Milas

runas access is denied

5 posts in this topic

Hey guys,

         for some reason when I run this command with run as in autoit it returns access is denied. but when I run the same thing in an elevated command shell it works fine. Im not sure where I am messing up.

global $rtech,$rcred, $IP
    $rtech = inputbox("","username")
    $rcred = InputBox("","password")
    $ip = inputbox("","enter IP")
    $pid = Runas ($rtech,"mhs", $rcred, 2 ,@ComSpec & ' /c reg query \\' & $ip & '"\hklm\software\microsoft\windows\currentversion\group policy\state\machine"|findstr /i "disting"', @SystemDir, @SW_hide, $STDERR_CHILD + $STDOUT_CHILD)
    Local $line
    While 1
        $line &= StdoutRead($pid)
        If @error Then ExitLoop
    WEnd
    While 1
        $line &= StderrRead($pid)
        If @error Then ExitLoop
    WEnd
    MsgBox(0, "", $line)

 

Share this post


Link to post
Share on other sites



Try the RunAs() with using 0 or 1 in stead of 2 for the third parameter to see whether that is causing it.

Jos 


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

@JohnOne I had #RequireAdmin at the start of the GUI this was a part of and then I ran into the issue that everything the GUI ran it did with admin when I needed functions to run as the logged in user. So then I added the input boxes for admin and password and now some functions do not work.

@Jos I have used RunAs() with 0,1,2,and 4 and it all fails.

Whats blowing my mind is that almost every function uses this same format. All my "wmic" functions work fine. for example:

$pid = Runas ($rtech,"mhs", $rcred, 2 ,@ComSpec & " /c wmic /node:" & GUICtrlRead($IP) & " computersystem get name", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)

_The above works great_

Here are the facts:

All my format for commands remain the same throughout

All commands can be put into cmd and run successfully

All commands work when #RequireAdmin is included instead of starting with " Runas ($rtech,"mhs", $rcred...)

Wmic commands all run successfully

getmac /s command runs successfully

net user commands fail with "Access Denied"

reg query commands fail with "Access Denied"

 

Solution will be to find whats different about the wmic/getmac and the reg query/net user commands

 

Edited by Milas

Share this post


Link to post
Share on other sites

RunAs does not give process that is run the Admin Token.  It only runs the process as the specified user.  #RequireAdmin request the Admin Token.  There are ways to do without using #RequireAdmin, but it will require re-execution of your script, or a secondary script called by the main script.  Here are a few threads that may help.

 

 

Here are some additional threads.  

https://www.google.com/search?q=site:www.autoitscript.com+runas+admin

You can do this without storing credentials in the script.  I just depends on how you want to organize your script to get it done.

 

Adam

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • hcI
      By hcI
      Hello I would like to know if there is a way to return a sentence in cmd when I launch from it (because I add arguments).
      For example, diskpart.exe which help to manage the key and hdd connected, when you launch it with the parameter "/f" the app return a sentence saying that it don't recognize the parameter "/f" and it return the sentence in the cmd where i started the application, not a new one.
      That's what I want to do but I couldn't find anything that would solve my problem on internet and on AutoIt like ConsoleWrite / ConsoleWriteError (don't work).
       
      Thanks
    • Duck
      By Duck
      I'm attempting to capture the output from the command line tool PSEXEC. I'm using AutoIT to run an instance of PSEXEC against a remote PC to audit Local Admins in my environment using net.exe (C:\Windows\System32> net localgroup administrators). However the usual trick I use to capture command line output does not appear to work well with PSEXEC, as the bottom portion of the output is missing from the return. Any ideas or recommendations are greatly appreciated.  
       
