Sign in to follow this  
Followers 0
jftuga

working with windows 7 UAC

9 posts in this topic

I have a program what works great in our locked down exam rooms running under XP. We are upgrading to Windows 7 and I need help with UAC. Disabling UAC is not really an option.

(1) The program first checks to see if it is admin via IsAdmin(). If so, it will ask you if you want to launch task manager, command prompt, and explorer. After these are lauched, the program (now running as admin) ends and it never installs any hotkeys.

(2) If not running as admin then install two hotkeys, wait forever for one of them to be pressed.

  • Hotkey #1 displays Computer, User, IP Address, etc. No admin required.
  • Hotkey #2 asks you for an admin username and password. It will then:
  • Execute itself as admin and thus hit the branch listed in (1)
  • RunAs( $u, @ComputerName, $p, 1, @AutoItExe, "c:\windows" )
With Windows 7 the program does not run as expected. If I use #RequireAdmin any where in the script, it will ask for UAC username and password (when running as a normal user). If I don't use #RequireAdmin, then the RunAs does not operate as expected. It appears as though the IsAdmin() function is returning false.

How can I fix this? I have attached the script.

Thanks,

-John

Share this post


Link to post
Share on other sites



How can I fix this? I have attached the script.

Where is the script?



Get Beta versions Here Get latest SciTE editor Here AutoIt 1-2-3 by Valuater - A great starting point.

Time you enjoyed wasting is not wasted time ......T.S. Elliot
Suspense is worse than disappointment................Robert Burns
God help the man who won't help himself, because no-one else will...........My Grandmother

Share this post


Link to post
Share on other sites

Have a look at this (8. Facts on UAC), this and this All of them will give you the info you need to get your script working. I had a similar issue with a script, and I was able to get it to work. Look at the _IsAdministrator function in the first thread, and if you need to re-execute the script multiple times, set the Registry value ConsentPromptBehaviorAdmin to 0 to prevent UAC Popups. Then set it back to the previous value at the end of the script.

Until I can see the script, there is nothing much else I can help you with.

Adam

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

KaFu,

seems like I've become kind of an UAC expert around here

And you are very welcome to be the UAC expert. :)

From now on we shall point all users posting UAC questions in your direction! Have fun! ;)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

I edited you script, check to see if this works for you.

#cs

Admin_Popup
Show computer information or launch shell when hotkey is pressed
-John Taylor
May-24-2005 (version 1)
Nov-08-2007 (version 2)
May-12-2010 (version 3) [1] commented out GP / regedit functionality   [2] updated RunAs() for AutoIt v3.3.4.0
Jul-28-2010 added crtl-alt-A to start Admin Tools
Feb-10-2012 update for Windows 7 UAC

#ce

If Not StringRegExp(@OSVersion, "_(XP|200(0|3))") And _IsAdministrator() And Not IsAdmin() Then ;Windows Vista+
If ShellExecute(@ScriptFullPath, "", "", "runas") Then
        Exit
    Else
        MsgBox(16 + 262144, "ERROR!", "Script did not get elevated privileges, and cannot run.")
Exit
EndIf
EndIf

#include <GUICONSTANTS.au3>
#include <EditConstants.au3>

#NoTrayIcon
;; #RequireAdmin

Opt("GUIOnEventMode", 1)
Opt("MustDeclareVars", 1)
;~ Opt ("RunErrorsFatal", 0 )

Global $Info_Title = "System Info v4"
Global $Shell_Title = "Run Admin Tools"
Global $UsernameID
Global $PasswordID
Global $Shell_Win
Global $_In_Shell = 0

Global $reg_entry[10][3]
Global $reg_entry_last = 2

$reg_entry[0][0] = "HKCUSoftwarePoliciesMicrosoftWindowsSystem"
$reg_entry[0][1] = "DisableCMD"
$reg_entry[0][2] = ""

$reg_entry[1][0] = "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"
$reg_entry[1][1] = "DisableTaskMgr"
$reg_entry[1][2] = ""

$reg_entry[2][0] = "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"
$reg_entry[2][1] = "DisableRegistryTools"
$reg_entry[2][2] = ""

;; These do not work, unless you reboot the machine; therefore, making them useless...
;;
;; Prevent access to drives from My Computer
;$reg_entry[3][0] = "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"
;$reg_entry[3][1] = "NoViewOnDrive"
;$reg_entry[3][2] = ""             ;0x03ffffff means restrict all drives

