Milas

runas access is denied

5 posts in this topic

Hey guys,

         for some reason when I run this command with run as in autoit it returns access is denied. but when I run the same thing in an elevated command shell it works fine. Im not sure where I am messing up.

global $rtech,$rcred, $IP
    $rtech = inputbox("","username")
    $rcred = InputBox("","password")
    $ip = inputbox("","enter IP")
    $pid = Runas ($rtech,"mhs", $rcred, 2 ,@ComSpec & ' /c reg query \\' & $ip & '"\hklm\software\microsoft\windows\currentversion\group policy\state\machine"|findstr /i "disting"', @SystemDir, @SW_hide, $STDERR_CHILD + $STDOUT_CHILD)
    Local $line
    While 1
        $line &= StdoutRead($pid)
        If @error Then ExitLoop
    WEnd
    While 1
        $line &= StderrRead($pid)
        If @error Then ExitLoop
    WEnd
    MsgBox(0, "", $line)

 

Share this post


Link to post
Share on other sites



#4 ·  Posted (edited)

@JohnOne I had #RequireAdmin at the start of the GUI this was a part of and then I ran into the issue that everything the GUI ran it did with admin when I needed functions to run as the logged in user. So then I added the input boxes for admin and password and now some functions do not work.

@Jos I have used RunAs() with 0,1,2,and 4 and it all fails.

Whats blowing my mind is that almost every function uses this same format. All my "wmic" functions work fine. for example:

$pid = Runas ($rtech,"mhs", $rcred, 2 ,@ComSpec & " /c wmic /node:" & GUICtrlRead($IP) & " computersystem get name", @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)

_The above works great_

Here are the facts:

All my format for commands remain the same throughout

All commands can be put into cmd and run successfully

All commands work when #RequireAdmin is included instead of starting with " Runas ($rtech,"mhs", $rcred...)

Wmic commands all run successfully

getmac /s command runs successfully

net user commands fail with "Access Denied"

reg query commands fail with "Access Denied"

 

Solution will be to find whats different about the wmic/getmac and the reg query/net user commands

 

Edited by Milas

Share this post


Link to post
Share on other sites

RunAs does not give process that is run the Admin Token.  It only runs the process as the specified user.  #RequireAdmin request the Admin Token.  There are ways to do without using #RequireAdmin, but it will require re-execution of your script, or a secondary script called by the main script.  Here are a few threads that may help.

 

 

Here are some additional threads.  

https://www.google.com/search?q=site:www.autoitscript.com+runas+admin

You can do this without storing credentials in the script.  I just depends on how you want to organize your script to get it done.

 

Adam

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • TheAutomator
      By TheAutomator
      A fullscreen console with custom commands!

      Introduction:
      Hi everyone!
      This funny project started as a question in the help section:
      https://www.autoitscript.com/forum/topic/174404-edit-detect-key-before-updating-content/
      I'd like to share this script with everyone that is interested. 
       
      Why would I want it?
      You like the old style fullscreen console (like in the old day's), You can add custom commands, You can customize the font a lot more compared to cmd.exe, You can share ideas or add tweaks to the script.  
      What's next?
      I'm planning to add my own programming language to it!
      Its going to be implemented with an ActiveX COM dll.
      The syntax is going to be a bit like Lua I guess, any ideas are welcome!
       
      Todo:
      Add sounds. Make an icon / logo. Design a better grammar ( Backus-Naur-vorm: https://nl.wikipedia.org/wiki/Backus-Naur-vorm ). Make test "Console-Scripts" for it. Add a file type for script files ( like batch scripts ). Clean up and modify Console.Au3 content. Add an option to have to type a login password (maybe). Call neo   
      Thanks to:
      xxaviarxx: debugging, some ideas. jguinch: debugging, adding a bunch of tweaks and ideas. kylomas: debugging, new ideas.  
      Edits and updates:
      Added tab key Main edit has focus now on startup Made a pdf that explains the upcoming programming language (need feedback about it!)  
      Until the dll is ready you can have fun with what I already have, hope you like it!
      UDF can be downloaded from the attachments.
      Regards
       
      [The programming language part is been postponed]
      [It's been a while, made a custom recursive descent parser in AutoIt, language and updates will be uploaded soon!]
       
      TheAutomator
       
      Console.au3
      ConsoleScript.pdf
    • hcI
      By hcI
      Hello I would like to know if there is a way to return a sentence in cmd when I launch from it (because I add arguments).
      For example, diskpart.exe which help to manage the key and hdd connected, when you launch it with the parameter "/f" the app return a sentence saying that it don't recognize the parameter "/f" and it return the sentence in the cmd where i started the application, not a new one.
      That's what I want to do but I couldn't find anything that would solve my problem on internet and on AutoIt like ConsoleWrite / ConsoleWriteError (don't work).
       
