Sign in to follow this  
Followers 0
Neutro

Problem with admin rights using runas on a batch file

12 posts in this topic

Hey guys,

I'm trying to launch a batch file as an administrator with autoit on windows 8.1.

This batch file is doing several things to automaticly setup new computers in our company, like disableing windows firewall, adding registry keys...

I know i could do this only using autoIT without the batch file but since all the work has already been done in the batch file, it would save me a lot of time if I could make this work without rewriting everything with autoit.

Here is the code i'm using:

#RequireAdmin

if isadmin() == 0 then msgbox("","","no admin rights!")

RunAsWait("userlogin","userdomain", "userpassword", 0, "\\server\path_to_batch\batch.bat")

 

The batch file is launching properly when running the above autoit script but without administrator rights. I'm getting "not enough priviledges" error messages when trying to disable windows firewall using the batch file for example.

When I launch the batch file using right click -> run as administrator when logged as "userlogin", it works without any problems.

Any idea?

Thanks!

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Well I spent hours trying to solve this problem with no luck.

The above code is working properly on Win7 but not on Win8.

Only solution I found is to open C:\Windows\System32\ in explorer, find cmd.exe, make autoit right click on, click "run as administrator" then launch the batch file from there.

Not clean but at least it's working!

Edited by Neutro

Share this post


Link to post
Share on other sites

This is due to the RunAs function only running a process as another user.  It does not give the process full admin rights, the admin token, even if the run as user is an admin.  This requires another approach, such as using ShellExcute with the "runas" verb.  

 

Adam

1 person likes this

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Are you sure?  On Win 7 you tested with, do you have UAC turned off, or changed some Win 7 UAC registry settings with UAC turned on?  I have seen this same issue on Win 7, as well as Win 8 and 8.1, with UAC turned on.    

For your Win 7 and Win 8.1, test boxes, what are the following values for the keys under the following key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem? 

-FilterAdministratorToken

-ConsentPromptBehaviorAdmin

-EnableLUA

 

After a little testin, give the following function a try.  

_ShellExecuteWaitAsAdmin("userlogin","userdomain", "userpassword", 0, "\\server\path_to_batch\batch.bat")

Func _ShellExecuteWaitAsAdmin($sUserName, $sDomain, $sPassword, $iLogonFlag, $sFile, $sParamters = "")

    Local $sCmd = ' /AutoIt3ExecuteLine "ShellExecuteWait(''' & $sFile & ''', ''' & $sParamters & ''', '''', ''runas'')"'
    Return RunAsWait($sUserName, $sDomain, $sPassword, $iLogonFlag, @AutoItExe & $sCmd)

EndFunc

Adam

Edited by AdamUL
1 person likes this

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Glad I could help.  Let me know if it works for you.  

 

Adam

1 person likes this

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Hi, I started using autoit few days ago, and I love it.

Unfortunately I believe I've run into the same issue on win 8.1 x64.

My script won't modify/create Registry entries. Niether RegWrite nor Run(@ComSpec & ' /c regedit /s "' works. Also saving files (FileOpen/FileWrite) in protected directories doesn't work, though FileCreateShortcut and FileCopy works fine.

Here's my script (work in progress): http://pastebin.com/3xvRb0zR

I haven't tested it on windows 7 yet.

Edited by teshko

Share this post


Link to post
Share on other sites

Update: http://pastebin.com/AkdqB2cX

I tested fixed script on Windows 7 SP1 32bit and it works fine. On Windows 8.1 registry is not modified. (I had a dumb typo when doing a FileOpen test)

Share this post


Link to post
Share on other sites

Is your script compiled as 64-bit or 32-bit?  Are you sure that the registry is not modified?  Did you look at the keys under the "Wow6432Note"? What are the following values for the keys under the following key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem? 

-FilterAdministratorToken

-ConsentPromptBehaviorAdmin

-EnableLUA

 

Also, for running under a 64-bit system, please look at "Running under Windows 64-bit Edition" from the help file.  

 

 

Adam

1 person likes this

Share this post


Link to post
Share on other sites

Thank you Adam, that was it. I am running 32 bit on 64 bit for compatibility.

My keys were written to: HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftCryptographyCalaisSmartCards instead of HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyCalaisSmartCards

For whatever it means (reg query ...):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    EnableLUA    REG_DWORD    0x1
    ConsentPromptBehaviorAdmin    REG_DWORD    0x5
    FilterAdministratorToken    REG_DWORD    0x0

For reference I fixed with similar to this: 

Local $sRegKey = "\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\SynchrotekID"
If @OSArch = "X64" Then
    $sRegKey = "HKLM64" & $sRegKey
Else
    $sRegKey = "HKLM" & $sRegKey
EndIf

RegWrite($sRegKey)
RegWrite($sRegKey, "80000001", "REG_SZ", $InstallDir & "\opensc-minidriver.dll")
RegWrite($sRegKey, "ATR", "REG_BINARY", Binary("0x3BF81800008031FE450073C8401000900091"))
RegWrite($sRegKey, "ATRMask", "REG_BINARY", Binary("0xffffffffffffffffffffffffffffffffffff"))
RegWrite($sRegKey, "Crypto Provider", "REG_SZ", "Microsoft Base Smart Card Crypto Provider")
RegWrite($sRegKey, "Smart Card Key Storage Provider", "REG_SZ" ,"Microsoft Smart Card Key Storage Provider")

Share this post


Link to post
Share on other sites

Your welcome, glad I could help.  

Since you was thinking it was an admin rights issue, I wanted to see what your UAC settings were, and they are located under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem.  

 

Adam

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0