Jump to content

#RequireAdmin Not Elevating Sub-Processes


Recommended Posts

I have been using AutoIT for several years now, although mostly with Windows XP. As my company is undertaking a massive Windows 7 conversion, I find that some of the features of AutoIT do not seem to work as I would think they should, which brings about my question today...

I use the AutoIt3Wrapper with my compiled scripts and everything works well generally; however, I have a need to include two commands in an AutoIT script that have to be RunAsAdmin. I have the AutoITWrapper set as "#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator" and I am prompted for UAC elevation. The commands; however, do not seem to be elevating.

RunWait(@ComSpec & ' /c bcdedit /set {default} recoveryenabled No', @HomeDrive, @SW_HIDE)
RunWait(@ComSpec & ' /c bcdedit /set {default} bootstatuspolicy ignoreallfailures', @HomeDrive, @SW_HIDE)

If I post the commands into an elevated command prompt they work correctly, but via the script they seem to be ignored.

I appreciate any ideas and/or assistance.

Thanks In Advance!!!

Link to post
Share on other sites
  • Developers

What is the returncode from the Runwait() commands?

Maybe do some debugging by running this version:

RunWait(@ComSpec & ' /k bcdedit /set {default} recoveryenabled No', @HomeDrive)

Does it give any errors in the opened CMD window?

Jos

 

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to post
Share on other sites

When looking more in depth into the issue. The error is BCDEDIT cannot be found. If I run a CMD from the script, it cannot see BCDEDIT in the C:\Windows\System32\ folder, whereas if I just run a CMD from Start>Run I can see it in the C:\Windows\System32\ folder. I did find that in both CMD windows I could find the executable at: @WindowsDir & 'winsxsamd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_e6510234bbcb2a8c, so I pointed the script to that location:

RunWait(@ComSpec & ' /c ' & @WindowsDir & '\winsxs\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_e6510234bbcb2a8c\bcdedit /set {default} recoveryenabled No', @HomeDrive, @SW_HIDE)
RunWait(@ComSpec & ' /c ' & @WindowsDir & '\winsxs\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_e6510234bbcb2a8c\bcdedit /set {default} bootstatuspolicy ignoreallfailures', @HomeDrive, @SW_HIDE)

