Sign in to follow this  
Followers 0
ViciousXUSMC

RunAs or Other Elevation Methods

6 posts in this topic

Just curious, if you have a task that needs administrator rights to work but the user executing the script is only a user what kind of tricks/tips have we collectively gathered to make this happen?

I know we have RunAs() this would work well except the part I do not like is its not to run the current script, its to run another program.  Is there a creative way to have it self reference the script that contains it?

We have a few other UDF's out there for like Run as System, Install as Service, but they are pretty old and complicated so seems like it may be prone to error on newer OS or in various environments.

My ultimate goal would be being able to use a domain admin account but not have the credentials in plain text in the script (does not need to be super complicated, a simple regread() with one of our Crypt() functions would probably be more than enough in my case.  So that I can have users run a script off the desktop or at startup to do tasks they would be blocked from due to user level permissions.

Share this post


Link to post
Share on other sites



 

My ultimate goal would be being able to use a domain admin account but not have the credentials in plain text in the script (does not need to be super complicated, a simple regread() with one of our Crypt() functions would probably be more than enough in my case.  So that I can have users run a script off the desktop or at startup to do tasks they would be blocked from due to user level permissions.

Just make a smal Gui whith 2 Input's one for the Adminaccount and the other for the password,

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

@AutoBert that will not work the users are running the script and or the script will run at login

I need them to have admin privileges for limited tasks, they will never know the admin credentials, that is why RegRead() would be used to pull them down, and I can push that registry key via AD easily to change it as needed.  Users also have no rights to open RegEdit or CMD so it would be very hard for them to find the key even if they knew it was there, and if they did it would still be encrypted :)

My best idea for now is to push these kind of jobs in twos, one compiled .exe for the actual work, and another for the RunAs that will call the Admin Account to run.

I would be interested in some of your ideas JohnOne.

For the most part I can run anything as System because I have the Dell K1000 to push scripts and they run as System but for dynamic on the fly breakfix kind of stuff for these guys working Fire Trucks and Ambulances I want to give them the ability to self fix certain things that they do not have rights for.

Edited by ViciousXUSMC

Share this post


Link to post
Share on other sites

@AutoBert that will not work the users are running the script and or the script will run at login

My best idea for now is to push these kind of jobs in twos, one compiled .exe for the actual work, and another for the RunAs that will call the Admin Account to run.

Yes and so you must know a Password of an User with Adminprivileges. My best idea is to give the user's correct privileges, so they can do what they have to do or all this jobs must be done by a Admin

Share this post


Link to post
Share on other sites

I would create a script that executes another script on admin PC and returns the data needed, or even just a request for the admin PC to execute the script.

That way, no passwords ever touch user PC in script compiled or not.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0