Jump to content

RunAs / RunAsWait problem on server 2012R2 [SOLVED]


Recommended Posts

Hi

I created a login script for our old server witch had server 2008, and the script worked flawless

Now we have upgraded to server 2012, and the script stopped working correct.

For some reason my Run/RunAs/RunAsWait functions don't work, or some of them don't work

Run('D:\Admin.exe') don't work, the Admin.exe is newer executed, and the user have execute rights to D:

RunAs($sUsr, @computerName, $sPass, 0,'C:\Program Files (x86)\Admin.exe) Lunches Admin, but not with admin rights

Admin.exe contains

If Not IsAdmin() Then
    MsgBox(262144,"ADMIN","Isn't admin")
Else
    MsgBox(262144,"ADMIN","Is ADMIN")
EndIf
Exit

And should show Is Admin, when executed with admin rights, as far i under stand

Even if I do a RunAs @comSpec it's not executed as admin :'(

I also have tried to compile the excamples from runas and runaswait, neither of them worked with admin rights

Any one have a suggestion on what might be the problem, I have disabled UAC - and if i Right click and choose RunasAdmin with the user name/password it works, so shouldn't be because of wrong username/pass, als the secondary logon service is running.

 

Cheers
/Rex

 

:Edit additional info

Edited by Rex
Link to post
Share on other sites

@BetaLeaf My script breaks at the very first RunAS command I have.

 

RunAsWait("UserService", @ComputerName, "!PASS!", 0, '"C:\Program Files (x86)\UserService\Admin.exe"')
RunAsWait("UserService", @LogonServer, "!PASS", 0, '"C:\Program Files (x86)\UserService\Admin.exe"')
RunAsWait("UserService", @LogonDomain, "!PASS!", 0, '"C:\Program Files (x86)\UserService\Admin.exe"')
RunAs("USerService", @ComputerName, "!PASS!", 0,@comspec&" /c rd C:\Windows\Temp")
Run('"C:\Program Files (x86)\UserService\Admin.exe"')

This is what I have in my login script for now, and non of them works

 

Cheers
/Rex

Link to post
Share on other sites
  • Developers

As suggested already: So what about adding the #requireAdmin as suggested or setting the compiled script's requestedExecutionLevel ?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to post
Share on other sites

@Jos

It's a logon script that is run at user logon thru group policy, so adding #requireAdmin won't work ad the script is run with the users privileges, I don't know how to set the requestedExecutionLevel :(

 

Cheers
/REx

Link to post
Share on other sites
  • Developers

Either way, when the UAC is enabled, you will get a prompt when the requireAdministrator  level is needed. This has nothing to do with being a user or Administrator. Maybe some reading up on this is the first thing you need to do,

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to post
Share on other sites

@Jos

UAC is disabled, but yes if it wasn't then the user would get a prompt - but the script is designed (the old script that worked flawless on server 2008) to run with out user interference, one of the things the script doe's is to move the user profile to another drive, and setting up some services.

 

Cheers
/Rex

Link to post
Share on other sites

An update

Soo I have tried again and again, and it seems that it's somehow connected to my admin user - if I use administrator in runas, it works like it should - but using my service user, witch is a administrator, runas don't work ??

So now I need to find out why one admin user works and another don't

Cheers
/Rex

Link to post
Share on other sites

Most users are assigned to multiple local groups. Run this command in command prompt as admin:

Net user admin

Change admin to whatever the name of your admin accounts are. Compare the two users. You can change local groups with this command

Net localgroup group admin /add

Net localgroup group admin /delete

https://technet.microsoft.com/en-us/library/bb490706.aspx

 

 

Link to post
Share on other sites

Both administrator and my service user are in the same group, according to net user @Username

And if i run my Admin.exe from the service user - it tell me that it's runned with admin priv.

 

Cheers
/Rex

Link to post
Share on other sites

@BetaLeaf

Thx for the help so far :)

Yeah I also hope that some one can come with some input on why the main admin account works in runas, when other admin accounts don't.

But it seems that MS has made some radical changes on the security part in server 2012.

 

Cheers
/Rex

Link to post
Share on other sites
  • 1 year later...

I have confirmed the same behavior in Windows 10.  I am able to call my test EXE (with the same IsAdmin code) using RunAsWait and I can see it is running under the context of the admin account I am want to use.  However, it is not running elevated....same issue.  This same code worked fine on Windows 7 x86/x64.

 

Has anyone seen this issue on Win10?

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...