Sign in to follow this  
Followers 0
Traskiz

Windows 10 RunAs script problem

12 posts in this topic

Hello,

 

I have a problem, I cant run script as administrator in Windows 10:

main.exe:

RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'EnableBITSMaxBandwidth','REG_DWORD',Number('1'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxTransferRateOnSchedule','REG_DWORD',Number('100'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxBandwidthValidFrom','REG_DWORD',Number('7'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxBandwidthValidTo','REG_DWORD',Number('22'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'UseSystemMaximum','REG_DWORD',Number('1'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxTransferRateOffSchedule','REG_DWORD',Number('400'))

run.exe:

Global $sUserName = "administrator"
Global $sPassword = "pass"
Global $sDomain = "domain"
RunAsWait($sUserName, $sDomain, $sPassword, 2, "main.exe", "", @TempDir)

If I run "run.exe" it dont work...

If  I change main.exe to this:

msgbox(1,"",@username)        

and it runs and shows administrator in message box... but it cant elevate main.exe with RegWrite() command...

 

I tried using #RequireAdmin in first line of main.exe, but it not worked... UAC is set to "do not notify"

 

 

This method of elevation worked on Windows 7 and Windows XP...

Please help!

Share this post


Link to post
Share on other sites



It's a x64 OS? From helpfile Running the 32-bit version of AutoIt on a x64 System

Quote

For registry interaction, use HKCR64 or HKLM64 to bypass the redirection mechanism see Registry Functions documentation.

 

Share this post


Link to post
Share on other sites
6 minutes ago, AutoBert said:

It's a x64 OS? From helpfile Running the 32-bit version of AutoIt on a x64 System

 

It's x64 OS. So I must compile to x64 autoit script?

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Compiled  main.exe as x64 runs without any changes on x64 OS. With the suggested changes from helpfile it runs on x86 and x64 OS.

Edited by AutoBert

Share this post


Link to post
Share on other sites
38 minutes ago, AutoBert said:

Compiled  main.exe as x64 runs without any changes on x64 OS. With the suggested changes from helpfile it runs on x86 and x64 OS.

I dont understand how to fix it. What i have to do? main.exe works when I log in with administrator, but I want to Elevate standart user to execute main.exe with run.exe, but that dont work...

Share this post


Link to post
Share on other sites

Insert IsAdmin in main.au3 for checking the elevation is done.

Share this post


Link to post
Share on other sites
6 minutes ago, AutoBert said:

Insert IsAdmin in main.au3 for checking the elevation is done.

main.exe:

If IsAdmin() Then
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'EnableBITSMaxBandwidth','REG_DWORD',Number('1'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxTransferRateOnSchedule','REG_DWORD',Number('100'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxBandwidthValidFrom','REG_DWORD',Number('7'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxBandwidthValidTo','REG_DWORD',Number('22'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'UseSystemMaximum','REG_DWORD',Number('1'))
RegWrite('HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS', 'MaxTransferRateOffSchedule','REG_DWORD',Number('400'))
Else
MsgBox(1,"Error", "Admin rights needed")
EndIf

 

 

And I get message box :( what I do wrong?

Share this post


Link to post
Share on other sites

disclaimer: not tested, will test when have time. but i noticed in your run.exe script you call RunAsWait with logon flag 2. this is used for accessing only network resources with the specified account, local resources - like the registry - are still accessed with the calling account. change logon flag to 0 or 1 and check.

Share this post


Link to post
Share on other sites

RunAsWait and RunAs does not give the Admin Token, and will not run a process with full admin rights.  It will only run the process under the context of the user with limited rights, even if they are an admin.  To your main.exe script,  add #RequireAdmin at the top and re-compile.  This will request elevation and the Admin Token when run by RunAsWait as the RunAs user.  There are quite few threads on this topic.  

 

Adam

Share this post


Link to post
Share on other sites
12 hours ago, orbs said:

disclaimer: not tested, will test when have time. but i noticed in your run.exe script you call RunAsWait with logon flag 2. this is used for accessing only network resources with the specified account, local resources - like the registry - are still accessed with the calling account. change logon flag to 0 or 1 and check.

Tried all of logon flag...0,1,2 and 4...

11 hours ago, AdamUL said:

RunAsWait and RunAs does not give the Admin Token, and will not run a process with full admin rights.  It will only run the process under the context of the user with limited rights, even if they are an admin.  To your main.exe script,  add #RequireAdmin at the top and re-compile.  This will request elevation and the Admin Token when run by RunAsWait as the RunAs user.  There are quite few threads on this topic.  

