Run App as Selected User

[Digetal]

******moved posts from idea section *******

This program lets you pick a user on the xp machine , input their password, select a program , and then run the program as the selected user. I'm making this for a computer lab; for the admins. Even on computers with no command prmpt access and a strict gpo (a group policy) this works. Haven't added erro caching and the code is still sloppy. Please feel free to post changes, improvements, and other ideas. I would really like to here some ideas from all you great people. THNX

Get rid of the create pic line before testing

Sorry no caps (pics) for preview.

expandcollapse popup

$gui = GUICreate("Run As Selected User" ,290 ,310)
GUISetBkColor(0x254B2B)
GUICtrlCreatePic("logo.bmp", 0, 0, 280, 70)
$lab1 = GUICtrlCreateLabel("Select User:",20,80,100,15)
GUICtrlSetColor(-1, 0xffff00)
$usrl = GUICtrlCreateList( "" , 20, 95, 100, 80)
$lab2  = GUICtrlCreateLabel("Enter Password:",130,80,100,15)
GUICtrlSetColor(-1, 0xffff00)
$pas = GUICtrlCreateInput(" ", 130, 95, 140, 20)
GUICtrlSetLimit(-1,19)
$rub = GUICtrlCreateButton("Run",190,170, 45, 20)
$fpr = GUICtrlCreateButton("Find App",20,170, 100, 20)
$lab = GUICtrlCreateLabel("No Application Selected",20 ,240, 230, 20)
GUICtrlSetColor(-1, 0xffff00)

$users = RegEnumVAL("HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DocFolderPaths", 1)
For $i = 1 to 10
$var = RegEnumVAL("HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DocFolderPaths", $i)
  If $var <> "" Then
    $users = $users & @LF & RegEnumVAL("HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\DocFolderPaths", $i)
    GUICtrlSetData($usrl, $var) 
    EndIf
Next

GUISetState ()

While 1
   $msg = GUIGetMsg()
   Select
    Case $msg = $fpr
       $apploc = FileOpenDialog("", "My Computer", "Program (*.exe)", 1)
       GUICtrlDelete($lab)
       $lab = GUICtrlCreateLabel($apploc,20 ,240, 290, 40)
       GUICtrlSetColor(-1, 0xffff00)
   Case $msg = $rub
       $x = Chr(34)
       $use = GUICtrlRead($usrl)
       Run(@ComSpec & " /C runas /user:"& $x & "mymachine\" & $use & $x & " " & $apploc , "", @SW_SHOW)
       WinWaitActive("C:\WINDOWS\system32\cmd.exe")
       Send(GUICtrlRead($pas) & "{enter}")
   EndSelect
WEnd

[Jos]

ok,

This is the reason that I don't post many of my scripts on this forum... I've find it hard to get a response, and thats not even a usefull response. There are a few of those who are very helpfull. I'm just saying that I'm going to try and become more active in helping others on this forum but only do to the lack of usefull reponses from others.

Here are some questions:

Why are you not using the internal RunAsSet() command in stead of the @Comspec & Runas commandline program ?

Why do you GUICtrlDelete & GUICtrlCreateLabel to update the content of the Label ? Doesn't GUICtrlSetData work ?

Remark:

To include Double quotes in a string you can also single quote it to make it easy for you like:

Run(@ComSpec & ' /C runas /user:"mymachine\' & $use '" ' & $apploc , "", @SW_SHOW)

Edited November 15, 2005 by JdeB

[Digetal]

Thank you JdeB

I'll have to get back to you on the first question this afternoon.

In repsonse to you second question, I was using a listbox instead of a label in the beta stages of the program. Didn't change the GUICtrlSetDelete + Create to a GUICtrlSetData until later.

Ohh, thanks for the solution to add quotations into a command. My $x = Chr(34) and then calling x, was my way to fix this problem. The exaple

you show is much more efficient.

My second post was deleted. It was really uncalled for and I hope I didn't offend anyone.

[Klaatu]

I do something similar. All of the machines I manage have an Administrator password that can be directly calculated from the machine name using a little AutoIt function I wrote. It may not be totally secure, but it's good enough for the work the company does.

Anyway, this allows me to write little programs I can give to people that will do things for them that they couldn't do otherwise, since they're running under a regular user account (they're not even power users). So if they need to, for example, release and renew their IP address, they can just run the little program I've given them. I just call RunAsSet, as JdeB suggested, passing "Administrator" and _AdminPassword(@ComputerName), then whatever I Run gets executed under the Administrator account. Works a treat.

[Digetal]

That's a good idea Klaatu!

Even though it can be generated from the name a person can use a random number generator so that each time the pass is used the program then changes it based on the number of times its been used.

Or something to that effect. Not haveing one admin password for the entire lab I think will increase the security.

thanks I'll suggest that to the director

[Klaatu]

You could do that, but I try to follow the KISS approach. Given a sufficiently obscure algorithm, it would be very difficult for someone to reverse engineer it. Certainly more trouble than it would be worth anyway. Not impossible by any means, and it's certainly less secure than many types of encryption, but I'm not talking about state secrets here either; just trying to keep people from having too many privileges on a computer.

Edited November 17, 2005 by Klaatu