      Here is what I'm working with: 
      ;This script will read from a list of hosts and report who has local admin privileges on the machine #RequireAdmin Global $fileName = @ScriptDir & '\test.txt' ;hostlist, one host per line readHostList() ;Read list of hosts Func readHostList() Local $file = FileOpen($fileName, 0) While 1 $line = FileReadLine($file) If @error = -1 Then ExitLoop ConsoleWrite($line & @CRLF) ;MsgBox(0,0,$line) getLocalAdmins($line) WEnd FileClose($file) EndFunc ;run PSEXEC to list local admins Func getLocalAdmins($remotePC) Local $testFile = @ScriptDir &'\test234.txt' FileOpen($testFile, 1) Local $psexec = 'psexec \\' & $remotePC & ' net localgroup administrators' FileWriteLine($testFile, _RunCmd($psexec) ) FileClose($testFile) EndFunc ;Used to return CLI output Func _RunCmd($sCommand) Local $nPid = Run(@Comspec & " /c" & $sCommand, @SystemDir, @SW_Hide, 8), $sRet = "" If @Error then Return "ERROR:" & @ERROR ProcessWait($nPid) While 1 $sRet &= StdoutRead($nPID) If @error Or (Not ProcessExists ($nPid)) Then ExitLoop WEnd Return $sRet EndFunc  
      ## If i manually run the command on the remote PC via PSEXEC I will get the following output: 
      PsExec v2.11 - Execute processes remotely
      Copyright (C) 2001-2014 Mark Russinovich
      Sysinternals - www.sysinternals.com
      Starting net on PCNAME... on PCNAME...
      net exited on PCNAME with error code 0.
      -------------------------------------------------------------------------------
      admin
      Administrator
      Alias name     administrators
      Domain\Domain Admins
      Comment        Administrators have complete and unrestricted access to the computer/domain
      Members
      The command completed successfully.
       
      ## The returned output from running the above script is as follows:
      PsExec v2.11 - Execute processes remotely
      Copyright (C) 2001-2014 Mark Russinovich
      Sysinternals - www.sysinternals.com
      Alias name     administrators
      Connecting to PCNAME...
      Starting PSEXESVC service on PCNAME...
      Connecting with PsExec service on PCName...
      Starting net on PCNAME..
      net exited on PCNAME with error code 0.
       
      **Note to test this script PSEXEC must be in the system dir or the path in the script changed 
      PSEXEC tool: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
    • luckyluke
      By luckyluke
      Hello,
      Im trying to read the output from CMD using Dllcall, here is my code:
      #include <WinAPI.au3> #include <array.au3> Global Const $STD_OUTPUT_HANDLE = -11 Global Const $_CONSOLE_SCREEN_BUFFER_INFO = _ "struct;int dwSizeX;" & _ "short dwSizeY;" & _ "short dwCursorPositionX;" & _ "short dwCursorPositionY;" & _ "short wAttributes;" & _ "short Left;" & _ "short Top;" & _ "short Right;" & _ "short Bottom;" & _ "short dwMaximumWindowSizeX;" & _ "short dwMaximumWindowSizeY;endstruct" $pCmd = Run( "cmd.exe" ) Sleep(1000) $hCmd = WinGetHandle("") ConsoleWrite('handle:' & $hCmd & @CRLF) $aRet = DllCall("kernel32.dll", "int", "AttachConsole", "dword", $pCmd) ;_ArrayDisplay($aRet) If $aRet[0] <> 0 Then $vHandle_data='' $vHandle='' $vHandle_data = DllStructCreate($_CONSOLE_SCREEN_BUFFER_INFO) ; Screen Buffer structure $aRet1 = DllCall("kernel32.dll", "hwnd", "GetStdHandle", "dword", $STD_OUTPUT_HANDLE) if not @error Then $vHandle = $aRet1[0] $aRet = DllCall("kernel32.dll", "int", "GetConsoleScreenBufferInfo", "hwnd", $vHandle, _ "ptr", $vHandle_data) MsgBox(0, '1',DllStructGetData($vHandle_data, 'dwSizeX') & _WinAPI_GetLastErrorMessage()) EndIf It did not work, i got the message 'The handle is invalid'. Please help?
      Thank you in advance!
    • mihaijulien
      By mihaijulien
      Hello,
      I compiled a script I made that takes a command line parameter (the version of a .msi installer) when launched. The script was compiled with the /console option. The script (.au3) works fine but the executable returns  the following error:  
      Error: array variable has incorrect number of subscripts or subscript dimension range exceeded  
    • fosil
      By fosil
      Hi everyone.

      I'm currently working a program that constantly prints out log files through "consolewrite" and the "#AutoIt3Wrapper_Change2CUI=y" wrapper.

      Part of this program requires me to run a batch script.

      My issue is the batch script launches from the same window as consolewrite. I need the batch file to be launched through a different window as currently this causes an issue with the logs (which need to be very precise) but also causes the batch file to produce some funny behavior...

      Does anyone know how I can force the file to run on a second DOS window?

      Thanks in advance!!!
       
      Edit: Im using the "run" command if that helps. I tried "shellexecute" but that seemed to not launch the batch scripts at all.