midimanuser

Can someone explain the RunAs function and how I can I run my app with elevated rights?

6 posts in this topic

Hi,

I am trying to fun an application mmc as a different user, and I am using the RunAs function.

But nothing seem to happen unless I actually run the .mmc as an Administrator.

The account that I am calling it under is a member of the local administrators group. So it is running under an account with Administrative access, but now with elevated rights.  

This is annoying because I can't find a way to programmatically call it to run as an Administrator.

Has anyone come across this issue before, and is there a way to resolve this with AutoIt?

Thanks

Share this post


Link to post
Share on other sites



Put #RequireAdmin at the top of your script.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

There are two steps :

 - run as a different user
 - elevate the privileges

Here is a way :

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("mmc")


Func _RunSelfAsAdmin()
    Local $sUsername = "localadmin", $sPassword = "P@$$w0rd!", $sDomain = @ComputerName
    If _IsUserAdmin() Then Return 1
    RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
    Exit
EndFunc


;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
    Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
    Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
    Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
    Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
        Case $TokenElevationTypeFull
            Return 2
        Case $TokenElevationTypeLimited
            Return 1
    EndSwitch
EndFunc

 

Edit : the Run/RunAs functions do not invoke the UAC prompt, so I used ShellExecute for that.
 

Edited by jguinch

Share this post


Link to post
Share on other sites
19 hours ago, jguinch said:

There are two steps :

 - run as a different user
 - elevate the privileges

Here is a way :

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("mmc")


Func _RunSelfAsAdmin()
    Local $sUsername = "localadmin", $sPassword = "P@$$w0rd!", $sDomain = @ComputerName
    If _IsUserAdmin() Then Return 1
    RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
    Exit
EndFunc


;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
    Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
    Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
    Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
    Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
        Case $TokenElevationTypeFull
            Return 2
        Case $TokenElevationTypeLimited
            Return 1
    EndSwitch
EndFunc

 

Edit : the Run/RunAs functions do not invoke the UAC prompt, so I used ShellExecute for that.
 

Hi jguinch,

This worked when I was logged on as the user. 

But it didn't work when I logged on as another user. The mmc said that I had to be an administrator, and I noticed that the process was running user the user who was logged into the machine, and not the one in the script.

Here is the code.

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("C:\Program Files\Microsoft\Folder\consoletoopen.msc")


Func _RunSelfAsAdmin()
     Local $sUsername = "account", $sPassword = "accountpassword", $sDomain = "myfqdn"
    If _IsUserAdmin() Then Return 1
      RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
       Exit
EndFunc


;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
     Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

      Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
       Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
        Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
         Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
           Case $TokenElevationTypeFull
            Return 2
           Case $TokenElevationTypeLimited
            Return 1
       EndSwitch
EndFunc

 Thanks

Share this post


Link to post
Share on other sites
23 hours ago, InunoTaishou said:

Put #RequireAdmin at the top of your script.

Hi, InunoTaishou,

That only added a RunAs icon to my exe.

Thanks

Share this post


Link to post
Share on other sites

Have a look at this topic, as this has been asked before.  

 

Adam

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now