Jump to content
Sign in to follow this  
akorx

Run a function with admin rights

Recommended Posts

KaFu

This works for a single line of code:

MsgBox(0, "", RegRead("HKEY_LOCAL_MACHINESOFTWAREAutoIt", ""))
ShellExecuteWait(@AutoItExe, '/AutoIt3ExecuteLine "RegWrite(''HKEY_LOCAL_MACHINESOFTWAREAutoIt'', '''', ''REG_DWORD'', 1)"', "", "runas")
MsgBox(0, "", RegRead("HKEY_LOCAL_MACHINESOFTWAREAutoIt", ""))
ShellExecuteWait(@AutoItExe, '/AutoIt3ExecuteLine "RegDelete(''HKEY_LOCAL_MACHINESOFTWAREAutoIt'')"', "", "runas")
MsgBox(0, "", RegRead("HKEY_LOCAL_MACHINESOFTWAREAutoIt", ""))

To elevate an entire script take a look at my example

Edit: Upsa, it's all about XP :), well, the mentioned syntax should work the same way with RunAs()... otherwise disregard this post...

Edited by KaFu

Share this post


Link to post
Share on other sites
Valik

Lots of things to address.

  • RunAsSet() NEVER provided per-function elevation. All it did was cache credentials in-memory (insecure) so that the next call to Run() would use those credentials. I removed RunAsSet() and added RunAs() which does not store credentials (More secure). RunAsSet() had no other behavior. You people who think otherwise are idiots. Full stop.
  • It would be nice if we could elevate a single call, wouldn't it? Clearly you did no research on this subject, otherwise you would have found one of my rants against Microsoft for not providing a way for a running process to request an elevated access token. It should be up to me as an application designer if I want to do in-process elevation and store an access token for use with impersonation. Microsoft, however, disagree and allows us to only elevate at process start. In short, it is not possible to implement what you want - sort of.
  • It's possible to do what you want in a couple different ways. One is annoying if you need to elevate a lot of functions (UAC prompt each time on Vista+) and the other is insecure unless well written to verify all input. In neither case can you invoke UDFs easily without some very clever code. In no case can you do it with just as single running process (although it can be done with a single compiled script that gets spawned more than once).
I'm locking this thread. You're all over the map with your various stupid comments here. I've answered the initial question, clarified a misconception and provided clues to two of the only available alternatives for achieving a similar effect. Mostly I'm closing this because you created a duplicate thread in the developer forum without taking into consideration all the things the people here said.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×