; Hide these specified drives from My Computer
;$reg_entry[4][0] = "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"
;$reg_entry[4][1] = "NoDrives"
;$reg_entry[4][2] = ""             ;0x03ffffff means restrict all drives


HotKeySet("^!~", "OnInfo") ; control alt ~
HotKeySet("^!A", "OnAdminTools") ; control alt A   (not lowercase A)
HotKeySet("+^!{TAB}", "OnAdminTools") ; shift control alt tab

;MsgBox(0,"isadmin()", isadmin())
If IsAdmin() Then
;MsgBox(0,"Info", "isadmin if stmt")
AdminTools()
Exit
EndIf

WaitForever()

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Func _ReduceMemory($i_PID = -1)
If $i_PID <> -1 Then
Local $ai_Handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $i_PID)
Local $ai_Return = DllCall("psapi.dll", 'int', 'EmptyWorkingSet', 'long', $ai_Handle[0])
DllCall('kernel32.dll', 'int', 'CloseHandle', 'int', $ai_Handle[0])
Else
Local $ai_Return = DllCall("psapi.dll", 'int', 'EmptyWorkingSet', 'long', -1)
EndIf
Return $ai_Return[0]
EndFunc   ;==>_ReduceMemory

Func WaitForever()
_ReduceMemory()
While 1
Sleep(500)
WEnd
EndFunc   ;==>WaitForever

Func OnAdminTools()
Local $SubmitID
$_In_Shell = 1

$Shell_Win = GUICreate($Shell_Title, 270, 150)
GUISetState()

GUICtrlCreateLabel("Username:", 10, 30)
$UsernameID = GUICtrlCreateInput("AdminAcct", 65, 30, 120)

GUICtrlCreateLabel("Password:", 10, 60)
$PasswordID = GUICtrlCreateInput("", 65, 60, 120, -1, $ES_PASSWORD)

$SubmitID = GUICtrlCreateButton("OK", 10, 90, 60)
GUICtrlSetOnEvent($SubmitID, "OnSubmit")

GUISetOnEvent($GUI_EVENT_CLOSE, "OnExit")
ControlFocus($Shell_Title, "", $PasswordID)

_ReduceMemory()
While 1 = $_In_Shell
Sleep(1000)
WEnd
EndFunc   ;==>OnAdminTools
#cs
func UnlockPermissions()
local $i, $val, $rv
local $reg_val = 0

for $i=0 to $reg_entry_last
;MsgBox(0,"Dbg", $reg_entry[$i][0] & @CRLF & $reg_entry[$i][1])
$val = -2
$reg_entry[$i][2] = -4
$val = RegRead($reg_entry[$i][0], $reg_entry[$i][1])
$rv = @error
if 0 <> @error then
; error reading reg key
; do not change [$i][2] so that it will not try to get used in LockPermissions()
;MsgBox(0,"error", "RegRead()" &@CRLF& $rv)
continueloop
endif

if StringInstr($reg_entry[$i][0], "Explorer", 0 ) > 0 then
;MsgBox(0,"Explorer", "Match " &$reg_entry[$i][1] )
$reg_val = 3; where 3 = restrict A & B drives only
endif

if $val > -1 then
;MsgBox(0,"val", $val &@CRLF& $reg_val)
$rv = RegWrite($reg_entry[$i][0], $reg_entry[$i][1], "REG_DWORD", $reg_val)
;MsgBox(0,"Unlock()", "RegWrite rv: " & $rv)
if 1 == $rv then
$reg_entry[$i][2] = $val
endif
endif
next
endfunc

func LockPermissions()
local $i

for $i=0 to $reg_entry_last
if -4 <> $reg_entry[$i][2] then
RegWrite($reg_entry[$i][0], $reg_entry[$i][1], "REG_DWORD", $reg_entry[$i][2])
$reg_entry[$i][2] = ""
endif
next
endfunc
#ce

Func RunPrograms()
Local $tmp = ""
Local $wait = 125
Sleep($wait)

;MsgBox(0,"Dbg", "In RunPrograms()")

Run(@ComSpec, "C:")
Sleep($wait)

Run(@SystemDir & "taskmgr.exe")
Sleep($wait)

;Run(@WindowsDir & "regedit.exe")
;sleep($wait)

;$tmp = @SystemDir & "gpedit.msc"
;Run(@ComSpec & " /c " & $tmp, "")
;sleep($wait)

