Win32::OLE and Wscript Shell -> Getting data back

Gaz5 has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks,

I have a problem that I cant seem to get around that I'm hoping someone can help with.

I'm writing a little app that will allow users to administer their own applications on a weekly basis (i.e we dont want to keep dealing with user requests for Visio but we dont want to give it to everyone either!)

I have the front end for the app done but my problem comes with the addition of the user to the required group in Active Directory.

The application runs via Citrix (compiled as an exe) and thus runs under the users own profile. We doont want to give the user rights to update AD (for obvious reasons) so the part of the script that does the group add has to run under an admin user banner.

So far, heres the addgroup sub I've come up with:

sub add2Grp {

    my $group = $_[0];
    my $user = $_[1];
    print "Adding: $group to: $user\n";    
    my $win32 = Win32::OLE->new('WScript.Shell') || die "Can not creat
+e WScript Shell; $!\n";
    my $result = $win32->Run('runas /noprofile /user:DOMAIN\\USER Net 
+Group $group $user /ADD /DOMAIN');
    sleep(3);
    $win32->SendKeys('password~');
        return "$result";
}
[download]

$group and $user are passed in correctly and the testing I've done so far with wscript (making it launch a cmd prompt under the elevated credentials) has worked.

However, I cant figure out how to get the data back from the NET ADD command? Basically, I want to return whatever the feedback is from the command line (which will either be "the command completed successfully" or some error) so that I can check within the program whether or not its worked.

At the minute, that return just gives me an OLE hashref and I cant figure out what value within that hash will give me what I want.

Can anyone help?

Also, feel free to tell me theres a better way to do this if there is one (running a certain part of the script as someoene else)

Comment on Win32::OLE and Wscript Shell -> Getting data back Download Code

Replies are listed 'Best First'.
Re: Win32::OLE and Wscript Shell -> Getting data back by cdarke (Prior) on Jun 14, 2010 at 11:52 UTC
As Corion implied, you don't need OLE to run a net command. See Win32::NetAdmin, in particular `Win32::NetAdmin::GroupCreate()`	[reply] [d/l]
Re: Win32::OLE and Wscript Shell -> Getting data back by Corion (Patriarch) on Jun 14, 2010 at 11:17 UTC
Why are you using Win32::OLE as a replacement for the system function or backticks?	[reply]
Re^2: Win32::OLE and Wscript Shell -> Getting data back by Gaz5 (Novice) on Jun 14, 2010 at 12:22 UTC
Ordinarily thats (backticks) exactly what I'd do, but you cant use runas (AFAIK) with backticks without the program prompting the user for the password. I want the password to be automatically supplied when requested by runas - hence the need for win32::ole. Unless you know another way?	[reply]
Re^3: Win32::OLE and Wscript Shell -> Getting data back by Corion (Patriarch) on Jun 14, 2010 at 12:25 UTC
Short googling for runas without password suggests `psexec` via ExpertSexChange, to which you can supply the username and password directly. Likely you can achieve the same using a Perl module, but I haven't had the need yet.	[reply]
Re^4: Win32::OLE and Wscript Shell -> Getting data back by Gaz5 (Novice) on Jun 14, 2010 at 12:54 UTC
Re: Win32::OLE and Wscript Shell -> Getting data back by marto (Cardinal) on Jun 14, 2010 at 11:24 UTC
As a side note, as far as I'm aware any mechanism for deploying this as an executable will give end users access to this AD Admin accounts username and password, not ideal from a security perspective.	[reply]
Re^2: Win32::OLE and Wscript Shell -> Getting data back by Gaz5 (Novice) on Jun 14, 2010 at 12:26 UTC
When you use the pp module in perl to create an exe from a script the actual script itself is compiled and cannot be viewed in a general text editor. Since the app will be run over Citrix and our servers(in fact our whole end user environment) is completely locked down there will be no way to get at the details so not an issue	[reply]
Re^3: Win32::OLE and Wscript Shell -> Getting data back by marto (Cardinal) on Jun 14, 2010 at 12:39 UTC
"When you use the pp module in perl to create an exe from a script the actual script itself is compiled and cannot be viewed in a general text editor." Perhaps not an issue since you're running this via a Citrix interface but maybe you should take a look at the pp documentation again. At runtime the compressed executable extracts everything to a temporaty directory, where it can be viewed by whatever editor you like, this allows faster start up next time. Alternativly one could simply decompress to executable to obtain the goodies stored within. While source hiding techniques are available each have a work around. The faq over at http://par.perl.org is also worth reading.	[reply]
Re^4: Win32::OLE and Wscript Shell -> Getting data back by Gaz5 (Novice) on Jun 14, 2010 at 13:12 UTC
Re^5: Win32::OLE and Wscript Shell -> Getting data back by marto (Cardinal) on Jun 14, 2010 at 14:00 UTC
Some notes below your chosen depth have not been shown here
Re: Win32::OLE and Wscript Shell -> Getting data back by igelkott (Priest) on Jun 14, 2010 at 22:24 UTC
how to get the data back from the NET ADD command Don't know how to read the return result directly (which seemed to be the real question) but here are two suggestions for getting around the issue: Try `Win32::OLE->LastError()`, though this may only report certain categories of errors. Check the event log (via `Win32::EventLog` or whatever). Seems like a terrible bother but success/failure should be appear in the logs.	[reply] [d/l] [select]