tweakster2010 Posted July 22, 2015 Share Posted July 22, 2015 (edited) Hey guys, I have a rather large program (in my mind large at this point) that I have written but out of the entire list of links that are access internally only 2 of them need to hit UAC, Policies on the machines are group controlled and on a domain so I am not going to interfere that way. Ideally what I am wanting to do is in the case of accessing Registry Editor and Command prompt, elevated with administrator IDs but only those 2 programs. The rest of them I have accessing just via administrator IDs.Just a sample of how I have the code right now, but the question is how would i go about forcing only the same said 2 things to require UAC and not hit any other programs the same way? Case $CMD $iPID = RunAs(GuiCtrlRead($Username), "domain.com", GuiCtrlRead($Pass), 1, "C:\Windows\system32\cmd.exe") Case $Print $iPID = RunAs(GuiCtrlRead($Username), "domain.com", GuiCtrlRead($Pass), 1, "mmc C:\Windows\system32\printmanagement.msc -s /computer:\\" & $RemotePCConnectedInsert) Case $AD $iPID = RunAs(GuiCtrlRead($Username), "domain.com", GuiCtrlRead($Pass), 0, "mmc C:\Windows\System32\dsa.msc") Case $Reg $iPID = RunAs(GuiCtrlRead($Username), "domain.com", GuiCtrlRead($Pass), 4, "C:\windows\regedit.exe")Now I can use requireadmin at the top of the program but when doing a sharescreen (helping others using the program) i cannot access simple things it calls because all programs it is hitting are elevated and realistically I only want cmd and regedit elevated. I read on other posts and the help file about IsAdmin but I guess what I am missing is how to requireadmin just in those 2 cases. Any help is greatly appreciated Edited July 22, 2015 by tweakster2010 corrected too many code tags Link to comment Share on other sites More sharing options...
Administrators Jon Posted July 22, 2015 Administrators Share Posted July 22, 2015 (edited) If you have UAC then you absolutely cannot use RunAs to elevate - it won't work (it's a hangover from XP and a few other cases). You need to using shellexecute with a runas verb (this is what #requireadmin simulates). So if you want some parts of the program to be admin and some not then you need multiple scripts. Maybe a normal script that calls a second script (containing #requireadmin). You've probably seen this approach in some installers where they get halfway through before asking for admin rights - they are executing a second installer at this point (effectively).I should probably update the docs for this because it catches everyone out. Edited July 22, 2015 by Jon Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/ Link to comment Share on other sites More sharing options...
rjframe Posted July 22, 2015 Share Posted July 22, 2015 You could either run a second program to run them, like Jon said, or use Ascend4nt's _RunWithReducedPrivileges on all but those two. The first option is better from a security standpoint (if your application doesn't need the rights, you shouldn't give them), but with the second there will only be one UAC dialog. Link to comment Share on other sites More sharing options...
tweakster2010 Posted July 22, 2015 Author Share Posted July 22, 2015 Many thanks and i did see that was a recommended path i was just hoping i could lock it into just the one. Still love using Autoit for all my tasks, saves lives and time like crazy! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now