;$tmp = @SystemDir & "sysdm.cpl"
;Run(@ComSpec & " /c " & $tmp, "")
;sleep($wait)

;$tmp = @SystemDir & "rundll32.exe SHELL32.DLL, SHHelpShortcuts_RunDLL PrintersFolder"
;Run(@ComSpec & " /c " & $tmp, "", @SW_MINIMIZE )
;sleep($wait)

$tmp = "C:WINDOWSexplorer.exe C:"
Run(@ComSpec & " /c " & $tmp)
Sleep($wait)

; System Properties
Run("C:\Windows\System32\control.exe sysdm.cpl", "C:\Windows\System32\")
Sleep($wait)

; Desktop Properties: Screen Saver, Display Resolution, etc.
Run("C:\Windows\System32\control.exe desk.cpl", "C:\Windows\System32\")
Sleep($wait)

; Crazy hack to run: explorer.exe c:
Run("C:\Windows\System32\control.exe ncpa.cpl", "C:\Windows\System32\")
Sleep($wait)

; Internet Explorer
$tmp = '"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/'
Run($tmp)
Sleep($wait)
EndFunc   ;==>RunPrograms

Func AdminTools()
Local $rv
;MsgBox(0,"Dbg","In AdminTools()")
;UnlockPermissions()
$rv = MsgBox(4, 'Admin Tools', 'Do you want to run the Admin Tools?')
If $rv == 6 Then
RunPrograms()
EndIf
;LockPermissions()
OnExit()
EndFunc   ;==>AdminTools

Func OnExit()
$_In_Shell = 0
;MsgBox(0,"Debug","starting OnExit()")
GUIDelete($Shell_Win)
_ReduceMemory()
EndFunc   ;==>OnExit

Func OnInfo()
Local $data[25]
Local $i = 0
Local $output = ""

$data[1] = "Computer name: " & @ComputerName
$data[2] = "User name: " & @UserName
$data[3] = "Logon server: " & @LogonServer
$data[4] = "---------------------------------------"
$data[5] = "1st IP: " & @IPAddress1
$data[6] = "2nd IP: " & @IPAddress2
$data[7] = "---------------------------------------"
$data[8] = "OS: " & @OSVersion & "  " & @OSServicePack
$data[9] = "Desktop: " & @DesktopWidth & "x" & @DesktopHeight & " @ " & @DesktopDepth & "bpp"
$data[10] = "AutoIt version: " & @AutoItVersion

For $i = 1 To 10
$output = $output & $data[$i] & @CR
Next

MsgBox(0, $Info_Title, $output, 14)
_ReduceMemory()
EndFunc   ;==>OnInfo

Func OnSubmit()
;MsgBox(0,"Info", "In OnSubmit()")
Local $u, $p, $rv
$u = GUICtrlRead($UsernameID)
$p = GUICtrlRead($PasswordID)

;MsgBox(0,"OnSubmit()", $u & @TAB & $p & @TAB & @AutoItExe)
$rv = RunAs($u, @ComputerName, $p, 1, @AutoItExe, "c:windows")
;MsgBox(0, $rv, @Error & " " & @AutoItExe)

_ReduceMemory()
OnExit()
EndFunc   ;==>OnSubmit

; end of script

; trancexx
; http://www.autoitscript.com/forum/topic/...as-admin/page__view__findpost_
Func _IsAdministrator($sUser = @UserName, $sCompName = ".")
    Local $aCall = DllCall("netapi32.dll", "long", "NetUserGetInfo", "wstr", $sCompName, "wstr", $sUser, "dword", 1, "ptr*", 0)
    If @error Or $aCall[0] Then Return SetError(1, 0, False)
    Local $fPrivAdmin = DllStructGetData(DllStructCreate("ptr;ptr;dword;dword;ptr;ptr;dword;ptr", $aCall[4]), 4) = 2
    DllCall("netapi32.dll", "long", "NetApiBufferFree", "ptr", $aCall[4])
    Return $fPrivAdmin
EndFunc   ;==>_IsAdministrator

There is one issue, the _IsAdministrator function only work for local admin accounts discretely listed, not in AD Security Groups. On our PCs, we use AD Security Groups, so it shows False for me, but my user account is in a security group that is in the local Administrators Group.

Adam

Share this post


Link to post
Share on other sites

Why not just #requireadmin and be done with it?


Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache

Share this post


Link to post
Share on other sites

If you read the OP, he wanted non admins to be able to run it, as well as admins.

Adam

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0