wraithdu

Elevate Your Script to the SYSTEM Account

52 posts in this topic

Thanks, I've fixed the undeclared variable errors. So two things then:

1) Can you provide some articles or background where I can read about the need to close the HKCU key? Nothing is mentioned in MSDN in the docs for those functions.

2) I can't reproduce your data loss from your second post. I tried running that code in a function and outside a function (ignoring the Local identifier in Global scope warning). Neither time was $test blank in the second MsgBox call.

Share this post


Link to post
Share on other sites



1) Can you provide some articles or background where I can read about the need to close the HKCU key? Nothing is mentioned in MSDN in the docs for those functions.

Well, MS has no official documentation on this subject, this document implies though conditions I mentioned. Normally (in a C prog) we would just use RegOpenCurrentUser() and the provided key handle, in AutoIt however it would be unhandy. The method RegClose(HKEY_CURRENT_USER) I suggested is a well-known workaround to reload HKCU from times RegOpenCurrentUser() wasn't yet introduced to the public. If You search for "regclose hkey_current_user" on the Net You will find quite a few examples (less explanations).

2) I can't reproduce your data loss from your second post. I tried running that code in a function and outside a function (ignoring the Local identifier in Global scope warning). Neither time was $test blank in the second MsgBox call.

It may well be unreproducible: it only happens to me on 1 of 3 machines, I guess, this is due to different architectures OS/SP versions etc. Nonetheless, as I can reproduce it on a single system, I'd better follow the way of using variables while impersonating I found to be safe. You can of course ignore my warning :mellow:

UDFS & Apps:


DDEML.au3 - DDE Client + Server[*]
Localization.au3- localize your scripts[*]
TLI.au3 - type information on COM objects (TLBINF emulation)[*]
TLBAutoEnum.au3 - auto-import of COM constants (enums)[*]
AU3Automation - export AU3 scripts via COM interfaces
TypeLibInspector

- OleView was yesterday

Coder's last words before final release: WE APOLOGIZE FOR INCONVENIENCE 

Share this post


Link to post
Share on other sites

Hi everyone!

Sorry for asking this question

I've made a very simple script, containing single line

MsgBox (0, "", "")

Then I tried to run it as a service, using _Services_Mini

_Service_Create("MyService", "This is the service", $SERVICE_AUTO_START, $SERVICE_ERROR_IGNORE, "C:\Users\mypc\Desktop\services\asd.exe",0 ,0 ,0 ,0 ,0 )

And I fail to run this program as a service.

What am I doing wrong?

Best regards!!!!

Share this post


Link to post
Share on other sites

thanks wraithdu for this great script, but after using the function _ImpersonateUserStart() or _CreateProcessAsUser()

you can't run any command that depend on UAC like writing a registry key

is it possible to give the running script by _CreateProcessAsUser() the highest privileges ?

Share this post


Link to post
Share on other sites

#45 ·  Posted (edited)

You may be misunderstanding the point of the script. If you need admin privileges to create files or write to HKLM, why not use the elevated SYSTEM state? Since you already must be an elevated admin to even use this script, you already have the access you're asking for from the launching app.

That said... the script takes a security context from explorer.exe for those two functions. Both the _ImpersonateUserStart and _CreateProcessAsUser functions can take a process name as an argument to override that default. You should be able to obtain elevated status if you choose a process that is already running elevated. Now that could be a problem, since there aren't many processes running elevated under a user's account by default. You could use the original app that launched the script, or maybe try to run something that gets automatic elevation like Task Manager.

But as I said in the beginning, I don't see the point.

Edited by wraithdu

Share this post


Link to post
Share on other sites

Hi I have question.

is it possible to use this in a script to change registry values?

i've tried to open regedit with the compiled exe files but even that won't work for me. by only using runassystem my script doesn't work (but i can open regedit), i don't have enough rights. runfromtoken should be used but that's the problem part for me.

