Jump to content

Can someone explain the RunAs function and how I can I run my app with elevated rights?

midimanuser
 Share

Recommended Posts

midimanuser Seeker

midimanuser

Posted
Posted

Hi,

I am trying to fun an application mmc as a different user, and I am using the RunAs function.

But nothing seem to happen unless I actually run the .mmc as an Administrator.

The account that I am calling it under is a member of the local administrators group. So it is running under an account with Administrative access, but now with elevated rights.  

This is annoying because I can't find a way to programmatically call it to run as an Administrator.

Has anyone come across this issue before, and is there a way to resolve this with AutoIt?

Thanks

jguinch Universalist

jguinch

Posted
Posted (edited)

There are two steps :

 - run as a different user
 - elevate the privileges

Here is a way : 

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("mmc")


Func _RunSelfAsAdmin()
    Local $sUsername = "localadmin", $sPassword = "P@$$w0rd!", $sDomain = @ComputerName
    If _IsUserAdmin() Then Return 1
    RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
    Exit
EndFunc


;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
    Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
    Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
    Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
    Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
        Case $TokenElevationTypeFull
            Return 2
        Case $TokenElevationTypeLimited
            Return 1
    EndSwitch
EndFunc

 

Edit : the Run/RunAs functions do not invoke the UAC prompt, so I used ShellExecute for that.
 

Edited by jguinch
Spoiler

Network configuration UDF,  _DirGetSizeByExtension, _UninstallList      Firefox Configuration
Array multi-dimensions, Printer Management UDF

 

midimanuser Seeker

midimanuser

Posted
  • Author
Posted
19 hours ago, jguinch said:

There are two steps :

 - run as a different user
 - elevate the privileges

Here is a way : 

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("mmc")


Func _RunSelfAsAdmin()
    Local $sUsername = "localadmin", $sPassword = "P@$$w0rd!", $sDomain = @ComputerName
    If _IsUserAdmin() Then Return 1
    RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
    Exit
EndFunc


;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
    Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
    Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
    Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
    Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
        Case $TokenElevationTypeFull
            Return 2
        Case $TokenElevationTypeLimited
            Return 1
    EndSwitch
EndFunc

 

Edit : the Run/RunAs functions do not invoke the UAC prompt, so I used ShellExecute for that.
 

Hi jguinch,

This worked when I was logged on as the user. 

But it didn't work when I logged on as another user. The mmc said that I had to be an administrator, and I noticed that the process was running user the user who was logged into the machine, and not the one in the script.

Here is the code.

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("C:\Program Files\Microsoft\Folder\consoletoopen.msc")


Func _RunSelfAsAdmin()
     Local $sUsername = "account", $sPassword = "accountpassword", $sDomain = "myfqdn"
    If _IsUserAdmin() Then Return 1
      RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
       Exit
EndFunc


;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
     Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

      Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
       Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
        Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
         Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
           Case $TokenElevationTypeFull
            Return 2
           Case $TokenElevationTypeLimited
            Return 1
       EndSwitch
EndFunc

 Thanks

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...