Jump to content

Run a program as admin


Hdhsgaydh
 Share

Recommended Posts

Hi all, first of all I want to thank anyone for any help as it is greatly appreciated!

So, here goes,

The situation: Currently we have an application that requires admin privileges to be run correctly. This is a problem because it means giving all of ours users admin access to their local machine. I've been working here and year and can see already that this is a huge problem and it causes me more work due to people having these permissions "eg, spyware and bloatware"

The problem: I want to be able to use Auto IT to be able to run this program in administrator mode while still keeping the user as a basic user (no install privileges etc) I know that there is the "/savecred" command in the 'runas' tool that windows has built in, the only problem is that each user has to have the password entered before they can use it. We have 30 users and they all switch between machines as its a call centre so having to go around to each machine and type in the password 30 times on each account isn't feasible.

Please let me know if you need anymore information and again thank you to anyone who helps :)

Link to comment
Share on other sites

I have put thought to this, but the problem with that is that a lot of the files that it uses are local. Its the worst piece of software imaginable and its been developed by our own in-house devs (all of which were fired long before my arrival here) I've always been taught that giving admin rights to standard pleb users is a bad idea, and this just goes to show it. 

Link to comment
Share on other sites

Of course, that's standard.

However I did not mean run the app on the admin machine, I mean the app is ran on the local machine, but is executed remotely from the admin machine. All file paths remain in tact.

 

Problem is, I've not worked on such a network so I cannot help you on that score. Suffice to say it is possible.

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites

A no-secure/dangerous way ;

- Create a local user on each computer, and add it to the local administrators group (or better, use a domain user and a GPO if you have an Active Directory)
- Compile an AutoIt Script containing a RunAs call (which use the username and password of the local user created previously)

Do not hit me, sometimes the simplest solutions are time saving :D

Link to comment
Share on other sites

Ok so that sounds a lot more like it! I have a domain user which has been assigned admin privileges on the local machine. This has obviously been password protected so the minions cannot gain access to the admin rights. How would I go about writing the code for the AutoIT script? I think I have an idea but im brand new to AutoIT and have no idea how the syntax works :P

Link to comment
Share on other sites

Of course, that's standard.

However I did not mean run the app on the admin machine, I mean the app is ran on the local machine, but is executed remotely from the admin machine. All file paths remain in tact.

 

Problem is, I've not worked on such a network so I cannot help you on that score. Suffice to say it is possible.

I'm not sure that would work again in this case as we also need the drives to be mapped to the account. (it needs our q drive to be able to work properly) Unless I found a way to map the q drive on there too, and to of course get it to run the program remotely of course ;)

Link to comment
Share on other sites

  • Administrators

Unless the machines are Windows XP that isn't going to work. RunAs doesn't really work as you'd expect in UAC environments since Vista/Windows 7.

Why does the application need admin rights? Does it just need extra file/registry access? Often you can just open up a few file/registry areas and get away with it.

Link to comment
Share on other sites

Well, it's easy :

 - Open the helpfile
 - Navigate to AutoIt / Function Reference /  Process Management / RunAs and look at the example.

 

Thank you very much I will go and have a look and update if it all works out :)

Unless the machines are Windows XP that isn't going to work. RunAs doesn't really work as you'd expect in UAC environments since Vista/Windows 7.

Why does the application need admin rights? Does it just need extra file/registry access? Often you can just open up a few file/registry areas and get away with it.

These are Windows 7/10 machines and I have tried it before and it does work as intended. The problem I have with your suggestion is that no one knows why it needs the admin rights, everyone who did know was made redundant years ago sadly. I'm just trying my best to make the situation better for me and my team with the limited knowledge i have (straight out of uni)

Link to comment
Share on other sites

Jon begins by the begining, and it's the direction that you should take.

With RunAs, the network drives will be lost (because it's a different user context).

If you don't know why your program needs admin rights, take a look at Process Monitor (https://technet.microsoft.com/en-us/library/bb896645.aspx) : if will give you a lot of informations about what happens on your computer. You can add a filter to monitor a given process, then you just have to search for "access denied" in the result. (in theory because sometimes, it's not easy at all).

Link to comment
Share on other sites

Jon begins by the begining, and it's the direction that you should take.

With RunAs, the network drives will be lost (because it's a different user context).

If you don't know why your program needs admin rights, take a look at Process Monitor (https://technet.microsoft.com/en-us/library/bb896645.aspx) : if will give you a lot of informations about what happens on your computer. You can add a filter to monitor a given process, then you just have to search for "access denied" in the result. (in theory because sometimes, it's not easy at all).

So with that tool I can see exactly where the program is hitting brick walls in terms of permissions?

You should at least know what the application does?

EDIT:

Then make a new one.

Hey, im just the computer engineer. I can't code its way WAY out of my scope :P I would say even doing this stuff is above and beyond my job description but i'm just trying to help :)

Link to comment
Share on other sites

So with that tool I can see exactly where the program is hitting brick walls in terms of permissions?

It gives you all registry/files/network/thread events. Try it, you will see (you have to run it with admin rights - runas different user - and run the app with the limited rights)

Link to comment
Share on other sites

It gives you all registry/files/network/thread events. Try it, you will see (you have to run it with admin rights - runas different user - and run the app with the limited rights)

I'll give this a go and see what happens. If this fails then I can try the dirty way ;)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...