DrLarch

Always prompt for credentials for elevation?

4 posts in this topic

#1 ·  Posted (edited)

Is it possible to make an AutoIt script/exe always prompt for credentials regardless if the logged in account is admin or not? I know #requireadmin will prompt if the account isn't admin, but I need to run under different credentials regardless. I'm trying to have the script prompt for domain admin credentials even if the user is a local admin. I know how to do it via shortcut (ie. C:\Windows\System32\runas.exe /noprofile /user:domain\user "%windir%\system32\notepad.exe"), but would like it to be all contained cleanly with the one AutoIt script, if possible.

Oops - sorry, started this in the wrong section. Can an admin please move?

Edited by DrLarch
wrong section

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

@DrLarch, I guess I am not understanding. If you always want to prompt for credentials, just build that into your script. It can be as easy as:

$sUser = InputBox("Username", "Enter your Username", "")
$sPass = InputBox("Password", "Enter your Password", "", "*")

Or you can do a small GUI. Then use the captured credentials in your RunAs.

Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Hi JLogan,

Ugh, I think I figured it out - I was close but it's working now. I just wanted to do it clean with only one exe. I was trying to figure out how to do it without needing two exe's, with the first one elevating the second. This one exe asks for the creds, then runs a second instance of the same exe elevated. The second instance detects that it's run the second time via command line parameter and therefore goes on without prompting for creds again. Does that make sense?

#include <Misc.au3>
#include <Array.au3>
#include "ExtMsgBox.au3"
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>

If $CmdLine[0] = 0 Then;First run, no parameters
    Global $strUser, $strPassword

    #region ### START Koda GUI section ### Form=C:\Program Files (x86)\AutoIt3\koda_1.7.3.0\Forms\Login.kxf
    $Form1 = GUICreate("Join Domain", 274, 122, 191, 122)
    $Input1 = GUICtrlCreateInput("", 116, 8, 149, 24)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Input2 = GUICtrlCreateInput("", 116, 48, 149, 24, $ES_PASSWORD)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Button1 = GUICtrlCreateButton("OK", 176, 80, 89, 33, $BS_DEFPUSHBUTTON)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label1 = GUICtrlCreateLabel("Admin Account:", 6, 14, 108, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label2 = GUICtrlCreateLabel("Password:", 6, 54, 72, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    GUISetState(@SW_SHOW)
    #endregion ### END Koda GUI section ###

    While 1
        Sleep(50)
        $nMsg = GUIGetMsg()
        Select
            Case $nMsg = $GUI_EVENT_CLOSE
                Exit
            Case $nMsg = $Button1
                ExitLoop
        EndSelect
    WEnd

    $strUser = GUICtrlRead($Input1)
    $strPassword = GUICtrlRead($Input2)
    $domain = "domain"

    GUIDelete($Form1)

    RunAs($strUser,$domain,$strPassword,0,@ScriptFullPath & " 1");Run second instance elevated
    ;MsgBox(0,"test","second instance should've run?")

    Exit
EndIf

If $CmdLine[0] > 0 Then;Second run, should have command line parameter
    _ArrayDisplay($CmdLine)
    MsgBox(0,"test","Second instance running with supplied credentials")
EndIf

 

Share this post


Link to post
Share on other sites

It seems to be good. What is the state of the UAC ? Is it enable ? If it is, you will have to elevate your 2nd instance.

Here is an other way, without using any CmdLine parameter, just testing if the user running the script is a domain user and has local admin rights (won't work if the domain user is a standard user with local admin rights)

#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <ButtonConstants.au3>

Local $sDomainName = "MyDomain.ad"

If IsAdmin() AND @LOGONSERVER = "\\" & $sDomainName Then 
    _DoStuff()
Else
    _RunAsDomainUser()
    If @error Then MsgBox(16, "", "Unable to run the program with the specified account")
    Exit
EndIf




Func _DoStuff()
    MsgBox(0,"test","instance running with domain user credentials and local admin rights")
EndFunc

