Sign in to follow this  
Followers 0
HypercamJ

#RequireAdmin Alternative

6 posts in this topic

So after using many other programs that can, I was wondering how you could elevate a program's/script's privileges at certain places or inside conditional statements. I'm aware of the #RequireAdmin tag but that requests user conformation at the beginning at the script rather than inside an If..Then statement. I've also heard you could just start another process that requires higher privileges but I'd prefer to keep everything in one executable. As a side note, I think I've heard of using a COM object to invoke the UAC but I've yet to familiarize myself with those.


Prove, and I will believe...

Share this post


Link to post
Share on other sites



So after using many other programs that can, I was wondering how you could elevate a program's/script's privileges at certain places or inside conditional statements. I'm aware of the #RequireAdmin tag but that requests user conformation at the beginning at the script rather than inside an If..Then statement. I've also heard you could just start another process that requires higher privileges but I'd prefer to keep everything in one executable. As a side note, I think I've heard of using a COM object to invoke the UAC but I've yet to familiarize myself with those.

Either the parent script needs to run as Admin (#RequireAdmin), or internally RunAs() with appropriate credentials.

Outside of that, if you could elevate privileges it would be a grievous security issue that would hopefully be reported and patched out quickly.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

To get the elevation on Vista/se7en for a compiled script you can use the Au3Wrapper.

On the Tab Resource Update you can specify the Execution Level: Non / AsInvoker / highestAvailabel / requireAdministrator

XP and lower do not parse this entry, so the elevation will only occur in Vista/se7en :)

For other differentiation you have to use RunAs / Shellexecute with verb "runas" and/or multiple Executables/scripts.

//Edit: Yeah, you can use COM-objects for elevated functions, but AutoIt does not support COM-Objects, so this is not an Option for you ;)

Edited by ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

If you want to stay standalone, then try this:

Local $sfile = @ScriptDir & "\Test.au3", $hFile = FileOpen ($sFile, 2)

FileWrite ($hFile, "#RequireAdmin" & @CRLF & "MsgBox (0, ""Test"", ""Is Admin? "" & IsAdmin ())")
FileClose ($hFile)

RunWait ("""" & @AutoitExe & """ """ & $sFile & """")

MsgBox (0, "test 2", "Is Admin now? " & IsAdmin ())

That should do the trick. You might want to write to a temporary dir and delete the file after. This will also execute seperately to the current process, comment out "ProcessWaitClose" line to see that.

Mat

Edit: will work with exe's too.

Edited by Mat

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Maybe wasn't as clear as I thought I was. One of the programs I was referring to was the Apple Software Update program. When you ran it, it checked for updates from the Apple web site. If it found updates and you choose to download them, a UAC box popped up requesting administrative approval. When you approve it the GUI resizes by half to fit the download bar. My point there was to state that no external programs were ran. The Updater just requested administrative abilities whilst in the middle of executing. Mat had somewhat of my idea in mind except that only the secondary script had admin privileges (not the parent) and it had to create and external file to do so. Any further ideas?

Edited by HypercamJ

Prove, and I will believe...

Share this post


Link to post
Share on other sites

Run the compiled program anywhere in as admin, but must be restart of the program! :(

#NoTrayIcon
If IsAdmin() then
    TraySetState()
    MsgBox(0,'ADMIN', $CmdLineRAW)
else
    $objShell = ObjCreate("Shell.Application")
    exit $objShell.ShellExecute(@ScriptName, "pa ra ms", @ScriptDir, "runas"); User see only name of program
endif

OR

#NoTrayIcon
If IsAdmin() then
    TraySetState()
    MsgBox(0,'ADMIN', $CmdLineRAW)
else
    $objShell = ObjCreate("Shell.Application")
    exit $objShell.ShellExecute(@ScriptFullPath, "pa ra ms", "some dir", "runas"); User see full path of program
endif

Good luck, greetings. /Translated by Google

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0