Jump to content
Rex

RunAs / RunAsWait problem on server 2012R2 [SOLVED]

Recommended Posts

Rex

Hi

I created a login script for our old server witch had server 2008, and the script worked flawless

Now we have upgraded to server 2012, and the script stopped working correct.

For some reason my Run/RunAs/RunAsWait functions don't work, or some of them don't work

Run('D:\Admin.exe') don't work, the Admin.exe is newer executed, and the user have execute rights to D:

RunAs($sUsr, @computerName, $sPass, 0,'C:\Program Files (x86)\Admin.exe) Lunches Admin, but not with admin rights

Admin.exe contains

If Not IsAdmin() Then
    MsgBox(262144,"ADMIN","Isn't admin")
Else
    MsgBox(262144,"ADMIN","Is ADMIN")
EndIf
Exit

And should show Is Admin, when executed with admin rights, as far i under stand

Even if I do a RunAs @comSpec it's not executed as admin :'(

I also have tried to compile the excamples from runas and runaswait, neither of them worked with admin rights

Any one have a suggestion on what might be the problem, I have disabled UAC - and if i Right click and choose RunasAdmin with the user name/password it works, so shouldn't be because of wrong username/pass, als the secondary logon service is running.

 

Cheers
/Rex

 

:Edit additional info

Edited by Rex

Share this post


Link to post
Share on other sites
BetaLeaf

Does #RequireAdmin help at all? It would help us if you could show us what you have so far so we can see where and how your script breaks.


False Positive Reporter - Mass email all anti virus vendors with an attachment of your program for fast and easy whitelisting.

PortableApps.com App Creation Wizard  - A simple GUI-based Wizard for creating PortableApps.

SoundBoard - Play any song or sound you want at the press of a hotkey.

My GitHub Page: https://github.com/BetaLeaf

Share this post


Link to post
Share on other sites
Rex

@BetaLeaf My script breaks at the very first RunAS command I have.

 

RunAsWait("UserService", @ComputerName, "!PASS!", 0, '"C:\Program Files (x86)\UserService\Admin.exe"')
RunAsWait("UserService", @LogonServer, "!PASS", 0, '"C:\Program Files (x86)\UserService\Admin.exe"')
RunAsWait("UserService", @LogonDomain, "!PASS!", 0, '"C:\Program Files (x86)\UserService\Admin.exe"')
RunAs("USerService", @ComputerName, "!PASS!", 0,@comspec&" /c rd C:\Windows\Temp")
Run('"C:\Program Files (x86)\UserService\Admin.exe"')

This is what I have in my login script for now, and non of them works

 

Cheers
/Rex

Share this post


Link to post
Share on other sites
Rex

@Jos

It's a logon script that is run at user logon thru group policy, so adding #requireAdmin won't work ad the script is run with the users privileges, I don't know how to set the requestedExecutionLevel :(

 

Cheers
/REx

Share this post


Link to post
Share on other sites
Jos

Either way, when the UAC is enabled, you will get a prompt when the requireAdministrator  level is needed. This has nothing to do with being a user or Administrator. Maybe some reading up on this is the first thing you need to do,

Jos


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Rex

@Jos

UAC is disabled, but yes if it wasn't then the user would get a prompt - but the script is designed (the old script that worked flawless on server 2008) to run with out user interference, one of the things the script doe's is to move the user profile to another drive, and setting up some services.

 

Cheers
/Rex

Share this post


Link to post
Share on other sites
BetaLeaf

You can skip the uac prompt by setting this program as a scheduled task. May also help with the admin issue.


False Positive Reporter - Mass email all anti virus vendors with an attachment of your program for fast and easy whitelisting.

PortableApps.com App Creation Wizard  - A simple GUI-based Wizard for creating PortableApps.

SoundBoard - Play any song or sound you want at the press of a hotkey.

My GitHub Page: https://github.com/BetaLeaf

Share this post


Link to post
Share on other sites
Rex

@BetaLeaf I will try that

How ever it still don't cast any lights on why the runas don't work in server 2012, when it did in Server 2008

 

Cheers

/Rex

Share this post


Link to post
Share on other sites
BetaLeaf

I'm sorry, what? What lights? Do you mean the disk activity led on the case of the pc?

