Jump to content

RunAs


therks
 Share

Recommended Posts

So I started working on this months ago and have been working on it off and on (mostly off) since then. It's gone through several versions and designs, but I'm finally happy enough with this one that I'd like to share it.

Because I'm lazy and don't feel like just rewording this, I'll copy directly from the help I wrote:

   This is an application that allows you to launch

multiple files and applications as another user

without having to type your username and password

multiple times.

   This was initially written for personal use. Our

family has WinXP at home, and each of our 6 family

members have different user profiles. I'm essentially

the administrator of the computer and as such often

need to access inaccessible files while other people

are on the computer. So instead of logging that user

off, or switching users, and logging into another

account, I can just run this appliation, log into it,

and access whatever files I need to. It's much like

the Start > Run dialog built into Windows.

*** Update Apr 25

Need AutoIt3 Beta 3.1.1.15 to Run.

Added Domain field to Login window.

RunAs.zip

Edited by Saunders
Link to comment
Share on other sites

Oh... right.

Need the latest beta to make it work.

<{POST_SNAPBACK}>

hi, i have 2 users on my system, an admin and a test user

if i am signed on with my admin user and try to logon with your tool as user: test with his password, it tells me > error logging in - possible invalid username or password ...

but im shure, username and pw are correct

das beste Windows Support Forum: Windows 2000 Helpline und tschüss den WindowsfehlernProgrammieren: Autoit 3 - wer braucht noch VBS ?!Programmieren: Autoit 3 Forum?

Link to comment
Share on other sites

Hmm. I'm not sure...

Try this code:

$username = InputBox("Username", "Enter username", "test")
$password = InputBox("Password", "Enter password", "", "*")
RunAsSet($username, @ComputerName, $password)
Run(@ComSpec & ' /k echo %username% successfully logged in')

What happens?

*Edit: Also, what OS are you using? I don't think this will work outside of Win2k and XP (and later).

This function allows subsequent Run and RunWait functions to run as a different user (e.g. Administrator). The function only works on the 2000/XP (or later) platforms. NT4 users should install and use the SU command from the NT Resource Kit.

Edited by Saunders
Link to comment
Share on other sites

Wow - thanks a lot - good work. Now i can install Software faster and have not to logoff/login an some PCs.

This works only with lokal Users ? Or is there a Option to use in with Microsoft Active Directory Users ? For example as Domain-Admin.

Edited by michaelxy
Link to comment
Share on other sites

Hmm. I'm not sure...

Try this code:

$username = InputBox("Username", "Enter username", "test")
$password = InputBox("Password", "Enter password", "", "*")
RunAsSet($username, @ComputerName, $password)
Run(@ComSpec & ' /k echo %username% successfully logged in')

What happens?

*Edit: Also, what OS are you using? I don't think this will work outside of Win2k and XP (and later).

<{POST_SNAPBACK}>

i am on xp sp2

i guess there is a problem with the run command

i even dont get the following script to work...

; Set the RunAs parameters to use local adminstrator account

RunAsSet("Test", @Computername, "test")

; Run registry editor as admin

RunWait("regedit.exe")

; Reset user's permissions

RunAsSet()

i get an errormessage RunWait("regedit.exe") Error: unable to execute the external programm - foldername is incorrect (its translatet from german error posts - hope its correct translated :))

das beste Windows Support Forum: Windows 2000 Helpline und tschüss den WindowsfehlernProgrammieren: Autoit 3 - wer braucht noch VBS ?!Programmieren: Autoit 3 Forum?

Link to comment
Share on other sites

got it

problem was the workdir...

; Set the RunAs parameters to use local adminstrator account

RunAsSet("Test", @Computername, "test")

; Run registry editor as admin

RunWait("regedit.exe", "c:\windows\system32")

; Reset user's permissions

RunAsSet()

works for me

das beste Windows Support Forum: Windows 2000 Helpline und tschüss den WindowsfehlernProgrammieren: Autoit 3 - wer braucht noch VBS ?!Programmieren: Autoit 3 Forum?

Link to comment
Share on other sites

@memnon

That's odd. Both of those scripts worked fine for me. With and without the working directory.

Hmmm ... seems not to work with domain accounts  :)

Any idea?

<{POST_SNAPBACK}>

Unfortunately, I don't know anything about that. I'm only using a computer at home with no networking. Sorry. Perhaps someone else can weigh in and answer that question.

How could i run programs as system ? or as an account without password?

<{POST_SNAPBACK}>

I believe that is another limitation of the RunAsSet() function, it will not work with accounts without passwords.

Essentially, I built this program to be a replacement for this windows dialog:

Posted Image

Speaking of which, does anybody know of a way that I can get that list of usernames displayed in the screenshot? Are there registry entries somewhere that I don't know about?

Edited by Saunders
Link to comment
Share on other sites

Speaking of which, does anybody know of a way that I can get that list of usernames displayed in the screenshot? Are there registry entries somewhere that I don't know about?

<{POST_SNAPBACK}>

Trying look at the following Key's.

HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer

qq

Link to comment
Share on other sites

Trying look at the following Key's.

HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer

<{POST_SNAPBACK}>

I don't think that's going to work though. For one thing, my numbers are different than yours. And for another, it only shows the currently logged on users.

Thanks though.

Link to comment
Share on other sites

I suppose you could to it the messy way.

Search "C:\Documents and Settings" for all folders

Minus the following folders to get a list of possible users.

