Jump to content

Always prompt for credentials for elevation?


DrLarch
 Share

Recommended Posts

Is it possible to make an AutoIt script/exe always prompt for credentials regardless if the logged in account is admin or not? I know #requireadmin will prompt if the account isn't admin, but I need to run under different credentials regardless. I'm trying to have the script prompt for domain admin credentials even if the user is a local admin. I know how to do it via shortcut (ie. C:\Windows\System32\runas.exe /noprofile /user:domain\user "%windir%\system32\notepad.exe"), but would like it to be all contained cleanly with the one AutoIt script, if possible.

Oops - sorry, started this in the wrong section. Can an admin please move?

Edited by DrLarch
wrong section
Link to comment
Share on other sites

  • Moderators

@DrLarch, I guess I am not understanding. If you always want to prompt for credentials, just build that into your script. It can be as easy as:

$sUser = InputBox("Username", "Enter your Username", "")
$sPass = InputBox("Password", "Enter your Password", "", "*")

Or you can do a small GUI. Then use the captured credentials in your RunAs.

Edited by JLogan3o13

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

Hi JLogan,

Ugh, I think I figured it out - I was close but it's working now. I just wanted to do it clean with only one exe. I was trying to figure out how to do it without needing two exe's, with the first one elevating the second. This one exe asks for the creds, then runs a second instance of the same exe elevated. The second instance detects that it's run the second time via command line parameter and therefore goes on without prompting for creds again. Does that make sense?

#include <Misc.au3>
#include <Array.au3>
#include "ExtMsgBox.au3"
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>

If $CmdLine[0] = 0 Then;First run, no parameters
    Global $strUser, $strPassword

    #region ### START Koda GUI section ### Form=C:\Program Files (x86)\AutoIt3\koda_1.7.3.0\Forms\Login.kxf
    $Form1 = GUICreate("Join Domain", 274, 122, 191, 122)
    $Input1 = GUICtrlCreateInput("", 116, 8, 149, 24)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Input2 = GUICtrlCreateInput("", 116, 48, 149, 24, $ES_PASSWORD)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Button1 = GUICtrlCreateButton("OK", 176, 80, 89, 33, $BS_DEFPUSHBUTTON)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label1 = GUICtrlCreateLabel("Admin Account:", 6, 14, 108, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label2 = GUICtrlCreateLabel("Password:", 6, 54, 72, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    GUISetState(@SW_SHOW)
    #endregion ### END Koda GUI section ###

    While 1
        Sleep(50)
        $nMsg = GUIGetMsg()
        Select
            Case $nMsg = $GUI_EVENT_CLOSE
                Exit
            Case $nMsg = $Button1
                ExitLoop
        EndSelect
    WEnd

    $strUser = GUICtrlRead($Input1)
    $strPassword = GUICtrlRead($Input2)
    $domain = "domain"

    GUIDelete($Form1)

    RunAs($strUser,$domain,$strPassword,0,@ScriptFullPath & " 1");Run second instance elevated
    ;MsgBox(0,"test","second instance should've run?")

    Exit
EndIf

If $CmdLine[0] > 0 Then;Second run, should have command line parameter
    _ArrayDisplay($CmdLine)
    MsgBox(0,"test","Second instance running with supplied credentials")
EndIf

 

Link to comment
Share on other sites

It seems to be good. What is the state of the UAC ? Is it enable ? If it is, you will have to elevate your 2nd instance.

Here is an other way, without using any CmdLine parameter, just testing if the user running the script is a domain user and has local admin rights (won't work if the domain user is a standard user with local admin rights)

#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <ButtonConstants.au3>

Local $sDomainName = "MyDomain.ad"

If IsAdmin() AND @LOGONSERVER = "\\" & $sDomainName Then 
    _DoStuff()
Else
    _RunAsDomainUser()
    If @error Then MsgBox(16, "", "Unable to run the program with the specified account")
    Exit
EndIf




Func _DoStuff()
    MsgBox(0,"test","instance running with domain user credentials and local admin rights")
EndFunc

Func _RunAsDomainUser()
    $Form1 = GUICreate("Join Domain", 274, 122, 191, 122)
    $Input1 = GUICtrlCreateInput("", 116, 8, 149, 24)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Input2 = GUICtrlCreateInput("", 116, 48, 149, 24, $ES_PASSWORD)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Button1 = GUICtrlCreateButton("OK", 176, 80, 89, 33, $BS_DEFPUSHBUTTON)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label1 = GUICtrlCreateLabel("Admin Account:", 6, 14, 108, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label2 = GUICtrlCreateLabel("Password:", 6, 54, 72, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    GUISetState(@SW_SHOW)
    #endregion ### END Koda GUI section ###

    While 1
        Sleep(50)
        $nMsg = GUIGetMsg()
        Select
            Case $nMsg = $GUI_EVENT_CLOSE
                Exit
            Case $nMsg = $Button1
                ExitLoop
        EndSelect
    WEnd

    $strUser = GUICtrlRead($Input1)
    $strPassword = GUICtrlRead($Input2)
    GUIDelete($Form1)
    
    RunAs($strUser, $sDomainName, $strPassword, 0, @ScriptFullPath)
    If @error Then Return SetError(1, 0, 0)
    Return 1
EndFunc

But now, how will you do to run the program with a domain account since the computer is not joined to this domain ? (is it member of an other domain and you have a domain approbation ?)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...