Func _RunAsDomainUser()
    $Form1 = GUICreate("Join Domain", 274, 122, 191, 122)
    $Input1 = GUICtrlCreateInput("", 116, 8, 149, 24)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Input2 = GUICtrlCreateInput("", 116, 48, 149, 24, $ES_PASSWORD)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Button1 = GUICtrlCreateButton("OK", 176, 80, 89, 33, $BS_DEFPUSHBUTTON)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label1 = GUICtrlCreateLabel("Admin Account:", 6, 14, 108, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label2 = GUICtrlCreateLabel("Password:", 6, 54, 72, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    GUISetState(@SW_SHOW)
    #endregion ### END Koda GUI section ###

    While 1
        Sleep(50)
        $nMsg = GUIGetMsg()
        Select
            Case $nMsg = $GUI_EVENT_CLOSE
                Exit
            Case $nMsg = $Button1
                ExitLoop
        EndSelect
    WEnd

    $strUser = GUICtrlRead($Input1)
    $strPassword = GUICtrlRead($Input2)
    GUIDelete($Form1)
    
    RunAs($strUser, $sDomainName, $strPassword, 0, @ScriptFullPath)
    If @error Then Return SetError(1, 0, 0)
    Return 1
EndFunc

But now, how will you do to run the program with a domain account since the computer is not joined to this domain ? (is it member of an other domain and you have a domain approbation ?)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • hemichallenger
      By hemichallenger
      Hello everyone,
      Question: When adding #RequireAdmin within the script. It runs everything in the script with administrator rights. That's good because there are some functions i like to run with administrator rights. But I'm curious if it possible If within the script i had a option to open IE or Firefox for example. I don't want that to open with administrator rights. Is it possible when you select to open IE or Firefox, it opens that in a standard user?
      V/r
    • handofthrawn
      By handofthrawn
      I have a script that starts up all my work programs.  Programs like ventrilo, trillian, and other work stuff.  In the past week, I noticed two of these programs not starting up while 6 of them work the same.  I investigated and I notice these only start when I run the script as administrator (or add #requireadmin).  I use windows 7 and have no UAC.  I have not changed anything to my OS except install updates.  I'm so confused why only some of these programs now start up and require admin.  If I double click the executable or run in command prompt, they startup fine. 
      Does anyone have a clue what happened to cause this change and if I can change it back? 
      Below is the code I ran as a test.  Only the last program now starts up unless I add #requireadmin or right click and run the script as admin.  Thanks for any help.
       
      #include <Misc.au3>
      RUN("C:\Program Files\Ventrilo\Ventrilo.exe")
      Sleep(1000)
      RUN("C:\Program Files (x86)\Trillian\trillian.exe")
      RUN("C:\Program Files (x86)\Stealth Alerts\SAClient.exe") ;  This works just fine
       
    • Deye
      By Deye
      quoting the help file about #RequireAdmin:   "In case system doesn't have elevation mechanism (e.g. disabled UAC) new process will run under the same user as the original."   just to be clear about correctnone-correct cases regarding #RequireAdmin:   1. if the user is running under a disabled UAC, he wont be able to run as another user with admin rights ?   2. using #RequireAdmin and a disabled UAC wont give any message that user hasn't got admin privileges to run.., but then the script continue's (the script needs a routine to figure this out) ?   thanks
    • coffeeturtle
      By coffeeturtle
      Currently, if a program kicks off the UAC, the UAC properly lists the Program name, File origin and Program location. However, the Publisher for my compiled scripts comes up as Unknown.
      Is there a way to register/publish a script so that this field can be populated when the UAC is requested?
      Thank you.
      C-T
    • JoshuaBarnette
      By JoshuaBarnette
      I have been using AutoIT for several years now, although mostly with Windows XP. As my company is undertaking a massive Windows 7 conversion, I find that some of the features of AutoIT do not seem to work as I would think they should, which brings about my question today...
      I use the AutoIt3Wrapper with my compiled scripts and everything works well generally; however, I have a need to include two commands in an AutoIT script that have to be RunAsAdmin. I have the AutoITWrapper set as "#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator" and I am prompted for UAC elevation. The commands; however, do not seem to be elevating.
      RunWait(@ComSpec & ' /c bcdedit /set {default} recoveryenabled No', @HomeDrive, @SW_HIDE) RunWait(@ComSpec & ' /c bcdedit /set {default} bootstatuspolicy ignoreallfailures', @HomeDrive, @SW_HIDE) If I post the commands into an elevated command prompt they work correctly, but via the script they seem to be ignored.
      I appreciate any ideas and/or assistance.
      Thanks In Advance!!!