Jump to content
Milas

runas access is denied

Recommended Posts

Milas

Hey guys,

         for some reason when I run this command with run as in autoit it returns access is denied. but when I run the same thing in an elevated command shell it works fine. Im not sure where I am messing up.

global $rtech,$rcred, $IP
    $rtech = inputbox("","username")
    $rcred = InputBox("","password")
    $ip = inputbox("","enter IP")
    $pid = Runas ($rtech,"mhs", $rcred, 2 ,@ComSpec & ' /c reg query \\' & $ip & '"\hklm\software\microsoft\windows\currentversion\group policy\state\machine"|findstr /i "disting"', @SystemDir, @SW_hide, $STDERR_CHILD + $STDOUT_CHILD)
    Local $line
    While 1
        $line &= StdoutRead($pid)
        If @error Then ExitLoop
    WEnd
    While 1
        $line &= StderrRead($pid)
        If @error Then ExitLoop
    WEnd
    MsgBox(0, "", $line)

 

Share this post


Link to post
Share on other sites
Milas

@JohnOne I had #RequireAdmin at the start of the GUI this was a part of and then I ran into the issue that everything the GUI ran it did with admin when I needed functions to run as the logged in user. So then I added the input boxes for admin and password and now some functions do not work.

@Jos I have used RunAs() with 0,1,2,and 4 and it all fails.

Whats blowing my mind is that almost every function uses this same format. All my "wmic" functions work fine. for example:

$pid = Runas ($rtech,"mhs", $rcred, 2 ,@ComSpec & " /c wmic /node:" & GUICtrlRead($IP) & " computersystem get name", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)

_The above works great_

Here are the facts:

All my format for commands remain the same throughout

All commands can be put into cmd and run successfully

All commands work when #RequireAdmin is included instead of starting with " Runas ($rtech,"mhs", $rcred...)

Wmic commands all run successfully

getmac /s command runs successfully

net user commands fail with "Access Denied"

reg query commands fail with "Access Denied"

 

Solution will be to find whats different about the wmic/getmac and the reg query/net user commands

 

Edited by Milas

Share this post


Link to post
Share on other sites
AdamUL

RunAs does not give process that is run the Admin Token.  It only runs the process as the specified user.  #RequireAdmin request the Admin Token.  There are ways to do without using #RequireAdmin, but it will require re-execution of your script, or a secondary script called by the main script.  Here are a few threads that may help.

 

 

Here are some additional threads.  

https://www.google.com/search?q=site:www.autoitscript.com+runas+admin

You can do this without storing credentials in the script.  I just depends on how you want to organize your script to get it done.

 

Adam

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • SanCon
      By SanCon
      Greetings,
      I've found and used @TheDcoder's ProcessEX UDF, and have found it and invaluable tool in my scripting arsenal. Recently, I found myself needing to create a script which then attempts to run another program as a different user. I was able to heavily borrow from the _Process_RunCommand function to create _Process_RunAsCommand:
      ; #FUNCTION# ==================================================================================================================== ; Name ..........: _Process_RunAsCommand ; Description ...: Runs a command or an executable under a different user security privilege. ; Syntax ........: _Process_RunAsCommand($iMode, $sUserName, $sUserPass, $sUserDomain, $sExecutable [, $sWorkingDir = @TempDir [, $iRunOptFlag = $STDERR_MERGED]]) ; Parameters ....: $iMode - Mode in which this function should operate, See Remarks. ; $sUserName - User name under which you would like to run the command/executable. ; $sUserPass - Password for $sUserName. ; $sUserDomain - Domain name to which the $sUserName belongs. ; $sExecutable - The command to run/execute (along with any arguments). ; $sWorkingDir - [optional] The working directroy for the command. Default is @TempDir. $sUserName must have ; privileges to create/modify files on this directory. ; $iRunOptFlag - [optional] The Opt flag for the Run function. Default is $STDERR_MERGED. ; Return values .: Success: Mode $PROCESS_RUN : Will return the process handle & @extended will contain the PID of the command ; Mode $PROCESS_RUNWAIT : Will return the output & @extended will contain the exit code for the function ; Failure: Will return False & @error will contain: ; 1 - If the $iMode flag is invalid ; 2 - If the command is invalid ; Author ........: J. Sanchez, heavily borrowing from code by TheDcoder ; Modified ......: N/A ; Remarks .......: 1. The ONLY valid modes are: $PROCESS_RUN & $PROCESS_RUNWAIT ; $PROCESS_RUN : Will act similarly to Run function, See Return values ; $PROCESS_RUNWAIT : Will act similarly to RunWait function, See Return values ; If you use $PROCESS_RUN then use _Process_GetExitCode to get the exit code & use StdoutRead to get the output of the command ; 2. Use $PROCESS_COMMAND to run commands like this: $PROCESS_COMMAND & "ping 127.0.0.1" ; 3. Add $PROCESS_DEBUG to $iMode to automagically debug the command, $PROCESS_RUN is equivalent to $PROCESS_RUNWAIT in this case ; Related .......: RunAs, RunWait ; Link ..........: http://bit.ly/ProcessUdfForAutoIt ; Example .......: Yes, see example.au3 ; ===============================================================================================================================; Functions Func _Process_RunAsCommand($iMode, $sUserName, $sUserPass, $sUserDomain, $sExecutable, $sWorkingDir = @TempDir, $iRunOptFlag = $STDERR_MERGED) Local $iExitCode = 0 ; Declare the exit code variable before hand Local $sOutput = "" ; Declare the output variable before hand Local $bDebug = False ; Declare the debug variable before hand If BitAND($iMode, $PROCESS_DEBUG) Then $bDebug = True If BitAND($iMode, $PROCESS_RUN) Then $iMode = $PROCESS_RUN ElseIf BitAND($iMode, $PROCESS_RUNWAIT) Then $iMode = $PROCESS_RUNWAIT Else Return SetError(1, 0, False) EndIf ; If Not $iMode = $PROCESS_RUN Or Not $iMode = $PROCESS_RUNWAIT Then Return SetError(1, 0, False) ; If the mode is invalid... ;Local $iPID = Run($sExecutable, $sWorkingDir, @SW_HIDE, $iRunOptFlag) ; Run!!! :P Local $iPID = RunAs($sUserName,$sUserDomain,$sUserPass,BitAND(0,4),$PROCESS_COMMAND & " " & $sExecutable,$sWorkingDir,@SW_HIDE,$iRunOptFlag) If @error Then Return SetError(2, @error, False) ; If the command is invalid... Local $hProcessHandle = _Process_GetHandle($iPID) ; Get the handle of the process If $iMode = $PROCESS_RUN Then If Not $bDebug Then Return SetExtended($iPID, $hProcessHandle) ; If the function is in Run mode then return the PID & Process Handle $sOutput = _Process_DebugRunCommand($hProcessHandle, $iPID) ; Debug the process $iExitCode = _Process_GetExitCode($hProcessHandle) ; Note the exit code Return SetExtended($iExitCode, $sOutput) ; Return the output & exit code EndIf If Not $bDebug Then While ProcessExists($iPID) $sOutput &= StdoutRead($iPID) ; Capture the output Sleep(250) ; Don't kill the CPU WEnd $sOutput &= StdoutRead($iPID) ; Capture any remaining output $iExitCode = _Process_GetExitCode($hProcessHandle) ; Note the exit code Return SetExtended($iExitCode, $sOutput) ; Return the exit code & the output :D EndIf $sOutput = _Process_DebugRunCommand($hProcessHandle, $iPID) ; Debug the process $iExitCode = _Process_GetExitCode($hProcessHandle) ; Note the exit code Return SetExtended($iExitCode, $sOutput) ; Return the output & exit code EndFunc The issue that I currently have is that, regardless of what the errorlevel returned by the program being executed, the errorlevel returned by the _Process_RunAsCommand is 259, which, according to this page it means that there's no more data (I'm guessing from the STDIO and STDERR?)
      Any guidance would be greatly appreciated.
    • damon
      By damon
      Hello,
      You guys helped me years ago to address logging in with a different account than the user.  I have sense modified it over the years due to laptops syncing with AD which is why you will see 3 different passwords.  So, this script snippet has worked for me in many things i have written but I am all the sudden having an issue getting it to work.  I have verified that the password i am using for the local user account is $pass.  Verified by doing a run as different user on Chrome and cut and pasted the password out of the script just to make sure i was not fat fingering something.  
      I get a fail back from RunAs every time.   
      Any chance you guys see something i am doing wrong?
       
