runas not working in workgroup

[leo8888]

Greetings!

I am working on a simple gui to allow users to kill their own stuck terminal server sessions based on a batch file that I have already tested. My problem is that I need to be able to run the commands as a user on our 2012 server that is in the administrators group without being prompted for a password. If I run this command from a command prompt at a workstation:

runas /user:prs4\prs4user cmd.exe

it prompts me for a password then opens a new command window with the title  "Administrator: cmd.exe (running as prs4\prs4user)" so I believe the command should work from within AutoIT.

So far I have this line in my AutoIT gui script to see if I can get it to open the same elevated command prompt:

$iPID = RunAs("prs4user", "prs4", "<UsersPassword>", 0, "cmd.exe", "", @SW_MAXIMIZE)

When I click the gui button that activates this line a command window opens but the title just says "Adminstrator". Is AutoIT's RunAs not supported in workgroups, only in domain environments?  Or is there something wrong with the syntax of my RunAs command? Since I can use Windows RunAs successfully I was hoping I could use AutoIT's so users are not prompted to enter a password to run the commands.

[AdamUL]

Check Task Manager, the process will be running under that user, but the command prompt will not show it.  Be sure to click the "Show process from all users" button.  

 

Adam

 

[leo8888]

Check Task Manager, the process will be running under that user, but the command prompt will not show it.  Be sure to click the "Show process from all users" button.  

 

Adam

 

Adam,

Thank you for the tip. After testing by inserting a query session command against the server instead of just opening a command prompt I did see the command complete successfully. I was just thrown off by the difference in the way the command prompt title displayed when started from AutoIT.

Dan

 

 

[leo8888]

Now that I know the RunAs command is working I have another problem. After doing some testing I find that the new command prompt launched by the RunAs command does not have access to all the environment variables on the workstation. For example I have an environment variable named "SHSUser" that is set by a login script but when I run "set" in the new command prompt it is not there. 

How can I take an existing environment variable and make it accessible to commands run in the new command prompt? Here is my existing AutoIT code shell to which I plan on adding the query session and reset session commands once I figure out how to pass the environment variables and execute a single line FOR loop from a command prompt:

expandcollapse popup

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=C:\Users\Administrator\Desktop\test32.Exe
#AutoIt3Wrapper_Outfile_x64=C:\Users\Administrator\Desktop\test64.exe
#AutoIt3Wrapper_Compile_Both=y
#AutoIt3Wrapper_UseX64=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <GuiConstants.au3>
#include <GUIConstantsEx.au3>
#include <EditConstants.au3>
#include <MsgBoxConstants.au3>

Opt("GUIOnEventMode", 1) ; Change to OnEvent mode

local $MainGui = GuiCreate("Kill Jonas Session on PRS4",380,150)
GUISetOnEvent($GUI_EVENT_CLOSE, "CancelButton")
local $iResetButton = GuiCtrlCreateButton("Kill Jonas",80,50,80,25)
GUICtrlSetFont(-1, 12)
GUICtrlSetOnEvent($iResetButton, "ResetButton")
local $iCancelButton = GuiCtrlCreateButton("Cancel",220,50,80,25)
GUICtrlSetFont(-1, 12)
GUICtrlSetOnEvent($iCancelButton, "CancelButton")
GUISetState(@SW_SHOW, $MainGui)

While 1
    Sleep(100) ; Sleep to reduce CPU usage
WEnd

Func ResetButton()
  $iPID = RunAs("prs4user", "prs4", "<password>", 0, "c:\windows\system32\cmd.exe", "", @SW_MAXIMIZE)
  Exit
EndFunc   ;==>ResetButton

Func CancelButton()
  Exit
EndFunc   ;==>CancelButton

GuiDelete($MainGui)

 

And here is the batch file I am trying to convert to AutoIT:

@echo off
REM Reset a users terminal session on PRS4

for /f "tokens=3 skip=1 delims= " %%a in ('c:\windows\system32\cmd.exe /c query session %SHSUser% /SERVER:prs4') do (
  c:\windows\system32\cmd.exe /c reset session %%a /SERVER:prs4
)

 

Edited January 9, 2016 by leo8888
Addding code

[willichan]

You cannot make the environment variables from one user (your user) available to another user (your admin user).  The only way to share environment variables between users is to set a machine environment variable (or system environment variable).  Unfortunately, you can not do this, since it requires admin access to set a system level variable.

Your best bet would be to modify your batch file to take a command line variable(s), and pass the environment variable(s) to the batch file in the command line.

[leo8888]

You cannot make the environment variables from one user (your user) available to another user (your admin user).  The only way to share environment variables between users is to set a machine environment variable (or system environment variable).  Unfortunately, you can not do this, since it requires admin access to set a system level variable.

Your best bet would be to modify your batch file to take a command line variable(s), and pass the environment variable(s) to the batch file in the command line.

Wilichan,

Thanks for taking the time to reply and point me in the right direction. In my situation all workstations run under the built in admin account but I set a different password on the workstations admin account than on the servers for obvious reasons. The users "log in" to a CentOS server every morning with a simple login program I created to map a shared drive and private home directory. It is during this login that my main login script runs so I can push updates and policies down to the workstations. I have a setx command in the login script to set the "SHSUser" variable that I am trying to use in the AutoIT script that will allow users to kill stuck sessions on our 2012 terminal server. I didn't realize that setx by default only sets local variables. I just read the options and I see now that I can use the /M switch to set "SHSUser" as a system variable. When I get back to the office Monday I'm going to try again after setting the variable in the system scope.

Thanks again for pointing me in the right direction.

Dan

 

Edited January 10, 2016 by leo8888
typo in command switch

[leo8888]

Willichan and AdamUL,

Thank you both for your help! I was having a typical bout of insomnia so I figured I would work on my script again. After having some difficulty figuring out where to place the double and single quotes in the RunAs command I was finally able to get it working. This script has one of the longest single line commands I've had to write so I am very happy it is working. I even did a remote connection to one of the office workstations to test it out after compiling it to an .exe and it was able to successfully kill a terminal server session while logged into the workstation as one of our users. Here is the final result:

#include <GuiConstants.au3>
#include <GUIConstantsEx.au3>
#include <EditConstants.au3>
#include <MsgBoxConstants.au3>

Opt("GUIOnEventMode", 1) ; Change to OnEvent mode

local $MainGui = GuiCreate("Kill Jonas Session on PRS4",380,150)
GUISetOnEvent($GUI_EVENT_CLOSE, "CancelButton")
local $iResetButton = GuiCtrlCreateButton("Kill Jonas",80,50,80,25)
GUICtrlSetFont(-1, 12)
GUICtrlSetOnEvent($iResetButton, "ResetButton")
local $iCancelButton = GuiCtrlCreateButton("Cancel",220,50,80,25)
GUICtrlSetFont(-1, 12)
GUICtrlSetOnEvent($iCancelButton, "CancelButton")
GUISetState(@SW_SHOW, $MainGui)

While 1
    Sleep(100) ; Sleep to reduce CPU usage
WEnd

Func ResetButton()
  $iPID = RunAs("prs4user", "prs4", "<password>", 0, 'c:\windows\system32\cmd.exe /c for /f "usebackq tokens=3 skip=1 delims= " %a in (`c:\windows\system32\cmd.exe /c query session %SHSUser% /SERVER:prs4`) do c:\windows\system32\cmd.exe /c reset session %a /SERVER:prs4', "", @SW_HIDE)
  Exit
EndFunc   ;==>ResetButton

Func CancelButton()
  Exit
EndFunc   ;==>CancelButton

GuiDelete($MainGui)