31290

@Username issue and temp access

Started by 31290,

15 posts in this topic

#1 ·  Posted

Hi everyone, 

I'm writing a tool that will help my technician adding a user in the local admin group. 

1- As the user, at first, is not part of the group, launching the .exe file ask for admin credentials. Thing is, whereas I'm using  

RunWait(@ComSpec & ' /c ' & 'Net LocalGroup Administrators' & @username & ' /add' ,"")

The @username macro is taking the admin user account in the variable instead of the current logged user one.

Do you know how can I face this and have the "real" username value returned?

2- do you guys think it's possible to give the admin access temporary? Maybe something to write in the reg? task scheduler? compare dates and execute a .exe? etc...?

Thanks in advance :)

-31290

~~~ Doom Shall Never Die, Only The Players ~~~

Share this post

Link to post
Share on other sites



#2 ·  Posted

There are a lot of ways to go about this; I am sure you'll get suggestions on 10 different ways to skin this particular cat. You could always parse the hivelist in the registry for the currently logged in user: 

HKLM\SYSTEM\CurrentControlSet\Control\hivelist

You have to weed out the system profiles logged in, but it will leave you with the username of the currently logged in person: 

\Registry\User\S-1-5-21-121076320-351217325-940726084-118988

-value-

\Device\HarddiskVolume2\Users\LoganJe\NTUSER.DAT

 

When you're dead, you don't know you're dead - it's only difficult for those that know you. It's the same way when you're stupid...

My Scripts: SCCM UDFInclude Source with Compiled Script, Windows Firewall UDF

Share this post

Link to post
Share on other sites

#3 ·  Posted

Thanks for the reply.

Unfortunately, the user does not have access to regedit. When I login with my admin account, I don't even see his profile in the list. 
Attacking the registry via a "runas" would require too much time in the process. 

I found this: 

#RequireAdmin

MsgBox(0, 0, @UserName)
MsgBox(0, 0, _GetUsername())

Func _GetUsername()
    Local $aResult = DllCall("Wtsapi32.dll", "int", "WTSQuerySessionInformationW", "int", 0, "dword", -1, "int", 5, "dword*", 0, "dword*", 0)
    If @error Or $aResult[0] = 0 Then Return SetError(1, 0, 0)
    Local $sUsername = BinaryToString(DllStructGetData(DllStructCreate("byte[" & $aResult[5] & "]", $aResult[4]), 1), 2)
    DllCall("Wtsapi32.dll", "int", "WTSFreeMemory", "ptr", $aResult[4])
    Return $sUsername
EndFunc   ;==>_GetUsername

But it totally screws up my script :/

~~~ Doom Shall Never Die, Only The Players ~~~

Share this post

Link to post
Share on other sites

#4 ·  Posted

59 minutes ago, 31290 said:

The @username macro is taking the admin user account in the variable instead of the current logged user one.

I can't ack this. Test this small script: 

#RequireAdmin
MsgBox(64,'User',@username)

on my Win10 x64 i get the real username.

15 minutes ago, 31290 said:

Attacking the registry via a "runas" would require too much time in the process.

Why attacking? Has your Admin no rights to do this?

Share this post

Link to post
Share on other sites

#5 ·  Posted

Get the @Username into a variable BEFORE trying to use the user name in the command line.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post

Link to post
Share on other sites

#6 ·  Posted 

; This
Local $WSHNetwork = ObjCreate("Wscript.Network")
Local $sUsername = $WSHNetwork.UserName
ConsoleWrite ( $sUsername )


#cs or this script
; Or this (script i had in my repository, not written by me )
#include <Array.au3>

$un = _GetUsername()
;~ $un = StringLeft($un, stringlen($un) - 1)           ; <-- The solution

For $i = 1 To StringLen($un)
    $char = StringMid($un, $i, 1)
    ConsoleWrite(Asc($char) & " : >" & $char & "<" & @CRLF)
Next

$thing = StringLen($un) & " - 123" & String($un) & "456"

ConsoleWrite(@CRLF & $thing & @CRLF)

Func _GetUsername()
    Local $sUsername = ""
    Local $aResult = DllCall("Wtsapi32.dll", "int", "WTSQuerySessionInformationW", "int", 0, "dword", -1, "int", 5, "dword*", 0, "dword*", 0)
    If @error Or $aResult[0] = 0 Then Return SetError(1, 0, 0)
    Local $sUsername = BinaryToString(DllStructGetData(DllStructCreate("byte[" & $aResult[5] & "]", $aResult[4]), 1), 2)
    DllCall("Wtsapi32.dll", "int", "WTSFreeMemory", "ptr", $aResult[4])
    Return $sUsername
EndFunc   ;==>_GetUsername
#ce

Perhaps its not such a good practise to "temporary" add a user to the local admin group.. Anyway hope this code helps.

