Jump to content
PramodR

Run WMIC command in elevated previlage

Recommended Posts

PramodR

Hello,

I have to execute below block of code in elevated previllage, as that particular wmic class will work only with admin previlage.

i am getting out put when i launch autoit as administrator,  but i will not be able to launch autoit as admin in this particular case but my user have admin rights.

is there any better way i can run those command as administrator.?

tried below steps:

  • i have tried #RequireAdmin but that creates a user prompt 
  • Tried using Runas command but gives error as wrong username or password , stuck with that step.

 

Quote

 

#include <MsgBoxConstants.au3>
#include <Constants.au3>
#include <MsgBoxConstants.au3>

$WmiCommand = ( _GetDOSOutput("wmic /namespace:\\root\dcim\sysman path dcim_biosenumeration where(attributename like '%%Microphone%%') get currentvalue") & @CRLF)
ConsoleWrite($WmiCommand)

Func _GetDOSOutput($sCommand)
    Local $iPID, $sOutput = ""
    $iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
    While 1
        $sOutput &= StdoutRead($iPID, False, False)
        If @error Then
            ExitLoop
        EndIf
        Sleep(10)
    WEnd
    Return $sOutput
 EndFunc   ;==>_GetDOSOutput

 

 

 

 

Edited by PramodR
removing word geek

Share this post


Link to post
Share on other sites
Subz

Have you tried adding #RequireAdmin to the top of your script?

Share this post


Link to post
Share on other sites
orbs

you are using WMI to query the system, not to operate on it, therefore you actually do not need admin rights. although WMI as a method may require admin rights in effect (regardless of the specific function), only querying in general does not. so consider other methods to retrieve the piece of information you need.

Share this post


Link to post
Share on other sites
PramodR

@Subs I have tried adding #RequireAdmin to the top of script but its keep giving me UAC pop up which i dont want to select manually.

@orbs Usually WMI get operation does not required any admin previllage but this particular class require admin previllage hence i need to launch auto it in administrator mode, this is a unique name space this functionality not available in other classes.

Share this post


Link to post
Share on other sites
Subz

Sorry just reread your post and see you had already tried #RequireAdmin, if you are going to launch Cmd as elevated you will always see the UAC prompt, for example, I'm an administrator on my machine, however if I run cmd.exe it will always start in user mode, I still require Run As Administrator which then show UAC.  The only way around this would be switch UAC off.

  • Like 1

Share this post


Link to post
Share on other sites
iamtheky

are you sure the dell omci class is the only place you can get this information from?


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
TheXman

@PramodR

Depending on how much administrative control you have over your users' environment, you can suppress the UAC prompt for users that are local admins of their workstation by either using group policy or by modifying the registry.  The following link should give you all of the information that you need to make the modifications.  In your case, if the users are truly local admins, you want to direct your attention to the "ConsentPromptBehaviorAdmin" registry key or "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" group policy.  If this is configured correctly, then local admins will not be prompted when you add the #RequireAdmin directive to your scripts.

User Account Control Group Policy and registry key settings

 

A very helpful UDF lib for getting and setting UAC-related registry settings is UAC.au3 submitted by @AdamUL

 

Edited by TheXman
  • Thanks 1

Whoever said that there's no such thing as a dumb question, probably asked a lot of DUMB questions.  Dumb questions are ones that you can easily find the answer to on your own.

Share this post


Link to post
Share on other sites
iamtheky

Can you query sysdriver without tripping UAC?

wmic sysdriver get /format:list | find "mic"

 


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
PramodR

@iamtheky  i get below out put for Mic.

 Caption=Dynamic Volume Manager
Description=Dynamic Volume Manager
DisplayName=Dynamic Volume Manager

Actually i there is other than microphone many other configuration which i will be able to access only from omci. 

 

Edited by PramodR

Share this post


Link to post
Share on other sites
iamtheky

so if you take off the find command, and scroll through the list, do you see the object you are after?

And are you running this as you would want to run it in the future...just so we are sure we are chasing plausible solutions.


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
PramodR

@iamtheky no i could not find the object which i was looking , yes i am creating script so the same can be re run over different systems for test,

Share this post


Link to post
Share on other sites
PramodR

@TheXman I will definitely look for the possibilities to disable UAC in my environment. but i dont think that is the long time solution.

  

Share this post


Link to post
Share on other sites
iamtheky

hmmmm...

what about 

driverquery /v

or

sc query type=all

im installing that class now as my curiosity is piqued

 


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
TheXman
2 minutes ago, PramodR said:

I will definitely look for the possibilities to disable UAC in my environment. but i dont think that is the long time solution

To be clear, I did not suggest disabling UAC.  I suggested, for local admins only, configuring UAC to automatically elevate without prompting.