 

Adam

As I said... I tied this:

20 hours ago, Traskiz said:

 

I tried using #RequireAdmin in first line of main.exe, but it not worked... UAC is set to "do not notify"

 

 

Please help... Maybe Windows dont let RunAs function? because of security or something ?

Share this post


Link to post
Share on other sites

Sorry for missing that in your post.  My guess is that this is a UAC issue.  Since you have it turned off, its seems that the script cannot get the full admin rights to write to the reg keys.  I usually run with UAC enabled and ConsentPromptBehaviorAdmin set to $UAC_ELEVATE_WITHOUT_PROMPTING.  Have a look at my UAC UDF for setting this setting.  

There is one other thing that you can try, without changing your UAC settings.  Add the following to the top of your main.exe script.  This should force Windows to run it with full admin rights.  Also, make sure that the RunAs user is in the local Administrators group or a group that is in that group.  

#pragma compile(ExecLevel, requireAdministrator)

 

Adam

Share this post


Link to post
Share on other sites

AdamUL-

Thanks for the tip about #pragma.  That fixed it for me.

-Barry.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • ModemJunki
      By ModemJunki
      Hello,
      In Windows 10 PowerShell, one can do this to change the metric for a NIC in Windows 10:
      Get-NetAdapter | Where-Object -FilterScript {$_.InterfaceAlias -Eq "Ethernet 2"} | Set-NetIPInterface -InterfaceMetric 2 I know I can script the above PowerShell line (and it works!), but I wanted to try something I hadn't done before after looking into jguinch's most excellent Network configuration UDF. I wanted to make use of the SetIPConnectionMetric method in the WMI classes. There is an example VBscript here but this is not for Windows 10. Using AutoIT would also give better control over capturing error return codes than with PowerShell.
      But I cannot get my script to work! The return from SetIPConnectionMetric() is 0, which would indicate success. Yet the change does not happen. I also tried WMI methods using .put_ but this fails.
      Anyone more experienced than I have ideas to make this work?
      #RequireAdmin _SetNicInterfaceMetric2("Ethernet 2", "2") Func _SetNicInterfaceMetric2($NIC_NAME, $METRIC) Local $s_setIndx = 0 $objWMIService = ObjGet("winmgmts:{impersonationLevel = impersonate}!\\" & "." & "\root\cimv2") $colNICItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter WHERE NetConnectionID = '" & $NIC_NAME & "'", "WQL") If IsObj($colNICItems) Then For $objItem In $colNICItems $s_nicIndex = $objItem.Index Next ConsoleWrite("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE Index = '" & $s_nicIndex & "'" & @CRLF) $colNAC = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE Index = '" & $s_nicIndex & "'", "WQL") If IsObj($colNAC) Then For $objNetCard In $colNAC If $METRIC <> $objNetCard.IPConnectionMetric Then ConsoleWrite("Metric was set to " & $objNetCard.IPConnectionMetric & ". Setting to " & $METRIC & "." & @CRLF) $s_isSet = $objNetCard.SetIPConnectionMetric($METRIC) ConsoleWrite("SetIPConnectionMetric Result = " & $s_isSet & @CRLF) Else ConsoleWrite("Metric is already set to " & $METRIC & @CRLF) EndIf Next EndIf EndIf EndFunc ;==>_SetNicInterfaceMetric2  
    • mlazovjp
      By mlazovjp
      OK, this one is baffling me and my coworkers.
      I created an AutoIt script with Windows 10 1607 (or maybe 1511) that would do a RunWait "DisplaySwitch.exe /clone" to have both monitors display the same content.  It worked without issue.  Then I upgraded a couple of weeks ago to Windows 10 1703 (Creators Update).  Now when I run the script, it executes everything before and after the RunWait command but the display properties never change.  I used variables to capture the result of the RunWait command and the value of @error.  RunWait returns 0, @error returns 1 (though I don't know what that means exactly).
      I started over with a two-line AutoIt script which attempts to run DisplaySwitch.exe and nothing happens.  I modified the RunWait command to run C:\windows\system32\DisplaySwitch.exe but nothing happens.  So, I created a batch file which just attempts to run C:\windows\system32\DisplaySwitch.exe followed by a pause statement so I could read the results.  It reports "'C:\WINDOWS\System32\DisplaySwitch.exe' is not recognized as an internal or external command, operable program or batch file.".
      So I modified the batch file to perform a directory listing of C:\Windows\system32\*.exe .  It generates a list of 337 files, but if you look through the list, DisplaySwitch.exe is missing.  I then modified the batch file to perform a recursive search for DisplaySwitch.exe from the root of C:\ and it eventually finds this single file: C:\Windows\WinSxS\amd64_microsoft-windows-displayswitch_31bf3856ad364e35_10.0.15063.0_none_fdd58a325d4a2de2\displayswitch.exe
      I can run that file from the batch file and it works fine.  If I run the batch file directly rather than through an AutoIt script, it works fine and it lists DisplaySwitch.exe in C:\Windows\system32 .  
      I have compiled the AutoIt script using v3.3.14.2 and in desperation, I even compiled it with autoit-v3.3.15.0-beta-setup.exe with the same results.  I also tried adding #RequireAdmin with the same results.  If I look at the security properties of the file I cannot find anything which implies that a script could not access it.  I also notice that if I open a command prompt and do the same directory listing of all .exe files in C:\windows\system32 it lists 660 files, compared to only 337 files when that command is run through my AutoIt script.  I can also report that when I made these two files available for download through Google Drive to my colleague running Windows 10 1511, Smart Filter and Symantec both complained about the files, but we bypassed the warning and they executed properly (i.e. DisplaySwitch.exe was visible in C:\windows\system32 and it switched to Clone Mode).  My other colleague with 1703 has the same problem as me where DisplaySwitch.exe is invisible to scripts running from within an AutoIt script.
      switch.au3
      switch.cmd
    • rg20
      By rg20
      Greetings all,
       
