Jump to content
Sign in to follow this  
HopkinsProg

Windows 7 UAC Issues

Recommended Posts

HopkinsProg

I have several scripts that I use under Windows XP that basically use an Administrator account (at the domain level) to run certain things that standard users cannot. Under Windows 7, these scripts now fail to run, I assume because of Windows 7's UAC protection.

For example, the below code basically launches the MalwareBytes Anti-Malware installer as an administrator.

RunAsWait("domainAdmin","dc.me.com","********",0,"mbam-setup.exe",@ScriptDir)

The above code works as expected under Windows XP (The installer window opens and is able to write to @ProgramFilesDir). Under Windows 7, the installer is never launched. If I change the '0' to a '2' (to use network credentials only, vs interactive/no profile), it launches as the logged on user and asks for an admin logon. If I try to run a command line, "cmd /k net localgroup groupName user@dc.me.com /add", I get an access denied (error #5) message, because the command window is not elevated.

I have implemented a local group policy, which I had hoped would alleviate this password requirement issue - For Administrators in Approval Mode, it is set to "Elevate without Prompting".

Basically, all I need to be able to do is to perform a "Run As" command, using a username, domain, and password that I provide so that I can perform Administrative functions. With UAC on, I am prevented from doing this. Is there anything I can do to make this work? I have tried using the 'elevate.cmd' from TechNet, but I am still prompted for Admin credentials. The RunAs command line (Windows, not AutoIT) would be perfect, but it does not allow for me to put in a password automatically). I've been searching all over the forums here , but I have not found any solid solutions to this issue (other than disabling UAC, which I must leave on).

And #requireadmin is obviously of no use here, since my end-users will not have any administrative access.

Any thoughts? :)

Edited by HopkinsProg

Share this post


Link to post
Share on other sites
martin

I have several scripts that I use under Windows XP that basically use an Administrator account (at the domain level) to run certain things that standard users cannot. Under Windows 7, these scripts now fail to run, I assume because of Windows 7's UAC protection.

For example, the below code basically launches the MalwareBytes Anti-Malware installer as an administrator.

RunAsWait("domainAdmin","dc.me.com","********",0,"mbam-setup.exe",@ScriptDir)

The above code works as expected under Windows XP (The installer window opens and is able to write to @ProgramFilesDir). Under Windows 7, the installer is never launched. If I change the '0' to a '2' (to use network credentials only, vs interactive/no profile), it launches as the logged on user and asks for an admin logon. If I try to run a command line, "cmd /k net localgroup groupName user@dc.me.com /add", I get an access denied (error #5) message, because the command window is not elevated.

I have implemented a local group policy, which I had hoped would alleviate this password requirement issue - For Administrators in Approval Mode, it is set to "Elevate without Prompting".

Basically, all I need to be able to do is to perform a "Run As" command, using a username, domain, and password that I provide so that I can perform Administrative functions. With UAC on, I am prevented from doing this. Is there anything I can do to make this work? I have tried using the 'elevate.cmd' from TechNet, but I am still prompted for Admin credentials. The RunAs command line (Windows, not AutoIT) would be perfect, but it does not allow for me to put in a password automatically). I've been searching all over the forums here , but I have not found any solid solutions to this issue (other than disabling UAC, which I must leave on).

And #requireadmin is obviously of no use here, since my end-users will not have any administrative access.

Any thoughts? :)

I am new to dealing with UAC so I can't give a lot of help, but if you are wanting to runasadmin for some operation withoiut the user having to enter credentials then I don't think you will succeed, otherwise the UAC is useless.

But maybe I have misunderstood.


Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script.

Share this post


Link to post
Share on other sites
MrHowDoesHeDoIt

I am new to dealing with UAC so I can't give a lot of help, but if you are wanting to runasadmin for some operation withoiut the user having to enter credentials then I don't think you will succeed, otherwise the UAC is useless.

But maybe I have misunderstood.

I'm also having this issue. My domain users don't have access to add routes. So I've created a domain admin that is permitted. On XP I do a RunAsWait and add the route using the special user. In Windows 7, I need to do the same thing but prompt the UAC...#RequireAdmin doesn't work in this case. Any new ideas?

Share this post


Link to post
Share on other sites
lcoate

I have several scripts that I use under Windows XP that basically use an Administrator account (at the domain level) to run certain things that standard users cannot. Under Windows 7, these scripts now fail to run, I assume because of Windows 7's UAC protection.

For example, the below code basically launches the MalwareBytes Anti-Malware installer as an administrator.

RunAsWait("domainAdmin","dc.me.com","********",0,"mbam-setup.exe",@ScriptDir)

The above code works as expected under Windows XP (The installer window opens and is able to write to @ProgramFilesDir). Under Windows 7, the installer is never launched. If I change the '0' to a '2' (to use network credentials only, vs interactive/no profile), it launches as the logged on user and asks for an admin logon. If I try to run a command line, "cmd /k net localgroup groupName user@dc.me.com /add", I get an access denied (error #5) message, because the command window is not elevated.

I have implemented a local group policy, which I had hoped would alleviate this password requirement issue - For Administrators in Approval Mode, it is set to "Elevate without Prompting".

Basically, all I need to be able to do is to perform a "Run As" command, using a username, domain, and password that I provide so that I can perform Administrative functions. With UAC on, I am prevented from doing this. Is there anything I can do to make this work? I have tried using the 'elevate.cmd' from TechNet, but I am still prompted for Admin credentials. The RunAs command line (Windows, not AutoIT) would be perfect, but it does not allow for me to put in a password automatically). I've been searching all over the forums here , but I have not found any solid solutions to this issue (other than disabling UAC, which I must leave on).

And #requireadmin is obviously of no use here, since my end-users will not have any administrative access.

Any thoughts? :mellow:

I am getting the same issue. Have you heard or seen a fix around UAC? I am working on a script to install, update, scan, and clean. All using malwarebytes. The only thing holding me up is the UAC. I would appricate any help on this!

Thanks

lcoate

Share this post


Link to post
Share on other sites
engjcowi

Hi guys

Im pretty sure the following code turns off the UAC is 7 and vista however i think i restart might be required

RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "EnableLUA", "REG_DWORD", "0")


Drunken Frat-Boy Monkey Garbage

Share this post


Link to post
Share on other sites
Richard Robertson

Running as admin will always trigger a UAC prompt. Unfortunately there's nothing you can do about it.

Share this post


Link to post
Share on other sites
Michael McNally

Running as admin will always trigger a UAC prompt. Unfortunately there's nothing you can do about it.

You had me worried until I tested it myself. Setting EnableLUA to 0, as mentioned above, prevents Windows from attempting to present a prompt. My RunAs installer script now works fine. Thanks engjcowi!

Share this post


Link to post
Share on other sites
nergmlam

Hi guys

Im pretty sure the following code turns off the UAC is 7 and vista however i think i restart might be required

RegWrite("HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem", "EnableLUA", "REG_DWORD", "0")

Yes, but it requires a reboot before it works, and then you are able to run your script, but needs to restore the "EnableLUA to REG_DWORD=1 again,

and that requires a new reboot before it work.

Not that I know the right solution, but EnableLUA isn't the solution

Sincerely

Jorgen Malmgren

IT-Programmer

Denmark - UTC+1

www.tryware.dk

;o) Your brain is like a parachute. It works best when it's


Sincerely

J. Malmgren

IT-Programmer

http://www.tryware.dk

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.