This seems to have fixed the issue, although I am unsure why the file cannot be seen. The answer to this question may be helpful to me and others in the future. Thanks for your assistance.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Doniel
      Hi there! 😃
      I've 2 simple scripts:
      Script 1 starts script 2 Script 1 gets executed with normal user rights (un-elevated) Script 2 contains an #RequireAdmin and therefor can only start elevated I want to read the output of script 2 with script 1 AND have the UAC of script 2 being activated as fullscreen Script 1 (Scripts location is the same as script 2 that I'm running with Run()
      Local $iPID, $sOutput $iPID = Run(@ComSpec & " /c " & "C:\Entwicklung\Autoit\Test\Temp.exe", @ScriptDir, @SW_HIDE, 0x2) ProcessWaitClose($iPID) $sOutput = StdoutRead($iPID) StdioClose($iPID) ConsoleWrite($sOutput) MsgBox(1, 1, 1) Script 2 (compiled as Temp.exe)
      #RequireAdmin ConsoleWrite("Return") MsgBox(1,1,"ADMIN") Now my problems are the following:
      Without the #RequireAdmin I can read the output with no problem, but not with the #RequireAdmin ($sOutput is empty) Using @SW_HIDE in the Run() command makes the UAC always start minimized (see attached picture) and the admin has to always manually click on the icon to enter his credentials since the UAC doesn't start in fullscreen. Here and on a few other sites they explain that the program launching the elevated program NEEDS to be activated in order to directly show the UAC fullscreen and not minimized. Using @SW_SHOW would get rid of the problem, BUT that leaves me with an ugly cmd.exe floating the whole time while the elevated script ist running. And my questions to that I'm seeking an answer for are:
      Problem 1: Is it just not possible to read from an elevated program with an un-elevated user/script? I also get the Access Denied if I press No on the UAC as an Output in $sOutput (Guess since its's still un-elevated) Problem 2: Is there a way to either make the floating black and blank cmd.exe being moved to the background and be non visible to the user OR to somehow bring the minimized UAC to the foreground/fullscreen? What I already tried and what didn't help me:
      $iPID = Run(@ComSpec & " /c " & "C:\Entwicklung\Autoit\Test\Temp.exe", @ScriptDir, @SW_HIDE, 0x2) While Not WinExists("Temp.exe erfordert Ihre Berechtigung") ConsoleWrite(1) WEnd WinActivate("Temp.exe erfordert Ihre Berechtigung") WinSetState("Temp.exe erfordert Ihre Berechtigung", WinGetText("Temp.exe erfordert Ihre Berechtigung"), @SW_SHOW) WinSetState("Temp.exe erfordert Ihre Berechtigung", WinGetText("Temp.exe erfordert Ihre Berechtigung"), @SW_MAXIMIZE) WinSetState("Temp.exe erfordert Ihre Berechtigung", WinGetText("Temp.exe erfordert Ihre Berechtigung"), @SW_ENABLE) The While-Loops helps a lot and also stops after a second or so (► Stops to write ones (1)). That means that the actual "window" of the UAC is found, but all the WinXXX functions don't do anything and the UAC stays minimized. I also tried to minimized/move the cmd.exe to the background with WinActivate() and WinSetState() with no success.
      $iPID = ShellExecute("C:\Entwicklung\Autoit\Test\Temp.exe", "", @ScriptDir, "open", @SW_HIDE) Using ShellExecute() instead of Run() completely solves the UAC to fullscreen problem BUT I haven't found a consistent way to read the output of ShellExecute(). Neither here on the forum nor somewhere else. If I'd be possible to read the output from ShellExecute() then all my problems would be solved at once!
      Also tried a few more things and playing with some parameters but everything with no success.
      I'd really love some help and support here from you.
      Thanks in advance!
       

    • By rudi
      Hi,
      When a non compiled AU3 script is run with #RequireAdmin, then if the UAC prompt can be authorized due to the fact, that the currently loggedon user has local admin rights, then the macro @UserProfileDir correctly reflects the profile dir of the user of the windows logon session.
       
      When the script with #RequireAdmin is started by a "normal user" without local admin rights, and I use a domain admin account to authorize the UAC prompt, then @UserProfileDir reflects the profile dir belonging to the AD-Admin account.
      As the script originally was started using the "regular user" I'm wondering, if there is a chance to "pass" the original user's @UserProfileDir to the UAC elevated script?
       
      As playing around with this feature I realize, that I basically don't know the exact mechanism of the UAC elevation authorization process:
      The script is started by right mouse click, execute script This is invoking e.g. "C:\Program Files (x86)\AutoIt3\AutoIt3.exe" "C:\Users\Rudi\Desktop\test.au3" as by this registy value: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AutoIt3Script\Shell\Run\Command] @="\"C:\\Program Files (x86)\\AutoIt3\\AutoIt3.exe\" \"%1\" %*" But what I honestly don't know is, how does the UAC propt interact in the program startup? I guess, that Autoit3.exe is parsing the AU3 source, is seeing the #RequireAdmin and then "relaunches itself with the AU3 as %1" requesting UAC elevated rights "from windows"??? With Process Explorer I can see, that The commandline then is this one with a "!" before "%1"
      "C:\Program Files (x86)\AutoIt3\AutoIt3.exe" !"C:\Users\Rudi\Desktop\test.au3"  It it should be something like this, then it might be possible to pass the original @UserProfileDir to the second, UAC elevated "Startup"??? <edit>
      I just noticed:
      When I use "WIN+R" and then directly use the command line, I see in Process Explorer, ...
      "C:\Program Files (x86)\AutoIt3\AutoIt3.exe" !"C:\Users\Rudi\Desktop\test.au3"
      ... then this script with #RequireAdmin is started *WITHOUT* UAC elevation.
      Guessing, that this ! is just reverting #RequireAdmin I tried the "opposite" one as well:
      AU3 script without #RequireAdmin Starting with "C:\Program Files (x86)\AutoIt3\AutoIt3.exe" !"C:\Users\Rudi\Desktop\test.au3" does not invoke UAC elevation prompt. So to me it looks like, this ! is a "status flag from Autoit3.exe to Autoit3.exe", that the elevation process was done already? amazing...
      the topic Autoit on Windows Vista is telling no details of  this UAC process...
      </edit>
       
