Sign in to follow this  
Followers 0
twistedtech

Launch an elevated user process from system

10 posts in this topic

I am trying to write an autoit script to configure a local limited user account. This script will be started from System. I am trying to run "SystemPropertiesAdvanced.exe" but it is failing because it needs admin privileges. SystemPropertiesAdvanced.exe must run under the local account since it accesses the account's profile. Now System has admin rights, since it is system. Is there a way to use System's privileges to run the process as admin under the limited user account?

Share this post


Link to post
Share on other sites



what makes you think SystemPropertiesAdvanced.exe relates specifically to the calling user? to me it looks like system-wide settings. is it the "environment variables"? you can access them directly.

Share this post


Link to post
Share on other sites

I am attempting to set the Visual Effects in Performance Options, which are per user settings. When I trace it with ProcMon, the registry writes go to HKCU.

Share this post


Link to post
Share on other sites

how about if you make the changes for yourself, then you export the relevant HKCU branch and import it later on any user you want? the import to HKCU should not require additional permissions.

in principal, if you wish to automate a process, and you can do it either by launching dialogs and clicking buttons, or you can do it behind the scene, go for the latter. it's more robust, professional and less prone to errors.

Share this post


Link to post
Share on other sites

I tried modifying the registry first. I got it to mostly work. I was able to set the HKCU key (see below) and it effectively changed the performance options to what I wanted but the GUI did not reflect that. It was deemed unacceptable since the GUI was "lying" to the user, so I set about doing it the launching dialogs and clicking buttons way. Which is where I hit this issue.

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerVisualEffects]
"VisualFXSetting"=dword:00000002

Share this post


Link to post
Share on other sites

there can be at-least two causes for the GUI not to display the registry correctly:

1) you have a complete set of keys you must set, not just one

2) log-off/log-on may be required.

i'll check this tomorrow.

anyway, regarding your intent to launch the GUI as SYSTEM from the impacted user account - it won't work. to do that, you'll have to temporarily join the user to the local Administrators group, then launch the GUI, then remove the user from the group.

Share this post


Link to post
Share on other sites

I spent some time trying to find the full set of keys to accomplish this and was not able to. If you are able to, I will be most grateful.

That's what I was thinking, I assume AutoIt has no way to tie into UAC? I would be surprised if it did since that would defeat the purpose of UAC.

Share this post


Link to post
Share on other sites

I am trying to write an autoit script to configure a local limited user account. This script will be started from System. I am trying to run "SystemPropertiesAdvanced.exe" but it is failing because it needs admin privileges. SystemPropertiesAdvanced.exe must run under the local account since it accesses the account's profile. Now System has admin rights, since it is system. Is there a way to use System's privileges to run the process as admin under the limited user account?

Could you write a script which runs in the user account and

saves the relevant reg key from HKCU to a.reg

Starts a script which requires admin which renames the key for the admin in HKCU and imports a.reg. then runs whatever to make the changes wanted. Export the key to a.reg, delete the key and rename the original key back. Then close and back to the user level script which imports a.reg.

?


Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script.

Share this post


Link to post
Share on other sites

tested on Windows 8.1, i manually modify the single registry key you mentioned, i see no issue, all is OK, GUI change according to registry, no additional registry changes and no log-off required. just close and re-open the dialog to see it changes.

i will test on Windows 7 & XP when possible. what version of Windows are you using?

Share this post


Link to post
Share on other sites

i stand corrected. the registry actually changes nothing in the visual effects, only the options GUI. i gues i shouldn't have tested it on Windows 8 - it's ugly no matter how you set it up... :(

look here:

http://blogs.msdn.com/b/oldnewthing/archive/2014/01/23/10491935.aspx

i have no doubt that some guys around here are able to call the correct API, but i'm not one of those guys...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0