Sign in to follow this  
Followers 0
Traskiz

Windows 10 RunAs script problem

12 posts in this topic

Hello,

 

I have a problem, I cant run script as administrator in Windows 10:

main.exe:

RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'EnableBITSMaxBandwidth','REG_DWORD',Number('1'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxTransferRateOnSchedule','REG_DWORD',Number('100'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxBandwidthValidFrom','REG_DWORD',Number('7'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxBandwidthValidTo','REG_DWORD',Number('22'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'UseSystemMaximum','REG_DWORD',Number('1'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxTransferRateOffSchedule','REG_DWORD',Number('400'))

run.exe:

Global $sUserName = "administrator"
Global $sPassword = "pass"
Global $sDomain = "domain"
RunAsWait($sUserName, $sDomain, $sPassword, 2, "main.exe", "", @TempDir)

If I run "run.exe" it dont work...

If  I change main.exe to this:

msgbox(1,"",@username)        

and it runs and shows administrator in message box... but it cant elevate main.exe with RegWrite() command...

 

I tried using #RequireAdmin in first line of main.exe, but it not worked... UAC is set to "do not notify"

 

 

This method of elevation worked on Windows 7 and Windows XP...

Please help!

Share this post


Link to post
Share on other sites



It's a x64 OS? From helpfile Running the 32-bit version of AutoIt on a x64 System

Quote

For registry interaction, use HKCR64 or HKLM64 to bypass the redirection mechanism see Registry Functions documentation.

 

Share this post


Link to post
Share on other sites
6 minutes ago, AutoBert said:

It's a x64 OS? From helpfile Running the 32-bit version of AutoIt on a x64 System

 

It's x64 OS. So I must compile to x64 autoit script?

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Compiled  main.exe as x64 runs without any changes on x64 OS. With the suggested changes from helpfile it runs on x86 and x64 OS.

Edited by AutoBert

Share this post


Link to post
Share on other sites
38 minutes ago, AutoBert said:

Compiled  main.exe as x64 runs without any changes on x64 OS. With the suggested changes from helpfile it runs on x86 and x64 OS.

I dont understand how to fix it. What i have to do? main.exe works when I log in with administrator, but I want to Elevate standart user to execute main.exe with run.exe, but that dont work...

Share this post


Link to post
Share on other sites

Insert IsAdmin in main.au3 for checking the elevation is done.

Share this post


Link to post
Share on other sites
6 minutes ago, AutoBert said:

Insert IsAdmin in main.au3 for checking the elevation is done.

main.exe:

If IsAdmin() Then
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'EnableBITSMaxBandwidth','REG_DWORD',Number('1'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxTransferRateOnSchedule','REG_DWORD',Number('100'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxBandwidthValidFrom','REG_DWORD',Number('7'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxBandwidthValidTo','REG_DWORD',Number('22'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'UseSystemMaximum','REG_DWORD',Number('1'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxTransferRateOffSchedule','REG_DWORD',Number('400'))
Else
MsgBox(1,"Error", "Admin rights needed")
EndIf

 

 

And I get message box :( what I do wrong?

Share this post


Link to post
Share on other sites

disclaimer: not tested, will test when have time. but i noticed in your run.exe script you call RunAsWait with logon flag 2. this is used for accessing only network resources with the specified account, local resources - like the registry - are still accessed with the calling account. change logon flag to 0 or 1 and check.

Share this post


Link to post
Share on other sites

RunAsWait and RunAs does not give the Admin Token, and will not run a process with full admin rights.  It will only run the process under the context of the user with limited rights, even if they are an admin.  To your main.exe script,  add #RequireAdmin at the top and re-compile.  This will request elevation and the Admin Token when run by RunAsWait as the RunAs user.  There are quite few threads on this topic.  

 

Adam

Share this post


Link to post
Share on other sites
12 hours ago, orbs said:

disclaimer: not tested, will test when have time. but i noticed in your run.exe script you call RunAsWait with logon flag 2. this is used for accessing only network resources with the specified account, local resources - like the registry - are still accessed with the calling account. change logon flag to 0 or 1 and check.

Tried all of logon flag...0,1,2 and 4...