      Regards, Rudi.
    • By jantograaf
      Hi all,
      I'm trying to automate the install of a specific networking device. All goes well, I can install the driver on both Windows 7 & 10, rescan for hardware, set the IP-settings and all, but there's one issue. In Windows 10, I can disable all connection protocols using Powershell, but Windows 7 does not offer this Powershell-Cmdlet. So I programmed a way (two years ago) to let AutoIt open the network-adapter properties and then deselect all checkboxes except for the TCP/IP-V4. I recovered this snippet somewhere in my old files and tried to reintegrate this into my latest script, but it doesn't seem to work. On Windows 10 I get a blank screen for a few seconds and that's it, on Windows 7 it makes explorer crash. 
      I think it's quite safe to test this on your own system as long as you're not using IPv6 to connect to the internet and as long as you return to check all the boxes again (so you don't break your connectivity).
      If  anyone has any idea, I'd be glad to hear from you!
      Thanks in advance and stay safe in these Corona-ridden times 🙂
      Kind regards,
      Jan
       

      There are three functions involved:
      DisableAllProtocols($AdapterName)
      This one is the main function that 'should' uncheck all the checkboxes in the adapter's Properties-window.
      Func DisableAllProtocols($AdapterName) OpenNetConnToAdapter($AdapterName) ;Find the IDs of all relevant controls Local $Handle_Window_Properties = WinWaitActive($Adaptername & " Properties","") Local $Handle_Listview_Protocols = ControlGetHandle($Adaptername & " Properties","","[CLASSNN:SysListView321]") Local $Handle_OK_Button = ControlGetHandle($Adaptername & " Properties","","[CLASSNN:Button6]") Local $List_CMN_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Client for Microsoft Networks") Local $List_FPSMN_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","File and Printer Sharing for Microsoft Networks") Local $List_QOS_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","QoS Packet Scheduler") Local $List_MNAMP_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Microsoft Network Adapter Multiplexor Protocol") Local $List_MLLDPPD_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Microsoft LLDP Protocol Driver") Local $List_IPV6_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Internet Protocol Version 6 (TCP/IPv6)") Local $List_LLTDR_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Link-Layer Topology Discovery Responder") Local $List_LLTDMIOD_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Link-Layer Topology Discovery Mapper I/O Driver") ; Disable All Protocols Except IPV4 SetCheckboxState($Handle_Listview_Protocols,$List_CMN_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_FPSMN_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_QOS_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_MNAMP_ID,3) SetCheckBoxState($Handle_Listview_Protocols,$List_MLLDPPD_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_IPV6_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_LLTDR_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_LLTDMIOD_ID,3) ;Click OK ControlClick($Handle_Window_Properties,"","Button6") Sleep(50) WinClose("Network Connections") EndFunc OpenNetConnToAdapter($AdapterName)
      This function opens the network adapter's Properties-page
      Func OpenNetConnToAdapter($AdapterName) ShellExecute("control.exe","ncpa.cpl",@WindowsDir,"",@SW_SHOW) WinWait("Network Connections","") WinActivate("Network Connections","") Local $Handle_Window_NetworkConnections = WinWaitActive("Network Connections","") Send("{F5}") Sleep(250) Local $AdapterNameArray = StringSplit($AdapterName,"") For $i = 1 To $AdapterNameArray[0] Step 1 Send($AdapterNameArray[$i]) Sleep(10) Next Sleep(50) Send("{APPSKEY}") Sleep(50) Send("{R}") Sleep(500) Return EndFunc SetCheckboxState($Handle,$checkbox_id,$wantedstate)
      This function changes the state of a checkbox
      Func SetCheckboxState($handle,$checkbox_id,$wantedstate) ;$handle : SysListView32-handle ;$checkbox_id : The ID of the checkbox you want to control ;$wantedstate : The wanted status (2 for checked, 3 for unchecked) Local $currentstate = _GUICtrlListView_GetItemStateImage($handle,$checkbox_id) If $currentstate = $wantedstate Then Return Else _GUICtrlListView_SetItemSelected($handle,$checkbox_id,True,True) Send("{Space}") Sleep(50) Return EndIf EndFunc  
    • By MMedina
      Hello all, 
      Been looking for and playing around with a script that would prompt me for a UserName and Password then Map a network drive.
