Sign in to follow this  
Followers 0
MattX

RunAs Not Working

22 posts in this topic

RunAsSet is what I used to use [ I know it was bad but I used to have it at the start and then at the end of huge chunks of code ] but now we have RunAs and I can't for the love of god get it work on this chunk of code. I have tried RunAsWait, I have tried with local computer name and local admin rights but NO it won't run - it won't pull the EventLog, & it won't run procmon - the screenshot works and the zipping of the files but procmon and the eventlog just refuse.

Someone please help me before I throw a hissy fit.

While 1
        $nMsg = GUIGetMsg()
        Select
            Case $nMsg = $Button1
                FileWriteLine($file, $sMsg)
                FileClose($file)
                Local $sUserName = "administrator"
                Local $sPassword = "PASSWORD"
                local $domain = "MYFQDN"
                _ScreenCapture_Capture($helpdesk_screenshots & "\helpdesk_Image1.jpg")
                _EventLog__Backup ($hEventLog, "n:\helpdesk_screenshots\EventLog.evt")
                _EventLog__Close ($hEventLog)
                RunAs($sUserName, $domain, $sPassword, 1, @ScriptDir & '\procmon.exe /AcceptEula /Quiet /Minimized /BackingFile n:\helpdesk_screenshots\snapshot.PML')
                Sleep(5000)
                RunAs($sUserName, $domain, $sPassword, 1, @ScriptDir & '\procmon /terminate')
                Sleep(1000)
                $Zip = _Zip_Create($ziploc & "\zip_data.zip")
                _Zip_AddFolder($Zip,$ziploc,4)
                FileDelete("n:\helpdesk_screenshots\*.jpg")
                FileDelete("n:\helpdesk_screenshots\*.txt")
                FileDelete("n:\helpdesk_screenshots\*.evt")
                FileDelete("n:\helpdesk_screenshots\snapshot.pml")
                _IECreate($portalsite)

            Case $nMsg = $Button2
                _IECreate($portalsite)
            Case $nMsg = $infoitem
                MsgBox(0, "Portal Launcher 1.5", "Written By Matt." & @CRLF & "Comments & Suggestions to:" & @CRLF & "matt" & @CRLF & "Last update: Dec 2009")
            Case $nMsg = $GUI_EVENT_CLOSE
                GUIDelete($Form1)
                Return
        EndSelect
    WEnd

EndFunc   ;==>ShowMessage

Share this post


Link to post
Share on other sites



Have also tried:

RunAs($sUserName, @ComputerName, $sPassword, 0, 'procmon.exe /Quiet /Minimized /BackingFile n:\helpdesk_screenshots\snapshot.PML', @ScriptDir)

Still no luck.

Share this post


Link to post
Share on other sites

Also tried @workingdir still no luck.

Share this post


Link to post
Share on other sites

Is the N: map available for the RunAs credentials?

Jos ;)

The N: drive is the user's home directory - does this make a difference ?

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

The N: drive is the user's home directory - does this make a difference ?

Depends if the account used has access to it which I doubt since you use a MAPPED drive which is only know to the original users session.

What account do you use for Runas?

Is it a domain or Local PC account?

From where is the Script ran? Local disk or Network Share?

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Depends if the account used has access to it which I doubt since you use a MAPPED drive which is only know to the original users session.

What account do you use for Runas?

Is it a domain or Local PC account?

From where is the Script ran? Local disk or Network Share?

Jos

Thanks for the help so far - the account I am using for the RunAs is a local admin account [ to the PC ] - I have also tried the domain FQDN admin account too but still no luck. Would the netbios name make a difference ?

The location the script is running [ and where procmon is ] is on a mapped drive the user has access to [ which is a hidden drive P: ]

Share this post


Link to post
Share on other sites

Thanks for the help so far - the account I am using for the RunAs is a local admin account [ to the PC ] - I have also tried the domain FQDN admin account too but still no luck. Would the netbios name make a difference ?

The location the script is running [ and where procmon is ] is on a mapped drive the user has access to [ which is a hidden drive P: ]

You always should use the UNC (\\server\share\path) when using different credentials since that userid doesn't have these Mapping available.

The local admin account will not work at all since it doesn't have any access to the share.

What I normally do is to download the file from the share to a local temp directory and then use the Local Admin account to run it, this to avoid having to use a domain admin account with all its security risks.

Give that a try.


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

You always should use the UNC (\\server\share\path) when using different credentials since that userid doesn't have these Mapping available.

The local admin account will not work at all since it doesn't have any access to the share.

What I normally do is to download the file from the share to a local temp directory and then use the Local Admin account to run it, this to avoid having to use a domain admin account with all its security risks.

Give that a try.

I just map the drive with the account before doing the run as... here is a sample script I use:

; Map U: Drive to Local Account and run the executable, then exit.
RunAsWait($sUserName, @ComputerName, $sPassword, 4, @ComSpec & " /k NET USE /PERSISTENT:YES "& $sNetDrive & " " & $sNetPath & " /USER:"& $sNetUserName &" """& $sNetPassword &""" && "& $sNetDrive &" && CD && START /WAIT """" "& $sNetDrive &"\"& $sFilePath &" && exit", "", @SW_SHOW)

I attached the file I sampled this from if you need it for reference.

Elevate.au3

Share this post


Link to post
Share on other sites

Thanks for the help so far - just going to try and run the procmon part locally now - will report back on how I get on with that.