Share this post

Link to post
Share on other sites

#7 ·  Posted

@pluto41 The first snippet you have will have the same problem; unless done before the RunAs it will show the elevated username.

The dllCall returns the correct user session, whether RunAs an elevated user or SYSTEM, but may be a bit of a kludge for what the OP is trying to accomplish.

When you're dead, you don't know you're dead - it's only difficult for those that know you. It's the same way when you're stupid...

My Scripts: SCCM UDFInclude Source with Compiled Script, Windows Firewall UDF

Share this post

Link to post
Share on other sites

#8 ·  Posted

Hi Guys, 

Thanks for your answers but:

15 hours ago, BrewManNH said:

Get the @Username into a variable BEFORE trying to use the user name in the command line.

Thing is that Windows is asking for an elevated user account just to launch the software and take this user into account. The @Username macro take that account.
For example, the target username is "John Doe" and my admin account is "31290_a". @Username = "31290_a" for the entire execution.

15 hours ago, AutoBert said:

#RequireAdmin MsgBox(64,'User',@username)

Same story. Windows asks for admin credentials and the msgbox returns "31290_a"

 

15 hours ago, AutoBert said:
15 hours ago, 31290 said:

Attacking the registry via a "runas" would require too much time in the process.

Why attacking? Has your Admin no rights to do this?

My admin account has rights to do that but again, when launching regedit.exe windows asks for admin credentials and I can't see the user's hive and profile in the registry.

Of course, this is the same thing for all other macros > @DesktopDir / @AppdataDir / etc.

The only one that is showing the good path is @WorkingDir. Here, I have the username as :"C:\Users\USERNAME\Google Drive\..."
Thing is, the username is not the same and it's length is variable but always contained after "C:\Users\" and before "\Google Drive" (or "\Desktop"). I was thinking about _StringBetween but how to handle the username properly? Is it reliable?

Thanks :)

 

~~~ Doom Shall Never Die, Only The Players ~~~

Share this post

Link to post
Share on other sites

#9 ·  Posted

2 minutes ago, 31290 said:

Same story. Windows asks for admin credentials and the msgbox returns "31290_a"

Then you need 3 scripts: 1. writing @username in ini etc. and starts 2. this uses runas for evelator and the 3. read the username from ini and execute the real job using this variable.

Share this post

Link to post
Share on other sites

#10 ·  Posted

26 minutes ago, AutoBert said:

Then you need 3 scripts: 1. writing @username in ini etc. and starts 2. this uses runas for evelator and the 3. read the username from ini and execute the real job using this variable.

Thanks but this won't work as well. Anything I'll execute on the user profile will ask for admin credentials and the @username macro will be set to my admin account...

~~~ Doom Shall Never Die, Only The Players ~~~

Share this post

Link to post
Share on other sites

#11 ·  Posted

11 minutes ago, 31290 said:

Thanks but this won't work as well. Anything I'll execute on the user profile will ask for admin credentials and the @username macro will be set to my admin account...

Users can't write to @AppDataCommonDir or any other place?

Share this post

Link to post
Share on other sites

#12 ·  Posted

1 minute ago, AutoBert said:

Users can't write to @AppDataCommonDir or any other place?

No sir :/ the only way to work on that is:

58 minutes ago, 31290 said:

The only one that is showing the good path is @WorkingDir. Here, I have the username as :"C:\Users\USERNAME\Google Drive\..."
Thing is, the username is not the same and it's length is variable but always contained after "C:\Users\" and before "\Google Drive" (or "\Desktop"). I was thinking about _StringBetween but how to handle the username properly? Is it reliable?

but not sure this would be easy considering that the user name can be at least 4 characters.

Thanks :)

~~~ Doom Shall Never Die, Only The Players ~~~

Share this post

Link to post
Share on other sites

#13 ·  Posted

3 hours ago, 31290 said:

My admin account has rights to do that but again, when launching regedit.exe windows asks for admin credentials and I can't see the user's hive and profile in the registry.

I guess I am not understanding this piece. If you run an application as another user, be it an admin or even the System account, you can still see the logged in user's hive in the registry. You are looking under HKEY_USERS, not HKEY_CURRENT_USER, right?

When you're dead, you don't know you're dead - it's only difficult for those that know you. It's the same way when you're stupid...

My Scripts: SCCM UDFInclude Source with Compiled Script, Windows Firewall UDF

Share this post

Link to post
Share on other sites

#14 ·  Posted

1 hour ago, JLogan3o13 said:

I guess I am not understanding this piece. If you run an application as another user, be it an admin or even the System account, you can still see the logged in user's hive in the registry. You are looking under HKEY_USERS, not HKEY_CURRENT_USER, right?

Of Course :) HKCU is my admin account :)

I'm starting to think about the  _StringBetween thing... I think that as long the tech launch the script from the user's desktop, it can be fine.
If you have any clue on that one, I'll take :)

Thanks