      I have included the code: 
      #AutoIt3Wrapper_icon=your_icon.ico #AutoIt3Wrapper_Run_Obfuscator=y #obfuscator_parameters=/striponly #NoTrayIcon #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> $Form1 = GUICreate("Connect To Your Drive", 265, 135) $username_id = GUICtrlCreateInput("", 88, 16, 153, 21) $password_id = GUICtrlCreateInput("", 87, 44, 153, 21, $ES_PASSWORD) GUICtrlCreateLabel("&Username", 24, 16, 52, 17) GUICtrlCreateLabel("&Password", 26, 46, 50, 17) $connect = GUICtrlCreateButton("&Connect", 24, 80, 217, 33, BitOr($GUI_SS_DEFAULT_BUTTON, $BS_DEFPUSHBUTTON)) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $connect $username = GUICtrlRead($username_id) $password = GUICtrlRead($password_id) If $username = '' Or $password = '' Then MsgBox(16, 'Error', 'Empty username or password') ContinueLoop EndIf If DriveMapGet("X:") <> '' Then ; very fast MsgBox(16, 'Error', 'The device is already assigned') ContinueLoop EndIf GUISetCursor(15,1) DriveMapAdd("X:", "\\Server\share\filestore\" & $username, 0, $username, $password) ; slow If @error Then Switch @error Case 1 $err_message = 'Undefined / Other error. Windows API return code: ' & @extended Case 2 $err_message = 'Access to the remote share was denied' Case 3 $err_message = 'The device is already assigned' Case 4 $err_message = 'Invalid device name' Case 5 $err_message = 'Invalid remote share' Case 6 $err_message = 'Invalid password' EndSwitch GUISetCursor(2) MsgBox(16, 'Error', $err_message) Else ; everything OK Exit EndIf EndSwitch WEnd  
      When I attempt the build I get the following:
       Obfuscator support has been discontinued and is replaced by Au3Stripper using "#Au3Stripper_" directives.
      ! The directive to run Au3Stripper is: #AutoIt3Wrapper_Run_Au3Stripper=y  ; Default is n
      ! #Au3Stripper_Parameters options are: 
      /pe  : Replace and reference to a Global Const variable with its actual value.
      /tl  : Create Au3Stripper.Log with a trace of all actions.
      /debug: add Debug information to Au3Stripper.Log.
      /so : This is the default when no parameters are provided. same as /sf + /sv
      /sf : Strip all unused Func's
      /sv : Strip all unused Global var records.
      /mo : Just merges the Include files into the source and strips the Comments.
            This is similar to aut2exe and helps finding the errorline.
      /mi : Sets the maximum Iterations Au3Stripper will perform. Default is 5.
      /rm : Rename Variables and Functions to a shorter name.
      /rsln: Replace @ScriptLineNumber with the actual line number.
      /Beta: Use Beta Includes.
      - Icon not found:  your_icon.ico ==> Changing to default ICON.
      >Running AU3Check (3.3.14.5)  from:C:\Program Files (x86)\AutoIt3  input:C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS.au3
      +>18:28:11 AU3Check ended.rc:0
      >Running Au3Stripper (18.708.1148.0)  from:C:\Program Files (x86)\AutoIt3\SciTE\Au3Stripper cmdline:
      - 0.22 Iteration 1 Strip Functions result: Output  1050 lines, stripped 0 Func lines and 234 Commentlines
      - 0.61 Iteration 2 Strip Variables result: Output  88 lines and stripped 962 lines
      - 0.63 Iteration 3 Strip Variables result: Output  58 lines and stripped 30 lines
      - 0.64 Iteration 4 Strip Variables result: Output  52 lines and stripped 6 lines
      - 0.66 Iteration 5 Strip Variables result: Output  51 lines and stripped 1 lines
      +> Source    1285 lines 48435 Characters.
      +> Stripped  999 Func/Var lines and  234 comment lines, Total 46893 Characters.
      +> Saved     95% lines 96% Characters.
      +> Au3Stripper v18.708.1148.0 finished created:C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS_stripped.au3
      +>18:28:12 Au3Stripper ended.rc:0
      >Running AU3Check (3.3.14.5)  from:C:\Program Files (x86)\AutoIt3  input:C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS_stripped.au3
      +>18:28:12 AU3Check ended.rc:0
      >Running:(3.3.14.5):C:\Program Files (x86)\AutoIt3\aut2exe\aut2exe.exe  /in "C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS_stripped.au3" /out "C:\Users\Migue\AppData\Local\AutoIt v3\Aut2exe\~AU495C.tmp.exe" /nopack /comp 2
      +>18:28:13 Aut2exe.exe ended.C:\Users\Migue\AppData\Local\AutoIt v3\Aut2exe\~AU495C.tmp.exe. rc:0
      !>18:28:13 Problem copying file from: C:\Users\Migue\AppData\Local\AutoIt v3\Aut2exe\~AU495C.tmp.exe To :C:\Users\Migue\Documents\Sync\Batches and Scripts\WDW-Scripts\SMS.exe
      +>18:28:14 AutoIt3Wrapper Finished.
      >Exit code: 0    Time: 3.046
       
