Jump to content
Sign in to follow this  
koons

Running file as admin in Win 7 vs XP

Recommended Posts

koons

Hi there everyone.  Haven't posted here in a long time and I could use some assistance again.

Previously, I created a script with some help from this forum that allows non-admin users to pulls a list of .exe files from a server.  They can then select one of the .exe files and it will run it with administrator rights.  It works perfectly in Windows XP, but not in Windows 7.  In Windows 7, if I right click the .exe I created from the script and select "Run as administrator" it will work.  But that defeats the purpose of allowing the user without admin rights to be able to run it.

Any help would be greatly appreciated.

 

 
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <ListViewConstants.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <file.au3>
#include <array.au3>
#include <GuiListView.au3>


#Region ### START Koda GUI section ### Form=c:\documents and settings\Admin\my documents\scripts\idsupdater\idsupdater.kxf
$IDSUpdaterForm = GUICreate("IDS Updater", 633, 447, 1584, 161)
    GUISetBkColor(0xA6CAF0)
$IDSUpdaterTitle = GUICtrlCreateLabel("IDS Updater 2.0", 179, 24, 275, 49)
    GUICtrlSetFont(-1, 30, 800, 4, "Garamond")
    GUICtrlSetColor(-1, 0x000000)
$Directions1 = GUICtrlCreateLabel("Please select the update you wish to install from the below list", 85, 104, 463, 25)
    GUICtrlSetFont(-1, 14, 400, 0, "Times New Roman")
$Directions2 = GUICtrlCreateLabel(" and hit the Update button.", 217, 136, 203, 25)
    GUICtrlSetFont(-1, 14, 400, 0, "Times New Roman")
    GUISetState(@SW_SHOW)
$AvailableUpdatesList = GUICtrlCreateListView("", 118, 165, 401, 160)
    GUICtrlSetFont(-1, 10, 400, 0, "Times New Roman")
    GUICtrlSetCursor (-1, 0)
    _GUICtrlListView_AddColumn($AvailableUpdatesList,"Available updates",397)
$FileList=_FileListToArray("\\domain.com\apps\IDS","*.exe")
    If @error=1 Then
        MsgBox(0,"","No folders found.")
        Exit
    EndIf
    If @error=4 Then
        MsgBox(0,"","No files found.")
        Exit
    EndIf
    Dim $a_lv_array[$FileList[0]][1]
    For $i = 1 To $FileList[0]
        $a_lv_array[$i - 1][0] = $FileList[$i]
    Next
    _GUICtrlListView_AddArray($AvailableUpdatesList,$a_lv_array)
$UpdateButton = GUICtrlCreateButton("Update", 120, 360, 153, 41, $WS_GROUP)
    GUICtrlSetFont(-1, 12, 800, 0, "Times New Roman")
$CancelButton = GUICtrlCreateButton("Cancel", 440, 360, 81, 41, $WS_GROUP)
    GUICtrlSetFont(-1, 12, 800, 0, "Times New Roman")
$Directions3 = GUICtrlCreateLabel("After clicking Update, there will be a delay while file is downloading.", 110, 410, 463, 25)
    GUICtrlSetFont(-1, 9, 400, 0, "Times New Roman")
GUISetState()
#EndRegion ### END Koda GUI section ###

While 1
    $nMsg = GUIGetMsg()
    WinMove("IDS Updater","",100,100)
    Switch $nMsg
        Case $GUI_EVENT_CLOSE
            Exit
        Case $CancelButton
            Exit
        Case $UpdateButton
            Local $sUserName = "Admin"
            Local $sDomainName = "domain.com"
            Local $sPassword = "secret"
            Local $sSelected = _GUICtrlListView_GetItemText($AvailableUpdatesList,number(_GUICtrlListView_GetSelectedIndices($AvailableUpdatesList)))
            If Not IsAdmin() Then
                RunAs($sUserName,$sDomainName,$sPassword,0,"\\domain.com\apps\IDS\" & $sSelected)
            Else
                MsgBox(0,"Silly goose.","You're an admin.  You don't need to run this.")
            EndIf
            Sleep(200)
            Exit
    EndSwitch
WEnd
Edited by koons

Share this post


Link to post
Share on other sites
MikahS

Look at the:

RunAs()

function

thank you for adding your script :)

Edited by MikahS

Snips & Scripts


My Snips: graphCPUTemp ~ getENVvars
My Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4

Feel free to use any of my code for your own use.                                                                                                                                                           Forum FAQ

 

Share this post


Link to post
Share on other sites
MikahS

Did you try #RequireAdmin at the beginning of your script ?