~~~ Doom Shall Never Die, Only The Players ~~~

Share this post

Link to post
Share on other sites

#15 ·  Posted

Sorry for double post but I managed to find the solution :)

For the record, I did: 

#include <Array.au3>
#include <String.au3>
#RequireAdmin

$Username = @WorkingDir

Local $aArray = _StringBetween(@WorkingDir, "C:\Users\", "\")

Msgbox (0,"",$aArray[0])

When compiling it and running it from the non-admin user's desktop, the msgbox now gives me the correct user name even when Windows asks me for admin credentials to run it. :sweating:

Now, have to find how to delete the user from the admin group 24/48h later without any tech intervention... Gonna be fun I think :) If you guys have ideas, please share :)

Thanks!

-31290

~~~ Doom Shall Never Die, Only The Players ~~~

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Go To Topic Listing AutoIt General Help and Support

  • Similar Content

    • RamPalav
      Send text to VBA form
      By RamPalav
      Hi,
      I want to send text into a VBA form's text field. Can someone please guide me on the autoit script that can help me.
      Below is the sample code that I need help on:
      #include <Excel.au3> #include <FileConstants.au3> #include <MsgBoxConstants.au3> @ScriptDir ="D:\\AutoIT\" $sFilePath = @ScriptDir & "\ExcelForm.xlsm" Local $oAppl = _Excel_Open() ;Local $oAppl = _Excel_Open(False, Default, Default, Default, True) Local $sWorkbook = $sFilePath Local $oWorkbook = _Excel_BookOpen($oAppl, $sWorkbook) ConsoleWrite('before opening macro.........1') $oAppl.Run('mymacro') Sleep(3000) ConsoleWrite('After opening macro.........1') Send('First text') ConsoleWrite('After opening macro.........2') Send('{TAB}') ConsoleWrite('After opening macro.........3') Send('Second text') ConsoleWrite('After opening macro.........4') Send('{TAB}') Send('{Enter}') ConsoleWrite('After opening macro.........5') thanks,
       
    • twixt
      Send command
      By twixt
      I am having trouble getting the send command with one of the defined macros.  I need to send to the active window a function with parameters.
      Run("notepad.exe") WinWaitActive("Untitled - Notepad") Send("RUN(""@IPAddress1"", port_number, ""conf_option"")") What I am looking for is something like this to be sent to the active window
      RUN("192.168.1.1", 52535, "filename.conf")
      getting the @IPAddress in quotes seems to screw up the send command syntax.  Any help?
    • TheDcoder
      Is it a Good Idea?: $CmdLineRaw as a Macro
      By TheDcoder
      Hello! I am back with another IIAGI? (Is it a Good Idea?)
       
      I think $CmdLineRaw is more like a macro than a "special" variable (which cannot be changed)... So making ti @CmdLineRaw would make more sense and there will 1 less exception to variables , I know that you were wondering about the $CmdLine "special" array... I didn't forgot it, but I don't think a macro can be a array, so I just ignored it... Maybe removing the $CmdLine and changing $CmdLineRaw to @CmdLine would be nice if you ask me .
       
      Think before choosing! TD
       
      P.S Feel free to disagree with me, I want hear your opinion as well .
    • Smigacznr1
      Check for macros in excel
      By Smigacznr1
      Hi everyone,
      I'm writing script for searching empty excel files in share folders.
      I now how to check if is any text, value or formula in file but how to check for macros?
       
      Regards
      Smigacznr1
       
    • graydwarf
      WinClickPro - A GUI concept project for chaining AutoIt scripts
      By graydwarf
      I wrote this power user tool a long while back and it originally had baked in commands and wasn't very extensible. I rewrote the tool and made use of the power and openeness of AutoIt. Some of you may find the concept and/or UI approach interesting (as well as useful) which is why I'm posting here. In all likely-hood, it could be rewritten entirely in AutoIt but that's not something I plan on doing. Good chance there are similar tools out there as well especially since I've sat on this for so long.
      In short, the tool provides a snazzy user interface (no two interfaces will look alike) which opens right over whatever your working on so you can quickly launch any number of chained AutoIt scripts. My all-time favorite being; normalize clipboard text. 
      https://winclickpro.codeplex.com/
      I haven't shared the tool or concept with anyone outside of publishing it so I'm curious to see what people think.