Sign in to follow this  
Followers 0
hemichallenger

#RequireAdmin question

8 posts in this topic

Hello everyone,

Question: When adding #RequireAdmin within the script. It runs everything in the script with administrator rights. That's good because there are some functions i like to run with administrator rights. But I'm curious if it possible If within the script i had a option to open IE or Firefox for example. I don't want that to open with administrator rights. Is it possible when you select to open IE or Firefox, it opens that in a standard user?

V/r

Share this post


Link to post
Share on other sites



Yes. See example for _Security__CreateProcessWithToken() inside the help file.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Not sure how this function works. Can you provide and example with CMD.exe?

#RequireAdmin ; for this example to have sense

#include <ProcessConstants.au3>
#include <Security.au3>
#include <SecurityConstants.au3>
#include <StructureConstants.au3>
#include <WinAPI.au3>

Example_ProcessWithTok()

Func Example_ProcessWithTok()
    ; Run AutoIt non-elevated regardless of having full administrator rights obtained using #RequireAdmin or by any other means
    _RunNonElevated(ShellExecute ("C:\Windows\System32\cmd.exe"))
EndFunc
Func _RunNonElevated($sCommandLine = "")
    If Not IsAdmin() Then Return Run($sCommandLine) ; if current process is run non-elevated then just Run new one.

    ; Structures needed for creating process
    Local $tSTARTUPINFO = DllStructCreate($tagSTARTUPINFO)
    Local $tPROCESS_INFORMATION = DllStructCreate($tagPROCESS_INFORMATION)

    ; Process handle of some process that's run non-elevated. For example "Explorer"
    Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, ProcessExists("explorer.exe"))

    ; If successful
    If $hProcess Then
        ; Token...
        Local $hTokOriginal = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
        ; Process handle is no longer needed. Close it
        _WinAPI_CloseHandle($hProcess)
        ; If successful
        If $hTokOriginal Then
            ; Duplicate the original token
            Local $hTokDuplicate = _Security__DuplicateTokenEx($hTokOriginal, $TOKEN_ALL_ACCESS, $SECURITYIMPERSONATION, $TOKENPRIMARY)
            ; Close the original token
            _WinAPI_CloseHandle($hTokOriginal)
            ; If successful
            If $hTokDuplicate Then
                ; Create process with this new token
                _Security__CreateProcessWithToken($hTokDuplicate, 0, $sCommandLine, 0, @ScriptDir, $tSTARTUPINFO, $tPROCESS_INFORMATION)

                ; Close that token
                _WinAPI_CloseHandle($hTokDuplicate)
                ; Close get handles
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hProcess"))
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hThread"))
                ; Return PID of newly created process
                Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID")
            EndIf
        EndIf
    EndIf
EndFunc   ;==>_RunNonElevated

 

Share this post


Link to post
Share on other sites
_RunNonElevated('cmd.exe')

 


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Thank you. This function is still new to me. How do you use it with IE to go to a specific link?

$URL = ("https://www.youtube.com/watch?v=BLU60CD-Poo")
_RunNonElevated('C:\Program Files (x86)\Internet Explorer\iexplore.exe')


; This is how I use to open explore to a specific link. Doesn't work with _RunNonElevated
$URL = ("https://www.youtube.com/watch?v=BLU60CD-Poo")
ShellExecute ("C:\Program Files\Internet Explorer\iexplore.exe", $URL)

 

Share this post


Link to post
Share on other sites
$sURL = "https://www.nsa.gov/"
_RunNonElevated(@ProgramFilesDir & "\Internet Explorer\iexplore.exe " & $sURL)

 

2 people like this

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Thank you. It worked on my standalone machine I was using for testing. Unfortunately it doesn't work on my domain computer which uses CAC authentication.

Edited by hemichallenger

Share this post


Link to post
Share on other sites

Instead of opening IE with _RunNonElevated. If IE is already open, how do I change to the URL i want? And if IE isn't open Msgbox a message please open IE before running.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • DrLarch
      By DrLarch
      Is it possible to make an AutoIt script/exe always prompt for credentials regardless if the logged in account is admin or not? I know #requireadmin will prompt if the account isn't admin, but I need to run under different credentials regardless. I'm trying to have the script prompt for domain admin credentials even if the user is a local admin. I know how to do it via shortcut (ie. C:\Windows\System32\runas.exe /noprofile /user:domain\user "%windir%\system32\notepad.exe"), but would like it to be all contained cleanly with the one AutoIt script, if possible.
      Oops - sorry, started this in the wrong section. Can an admin please move?
    • handofthrawn
      By handofthrawn
      I have a script that starts up all my work programs.  Programs like ventrilo, trillian, and other work stuff.  In the past week, I noticed two of these programs not starting up while 6 of them work the same.  I investigated and I notice these only start when I run the script as administrator (or add #requireadmin).  I use windows 7 and have no UAC.  I have not changed anything to my OS except install updates.  I'm so confused why only some of these programs now start up and require admin.  If I double click the executable or run in command prompt, they startup fine. 
      Does anyone have a clue what happened to cause this change and if I can change it back? 
      Below is the code I ran as a test.  Only the last program now starts up unless I add #requireadmin or right click and run the script as admin.  Thanks for any help.
       
      #include <Misc.au3>
      RUN("C:\Program Files\Ventrilo\Ventrilo.exe")
      Sleep(1000)
      RUN("C:\Program Files (x86)\Trillian\trillian.exe")
      RUN("C:\Program Files (x86)\Stealth Alerts\SAClient.exe") ;  This works just fine
       
    • Deye
      By Deye
      quoting the help file about #RequireAdmin:   "In case system doesn't have elevation mechanism (e.g. disabled UAC) new process will run under the same user as the original."   just to be clear about correctnone-correct cases regarding #RequireAdmin:   1. if the user is running under a disabled UAC, he wont be able to run as another user with admin rights ?   2. using #RequireAdmin and a disabled UAC wont give any message that user hasn't got admin privileges to run.., but then the script continue's (the script needs a routine to figure this out) ?   thanks
    • coffeeturtle
      By coffeeturtle
      Currently, if a program kicks off the UAC, the UAC properly lists the Program name, File origin and Program location. However, the Publisher for my compiled scripts comes up as Unknown.
      Is there a way to register/publish a script so that this field can be populated when the UAC is requested?
      Thank you.
      C-T
    • JoshuaBarnette
      By JoshuaBarnette
      I have been using AutoIT for several years now, although mostly with Windows XP. As my company is undertaking a massive Windows 7 conversion, I find that some of the features of AutoIT do not seem to work as I would think they should, which brings about my question today...
      I use the AutoIt3Wrapper with my compiled scripts and everything works well generally; however, I have a need to include two commands in an AutoIT script that have to be RunAsAdmin. I have the AutoITWrapper set as "#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator" and I am prompted for UAC elevation. The commands; however, do not seem to be elevating.
      RunWait(@ComSpec & ' /c bcdedit /set {default} recoveryenabled No', @HomeDrive, @SW_HIDE) RunWait(@ComSpec & ' /c bcdedit /set {default} bootstatuspolicy ignoreallfailures', @HomeDrive, @SW_HIDE) If I post the commands into an elevated command prompt they work correctly, but via the script they seem to be ignored.
      I appreciate any ideas and/or assistance.
      Thanks In Advance!!!