inopia

I tried both, running it after your example script as well as running it standalone in my code.

Hello Adam, thank you for answering. All of our machines are running on 64-Bit Win7. Your Script results in IsAdmin => 1 so it seems that we have full admin access. Nonetheless executing the manage-bde.exe with BitOR($STDERR_MERGED, $STDIN_CHILD) will result in the same error as I stated above. Without it the console windows appears just fine asking for a new PIN. ~ino

Maybe this is helpful:

Thank you for your response. It didn't work. The result is still the same.

Hey fellow scripters! I wanted to create a script to change the bitlocker PIN of our Win7 machines for users without admin rights. While researching I found out, that this doesn't seem to be an easy task. I came up with a pretty dirty solution: $gui=GUICreate("Bitlocker PIN",180,180,-1,-1,$WS_SYSMENU,-1) GUICtrlCreateLabel("PIN eingeben (min. 6 Zeichen):",15,15,150,15,-1,-1) $bit1=GUICtrlCreateInput("",15,30,150,20,$ES_PASSWORD,$WS_EX_CLIENTEDGE) GUICtrlCreateLabel("PIN bestätigen:",15,60,77,15,-1,-1) $bit2=GUICtrlCreateInput("",15,75,150,20,$ES_PASSWORD,$WS_EX_CLIENTEDGE) $button=GUICtrlCreateButton("Neue PIN Setzen",35,110,110,30, $BS_DEFPUSHBUTTON, -1) GUISetState(@SW_SHOW,$gui) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit ExitLoop Case $button $res1=GUICtrlRead($bit1) $res2=GUICtrlRead($bit2) If $res1 = $res2 And StringLen($res1) >= 6 Then GUISetState(@SW_HIDE,$gui) ClipPut ($res1) BlockInput(1) $proc=RunAs($o1acc, $domain, $o1pwd, 2, @ComSpec & " /c C:\Windows\System32\manage-bde.exe -changepin c:") WinWaitActive("C:\Windows\system32\cmd.exe","") Sleep(2000) Send ("!{Space}") Sleep(20) Send ("B") Sleep(20) Send ("E") Sleep(20) Send ("{ENTER}") Sleep(100) Send ("!{Space}") Sleep(20) Send ("B") Sleep(20) Send ("E") Sleep(20) Send ("{ENTER}") WinWaitClose("C:\Windows\system32\cmd.exe") Sleep(100) BlockInput(0) ExitLoop ElseIf StringLen($res1) < 6 Then MsgBox($MB_ICONERROR,"Fehler","PIN zu kurz. Minimum 6 Zeichen.") Else MsgBox($MB_ICONERROR,"Fehler","PINs sind nicht gleich."&@WindowsDir) EndIf EndSwitch Sleep(20) WEnd It works on my test system, but the problem here is, that a user could easily pause the script and have a nice cmd with elevated rights. So I wanted to give $STDIN_CHILD + $STDOUT_CHILD and StdoutRead + StdinWrite a try. The problem here was, that when I executed the command it would give me the following output: Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten. C:\Windows\System32>manage-bde.exe -changepin c: BitLocker-Laufwerkverschlüsselung: Konfigurationstoolversion 6.1.7601 Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten. FEHLER: Ein Fehler ist aufgetreten (Code 0x80070006): Das Handle ist ungültig. ~ Error: An error occured (Code 0x80070006) Invalid handle . This is the code that I tried: $pid = RunAs($acc, $domain, $pwd, 2, @ComSpec, "C:\Windows\System32\", @SW_SHOW, BitOR($STDERR_CHILD, $STDIN_CHILD, $STDOUT_CHILD)) StdinWrite($pid, "manage-bde.exe -changepin c:" & @CRLF) While Sleep(50) $sOut = StdoutRead($pid) If @error Then ExitLoop If $sOut <> "" Then ConsoleWrite($sOut & @CRLF) WEnd Has anyone experienced errors like this (or has a better solution for changing the bitlocker PIN)? Regards ino

This didn't work. Too bad : ( But I found a way to realize it anyway by using powershell : ) #include <File.au3> $script="C:\tmp\temp.ps1" _FileCreate($script) $hwd=FileOpen ($script, 66) FileWriteLine ($script, 'Import-Module ActiveDirectory') FileWriteLine ($script, '$mycreds = GET-CREDENTIAL –credential "office\admin"') FileWriteLine ($script, '$user = Get-ADUser "*distinguishedName*" –Server "example.com"') FileWriteLine ($script, '$group = Get-ADGroup "*distinguishedName*" –Server "office.example.com";') FileWriteLine ($script, 'Add-ADGroupMember $group -Credential $mycreds –Member $user –Server "office.example.com"') FileClose($hwd) Run(@ComSpec & " /c PowerShell.exe " & "-NoProfile -ExecutionPolicy Bypass -File "&$script)

Hello water, first off: Thank you so much for this developing this UDF. It is really amazing!! I don't know if this question has been answered before, since I wasn't able to find it: We have a domain example.com and a subdomain office.example.com. Our useraccounts are stored in example.com while our securitygroups are stored in office.example.com. When I try to add a user to a group via _AD_AddUserToGroup... while being on the DC of example.com I get the error -> 1 - $sGroup does not exist while being on the DC of office.example.com I get -> 2 - $sUser (user or computer) does not exist Is there a way to reach to the other domain? I use the FQDN, but aparrently this isn't enough. (My account has the rights to work in both domains and I can add users to groups via MMC. Though while being in office.example.com I have to add the user by typing example\username.) Kind regards ino