Jump to content

Recommended Posts

Morning! I've searched for a definitive answer on the forums on this but can't find one so here goes.  I need admin for one of my functions so I'm using #RequireAdmin.  I then noticed that regardless of that function being used or admin actually being required, the program pops up and requires admin all of the time.

Is this the way it's designed and is there a way around it so that I can launch my program as normal until admin is required, then and only then prompt the user to run the program as admin?

The only solution I could think of is to produce 2 executables and do something like:

$adminrequired = 1
If($adminrequired = 1) Then
    Run(Run first executable which includes #RequireAdmin)
Else
    Run(Run second identical executable without #RequireAdmin)
EndIf

Obviously I'd rather keep to making a single executable rather than having 2 or 3!

Thanks

Link to post
Share on other sites
  • Moderators

@RC86  Directives like #RequireAdmin are not conditional; AutoIt looks for them and executes before running the script. You can use something like _Security_CreateProcessWithToken  (check the help file) as a work around. It actually does the opposite; you run your script elevated and this allows you to create a process that is non-elevated.

Also, there are a couple of folks who have done some work on elevating and reducing rights on demand using UAC. Check out the thread below for some of the work done my Kafu and Ascend4nt

 

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By rudi
      Hi,
      When a non compiled AU3 script is run with #RequireAdmin, then if the UAC prompt can be authorized due to the fact, that the currently loggedon user has local admin rights, then the macro @UserProfileDir correctly reflects the profile dir of the user of the windows logon session.
       
      When the script with #RequireAdmin is started by a "normal user" without local admin rights, and I use a domain admin account to authorize the UAC prompt, then @UserProfileDir reflects the profile dir belonging to the AD-Admin account.
      As the script originally was started using the "regular user" I'm wondering, if there is a chance to "pass" the original user's @UserProfileDir to the UAC elevated script?
       
      As playing around with this feature I realize, that I basically don't know the exact mechanism of the UAC elevation authorization process:
      The script is started by right mouse click, execute script This is invoking e.g. "C:\Program Files (x86)\AutoIt3\AutoIt3.exe" "C:\Users\Rudi\Desktop\test.au3" as by this registy value: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AutoIt3Script\Shell\Run\Command] @="\"C:\\Program Files (x86)\\AutoIt3\\AutoIt3.exe\" \"%1\" %*" But what I honestly don't know is, how does the UAC propt interact in the program startup? I guess, that Autoit3.exe is parsing the AU3 source, is seeing the #RequireAdmin and then "relaunches itself with the AU3 as %1" requesting UAC elevated rights "from windows"??? With Process Explorer I can see, that The commandline then is this one with a "!" before "%1"
      "C:\Program Files (x86)\AutoIt3\AutoIt3.exe" !"C:\Users\Rudi\Desktop\test.au3"  It it should be something like this, then it might be possible to pass the original @UserProfileDir to the second, UAC elevated "Startup"??? <edit>
      I just noticed:
      When I use "WIN+R" and then directly use the command line, I see in Process Explorer, ...
      "C:\Program Files (x86)\AutoIt3\AutoIt3.exe" !"C:\Users\Rudi\Desktop\test.au3"
      ... then this script with #RequireAdmin is started *WITHOUT* UAC elevation.
      Guessing, that this ! is just reverting #RequireAdmin I tried the "opposite" one as well:
      AU3 script without #RequireAdmin Starting with "C:\Program Files (x86)\AutoIt3\AutoIt3.exe" !"C:\Users\Rudi\Desktop\test.au3" does not invoke UAC elevation prompt. So to me it looks like, this ! is a "status flag from Autoit3.exe to Autoit3.exe", that the elevation process was done already? amazing...
      the topic Autoit on Windows Vista is telling no details of  this UAC process...
      </edit>
       
