Jump to content
Sign in to follow this  

#RequireAdmin question

Recommended Posts

Hello everyone,

Question: When adding #RequireAdmin within the script. It runs everything in the script with administrator rights. That's good because there are some functions i like to run with administrator rights. But I'm curious if it possible If within the script i had a option to open IE or Firefox for example. I don't want that to open with administrator rights. Is it possible when you select to open IE or Firefox, it opens that in a standard user?


Share this post

Link to post
Share on other sites

Not sure how this function works. Can you provide and example with CMD.exe?

#RequireAdmin ; for this example to have sense

#include <ProcessConstants.au3>
#include <Security.au3>
#include <SecurityConstants.au3>
#include <StructureConstants.au3>
#include <WinAPI.au3>


Func Example_ProcessWithTok()
    ; Run AutoIt non-elevated regardless of having full administrator rights obtained using #RequireAdmin or by any other means
    _RunNonElevated(ShellExecute ("C:\Windows\System32\cmd.exe"))
Func _RunNonElevated($sCommandLine = "")
    If Not IsAdmin() Then Return Run($sCommandLine) ; if current process is run non-elevated then just Run new one.

    ; Structures needed for creating process
    Local $tSTARTUPINFO = DllStructCreate($tagSTARTUPINFO)

    ; Process handle of some process that's run non-elevated. For example "Explorer"
    Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, 0, ProcessExists("explorer.exe"))

    ; If successful
    If $hProcess Then
        ; Token...
        Local $hTokOriginal = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
        ; Process handle is no longer needed. Close it
        ; If successful
        If $hTokOriginal Then
            ; Duplicate the original token
            Local $hTokDuplicate = _Security__DuplicateTokenEx($hTokOriginal, $TOKEN_ALL_ACCESS, $SECURITYIMPERSONATION, $TOKENPRIMARY)
            ; Close the original token
            ; If successful
            If $hTokDuplicate Then
                ; Create process with this new token
                _Security__CreateProcessWithToken($hTokDuplicate, 0, $sCommandLine, 0, @ScriptDir, $tSTARTUPINFO, $tPROCESS_INFORMATION)

                ; Close that token
                ; Close get handles
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hProcess"))
                _WinAPI_CloseHandle(DllStructGetData($tPROCESS_INFORMATION, "hThread"))
                ; Return PID of newly created process
                Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID")
EndFunc   ;==>_RunNonElevated


Share this post

Link to post
Share on other sites

Thank you. This function is still new to me. How do you use it with IE to go to a specific link?

$URL = ("https://www.youtube.com/watch?v=BLU60CD-Poo")
_RunNonElevated('C:\Program Files (x86)\Internet Explorer\iexplore.exe')

; This is how I use to open explore to a specific link. Doesn't work with _RunNonElevated
$URL = ("https://www.youtube.com/watch?v=BLU60CD-Poo")
ShellExecute ("C:\Program Files\Internet Explorer\iexplore.exe", $URL)


Share this post

Link to post
Share on other sites

Thank you. It worked on my standalone machine I was using for testing. Unfortunately it doesn't work on my domain computer which uses CAC authentication.

Edited by hemichallenger

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • By DrLarch
      Is it possible to make an AutoIt script/exe always prompt for credentials regardless if the logged in account is admin or not? I know #requireadmin will prompt if the account isn't admin, but I need to run under different credentials regardless. I'm trying to have the script prompt for domain admin credentials even if the user is a local admin. I know how to do it via shortcut (ie. C:\Windows\System32\runas.exe /noprofile /user:domain\user "%windir%\system32\notepad.exe"), but would like it to be all contained cleanly with the one AutoIt script, if possible.
      Oops - sorry, started this in the wrong section. Can an admin please move?
    • By handofthrawn
      I have a script that starts up all my work programs.  Programs like ventrilo, trillian, and other work stuff.  In the past week, I noticed two of these programs not starting up while 6 of them work the same.  I investigated and I notice these only start when I run the script as administrator (or add #requireadmin).  I use windows 7 and have no UAC.  I have not changed anything to my OS except install updates.  I'm so confused why only some of these programs now start up and require admin.  If I double click the executable or run in command prompt, they startup fine. 
      Does anyone have a clue what happened to cause this change and if I can change it back? 
      Below is the code I ran as a test.  Only the last program now starts up unless I add #requireadmin or right click and run the script as admin.  Thanks for any help.
      #include <Misc.au3>
      RUN("C:\Program Files\Ventrilo\Ventrilo.exe")
      RUN("C:\Program Files (x86)\Trillian\trillian.exe")
      RUN("C:\Program Files (x86)\Stealth Alerts\SAClient.exe") ;  This works just fine
    • By Deye
      quoting the help file about #RequireAdmin:   "In case system doesn't have elevation mechanism (e.g. disabled UAC) new process will run under the same user as the original."   just to be clear about correctnone-correct cases regarding #RequireAdmin:   1. if the user is running under a disabled UAC, he wont be able to run as another user with admin rights ?   2. using #RequireAdmin and a disabled UAC wont give any message that user hasn't got admin privileges to run.., but then the script continue's (the script needs a routine to figure this out) ?   thanks
    • By coffeeturtle
      Currently, if a program kicks off the UAC, the UAC properly lists the Program name, File origin and Program location. However, the Publisher for my compiled scripts comes up as Unknown.
      Is there a way to register/publish a script so that this field can be populated when the UAC is requested?
      Thank you.
    • By JoshuaBarnette
      I have been using AutoIT for several years now, although mostly with Windows XP. As my company is undertaking a massive Windows 7 conversion, I find that some of the features of AutoIT do not seem to work as I would think they should, which brings about my question today...
      I use the AutoIt3Wrapper with my compiled scripts and everything works well generally; however, I have a need to include two commands in an AutoIT script that have to be RunAsAdmin. I have the AutoITWrapper set as "#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator" and I am prompted for UAC elevation. The commands; however, do not seem to be elevating.
      RunWait(@ComSpec & ' /c bcdedit /set {default} recoveryenabled No', @HomeDrive, @SW_HIDE) RunWait(@ComSpec & ' /c bcdedit /set {default} bootstatuspolicy ignoreallfailures', @HomeDrive, @SW_HIDE) If I post the commands into an elevated command prompt they work correctly, but via the script they seem to be ignored.
      I appreciate any ideas and/or assistance.
      Thanks In Advance!!!
  • Create New...