elevated and causing a lot of errors in my application. The output showed a lot of privilege issues which is odd since it’s supposed to run all these things as SYSTEM. A re-scan using my domain elevated privileged credentials contains much more data. Would there be any reason a SYSTEM account would have less privileges than me?

Never mind. Seems the program I was trying to run had a x32 and x64 packaged and it was running the x32 when it should have been running the x64.