midimanuser Posted March 3, 2016 Share Posted March 3, 2016 Hi, I am trying to fun an application mmc as a different user, and I am using the RunAs function. But nothing seem to happen unless I actually run the .mmc as an Administrator. The account that I am calling it under is a member of the local administrators group. So it is running under an account with Administrative access, but now with elevated rights. This is annoying because I can't find a way to programmatically call it to run as an Administrator. Has anyone come across this issue before, and is there a way to resolve this with AutoIt? Thanks Link to comment Share on other sites More sharing options...
InunoTaishou Posted March 3, 2016 Share Posted March 3, 2016 Put #RequireAdmin at the top of your script. Link to comment Share on other sites More sharing options...
jguinch Posted March 3, 2016 Share Posted March 3, 2016 (edited) There are two steps : - run as a different user - elevate the privileges Here is a way : #include <WinAPI.au3> #include <Security.au3> _RunSelfAsAdmin() ShellExecute("mmc") Func _RunSelfAsAdmin() Local $sUsername = "localadmin", $sPassword = "P@$$w0rd!", $sDomain = @ComputerName If _IsUserAdmin() Then Return 1 RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw) Exit EndFunc ;~ Returns : ;~ - 0 if user has no admin rights ;~ - 1 if user has admin rights ;~ - 2 if user has admin rigths and elevation privileges ;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/ Func _IsUserAdmin() Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY) Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE) Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1) Switch $iTokenType Case $TokenElevationTypeDefault Return 0 Case $TokenElevationTypeFull Return 2 Case $TokenElevationTypeLimited Return 1 EndSwitch EndFunc Edit : the Run/RunAs functions do not invoke the UAC prompt, so I used ShellExecute for that. Edited March 3, 2016 by jguinch Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF Link to comment Share on other sites More sharing options...
midimanuser Posted March 4, 2016 Author Share Posted March 4, 2016 19 hours ago, jguinch said: There are two steps : - run as a different user - elevate the privileges Here is a way : #include <WinAPI.au3> #include <Security.au3> _RunSelfAsAdmin() ShellExecute("mmc") Func _RunSelfAsAdmin() Local $sUsername = "localadmin", $sPassword = "P@$$w0rd!", $sDomain = @ComputerName If _IsUserAdmin() Then Return 1 RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw) Exit EndFunc ;~ Returns : ;~ - 0 if user has no admin rights ;~ - 1 if user has admin rights ;~ - 2 if user has admin rigths and elevation privileges ;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/ Func _IsUserAdmin() Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY) Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE) Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1) Switch $iTokenType Case $TokenElevationTypeDefault Return 0 Case $TokenElevationTypeFull Return 2 Case $TokenElevationTypeLimited Return 1 EndSwitch EndFunc Edit : the Run/RunAs functions do not invoke the UAC prompt, so I used ShellExecute for that. Hi jguinch, This worked when I was logged on as the user. But it didn't work when I logged on as another user. The mmc said that I had to be an administrator, and I noticed that the process was running user the user who was logged into the machine, and not the one in the script. Here is the code. #include <WinAPI.au3> #include <Security.au3> _RunSelfAsAdmin() ShellExecute("C:\Program Files\Microsoft\Folder\consoletoopen.msc") Func _RunSelfAsAdmin() Local $sUsername = "account", $sPassword = "accountpassword", $sDomain = "myfqdn" If _IsUserAdmin() Then Return 1 RunAs($sUsername, $sDomain, $sPassword, 0, @ScriptFullPath & " " & $CmdLineRaw) Exit EndFunc ;~ Returns : ;~ - 0 if user has no admin rights ;~ - 1 if user has admin rights ;~ - 2 if user has admin rigths and elevation privileges ;~ Inspired from https://blogs.msdn.microsoft.com/cjacks/2006/10/08/how-to-determine-if-a-user-is-a-member-of-the-administrators-group-with-uac-enabled-on-windows-vista/ Func _IsUserAdmin() Local Enum $TokenElevationTypeDefault = 1, $TokenElevationTypeFull, $TokenElevationTypeLimited Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), $TOKEN_QUERY) Local $tInfo = _Security__GetTokenInformation($hToken, $TOKENELEVATIONTYPE) Local $iTokenType = DllStructGetData(DllStructCreate("int", DllStructGetPtr($tInfo)), 1) Switch $iTokenType Case $TokenElevationTypeDefault Return 0 Case $TokenElevationTypeFull Return 2 Case $TokenElevationTypeLimited Return 1 EndSwitch EndFunc Thanks Link to comment Share on other sites More sharing options...
midimanuser Posted March 4, 2016 Author Share Posted March 4, 2016 23 hours ago, InunoTaishou said: Put #RequireAdmin at the top of your script. Hi, InunoTaishou, That only added a RunAs icon to my exe. Thanks Link to comment Share on other sites More sharing options...
AdamUL Posted March 4, 2016 Share Posted March 4, 2016 Have a look at this topic, as this has been asked before. Adam Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now