      When I attempt to run the executable I get the following:

      Many thanks in advance
    • By ammaul
      Hi folks, I'm having problems with a screenshot capture script.
      Let me explain.
      Everyday I (and my colleagues at work) need to take some screenshots from a web-page. These screenshots are used to compile a report. Normally, I (and others) used to log in into the website and took screenshots of desired graphics and tables. This is tediuos and time consuming. To easy this task I made a script using autoit that basically logs into the website (user and password) and using some clicks, stroke send, coordinates, it is able to generate the graphics and save them to some folders into our network (this script saves arouund 50 pics. It works like a sharm.
      In order to make things easier, I tried to schedule this script (compiled to a Screnpics.exe file) using task scheduler from windows. We already use this (task scheduler) to run some vbs scripts, some vba excel scripts and so on. The computer used for this tasks is a windows 7 desktop computer. Due to security policies, the computer locks after some time. All this tasks run in the locked computer.
      My script screenpics.exe runs also from this locked computer. When the computer is unlocked, it does everything as expected. But, when it is locked, all the "pics" are BLACK. As I understand, it runs ok, but, as the "windows" are innactive, it prints what it "sees": a black rectangular.
      Some details: The web-page with hold the information I need, it only works in Firefox and, because of this it couldn`t be managed by vba or some "getobject" like commands. In fact, it has some flash things that make it impossible to control programatically. So my script is based on mouse move to coordinates, mouse click, screen capture and so one.
       
      So, I read many posts trying to figure out a way to overcome this, but... nothing came to mind. My first idea was try to unlock windows. Theses lead me to some posts with no solution. This is worse because I'm not a computer admin, so procedures that need to replace/change the register are not an option.
       
      If someone has any idea, I'll be gratefull.
×
×
  • Create New...