RunAs

therks · April 21, 2005

So I started working on this months ago and have been working on it off and on (mostly off) since then. It's gone through several versions and designs, but I'm finally happy enough with this one that I'd like to share it.

Because I'm lazy and don't feel like just rewording this, I'll copy directly from the help I wrote:

This is an application that allows you to launch
multiple files and applications as another user
without having to type your username and password
multiple times.
This was initially written for personal use. Our
family has WinXP at home, and each of our 6 family
members have different user profiles. I'm essentially
the administrator of the computer and as such often
need to access inaccessible files while other people
are on the computer. So instead of logging that user
off, or switching users, and logging into another
account, I can just run this appliation, log into it,
and access whatever files I need to. It's much like
the Start > Run dialog built into Windows.

*** Update Apr 25

Need AutoIt3 Beta 3.1.1.15 to Run.

Added Domain field to Login window.

RunAs.zip

Edited April 25, 2005 by Saunders

wfuehrer · April 21, 2005

Sorry - but i'm not able to compile the script ....

I get errors on missing function "TraySetState("

Edited April 21, 2005 by wfuehrer

therks · April 22, 2005

Oh... right.

Need the latest beta to make it work.

memnon · April 22, 2005

Oh... right.
Need the latest beta to make it work.
<{POST_SNAPBACK}>

hi, i have 2 users on my system, an admin and a test user

if i am signed on with my admin user and try to logon with your tool as user: test with his password, it tells me > error logging in - possible invalid username or password ...

but im shure, username and pw are correct

therks · April 22, 2005

Hmm. I'm not sure...

Try this code:

$username = InputBox("Username", "Enter username", "test")
$password = InputBox("Password", "Enter password", "", "*")
RunAsSet($username, @ComputerName, $password)
Run(@ComSpec & ' /k echo %username% successfully logged in')

What happens?

*Edit: Also, what OS are you using? I don't think this will work outside of Win2k and XP (and later).

This function allows subsequent Run and RunWait functions to run as a different user (e.g. Administrator). The function only works on the 2000/XP (or later) platforms. NT4 users should install and use the SU command from the NT Resource Kit.

Edited April 22, 2005 by Saunders

michaelxy · April 22, 2005

Wow - thanks a lot - good work. Now i can install Software faster and have not to logoff/login an some PCs.

This works only with lokal Users ? Or is there a Option to use in with Microsoft Active Directory Users ? For example as Domain-Admin.

Edited April 22, 2005 by michaelxy

memnon · April 22, 2005

Hmm. I'm not sure...
Try this code:
$username = InputBox("Username", "Enter username", "test")
$password = InputBox("Password", "Enter password", "", "*")
RunAsSet($username, @ComputerName, $password)
Run(@ComSpec & ' /k echo %username% successfully logged in')
What happens?
*Edit: Also, what OS are you using? I don't think this will work outside of Win2k and XP (and later).

<{POST_SNAPBACK}>

i am on xp sp2

i guess there is a problem with the run command

i even dont get the following script to work...

; Set the RunAs parameters to use local adminstrator account

RunAsSet("Test", @Computername, "test")

; Run registry editor as admin

RunWait("regedit.exe")

; Reset user's permissions

RunAsSet()

i get an errormessage RunWait("regedit.exe") Error: unable to execute the external programm - foldername is incorrect (its translatet from german error posts - hope its correct translated )

memnon · April 22, 2005

got it

problem was the workdir...

; Set the RunAs parameters to use local adminstrator account

RunAsSet("Test", @Computername, "test")

; Run registry editor as admin

RunWait("regedit.exe", "c:\windows\system32")

; Reset user's permissions

RunAsSet()

works for me

wfuehrer · April 22, 2005

Hmmm ... seems not to work with domain accounts

Any idea?

Makkhdyn · April 22, 2005

How could i run programs as system ? or as an account without password?

Edited April 22, 2005 by Makkhdyn

therks · April 22, 2005

@memnon

That's odd. Both of those scripts worked fine for me. With and without the working directory.

Hmmm ... seems not to work with domain accounts
Any idea?
<{POST_SNAPBACK}>

Unfortunately, I don't know anything about that. I'm only using a computer at home with no networking. Sorry. Perhaps someone else can weigh in and answer that question.

How could i run programs as system ? or as an account without password?
<{POST_SNAPBACK}>

I believe that is another limitation of the RunAsSet() function, it will not work with accounts without passwords.

Essentially, I built this program to be a replacement for this windows dialog:

Speaking of which, does anybody know of a way that I can get that list of usernames displayed in the screenshot? Are there registry entries somewhere that I don't know about?

Edited April 22, 2005 by Saunders

buzz44 · April 22, 2005

Speaking of which, does anybody know of a way that I can get that list of usernames displayed in the screenshot? Are there registry entries somewhere that I don't know about?
<{POST_SNAPBACK}>

Trying look at the following Key's.

HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer

therks · April 22, 2005

Trying look at the following Key's.

HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer

<{POST_SNAPBACK}>

I don't think that's going to work though. For one thing, my numbers are different than yours. And for another, it only shows the currently logged on users.

Thanks though.

buzz44 · April 22, 2005

I suppose you could to it the messy way.

Search "C:\Documents and Settings" for all folders

Minus the following folders to get a list of possible users.

All Users
Default User
LocalService
NetworkService

Then search the remaining folders for the folders

Templates
Start Menu
SendTo
PrintHood
NetHood
My Recent Documents
My Documents
Local Settings
Favorites
Desktop
Cookies
Application Data

and the files

ntuser.dat.txt
NTUSER.dat

If the folder matches the above, then its a User.