      Thanks
    • Duck
      By Duck
      I'm attempting to capture the output from the command line tool PSEXEC. I'm using AutoIT to run an instance of PSEXEC against a remote PC to audit Local Admins in my environment using net.exe (C:\Windows\System32> net localgroup administrators). However the usual trick I use to capture command line output does not appear to work well with PSEXEC, as the bottom portion of the output is missing from the return. Any ideas or recommendations are greatly appreciated.  
       
      Here is what I'm working with: 
      ;This script will read from a list of hosts and report who has local admin privileges on the machine #RequireAdmin Global $fileName = @ScriptDir & '\test.txt' ;hostlist, one host per line readHostList() ;Read list of hosts Func readHostList() Local $file = FileOpen($fileName, 0) While 1 $line = FileReadLine($file) If @error = -1 Then ExitLoop ConsoleWrite($line & @CRLF) ;MsgBox(0,0,$line) getLocalAdmins($line) WEnd FileClose($file) EndFunc ;run PSEXEC to list local admins Func getLocalAdmins($remotePC) Local $testFile = @ScriptDir &'\test234.txt' FileOpen($testFile, 1) Local $psexec = 'psexec \\' & $remotePC & ' net localgroup administrators' FileWriteLine($testFile, _RunCmd($psexec) ) FileClose($testFile) EndFunc ;Used to return CLI output Func _RunCmd($sCommand) Local $nPid = Run(@Comspec & " /c" & $sCommand, @SystemDir, @SW_Hide, 8), $sRet = "" If @Error then Return "ERROR:" & @ERROR ProcessWait($nPid) While 1 $sRet &= StdoutRead($nPID) If @error Or (Not ProcessExists ($nPid)) Then ExitLoop WEnd Return $sRet EndFunc  
      ## If i manually run the command on the remote PC via PSEXEC I will get the following output: 
      PsExec v2.11 - Execute processes remotely
      Copyright (C) 2001-2014 Mark Russinovich
      Sysinternals - www.sysinternals.com
      Starting net on PCNAME... on PCNAME...
      net exited on PCNAME with error code 0.
      -------------------------------------------------------------------------------
      admin
      Administrator
      Alias name     administrators
      Domain\Domain Admins
      Comment        Administrators have complete and unrestricted access to the computer/domain
      Members
      The command completed successfully.
       
      ## The returned output from running the above script is as follows:
      PsExec v2.11 - Execute processes remotely
      Copyright (C) 2001-2014 Mark Russinovich
      Sysinternals - www.sysinternals.com
      Alias name     administrators
      Connecting to PCNAME...
      Starting PSEXESVC service on PCNAME...
      Connecting with PsExec service on PCName...
      Starting net on PCNAME..
      net exited on PCNAME with error code 0.
       
      **Note to test this script PSEXEC must be in the system dir or the path in the script changed 
      PSEXEC tool: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
    • luckyluke
      By luckyluke
      Hello,
      Im trying to read the output from CMD using Dllcall, here is my code:
      #include <WinAPI.au3> #include <array.au3> Global Const $STD_OUTPUT_HANDLE = -11 Global Const $_CONSOLE_SCREEN_BUFFER_INFO = _ "struct;int dwSizeX;" & _ "short dwSizeY;" & _ "short dwCursorPositionX;" & _ "short dwCursorPositionY;" & _ "short wAttributes;" & _ "short Left;" & _ "short Top;" & _ "short Right;" & _ "short Bottom;" & _ "short dwMaximumWindowSizeX;" & _ "short dwMaximumWindowSizeY;endstruct" $pCmd = Run( "cmd.exe" ) Sleep(1000) $hCmd = WinGetHandle("") ConsoleWrite('handle:' & $hCmd & @CRLF) $aRet = DllCall("kernel32.dll", "int", "AttachConsole", "dword", $pCmd) ;_ArrayDisplay($aRet) If $aRet[0] <> 0 Then $vHandle_data='' $vHandle='' $vHandle_data = DllStructCreate($_CONSOLE_SCREEN_BUFFER_INFO) ; Screen Buffer structure $aRet1 = DllCall("kernel32.dll", "hwnd", "GetStdHandle", "dword", $STD_OUTPUT_HANDLE) if not @error Then $vHandle = $aRet1[0] $aRet = DllCall("kernel32.dll", "int", "GetConsoleScreenBufferInfo", "hwnd", $vHandle, _ "ptr", $vHandle_data) MsgBox(0, '1',DllStructGetData($vHandle_data, 'dwSizeX') & _WinAPI_GetLastErrorMessage()) EndIf It did not work, i got the message 'The handle is invalid'. Please help?
      Thank you in advance!
    • mihaijulien
      By mihaijulien
      Hello,
      I compiled a script I made that takes a command line parameter (the version of a .msi installer) when launched. The script was compiled with the /console option. The script (.au3) works fine but the executable returns  the following error:  
      Error: array variable has incorrect number of subscripts or subscript dimension range exceeded