Jump to content

need to get users to start an elevated command prompt


aleph01
 Share

Recommended Posts

This script doesn't seem to be doing it:

#include <Misc.au3>

Local $1 = 0

$1 = MsgBox (4,"Restart Service", "Do you wish to restart the RFID service?")
If $1 = 6 Then
    RunAs ("administrator", @ComputerName, "password", 2, "C:\Windows\system32\cmd.exe", "", @SW_MAXIMIZE)
    WinWait ("cmd.exe")
    Send ("net start ewSystemMonitor {ENTER}")
    Send ("net start Envisionware RFIDLink {ENTER}")
    Sleep (301)
    Send ("Exit {ENTER}")
Else
    Exit
EndIf

The above script apparently runs the command prompt without elevating it.  Does anyone have a simple helpful tip for me?

 

Thanks,

Meds.  They're not just for breakfast anymore. :'(

Link to comment
Share on other sites

ShellExecute("cmd.exe", "", @WorkingDir, "runas")

but instead of trying to control the cmd-window with Send() you can do something like this:

ShellExecute(@ComSpec, "/c net start ewSystemMonitor & net start Envisionware RFIDLink", @WorkingDir, "runas")

Or you give your script and all programs which get run by it admin privileges with #RequireAdmin  

Edited by AspirinJunkie
Link to comment
Share on other sites

Jos,

Option 2 is a left-over remnant of when I was trying to get it to run with network admin credentials.  Is 0 the preferred option?

AspirinJunkie,  your solution pops up a UAC prompt with or without #RequireAdmin.

The RFID service crashes from time to time for no apparent reason.  I've tried an infinite loop of net start commands, but couldn't get it to work consistently on our staff computers.

Meds.  They're not just for breakfast anymore. :'(

Link to comment
Share on other sites

  • Developers
13 minutes ago, aleph01 said:

Is 0 the preferred option?

Not 100% sure but sounds logical with a local account. Did you try?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • Developers

There is probably a mixup between running it with an different userid (the Administrator account) and running with #RequireAdmin.

Jos

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

I believe there is a GPO that will allow me to let users toggle services.  I can let them toggle the RFID service through a script on their desktops, so they don't even need to know they have access to services. 

Is this a flaw with RunAs?  It would be better to not have to enable access to services for my users.

Meds.  They're not just for breakfast anymore. :'(

Link to comment
Share on other sites

  • Developers
3 hours ago, aleph01 said:

Is this a flaw with RunAs? 

Don't think so. RunAs() runs the program under the different credentials but that doesn't mean it runs the program Elevated. Normally the program's requestedExecutionLevel resource indicates the level it needs to be executed on. 

Look at AutoIt3Wrapper.au3 where I use the FUNC RunReqAdminDosCommand() to ensure it is elevated in case this is required.

Jos

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Thanks for the try, Jos, but Func RunReqAdminDosCommand leaves me scratching my head.  It looks like a bunch of FileWriteLines with some FileDeletes thrown in.  I can't make the connection that will let me see how it can help me.

Still searching for code that will allow a standard user to start a service when they are normally not able to start or stop services.

Meds.  They're not just for breakfast anymore. :'(

Link to comment
Share on other sites

  • Developers

What it does is pretty strait forward: It makes a temp scriptfile with a script that has @RequireAdmin in it to ensure it is running under at Administrator level.
You get the UAC prompt in case it isn't yet assuming UAC is enabled.

Jos

 

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Rethinking my approach, I've found a way to make this work.  I couldn't seem to get an elevated command prompt, so I run an elevated .bat flie.

#include <Misc.au3>

_Singleton("startRFIDServiceBat.exe", 0)

Opt("MustDeclareVars", 1)
Opt("WinTitleMatchMode", -2)

Local $1 = 0

$1 = MsgBox (4,"Restart Service", "Do you wish to restart the RFID service?")
If $1 = 6 Then
    RunAs ("administrator", @ComputerName, "password", 0, "C:\startRFID.bat", "", @SW_MAXIMIZE)
Else
    Exit
EndIf

and the .bat file is simplicity:

net start "ewSystemMonitor"
net start "EnvisionWare RFIDLink"
exit

I stopped the RFID service at one of our Ask Us Desk stations and the user there was able to restart it using the compiled script.

This problem is history.

Thanks,

Meds.  They're not just for breakfast anymore. :'(

Link to comment
Share on other sites

@aleph01,

Windows permissions settings are extremely granular. you can even allow a specific user to perform only a specific action on a specific service. google "set permissions on a specific service" to get an options galore of doing so. the simplest approach (to my taste) might be using the command line tool subinacl.exe - look at the bottom of this article. this is a MS Resource Kit utility, which is also officially available for individual download here. i would definitely advise against banging your head against the elevation wall - especially when a much simpler solution exists.

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

Thanks, orbs.  I'll look at subinacl.exe.  Right now I have it working with running an elevated .bat file.  To suggest a change now that it's been rolled out and is working would be a non-starter.  It might even get me into hot water working on an already approved solution, since I'm not supposed to work on any scripts off company time and we've got a solution in place.

I appreciate yours and all the other responses.  I still need to wrap my head around Jos' code.  I think I looked at it fleetingly, and didn't see how it was helping my issue.

Thanks to all.  May you all code more elegantly than ever before.   I know I am, thanks to y'all.  (SE US, got to use the vernacular.)

_aleph_

Meds.  They're not just for breakfast anymore. :'(

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...