      #include <MsgBoxConstants.au3> #include <WinAPIFiles.au3> ;#RequireAdmin If $CmdLine[0] > 0 Then If $CmdLine[1] = "/Install" Then RunUpdate() Exit EndIf ;;Will check users account to determine if admin, if not will Run with admin rights -------------------------------------------------------------- ;;Varables Start Local $user = ".\user" Local $pass = "password1" Local $pass2 = "password2" Local $pass3 = "password3" Local $filetorun = @ScriptFullPath & " /Install" ;;Varables End If IsAdmin () = 0 Then If RunAs ( $user, @CompterName, $pass, $RUN_LOGON_NOPROFILE,$filetorun) = 0 Then ;If RunAs ( $user, @ComputerName, $pass2, 0,$filetorun) = 0 Then ;If RunAs ( $user, @ComputerName, $pass3, 0,$filetorun) = 0 Then ;MsgBox (0,"Installation Error", "This installation was interrupted due to an incorrect Admin Password") ;Exit ;EndIf ;EndIf EndIf Exit Else Run ($filetorun) EndIf Func RunUpdate() MsgBox(0,"worked","worked") EndFunc
    • HariKara
      By HariKara
      Hi AutoIters!
       
      Im trying to launch a .exe file that is nested within the program files (x86) folder structure. i have already used the standard RunAs Syntax and found that it fails to launch the application. I have switched to Run and that seems to work. My issue is I have to use RunAs as the applicaton would need to run under a completely different account. The Current logged in user is a Local User on the machine, however, the application must be run as a domain user. The Machine is domain connected.
       
       have tried the following:
      RunAs("username","logonpassword", $RUN_LOGON_PROFILE, "D:\Program Files (x86)\Vendor\Application Name\Exe Location\Executable.exe") The above fails to launch, there are no errors or syntax issues, it just does nothing when the variables are replaced for the correct values.
      I did the same using the Run command
      Run("D:\Program Files (x86)\Vendor\Application Name\Exe Location\Executable.exe") That seems to work fine, but runs in local user context. Any thoughts? Could it be a local Machine rights issue? Or have i missed something glaring in my script
    • PINTO1927
      By PINTO1927
      HI GUYS,
      I'm trying to run this script with an advanced domain user, but when compiling the cmd it returns access denied, as if it did not recognize the user of AD.
       
      RunAsWait("administrator", "CONTOSO", "Services.1", 2, "C:\Users\albert.frizz\Desktop\test.bat")
       
      can you help me please?
    • nacerbaaziz
      By nacerbaaziz
      Hi dear
      With this script you can print Unicode text in the CMD screen
      the script is  easy to use
      just you  write the text that contains Unicode in the first input
      and the script automatically reflect the code in the second input
       you can copy the text to the clipboard
      or you can try printing the text in the CMD window
      I apologize to everyone for colors and shape if not appropriate
      I'm a blind man and I do not see
      Thank you for your understanding
      Greetings to all of youCmdUtM.au3
×