Edited by BetaLeaf
Omg I didn't mean to type that. It was a typo. Sorry.

False Positive Reporter - Mass email all anti virus vendors with an attachment of your program for fast and easy whitelisting.

PortableApps.com App Creation Wizard  - A simple GUI-based Wizard for creating PortableApps.

SoundBoard - Play any song or sound you want at the press of a hotkey.

My GitHub Page: https://github.com/BetaLeaf

Share this post


Link to post
Share on other sites
Rex

@BetaLeaf LOL

There must be some reason on why the runas don't work on server 2012 - but I haven't found any answers on google

 

Cheers
/Rex

Share this post


Link to post
Share on other sites
BetaLeaf
1 minute ago, Rex said:

@BetaLeaf LOL

There must be some reason on why the runas don't work on server 2012 - but I haven't found any answers on google

 

Cheers
/Rex

Oops lol that was a typo. 


False Positive Reporter - Mass email all anti virus vendors with an attachment of your program for fast and easy whitelisting.

PortableApps.com App Creation Wizard  - A simple GUI-based Wizard for creating PortableApps.

SoundBoard - Play any song or sound you want at the press of a hotkey.

My GitHub Page: https://github.com/BetaLeaf

Share this post


Link to post
Share on other sites
Rex

An update

Soo I have tried again and again, and it seems that it's somehow connected to my admin user - if I use administrator in runas, it works like it should - but using my service user, witch is a administrator, runas don't work ??

So now I need to find out why one admin user works and another don't

Cheers
/Rex

Share this post


Link to post
Share on other sites
BetaLeaf

Most users are assigned to multiple local groups. Run this command in command prompt as admin:

Net user admin

Change admin to whatever the name of your admin accounts are. Compare the two users. You can change local groups with this command

Net localgroup group admin /add

Net localgroup group admin /delete

https://technet.microsoft.com/en-us/library/bb490706.aspx


False Positive Reporter - Mass email all anti virus vendors with an attachment of your program for fast and easy whitelisting.

PortableApps.com App Creation Wizard  - A simple GUI-based Wizard for creating PortableApps.

SoundBoard - Play any song or sound you want at the press of a hotkey.

My GitHub Page: https://github.com/BetaLeaf

Share this post


Link to post
Share on other sites
Rex

Both administrator and my service user are in the same group, according to net user @Username

And if i run my Admin.exe from the service user - it tell me that it's runned with admin priv.

 

Cheers
/Rex

Share this post


Link to post
Share on other sites
BetaLeaf

I don't know thenothing. Sorry I cannot help you further. I hope someone else will be able and willing to help. Have a good one.


False Positive Reporter - Mass email all anti virus vendors with an attachment of your program for fast and easy whitelisting.

PortableApps.com App Creation Wizard  - A simple GUI-based Wizard for creating PortableApps.

SoundBoard - Play any song or sound you want at the press of a hotkey.

My GitHub Page: https://github.com/BetaLeaf

Share this post


Link to post
Share on other sites
Rex

@BetaLeaf

Thx for the help so far :)

Yeah I also hope that some one can come with some input on why the main admin account works in runas, when other admin accounts don't.

But it seems that MS has made some radical changes on the security part in server 2012.

 

Cheers
/Rex

Share this post


Link to post
Share on other sites
AdamUL

Are you compiling as 32 or 64 bit?  This could be causing an issue.  

 

Adam

 

Share this post


Link to post
Share on other sites
Rex

@AdamUL

I have tried both 32 and 64, but current I use 32, course most of the operations I need is 32bit

 

Cheers
/Rex

Share this post


Link to post
Share on other sites
lascellk

I have confirmed the same behavior in Windows 10.  I am able to call my test EXE (with the same IsAdmin code) using RunAsWait and I can see it is running under the context of the admin account I am want to use.  However, it is not running elevated....same issue.  This same code worked fine on Windows 7 x86/x64.

 

Has anyone seen this issue on Win10?

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×