I have to rename 1 registry item and change the value of another but it can only work when runfromtoken and runassystem are both used. both registry items are protected by policies but when running with trustedinstaller token i should be able to change them.

at the moment I use PC Hunter for the same purpose but i have to do everything manually.

anyone who knows if this is possible? (have no script to show atm)

Share this post


Link to post
Share on other sites

colombeen, did you not see wraithdu's response in the very last post before you posted? This script requires elevated admin rights to run; and if you have those rights you already have what you need to change registry values.

If you don't have the elevated rights, as you state, this script isn't going to work for you.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

@JLogan3on13, i have all the required rights on my system and i can elevate my rights to the system account but to change the specific keys in the registry i need the runfromtoken part as trustedinstaller.exe also (and it's that last part that won't work)

Share this post


Link to post
Share on other sites

Thank you  wraithdu for your script.

I want to add something to my old main application .

I want to add by script , "Device Manager" to the context menu of This PC in win 10 10041

I already do that in xp,vista,7,8 with

$_key_name_ = "HKLM" & "\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\DevMgr"
$_value_name_ = ""
RegWrite ( $_key_name_ , $_value_name_ , "REG_SZ" , "Device Manager" )

$_key_name_ = "HKLM" & "\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\DevMgr\command"
$_value_name_ = ""
RegWrite ( $_key_name_ , $_value_name_ , "REG_SZ" , @WindowsDir & "\system32\mmc.exe " & @WindowsDir & "\system32\devmgmt.msc" )

But in Windows 10 , even the SYSTEM account has only Read privileges on above keys.

So , i searched on this forum and others for a solution .

I found one , a way to run the script as TrustedInstaller who has Read/Write privileges on the above registry keys and probably on everything else on the computer.

Solution is publised by jschicht here https://github.com/jschicht/RunAsTI

His script is based on another 2 scripts published

by joakim here  http://reboot.pro/files/file/237-runassystem-and-runfromtoken/

The 2 joachim scripts are based on your script .

All scripts have sources and both compiled files (32bit and 64bit) downlodable.

Both RunAsTI compiled files work like a charm, at least here

Tested on 8.1 32 , win 10.10041 32 , 8.1 64bit  ( here work both compiled files 32 and 64)

My problem is : the source of RunAsTI do not work at all , compiled or not.

I want to modify it , to pass inside the job , not to pass the job as parameter , and add it to mai library .

I already add the joakim’s RunFromToken but i cannot pass the error : resource not found

In the main script of RunAsTI , the lines 20..22 give somethink like cannot redeclare const . I comment them.

Maybe he used an old version of auto it , i use the last stable version

autoit-v3-setup_3.3.12.0_140601

Can anybody help me ? To make functional this autoit script ?

Thank  You

oneLess

 

Share this post


Link to post
Share on other sites

#50 ·  Posted (edited)

Hi,

    My problem is : the source of RunAsTI do not work at all , compiled or not.

I want to modify it , to pass inside the job , not to pass the job as parameter , and add it to mai library .

I already add the joakim’s RunFromToken but i cannot pass the error : resource not found

Make sure you adjust the following lines:

#AutoIt3Wrapper_Res_File_Add=c:\tmp\RunFromToken.exe
#AutoIt3Wrapper_Res_File_Add=c:\tmp\RunFromToken64.exe

If you put the files RunFromToken.exe and RunFromToken64.exe on the same folder as the script simply remove the c:tmp part.

I just compiled the script using Autoit 3.3.12.0 with the constant lines commented like you did and it works.

Edited by rpaz

Share this post


Link to post
Share on other sites

Anybody tried this on 8.1 or 10?

I imagine the user needs to be an admin to install the service?

 

Regards,

Share this post


Link to post
Share on other sites

#52 ·  Posted (edited)

I just compiled the script using Autoit 3.3.12.0 with the constant lines commented like you did and it works.

Thank You

Works here also AFTER i run properly AutoIt3Wrapper_Res_File

which mean FULL Scite installed

and use BUILD [F7] option or COMPILE .

Thank You again

c

Edited by oneLess

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now