 

They are trying to run programs without admin rights.


Snips & Scripts


My Snips: graphCPUTemp ~ getENVvars
My Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4

Feel free to use any of my code for your own use.                                                                                                                                                           Forum FAQ

 

Share this post


Link to post
Share on other sites
koons

Thanks for checking my post out.  We are trying to allow users to run these .exe files without admin rights.  And I am by no means a programmer, so any help would be much appreciated.

Share this post


Link to post
Share on other sites
jguinch

#RequireAdmin does not execute the program with admin rights, it "just" executes the program with elevate privileges.

It is the same thing than "Run as administrator" option in the context menu.

RunAs executes a program with different credentials, but need an elevation of privileges if the program requires it (eg : diskpart, regedit...)

With UAC enabled, RunAs needs #RequireAdmin to execute a program with full rights (except for the builtin administrator account, which seems to not be affected by the UAC prompt)

Share this post


Link to post
Share on other sites
MikahS

#RequireAdmin does not execute the program with admin rights, it "just" executes the program with elevate privileges.

It is the same thing than "Run as administrator" option in the context menu.

RunAs executes a program with different credentials, but need an elevation of privileges if the program requires it (eg : diskpart, regedit...)

With UAC enabled, RunAs needs #RequireAdmin to execute a program with full rights (except for the builtin administrator account, which seems to not be affected by the UAC prompt)

 

Thank you for that information jguinch, very nice. I'm sure that will be OP's solution if I'm not mistaken. ;)


Snips & Scripts


My Snips: graphCPUTemp ~ getENVvars
My Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4

Feel free to use any of my code for your own use.                                                                                                                                                           Forum FAQ

 

Share this post


Link to post
Share on other sites
koons

Oh, I did not realize that but it sounds like that line could fix the problem.  Where would this be inserted into the script?

Share this post


Link to post
Share on other sites
MikahS

Top of your script either before or after your includes :)


Snips & Scripts


My Snips: graphCPUTemp ~ getENVvars
My Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4

Feel free to use any of my code for your own use.                                                                                                                                                           Forum FAQ

 

Share this post


Link to post
Share on other sites
MikahS

If you mean adding #RequireAdmin to your script, the user will need admin rights.

 

Are you saying jguinch is wrong? If so, please clarify. As now I'm thinking they are wrong..

EDIT: I don't have any way to test this at the moment..

Edited by MikahS

Snips & Scripts


My Snips: graphCPUTemp ~ getENVvars
My Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4

Feel free to use any of my code for your own use.                                                                                                                                                           Forum FAQ

 

Share this post


Link to post
Share on other sites
MikahS

If you have #RequireAdmin in your script either compiled or otherwise in Win7 the user of that script will need to have admin rights in order for it to run.

 

Good deal, I was correct (in my own head). So, essentially on win 7 the OP's question is irrelevant because this is impossible without admin rights?


Snips & Scripts


My Snips: graphCPUTemp ~ getENVvars
My Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4

Feel free to use any of my code for your own use.                                                                                                                                                           Forum FAQ

 

Share this post


Link to post
Share on other sites
koons

So I added that line.  Now it appears to be running elevated, but it is requiring admin credentials which is what we are trying to avoid.

Share this post


Link to post
Share on other sites
JohnOne

I never use the term impossible on a coding/scripting board, it invites all kinds of characters.

But I will say that in order to run a script or other program which requires admin or other elevated right, the user must have equal to or above the specified rights.

That is Win 7 decent security measures.

Edited by JohnOne

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites
MikahS

I agree, my apologies.

Hmm, maybe running an elevated cmd prompt would do this. But, that is with giving it admin rights.


Snips & Scripts


My Snips: graphCPUTemp ~ getENVvars
My Scripts: Short-Order Encrypter - message and file encryption V1.6.1 ~ AuPad - Notepad written entirely in AutoIt V1.9.4

Feel free to use any of my code for your own use.                                                                                                                                                           Forum FAQ

 

Share this post


Link to post
Share on other sites
willichan
jguinch

Sorry for the confusion. I wrote to fast.

JohnOne is right : #RequireAdmin prompts the user to enter credentials of an adminitrator user if the user is not an administrator group member.

Against, if the user is member of an administrator group, the prompt is just to validate the elevation.

Share this post


Link to post
Share on other sites
koons

So it seems like there is no way to do what I am trying to do here.  Is that a fair assumption?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×