11 hours ago, AdamUL said:

RunAsWait and RunAs does not give the Admin Token, and will not run a process with full admin rights.  It will only run the process under the context of the user with limited rights, even if they are an admin.  To your main.exe script,  add #RequireAdmin at the top and re-compile.  This will request elevation and the Admin Token when run by RunAsWait as the RunAs user.  There are quite few threads on this topic.  

 

Adam

As I said... I tied this:

20 hours ago, Traskiz said:

 

I tried using #RequireAdmin in first line of main.exe, but it not worked... UAC is set to "do not notify"

 

 

Please help... Maybe Windows dont let RunAs function? because of security or something ?

Share this post


Link to post
Share on other sites

Sorry for missing that in your post.  My guess is that this is a UAC issue.  Since you have it turned off, its seems that the script cannot get the full admin rights to write to the reg keys.  I usually run with UAC enabled and ConsentPromptBehaviorAdmin set to $UAC_ELEVATE_WITHOUT_PROMPTING.  Have a look at my UAC UDF for setting this setting.  

There is one other thing that you can try, without changing your UAC settings.  Add the following to the top of your main.exe script.  This should force Windows to run it with full admin rights.  Also, make sure that the RunAs user is in the local Administrators group or a group that is in that group.  

#pragma compile(ExecLevel, requireAdministrator)

 

Adam

Share this post


Link to post
Share on other sites

AdamUL-

Thanks for the tip about #pragma.  That fixed it for me.

-Barry.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • DLS
      By DLS
      I have a working script that changes the core affinity and process priority of multiples of a specific application I have running.  
      I have that part figured out.

      I would like to make a little modification to it.

      Windows10 introduced virtual desktops.  I am trying to have different core affinity and priority of processes on the visible and non-visible desktops.  
      What I need is a bool function that could be described as IsWindowOnCurrentDesktop($hWnd).  I have searched the winAPI.au3 but I do not believe anything like that exists built it.
      I have searched multiple places before asking for help. I found a Microsoft supplied example of the function I need using C#, but I am unfamiliar with C# to a degree that I cannot port the system call over.
      https://blogs.msdn.microsoft.com/winsdk/2015/09/10/virtual-desktop-switching-in-windows-10/
      Help is appreciated but not expected.  Thanks in advanced.   In the meantime I will be learning C# syntax and class structure.
    • therks
      By therks
      Does anybody know how I would go about getting the window title bar colour on Windows 10? I tried using _WinAPI_GetSysColor, and manually reading the registry (HKCU\Control Panel\Colors, ActiveTitle) but in either case I get the same (0x99B4D1, wrong) result.
      RegRead('HKCU\Control Panel\Colors', 'ActiveTitle') ; Returns 153 180 209 (aka 99B4D1) _WinAPI_GetSysColor ($COLOR_ACTIVECAPTION) ; Returns 0xD1B499 (aka 99B4D1)  
    • therks
      By therks
      As the title says, does anyone know of a way to open the Windows 10 action center using AutoIt. Maybe via rundll or some other applet?
      My intention is to just hide the normal icon, then have an AutoIt system tray icon that will open the action center on click. And I can't just send the Win+A hotkey because I have it disabled. 
      Thanks for reading.
    • TMelanson
      By TMelanson
      Hi folks,
      I'm hoping someone can help me out here.
      Background:
      I have the need to run a program with admin credentials (#RequireAdmin), and then get the SID of the locally logged in account. Not the admin account.
      If you look at the attached script, Line 16 uses the @UserName variable and returns the SID for the admin account I used to launch the app.
      I want to use line 17 which passes the result of the _GetUsername function which is a username using  ($UserName) to the WMIService.
      I'm getting " The requested action with this object has failed.:" error message.
      Any suggestions would be appreciated!
       
      test1.au3
    • onlineth
      By onlineth
      I’m wondering how to add a Windows Hello option to the additional PIN, Fingerprint, and Facial Recognition options? I'd like an interface that could be linked to the Windows Hello authentication system and AutoIt itself.
      I understand that this discussion did not meet the Forum Rules, I apologize about that. I'd like to point out that this post is asking for a way to attach into the Windows Hello service. I'd like to follow the same concept that YubiKey's interact with Windows Hello as seen here: https://www.yubico.com/2016/09/yubikey-works-windows-hello/.