You guys helped me years ago to address logging in with a different account than the user. I have sense modified it over the years due to laptops syncing with AD which is why you will see 3 different passwords. So, this script snippet has worked for me in many things i have written but I am all the sudden having an issue getting it to work. I have verified that the password i am using for the local user account is $pass. Verified by doing a run as different user on Chrome and cut and pasted the password out of the script just to make sure i was not fat fingering something.
I get a fail back from RunAs every time.
Any chance you guys see something i am doing wrong?
#include <MsgBoxConstants.au3> #include <WinAPIFiles.au3> ;#RequireAdmin If $CmdLine > 0 Then If $CmdLine = "/Install" Then RunUpdate() Exit EndIf ;;Will check users account to determine if admin, if not will Run with admin rights -------------------------------------------------------------- ;;Varables Start Local $user = ".\user" Local $pass = "password1" Local $pass2 = "password2" Local $pass3 = "password3" Local $filetorun = @ScriptFullPath & " /Install" ;;Varables End If IsAdmin () = 0 Then If RunAs ( $user, @CompterName, $pass, $RUN_LOGON_NOPROFILE,$filetorun) = 0 Then ;If RunAs ( $user, @ComputerName, $pass2, 0,$filetorun) = 0 Then ;If RunAs ( $user, @ComputerName, $pass3, 0,$filetorun) = 0 Then ;MsgBox (0,"Installation Error", "This installation was interrupted due to an incorrect Admin Password") ;Exit ;EndIf ;EndIf EndIf Exit Else Run ($filetorun) EndIf Func RunUpdate() MsgBox(0,"worked","worked") EndFunc
How to know if a script was run as administrator? (right-click and choose "run as administrator")
The "Isadmin" command only shows whether the logged account has administrator rights.
I found a few related topics for some reference:
Basically the issue has always been how to interpret and work with the results of IsAdmin() when running under UAC, and the desire for developers to not force the use of #RequireAdmin (or the AutoIt3Wrapper manifest equivalent) for all of their users. A lot of programs have that nice 'Elevate' button which is presented to you when the function is available, to selectively elevate the application and enable administrative functions. Here's my attempt at detecting this scenario.
The function will return the current admin status, and the ability of the current app to elevate itself under UAC in @extended. A small example should show how it is used. The example can be run from SciTE or compiled, allowing you to test all kinds of scenarios.
Something interesting I found... if an app is launched from another fully elevated app, and that new app is launched with restricted privileges by way of the SAFER api, then that app CANNOT re-elevate itself to full admin status. The other way to lower a launched app's privileges uses either CreateProcessAsUser or CreateProcessWithTokenW (there are scripts on the forum that show their usage). Apps launched with either of those functions CAN re-elevate themselves to full admin status.
#include <Security.au3> ; #FUNCTION# ==================================================================================================================== ; Name ..........: _IsUACAdmin ; Description ...: Determines if process has Admin privileges and whether running under UAC. ; Syntax ........: _IsUACAdmin() ; Parameters ....: None ; Return values .: Success - 1 - User has full Admin rights (Elevated Admin w/ UAC) ; Failure - 0 - User is not an Admin, sets @extended: ; | 0 - User cannot elevate ; | 1 - User can elevate ; Author ........: Erik Pilsits ; Modified ......: ; Remarks .......: THE GOOD STUFF: returns 0 w/ @extended = 1 > UAC Protected Admin ; Related .......: ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _IsUACAdmin() ; check elevation If StringRegExp(@OSVersion, "_(XP|20(0|3))") Or (Not _IsUACEnabled()) Then ; XP, XPe, 2000, 2003 > no UAC ; no UAC available or turned off If IsAdmin() Then Return SetExtended(0, 1) Else Return SetExtended(0, 0) EndIf Else ; check UAC elevation ; ; get process token groups information Local $hToken = _Security__OpenProcessToken(_WinAPI_GetCurrentProcess(), $TOKEN_QUERY) Local $tTI = _Security__GetTokenInformation($hToken, $TOKENGROUPS) _WinAPI_CloseHandle($hToken) ; Local $pTI = DllStructGetPtr($tTI) Local $cbSIDATTR = DllStructGetSize(DllStructCreate("ptr;dword")) Local $count = DllStructGetData(DllStructCreate("dword", $pTI), 1) Local $pGROUP1 = DllStructGetPtr(DllStructCreate("dword;STRUCT;ptr;dword;ENDSTRUCT", $pTI), 2) Local $tGROUP, $sGROUP = "" ; ; S-1-5-32-544 > BUILTINAdministrators > $SID_ADMINISTRATORS ; S-1-16-8192 > Mandatory LabelMedium Mandatory Level (Protected Admin) > $SID_MEDIUM_MANDATORY_LEVEL ; S-1-16-12288 > Mandatory LabelHigh Mandatory Level (Elevated Admin) > $SID_HIGH_MANDATORY_LEVEL ; SE_GROUP_USE_FOR_DENY_ONLY = 0x10 ; ; check SIDs Local $inAdminGrp = False, $denyAdmin = False, $elevatedAdmin = False, $sSID For $i = 0 To $count - 1 $tGROUP = DllStructCreate("ptr;dword", $pGROUP1 + ($cbSIDATTR * $i)) $sSID = _Security__SidToStringSid(DllStructGetData($tGROUP, 1)) If StringInStr($sSID, "S-1-5-32-544") Then ; member of Administrators group $inAdminGrp = True ; check for deny attribute If (BitAND(DllStructGetData($tGROUP, 2), 0x10) = 0x10) Then $denyAdmin = True ElseIf StringInStr($sSID, "S-1-16-12288") Then $elevatedAdmin = True EndIf Next ; If $inAdminGrp Then ; check elevated If $elevatedAdmin Then ; check deny status If $denyAdmin Then ; protected Admin CANNOT elevate Return SetExtended(0, 0) Else ; elevated Admin Return SetExtended(1, 1) EndIf Else ; protected Admin Return SetExtended(1, 0) EndIf Else ; not an Admin Return SetExtended(0, 0) EndIf EndIf EndFunc ;==>_IsUACAdmin Func _IsUACEnabled() Return (RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "EnableLUA") = 1) EndFunc ;==>_IsUACEnabled
#include <_IsUACAdmin.au3> #include <GuiButton.au3> #include <GuiConstantsEx.au3> $g = GUICreate("UAC Test", 200, 100) $b = GUICtrlCreateButton("Elevate", 200-72, 100-27, 70, 25) _GUICtrlButton_SetShield($b) $admin = _IsUACAdmin() $canelevate = @extended GUICtrlCreateLabel("IsAdmin (built-in): " & (IsAdmin() = 1), 4, 4) GUICtrlCreateLabel("_IsUACAdmin (full admin): " & ($admin = 1), 4, 24) GUICtrlCreateLabel("Process can elevate: " & ($canelevate = 1), 4, 44) If $admin Or (Not $canelevate) Then GUICtrlSetState($b, $GUI_DISABLE) GUISetState() While 1 Switch GUIGetMsg() Case -3 ExitLoop Case $b ; restart elevated If @Compiled Then ShellExecute(@ScriptFullPath, "", @WorkingDir, "runas") Else ShellExecute(@AutoItExe, '/AutoIt3ExecuteScript "' & @ScriptFullPath & '"', @WorkingDir, "runas") EndIf Exit EndSwitch WEnd