      I have an app that runs fine in windows 7 but not windows 10.
      issue : when entering the filename to save, it enters it into the saveAs dialog box, but Office still tries to save as "Diagram1" or "Presentation1"
       
      $FileError = "" MonitorProcess2("VISIO") _DebugOut("Visio Done") MonitorProcess2("POWERPNT") _debugOut("Powerpoint Done") CloseSave($FileSavePathName, $SaveAsWindow) _DebugOut("Saved and closed Powerpoint") _VSO_DocumentSave($objVisioFile) while not _VSO_DocumentSaved($objVisioFile) WEnd _VSO_VisioClose($objVisioFile) _DebugOut("Saved and closed Visio") else _DebugOut("Filename Does not exist = "& $FilePathName) EndIf the monitor process2 just makes sure the processes are complete before trying to save the files.
       
      The closeSave function is below, but since I am opening the file with the proper name, this is not an issue
      func CloseSave($SaveFile, $SaveAsWindow) _DebugOut("Save File ") _DebugOut($SaveFile) send("!{F4}") send ("!S") $title = WinGetTitle("[ACTIVE]") _DebugOut("WINDOW - current window is Powerpoint to enter filename " & $title) while not ($title = $SaveAsWindow) $title = WinGetTitle("[ACTIVE]") wend ControlSetText ($SaveAsWindow,"","[CLASS:Edit; INSTANCE:1]",$SaveFile) send ("!S") $title = WinGetTitle("[ACTIVE]") while not StringInStr($title,"Visio") $title = WinGetTitle("[ACTIVE]") wend EndFunc  
    • brodillo
      By brodillo
      Hello, I've experience using automation anywhere. Now I want to learn Auto It for my automatization projects.
      I've tried to implement an example using calculator program in Windows 10.
      When I used au3Info program to identify  an escefific zone in the calc window , au3info always return the same advanced class  [CLASS:ApplicationFrameInputSinkWindow; INSTANCE:1] 
      Is there a restriction for windows 10?
      See my little script
       
      Run("Calc.exe")
      WinWaitActive("Calculadora")
      WinActive("Calculadora")
      $old="0"
      $new="1020"
      $controlNumber="[CLASS:ApplicationFrameInputSinkWindow; INSTANCE:1]"
      ControlSetText("Calculadora","",$controlNumber,$new)
      ControlSend("Calculadora","",$controlNumber,$new)
       
      I've tried using controlSetText and ControlSend.
       
      Thank you for your help
       
    • DLS
      By DLS
      I have a working script that changes the core affinity and process priority of multiples of a specific application I have running.  
      I have that part figured out.

      I would like to make a little modification to it.

      Windows10 introduced virtual desktops.  I am trying to have different core affinity and priority of processes on the visible and non-visible desktops.  
      What I need is a bool function that could be described as IsWindowOnCurrentDesktop($hWnd).  I have searched the winAPI.au3 but I do not believe anything like that exists built it.
      I have searched multiple places before asking for help. I found a Microsoft supplied example of the function I need using C#, but I am unfamiliar with C# to a degree that I cannot port the system call over.
      https://blogs.msdn.microsoft.com/winsdk/2015/09/10/virtual-desktop-switching-in-windows-10/
      Help is appreciated but not expected.  Thanks in advanced.   In the meantime I will be learning C# syntax and class structure.