All Users
Default User
LocalService
NetworkService

Then search the remaining folders for the folders

Templates
Start Menu
SendTo
PrintHood
NetHood
My Recent Documents
My Documents
Local Settings
Favorites
Desktop
Cookies
Application Data

and the files

ntuser.dat.txt
NTUSER.dat

If the folder matches the above, then its a User.

The above is all based on XP SP2 though and would most definately be different on different OS's.

qq

Link to comment
Share on other sites

Yeah, I wonder if theres a Windows function that does it.. maybe a call to some Dll or another... I'll have to do a search.

*Edit: After playing with the registry monitor and some programs (TweakUI specifically) that list the users of the computer, I found it accessing this key, "HKLM\SAM\SAM\DOMAINS\Account\Users\Names\Administrator"

Unfortunately, I can't seem to get past "HKLM\SAM\SAM," in either RegEdit, or AutoIt's Reg* commands.

*Edit 2: I just noticed this from Registry Monitor:

4:22:35.662 PM  AutoIt3.exe:2592    OpenKey HKLM\SAM\SAM\DOMAINS\Account\Users\Names\Administrator  ACCDENIED   Access: 0x20019 FAMILY\rob
Edited by Saunders
Link to comment
Share on other sites

Hi!

I wrote a script to find out all admin accounts on a pc in our domain.

All admin-accounts in our domain begin with "adm-". So i can test this.

You can use it to find all accounts on a pc.

The account keys are in "\HKLM\software\microsoft\windows NT\currentversion\profilelist"

Opt("TrayIconDebug", 1)
opt("WinTitleMatchMode",2)

dim $filename = "reg.txt"
dim $filetemp = "usertemp.txt"
dim $file, $file2, $line
dim $keysid[100]
dim $keyname[100]
dim $adm[100]
dim $client = "."

$client = InputBox ( "User Accounts", "Please input PC-Name",".")

_RunDOS('reg query \\' & $client & '"\HKLM\software\microsoft\windows NT\currentversion\profilelist" /s  >' & $filename)

$file = FileOpen($filename, 0)
If $file = -1 Then
    MsgBox(0, "Error", "Unable to open file.")
    Exit
EndIf

$line=FileReadLine($file) ;drop 1. line 
$line=FileReadLine($file) ;drop 2. line 
$line=FileReadLine($file) ;drop 3. line 

$i = 0
While 1
    $line = FileReadLine($file) 
    If @error = -1 Then ExitLoop
    if StringMid($line,77,8) = "S-1-5-21" Then ;this is user account
        $i = $i + 1
        $keysid[$i] = StringMid($line,77,46) ;save sid      
        while 1
            $line = FileReadLine($file)
            If @error = -1 Then ExitLoop
            if $line = "" Then ExitLoop ;empty line - jump next user 
            if StringMid($line,5,16) = "ProfileImagePath" Then ;key found
            $keyname[$i] = StringMid($line,73,StringLen($line)) ;save username
                if StringUpper(StringLeft($keyname[$i],4)) = "ADM-" Then
                    $adm[$i] = "ADM-Account"
                Else
                    $adm[$i] = ""
                EndIf
            EndIf
        WEnd 
    EndIf
Wend
$i = $i-1
FileClose($file)

$file2 = FileOpen($filetemp,2)
For $x = 1 to $i
FileWriteLine($file2,$keysid[$x] & "   <->   " & $keyname[$x] & "  <->  " & $adm[$x] & @crlf)
Next
FileClose($file2)

run("notepad.exe " & $filetemp)
winwait($filetemp & " - Editor")
WinActivate($filetemp & "- Editor")

Exit

Func _RunDOS($sCommand)
    Return RunWait("c:\windows\system32\cmd.exe" & " /C " & $sCommand, "", @SW_HIDE)
EndFunc  ;==>_RunDOS

Perhaps a domain account need a working directory - i will test it when i'm back in office on thursday.

Wolfgang Führer

Link to comment
Share on other sites

Hi!

I found the problem in the sourcecode.

In the finction _SwitchUser() there is the line:

RunAsSet($s_Username, @ComputerName, $s_Password)

@ComputerName is the parapeter for the domain. It is possible to set "." as lokal computer (as you can see in my script). So the script (login) can be enhanced with a domain field which can set to "." outside a domain.

Would you like to make this changing?

Wolfgang Führer

Link to comment
Share on other sites

Experimenting with the ProfileList stuff right now. I've found a few other methods for accessing the list. It doesn't seem that any of the methods I find are perfect. They all give me some accounts that I don't want.

Currently I'm working with using this bit of AutoIt code:

$oDomain = ObjGet("WinNT://" & @ComputerName)
For $oDomainItem In $oDomain
 If $oDomainItem.Class = "User" Then
  MsgBox(0, $oDomainItem.Name, "Full Name=" & $oDomainItem.FullName)
 EndIf
Next

But it gives me names like Guest and HelpAssistant, which aren't really user accounts, and it's slow. So I'm also thinking of just using "net user" through the command line, gives me the same usernames, but it's faster. Ah well, I'll keep working at it. Maybe there's some other way to filter it... Anyone know how I can get a full list of all the properties on an object?

Anyway... working on that Domain thing right now too. Updated to the newer AutoIt beta though, and some of the function names changed so I'm debugging ATM, should have a working version up in a few minutes.

Edited by Saunders
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...