      Regards, Rudi.
    • By nacerbaaziz
      Hello all
      I have a question please
      Is there a way to request the script for administrator privileges if a particular condition is met??
      example
      local $path = RegRead("HKEY_CURRENT_USER\Software\test", "fullpath")
      if $fullPath = @scriptFullPath then
      Request for administrator privileges
      main()
      else
      main()
      endIf
      I hope to find a solution here
      Greetings to all
    • By tremolux66
      I've abandoned the FileSelectFolder() approach and rolled my own UDF to create a dialog containing the folder list in a ListView, which seems to work fine. It's also a better fit to our requirements: we don't really want the user wandering around in the folder-selection dialog, plus the UDF displays some associated info for each folder in a second column. Thanks again to the forum members who took a look at this.
      I'm writing an installer script that needs to run as Administrator so it can, e.g., write files into protected directories. The problem is that when I call FileSelectFolder(), there is a 60-second delay before the dialog appears. If I run as an ordinary user (in the Administrators group), there's no delay, but I don't think that will work: for one thing, the installer needs to create a symbolic link, which a member of the Administrators group can't do unless the program is elevated. (This is Win 7 x64.)
      (The installer will be run using an Admin account; the other user accounts are locked down and don't have access to the filesystem, the Start menu, Computer, etc. - it's a turnkey system.)
      Any idea what causes the delay? And is there a way around it?
       
    • By qwert
      After a few weeks of researching and testing, I think I have a good understanding of #RequireAdmin and IsAdmin() for an individual script.  They both work in conjunction with each other and ignore whether the current user has administrator rights, or not.  In other words, IsAdmin() doesn't test the user, only the declared permission level of the script it is executed in.  A separate check is needed to actually confirm the user's admin level.  I've included a test script that demonstrates the difference.
      Here is my question:  When a compiled scripts runs with administrative rights, does a script that it runs inherit those rights?  Or is every script on its own?  For example,
      Parent Script ... (doesn't need admin rights) ... that runs:
      Child Script ... that does need admin rights, and obtains them via #RequireAdmin + user's response ... and then runs:
      2nd Child Script ...<< does this script execute with admin rights, or not? 
      If a script does not automatically inherit rights, then is there a way for a parent script that has admin rights to run a child script "with rights", so that running the child script does not result in another prompt for user permission?
      Thanks in advance for any help.
       
      ;#RequireAdmin ; enable or disable this line to see the difference $AdCheck = IsAdmin() MsgBox(0, "Admin Test", "Admin is " & $AdCheck) $AdCheck = _IsAdministrator() MsgBox(0, "Admin Test", "Admin is " & $AdCheck) Exit Func _IsAdministrator($sUser = @UserName, $sCompName = ".") Local $aCall = DllCall("netapi32.dll", "long", "NetUserGetInfo", "wstr", $sCompName, "wstr", $sUser, "dword", 1, "ptr*", 0) If @error Or $aCall[0] Then Return SetError(1, 0, False) Local $fPrivAdmin = DllStructGetData(DllStructCreate("ptr;ptr;dword;dword;ptr;ptr;dword;ptr", $aCall[4]), 4) = 2 DllCall("netapi32.dll", "long", "NetApiBufferFree", "ptr", $aCall[4]) Return $fPrivAdmin EndFunc  
       
       
       
    • By lrstndm
      Hi all,
      I have a problem with a script when I run it as admin. I am trying to get all the mapped drives from the local pc. This is the script I am using
      ;~ #RequireAdmin ; This switch is going wrong #include <Array.au3> If isAdmin() then MsgBox(0,"ADMIN","ADMIN") Else MsgBox(0,"NOT ADMIN","NOT ADMIN") EndIf $x = getMappedDrives() _ArrayDisplay($x) Func getMappedDrives() Dim $aDrives[0][2] $objWMIService = ObjGet("winmgmts:\\" & @LogonDomain & "\root\CIMV2") $sQuery = "Select * From Win32_LogicalDisk Where DriveType = 4" $colItems = $objWMIService.ExecQuery($sQuery, "WQL", 48) If IsObj($colItems) Then For $objItem In $colItems ReDim $aDrives[UBound($aDrives) + 1][2] $aDrives[UBound($aDrives) - 1][0] = $objItem.DeviceID $aDrives[UBound($aDrives) - 1][1] = $objItem.ProviderName Next Return $aDrives Else SetError(-1, -1, -1) EndIf EndFuncWhen I run it without the '#RequireAdmin' switch it works fine. When I turn on the '#RequireAdmin' switch is gives me an empty array.
      This code is part of a bigger project and my project always runs as admin. I dont know why it is doing this, because I am not using #RequireAdmin in the project.
      Is there an other better way to get the mapped drives that works for me? Or am I doing something wrong?
      I hope someone can help me.
      Regards,
      lrstndm
×
×
  • Create New...