Jump to content

Windows 7 UAC Issues


Recommended Posts

I have several scripts that I use under Windows XP that basically use an Administrator account (at the domain level) to run certain things that standard users cannot. Under Windows 7, these scripts now fail to run, I assume because of Windows 7's UAC protection.

For example, the below code basically launches the MalwareBytes Anti-Malware installer as an administrator.

RunAsWait("domainAdmin","dc.me.com","********",0,"mbam-setup.exe",@ScriptDir)

The above code works as expected under Windows XP (The installer window opens and is able to write to @ProgramFilesDir). Under Windows 7, the installer is never launched. If I change the '0' to a '2' (to use network credentials only, vs interactive/no profile), it launches as the logged on user and asks for an admin logon. If I try to run a command line, "cmd /k net localgroup groupName user@dc.me.com /add", I get an access denied (error #5) message, because the command window is not elevated.

I have implemented a local group policy, which I had hoped would alleviate this password requirement issue - For Administrators in Approval Mode, it is set to "Elevate without Prompting".

Basically, all I need to be able to do is to perform a "Run As" command, using a username, domain, and password that I provide so that I can perform Administrative functions. With UAC on, I am prevented from doing this. Is there anything I can do to make this work? I have tried using the 'elevate.cmd' from TechNet, but I am still prompted for Admin credentials. The RunAs command line (Windows, not AutoIT) would be perfect, but it does not allow for me to put in a password automatically). I've been searching all over the forums here , but I have not found any solid solutions to this issue (other than disabling UAC, which I must leave on).

And #requireadmin is obviously of no use here, since my end-users will not have any administrative access.

Any thoughts? :)

Edited by HopkinsProg
Link to comment
Share on other sites

I have several scripts that I use under Windows XP that basically use an Administrator account (at the domain level) to run certain things that standard users cannot. Under Windows 7, these scripts now fail to run, I assume because of Windows 7's UAC protection.

For example, the below code basically launches the MalwareBytes Anti-Malware installer as an administrator.

RunAsWait("domainAdmin","dc.me.com","********",0,"mbam-setup.exe",@ScriptDir)

The above code works as expected under Windows XP (The installer window opens and is able to write to @ProgramFilesDir). Under Windows 7, the installer is never launched. If I change the '0' to a '2' (to use network credentials only, vs interactive/no profile), it launches as the logged on user and asks for an admin logon. If I try to run a command line, "cmd /k net localgroup groupName user@dc.me.com /add", I get an access denied (error #5) message, because the command window is not elevated.

I have implemented a local group policy, which I had hoped would alleviate this password requirement issue - For Administrators in Approval Mode, it is set to "Elevate without Prompting".

Basically, all I need to be able to do is to perform a "Run As" command, using a username, domain, and password that I provide so that I can perform Administrative functions. With UAC on, I am prevented from doing this. Is there anything I can do to make this work? I have tried using the 'elevate.cmd' from TechNet, but I am still prompted for Admin credentials. The RunAs command line (Windows, not AutoIT) would be perfect, but it does not allow for me to put in a password automatically). I've been searching all over the forums here , but I have not found any solid solutions to this issue (other than disabling UAC, which I must leave on).

And #requireadmin is obviously of no use here, since my end-users will not have any administrative access.

Any thoughts? :)

I am new to dealing with UAC so I can't give a lot of help, but if you are wanting to runasadmin for some operation withoiut the user having to enter credentials then I don't think you will succeed, otherwise the UAC is useless.

But maybe I have misunderstood.

Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script.
Link to comment
Share on other sites

  • 8 months later...

I am new to dealing with UAC so I can't give a lot of help, but if you are wanting to runasadmin for some operation withoiut the user having to enter credentials then I don't think you will succeed, otherwise the UAC is useless.

But maybe I have misunderstood.

I'm also having this issue. My domain users don't have access to add routes. So I've created a domain admin that is permitted. On XP I do a RunAsWait and add the route using the special user. In Windows 7, I need to do the same thing but prompt the UAC...#RequireAdmin doesn't work in this case. Any new ideas?

Link to comment
Share on other sites

I have several scripts that I use under Windows XP that basically use an Administrator account (at the domain level) to run certain things that standard users cannot. Under Windows 7, these scripts now fail to run, I assume because of Windows 7's UAC protection.

For example, the below code basically launches the MalwareBytes Anti-Malware installer as an administrator.

RunAsWait("domainAdmin","dc.me.com","********",0,"mbam-setup.exe",@ScriptDir)

The above code works as expected under Windows XP (The installer window opens and is able to write to @ProgramFilesDir). Under Windows 7, the installer is never launched. If I change the '0' to a '2' (to use network credentials only, vs interactive/no profile), it launches as the logged on user and asks for an admin logon. If I try to run a command line, "cmd /k net localgroup groupName user@dc.me.com /add", I get an access denied (error #5) message, because the command window is not elevated.

I have implemented a local group policy, which I had hoped would alleviate this password requirement issue - For Administrators in Approval Mode, it is set to "Elevate without Prompting".

Basically, all I need to be able to do is to perform a "Run As" command, using a username, domain, and password that I provide so that I can perform Administrative functions. With UAC on, I am prevented from doing this. Is there anything I can do to make this work? I have tried using the 'elevate.cmd' from TechNet, but I am still prompted for Admin credentials. The RunAs command line (Windows, not AutoIT) would be perfect, but it does not allow for me to put in a password automatically). I've been searching all over the forums here , but I have not found any solid solutions to this issue (other than disabling UAC, which I must leave on).

And #requireadmin is obviously of no use here, since my end-users will not have any administrative access.

Any thoughts? :mellow:

I am getting the same issue. Have you heard or seen a fix around UAC? I am working on a script to install, update, scan, and clean. All using malwarebytes. The only thing holding me up is the UAC. I would appricate any help on this!

Thanks

lcoate

Link to comment
Share on other sites

Hi guys

Im pretty sure the following code turns off the UAC is 7 and vista however i think i restart might be required

RegWrite("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "EnableLUA", "REG_DWORD", "0")

Drunken Frat-Boy Monkey Garbage

Link to comment
Share on other sites

  • 4 weeks later...

Running as admin will always trigger a UAC prompt. Unfortunately there's nothing you can do about it.

You had me worried until I tested it myself. Setting EnableLUA to 0, as mentioned above, prevents Windows from attempting to present a prompt. My RunAs installer script now works fine. Thanks engjcowi!
Link to comment
Share on other sites

  • 1 year later...

Hi guys

Im pretty sure the following code turns off the UAC is 7 and vista however i think i restart might be required

RegWrite("HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem", "EnableLUA", "REG_DWORD", "0")

Yes, but it requires a reboot before it works, and then you are able to run your script, but needs to restore the "EnableLUA to REG_DWORD=1 again,

and that requires a new reboot before it work.

Not that I know the right solution, but EnableLUA isn't the solution

Sincerely

Jorgen Malmgren

IT-Programmer

Denmark - UTC+1

www.tryware.dk

;o) Your brain is like a parachute. It works best when it's

Sincerely

J. Malmgren

IT-Programmer

http://www.tryware.dk

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...