Jump to content

Is AutoIt of any use to me anymore??

vrocco

By vrocco,
in AutoIt General Help and Support

 Share

Recommended Posts

vrocco Wayfarer

vrocco

Posted
Posted

For a long time my organization was behind the times. We were using Windows XP right through the whole Vista phase. Now we just migrated to a new Windows 7 load for all our machines. Being in a government environment, the machines are heavily locked down, GPO enforced, UAC fully on, etc, etc.

I just can't see how to make AutoIt do anything in this environment. The biggest benefit to me of AutoIt in XP was that I could write a script that would run with admin rights. This allowed the user to download a script and run it to get something accomplished without me having to log into every box as admin. I could even present them with a GUI that gave them choices if that was necessary. There doesn't seem to be any way to do this in AutoIt (running the script as admin from normal user account). Not from what I have found searching these forums anyway.

If I am wrong about this, can someone give me an example of a script that performs an admin function (edit HKLM, create admin group user, etc) that be run by an unprivileged user. I need to not have UAC interfere at all. This means either shut it off temporarily until the script finishes, or bypass it somehow.

Or is it time to abandon AutoIt and try to find something else? What other options are there?

Please realize I am not trying to start a flame war, just honestly asking for guidance on this.

Link to comment
Share on other sites
MariusN Universalist

MariusN

Posted
Posted

For a long time my organization was behind the times. We were using Windows XP right through the whole Vista phase. Now we just migrated to a new Windows 7 load for all our machines. Being in a government environment, the machines are heavily locked down, GPO enforced, UAC fully on, etc, etc.

I just can't see how to make AutoIt do anything in this environment. The biggest benefit to me of AutoIt in XP was that I could write a script that would run with admin rights. This allowed the user to download a script and run it to get something accomplished without me having to log into every box as admin. I could even present them with a GUI that gave them choices if that was necessary. There doesn't seem to be any way to do this in AutoIt (running the script as admin from normal user account). Not from what I have found searching these forums anyway.

If I am wrong about this, can someone give me an example of a script that performs an admin function (edit HKLM, create admin group user, etc) that be run by an unprivileged user. I need to not have UAC interfere at all. This means either shut it off temporarily until the script finishes, or bypass it somehow.

Or is it time to abandon AutoIt and try to find something else? What other options are there?

Please realize I am not trying to start a flame war, just honestly asking for guidance on this.

Just a reminder...UAC cant be turned of "temp"....i'ts either on...or off....via a re-boot...Thats Win7 for you...

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted

Being in a governement environement

If you are of the DOIM/NEC ilk you should be able to push what you need through GPO. If you are on the receiving end (as it seems), and/or you do not have the proper credentials when UAC pops currently; I dont think they are going to appreciate any circumvention of existing security and I imagine attempts to do so will throw many flags.

If you have the credentials, and are thinking of maybe embedding these in your script.....i cant recommend that at all.

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
Zedna Universalist

Zedna

Posted
Posted (edited)

If I am wrong about this, can someone give me an example of a script that performs an admin function (edit HKLM, create admin group user, etc) that be run by an unprivileged user. I need to not have UAC interfere at all. This means either shut it off temporarily until the script finishes, or bypass it somehow.

Or is it time to abandon AutoIt and try to find something else? What other options are there?

In this case it's limitation of Operation System not limitation of Autoit.

So you can't do this neither with Autoit nor with other software I think.

Edited by Zedna

Resources UDF   ResourcesEx UDF   AutoIt Forum Search

Link to comment
Share on other sites
MilesAhead Universalist

MilesAhead

Posted
Posted (edited)

Back when I was using NT4 Server there was a freeware Windows implementation of su that allowed you to run a command as administrator. It had a facility to create a shortcut for a specific task with an encrypted admin password. After that you could just double click the icon. It used the info in the shortcut as part of the encryption scheme so that you could not just change the icon target to run something else.

Maybe someone has come up with something similar for UAC by now.

Edited by MilesAhead

My Freeware Page

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
Posted (edited)

If you're an administrator and disabling UAC is not an option you can set a registry key to bypass the UAC prompt (for admins only). Yes the key must be set ahead of time else you'll be prompted all the same.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem]

"ConsentPromptBehaviorAdmin"=dword:00000000

There is a separate key for non admin users but I wouldn't recommend changing that one.

Edited by spudw2k
Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetreive SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
iamtheky Universalist

iamtheky

Posted
Posted

you cannot use shims to bypass any security mechanisms present in Windows. For example, no shim is available to bypass the Windows 7 User Account Control (UAC) prompts while still running the application with elevated permissions.

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted (edited)

Zapping here, my opinion is that your issue just can't be solved the way you put it. It isn't the question of AutoIt or anything else, it is a question of edicted policies that simply don't give room for achievement of the tasks at hand.

This issue should be debated with your hierarchy, weighting the goods and odds of the rules they have put in place without thinking twice. If they decide that your job now has to be done "by hand" because strict policies govern above all, then they must accept the burden of their option.

Prove your point about allowing elevated controlled runs of [AutoIt or anything else] scripts _you_ manage by comparing time wasted and potential errors vs. effectiveness of your previous solution. Let them decide but tell them clearly that _they_ now carry the burden of slow deployment, slow upgrade, slow setups and park inconsistencies leading to more wasted time and energy within your organization.

Ask them to put their decision in writing as a note that you can exhibit every time something "should have been done yesterday" but requires more time to be done. Push back the pressure to them, don't even think to accept it. Practice Aïkido in IT dept.

Edit: BTW I'm not in a good position to tell you that what you expect can or cannot be done, the above is just a non-tech opinion. Seasonned admins here might have a magic wand for you.

Edited by jchd

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
Chimaera Universalist

Chimaera

Posted
Posted

This issue should be debated with your hierarchy, weighting the goods and odds of the rules they have put in place without thinking twice. If they decide that your job now has to be done "by hand" because strict policies govern above all, then they must accept the burden of their option.

Prove your point about allowing elevated controlled runs of [AutoIt or anything else] scripts _you_ manage by comparing time wasted and potential errors vs. effectiveness of your previous solution. Let them decide but tell them clearly that _they_ now carry the burden of slow deployment, slow upgrade, slow setups and park inconsistencies leading to more wasted time and energy within your organization.

Ask them to put their decision in writing as a note that you can exhibit every time something "should have been done yesterday" but requires more time to be done. Push back the pressure to them, don't even think to accept it. Practice Aïkido in IT dept.

Every time i try this i get the boot from the company, but maybe im a little to insistent about it. :D

If Ive just helped you ... miracles do happen. Chimaera

CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices()

Link to comment
Share on other sites
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...