Whilst I am at it - how can you run a whole section of code with admin rights now ? With the old RunAsSet function you could start have lines of code run as an admin and then close it with afterwards with RunAsSet()

Can this still be done ? Just thinking as if I can get this to work by running it locally I will copy the file over to the c: drive but of course I will need admin rights to the c: drive to create a dir and copy over the file.....

The change to this function has really thrown me and some of my scripts into a mess.

Share this post


Link to post
Share on other sites

Righty Ho - got procmon working running locally with a RunAs which is great - only snag I have now is that the _EventLog_Backup does not work - have tried including that too within the RunAs function but to no avail - on checking the help file it states the function fails if the user does not have SE_BACKUP_NAME - excuse my dumb arse question but what is that ? I've done a search but found nothing.

The function works with Admin Rights but not a normal user......

Share this post


Link to post
Share on other sites

Works for Admin, [ understandably ] but not as normal user - any ideas anyone ?

RunAs($sUserName, @ComputerName, $sPassword, 0, _EventLog__Backup ($hEventLog, "c:\logs\EventLog.evt"))
RunAs($sUserName, @ComputerName, $sPassword, 0, _EventLog__Close ($hEventLog))

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

This is getting stupid - the only way I can get the _EventLog__Backup to work for a user without admin rights is to create a separate compiled script:

#include <EventLog.au3>
Dim $hEventLog = _EventLog__Open ("", "Application")
_EventLog__Backup ($hEventLog, "c:\logs\EventLog.evt")
_EventLog__Close ($hEventLog)
Exit

And then call that from the original script:

RunAsWait($sUserName, @ComputerName, $sPassword, 0, 'c:\logs\event_test.exe', 'c:\logs')

Someone please tell me there is a way to use RunAs or RunAsWait and the _EventLog__Backup function.....

Edited by MattX

Share this post


Link to post
Share on other sites

See you are having a ball here. ;)

What happens when you run it with RunWait() in stead of RunAs() as the regular user?

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

See you are having a ball here. ;)

What happens when you run it with RunWait() in stead of RunAs() as the regular user?

Jos

As a regular user ? Nothing !!

I am at a loss as now as I have no idea how to code around other functions with the new RunAs - for example I want to use the _EventLog__Backup function but I know it won't work for a regular user as I have tested it - so I stick in:

RunAs($sUserName, @ComputerName, $sPassword, 0, _EventLog__Backup ($hEventLog, "c:\logs\EventLog.evt"))
RunAs($sUserName, @ComputerName, $sPassword, 0, _EventLog__Close ($hEventLog))

But this refuses to work - what am I doing wrong ?

Christ things were easier with the RunAsSet function !!

Share this post


Link to post
Share on other sites

couple of things here:

You are trying to "RUN" an UDF in stead of an EXE? That obviously will not work.

What i normally would do in these cases to avoid needing multiple scripts is to have the script start itself with admin credentials and supply a parameter on the commandline which will be used as trigger for the Admin level tasks.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

couple of things here:

You are trying to "RUN" an UDF in stead of an EXE? That obviously will not work.

What i normally would do in these cases to avoid needing multiple scripts is to have the script start itself with admin credentials and supply a parameter on the commandline which will be used as trigger for the Admin level tasks.

Jos

Don't suppose you have an example I could look at do you which does this ?

Share this post


Link to post
Share on other sites

Don't suppose you have an example I could look at do you which does this ?

Something like this:

; Demo restart with admin rights
MsgBox(0, "$cmdline[0]", $cmdline[0])
For $x = 1 To $cmdline[0]
    If $cmdline[$x] = "/test" Then
        ; script code to be run with Admin rights go here
        MsgBox(0, "/test", "Username:" & @UserName)
        Exit
    EndIf
Next
MsgBox(0, "Normal", "Username:" & @UserName)
$rc = RunAsWait("admin", @ComputerName, "test123", 0, '"' & @ScriptFullPath & '" /test', @ScriptDir)
MsgBox(0, "Rc", "Rc:" & $rc & @LF & "@error:" & @error)

Jos ;)


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Thanks for the example - but on looking at it I don't really have a clue as to what is going on. What is the $cmdline variable actually doing ? Is it telling me what user is currently running the script as ? Also what is the $rc variable and the error level if run is returning the value as 1 and the RC value as 0. I'm not quite sure what is going on here - sorry to sound thick but like I said I don't script for a living just and when I can so I don't really understand what the $rc variable is returning from the RunAsWait function....

Something like this:

; Demo restart with admin rights
MsgBox(0, "$cmdline[0]", $cmdline[0])
For $x = 1 To $cmdline[0]
    If $cmdline[$x] = "/test" Then
        ; script code to be run with Admin rights go here
        MsgBox(0, "/test", "Username:" & @UserName)
        Exit
    EndIf
Next
MsgBox(0, "Normal", "Username:" & @UserName)
$rc = RunAsWait("admin", @ComputerName, "test123", 0, '"' & @ScriptFullPath & '" /test', @ScriptDir)
MsgBox(0, "Rc", "Rc:" & $rc & @LF & "@error:" & @error)

Jos ;)

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

The helpfile tells you all about what RunAsWait() returns in case of success and Failure.

Anyways, The MsgBox() statements are there for testing and showing you the different steps ... just have a play with this script by running it with a valid account and try understanding it after you ran it.

It really is pretty strait forward.

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0