The above is all based on XP SP2 though and would most definately be different on different OS's.

therks · April 22, 2005

Yeah, I wonder if theres a Windows function that does it.. maybe a call to some Dll or another... I'll have to do a search.

*Edit: After playing with the registry monitor and some programs (TweakUI specifically) that list the users of the computer, I found it accessing this key, "HKLM\SAM\SAM\DOMAINS\Account\Users\Names\Administrator"

Unfortunately, I can't seem to get past "HKLM\SAM\SAM," in either RegEdit, or AutoIt's Reg* commands.

*Edit 2: I just noticed this from Registry Monitor:

4:22:35.662 PM  AutoIt3.exe:2592    OpenKey HKLM\SAM\SAM\DOMAINS\Account\Users\Names\Administrator  ACCDENIED   Access: 0x20019 FAMILY\rob

Edited April 22, 2005 by Saunders

wfuehrer · April 23, 2005

Hi!

I wrote a script to find out all admin accounts on a pc in our domain.

All admin-accounts in our domain begin with "adm-". So i can test this.

You can use it to find all accounts on a pc.

The account keys are in "\HKLM\software\microsoft\windows NT\currentversion\profilelist"

Opt("TrayIconDebug", 1)
opt("WinTitleMatchMode",2)

dim $filename = "reg.txt"
dim $filetemp = "usertemp.txt"
dim $file, $file2, $line
dim $keysid[100]
dim $keyname[100]
dim $adm[100]
dim $client = "."

$client = InputBox ( "User Accounts", "Please input PC-Name",".")

_RunDOS('reg query \\' & $client & '"\HKLM\software\microsoft\windows NT\currentversion\profilelist" /s  >' & $filename)

$file = FileOpen($filename, 0)
If $file = -1 Then
    MsgBox(0, "Error", "Unable to open file.")
    Exit
EndIf

$line=FileReadLine($file) ;drop 1. line 
$line=FileReadLine($file) ;drop 2. line 
$line=FileReadLine($file) ;drop 3. line 

$i = 0
While 1
    $line = FileReadLine($file) 
    If @error = -1 Then ExitLoop
    if StringMid($line,77,8) = "S-1-5-21" Then ;this is user account
        $i = $i + 1
        $keysid[$i] = StringMid($line,77,46) ;save sid      
        while 1
            $line = FileReadLine($file)
            If @error = -1 Then ExitLoop
            if $line = "" Then ExitLoop ;empty line - jump next user 
            if StringMid($line,5,16) = "ProfileImagePath" Then ;key found
            $keyname[$i] = StringMid($line,73,StringLen($line)) ;save username
                if StringUpper(StringLeft($keyname[$i],4)) = "ADM-" Then
                    $adm[$i] = "ADM-Account"
                Else
                    $adm[$i] = ""
                EndIf
            EndIf
        WEnd 
    EndIf
Wend
$i = $i-1
FileClose($file)

$file2 = FileOpen($filetemp,2)
For $x = 1 to $i
FileWriteLine($file2,$keysid[$x] & "   <->   " & $keyname[$x] & "  <->  " & $adm[$x] & @crlf)
Next
FileClose($file2)

run("notepad.exe " & $filetemp)
winwait($filetemp & " - Editor")
WinActivate($filetemp & "- Editor")

Exit

Func _RunDOS($sCommand)
    Return RunWait("c:\windows\system32\cmd.exe" & " /C " & $sCommand, "", @SW_HIDE)
EndFunc  ;==>_RunDOS

Perhaps a domain account need a working directory - i will test it when i'm back in office on thursday.

wfuehrer · April 23, 2005

Hi!

I found the problem in the sourcecode.

In the finction _SwitchUser() there is the line:

RunAsSet($s_Username, @ComputerName, $s_Password)

@ComputerName is the parapeter for the domain. It is possible to set "." as lokal computer (as you can see in my script). So the script (login) can be enhanced with a domain field which can set to "." outside a domain.

Would you like to make this changing?

therks · April 24, 2005

Interesting find, especially that profilelist key. So you are thinking I should add a Domain field to the login window? I could do that for sure. I will get to work on that when I get home tonight.

michaelxy · April 25, 2005

I will get to work on that when I get home tonight.

Thanks a lot

therks · April 25, 2005

Experimenting with the ProfileList stuff right now. I've found a few other methods for accessing the list. It doesn't seem that any of the methods I find are perfect. They all give me some accounts that I don't want.

Currently I'm working with using this bit of AutoIt code:

$oDomain = ObjGet("WinNT://" & @ComputerName)
For $oDomainItem In $oDomain
 If $oDomainItem.Class = "User" Then
  MsgBox(0, $oDomainItem.Name, "Full Name=" & $oDomainItem.FullName)
 EndIf
Next

But it gives me names like Guest and HelpAssistant, which aren't really user accounts, and it's slow. So I'm also thinking of just using "net user" through the command line, gives me the same usernames, but it's faster. Ah well, I'll keep working at it. Maybe there's some other way to filter it... Anyone know how I can get a full list of all the properties on an object?

Anyway... working on that Domain thing right now too. Updated to the newer AutoIt beta though, and some of the function names changed so I'm debugging ATM, should have a working version up in a few minutes.

Edited April 25, 2005 by Saunders

Sign In

RunAs

Recommended Posts

therks

wfuehrer

therks

memnon

therks

michaelxy

memnon

memnon

wfuehrer

Makkhdyn

therks

buzz44

therks

buzz44

therks

wfuehrer

wfuehrer

therks

michaelxy

therks

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta