Windows "Run As" without knowing the password
We're installing a digital media system at the college radio station I work at. We're trying to give programmers (read; DJs, not coders) access to the music, without allowing them to copy any of it to their flash drives or transfer it across the Internet.
We're running on Windows systems (Windows XP for the client machines, and Windows Server 2008 for the media server). My idea is this.
- Create a user (ProgramUser) that has no access at all to the digital media.
- Create a user (MediaUser) that has read-only access to the digital media that programmers know nothing about and do not know the password to.
- Have users log in to Windows as ProgramUser, giving them no access at all to the media.
- Run our playback application (Traktor) as the MediaUser, allowing the programmer to play back media but not copy or modify it.
This seems like the perfect solution, but there's one gotcha. If the playback application or machine crashes, the programmer is the only person who will be able to get it running again in a reasonable amount of time (we're a 15 kW FM radio station, so downtime is a big deal). Hence my dilemma...
How can I give the programmer the ability to start our playback application as a user they do not know the password to?
sudo.bat
@echo off
runas /user:Administrator /savecred %1
surprisingly it won't ask password again even after reboot or power failure
...without allowing them to copy any of it to their flash drives or transfer it across the Internet
Disable USB flash drives, Internet access, etc. on these machines.