Can someone explain the RunAs function and how I can I run my app with elevated rights?

[midimanuser]

Hi,

I am trying to fun an application mmc as a different user, and I am using the RunAs function.

But nothing seem to happen unless I actually run the .mmc as an Administrator.

The account that I am calling it under is a member of the local administrators group. So it is running under an account with Administrative access, but now with elevated rights.  

This is annoying because I can't find a way to programmatically call it to run as an Administrator.

Has anyone come across this issue before, and is there a way to resolve this with AutoIt?

Thanks

[InunoTaishou]

Put #RequireAdmin at the top of your script.

[jguinch]

There are two steps :

 - run as a different user
 - elevate the privileges

Here is a way :

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("mmc")


Func _RunSelfAsAdmin()
    Local $sUsername = "localadmin", $sPassword = "P@$$w0rd!", $sDomain = @ComputerName
    If _IsUserAdmin() Then Return 1
    RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
    Exit
EndFunc


;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
    Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
    Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
    Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
    Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
        Case $TokenElevationTypeFull
            Return 2
        Case $TokenElevationTypeLimited
            Return 1
    EndSwitch
EndFunc

 

Edit : the Run/RunAs functions do not invoke the UAC prompt, so I used ShellExecute for that.
 

Edited March 3, 2016 by jguinch

[midimanuser]

19 hours ago, jguinch said:

There are two steps :

 - run as a different user
 - elevate the privileges

Here is a way :

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("mmc")


Func _RunSelfAsAdmin()
    Local $sUsername = "localadmin", $sPassword = "P@$$w0rd!", $sDomain = @ComputerName
    If _IsUserAdmin() Then Return 1
    RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
    Exit
EndFunc


;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
    Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
    Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
    Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
    Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
        Case $TokenElevationTypeFull
            Return 2
        Case $TokenElevationTypeLimited
            Return 1
    EndSwitch
EndFunc

 

Edit : the Run/RunAs functions do not invoke the UAC prompt, so I used ShellExecute for that.
 

Hi jguinch,

This worked when I was logged on as the user. 

But it didn't work when I logged on as another user. The mmc said that I had to be an administrator, and I noticed that the process was running user the user who was logged into the machine, and not the one in the script.

Here is the code.

#include <WinAPI.au3>
#include <Security.au3>

_RunSelfAsAdmin()
ShellExecute("C:\Program Files\Microsoft\Folder\consoletoopen.msc")

Func _RunSelfAsAdmin()
     Local $sUsername = "account", $sPassword = "accountpassword", $sDomain = "myfqdn"
    If _IsUserAdmin() Then Return 1
      RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw)
       Exit
EndFunc

;~ Returns :
;~ - 0 if user has no admin rights
;~ - 1 if user has admin rights
;~ - 2 if user has admin rigths and elevation privileges
;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/
Func _IsUserAdmin()
     Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited

      Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY)
       Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE)
        Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1)
         Switch $iTokenType
        Case $TokenElevationTypeDefault
            Return 0
           Case $TokenElevationTypeFull
            Return 2
           Case $TokenElevationTypeLimited
            Return 1
       EndSwitch
EndFunc

 Thanks

[midimanuser]

23 hours ago, InunoTaishou said:

Put #RequireAdmin at the top of your script.

Hi, InunoTaishou,

That only added a RunAs icon to my exe.

Thanks

[AdamUL]

Have a look at this topic, as this has been asked before.  

 

Adam