Whoever said that there's no such thing as a dumb question, probably asked a lot of DUMB questions.  Dumb questions are ones that you can easily find the answer to on your own.

Share this post


Link to post
Share on other sites
PramodR

@iamtheky install Dell Command Monitor only for your dell corporate client systems, This will let you set or get BIOS configuration.

 

@TheXman Sure....  

Share this post


Link to post
Share on other sites
iamtheky

i didnt even look at the enumeration command, i just say wmi and microphone and played videogames, eh ask questions on a holiday weekend you get spotty service :)


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
TheXman

@PramodR

Is your primary issue being able to run privileged commands, for local admins,  without being prompted by UAC or is your primary issue being able to query for specific information on users' workstations?  Because you've been given a workable solution to the former, it appears that your issue is the latter.  If so, can you explicitly state what piece or pieces of information you are trying to retrieve?  Is it just a list of the microphones, as your original post would suggest, or are you after more information.  If so, what specifically?  Is it imperative that you use the DCIM WMI provider or is it okay to get the information some other way that may or may not require elevated privileges?  Your answers to these questions would go along way towards others trying to help you accomplish your goal.


Whoever said that there's no such thing as a dumb question, probably asked a lot of DUMB questions.  Dumb questions are ones that you can easily find the answer to on your own.

Share this post


Link to post
Share on other sites
PramodR

 

@TheXman

Yes my primary issue is how to run privileged commands for local admins.

i am pretty sure these information is not available in other resource currently. im not only trying to retrieve microphone , microphone is just example there are many configurations. 

Its okay to get information from other source but currently not available as part of my research. 

 

Edited by PramodR

Share this post


Link to post
Share on other sites
TheXman

You can try the snippet below.  It is a different method of elevation that works if your users are local admins.  Because you haven't implement the suppressing of UAC prompts for local admins, it may trigger the prompt just as if you had added #RequireAdmin.  Try it out and see if it works for you. 

Basically, it checks to see if you are running the script with elevated privileges.  If not, it will re-launch itself using the ShellExecute function with the "runas" verb in order to request elevation. 

By the way, I didn't check it for errors so you may have to tweak it a tad.  :)

 

#include <Constants.au3>
#include <WinAPI.au3>

elevate_to_run_with_admin_token()
$WmiCommand = ( _GetDOSOutput("wmic /namespace:\\root\dcim\sysman path dcim_biosenumeration where(attributename like '%%Microphone%%') get currentvalue") & @CRLF)


;==========================================================================
; This assumes that the user is a local admin.
; Do NOT use #RequireAdmin if using this method of elevation
;==========================================================================
Func elevate_to_run_with_admin_token()

    Local $sErrorMsg = ""
    Local $iPid      = 0


    ;Run with "runas" verb in order request full Admin token (in Windows Vista and Higher - UAC-enabled OSes).
    If (Not IsAdmin()) And (Not StringRegExp(@OSVersion, "_(?:XP|2000|2003))")) Then
        $iPid = ShellExecute(@AutoItExe, $CmdLineRaw, @ScriptDir, "runas")
        If $iPid Then
            Exit
        Else
            $sErrorMsg = "ERROR: Unable to elevate to Admin due to UAC. " & _WinAPI_GetLastErrorMessage()
            MsgBox($MB_ICONERROR + $MB_TOPMOST, "ERROR", $sErrorMsg)
            Exit -1
        EndIf
    EndIf

    MsgBox( _
        $MB_ICONINFORMATION + $MB_TOPMOST, _
        "INFO", _
        StringFormat("Elevated status = %s", (IsAdmin())?("TRUE"):("FALSE")) _
    )

    Return

EndFunc

Func _GetDOSOutput($sCommand)
    Local $iPID, $sOutput = ""
    $iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD)
    While 1
        $sOutput &= StdoutRead($iPID, False, False)
        If @error Then
            ExitLoop
        EndIf
        Sleep(10)
    WEnd
    Return $sOutput
EndFunc   ;==>_GetDOSOutput

 

Edited by TheXman
  • Like 1

Whoever said that there's no such thing as a dumb question, probably asked a lot of DUMB questions.  Dumb questions are ones that you can easily find the answer to on your own.

Share this post


Link to post
Share on other sites
TheXman

I just noticed you are launching your command using RUN.  I would either change it to use ShellExecuteWait or use COM. 

** Updated **

Ignore the statement above out changing to ShellExecuteWait or COM.  Just use whatever you are most comfortable with. :)

Edited by TheXman

Whoever said that there's no such thing as a dumb question, probably asked a lot of DUMB questions.  Dumb questions are ones that you can easily find the answer to on your own.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • bowker
      By bowker
      Hi! Is there a way for me to set the value for my slider? I am getting the value for my slider with
       
      Local $strText = _UIA_getPropertyValue($oUIElement, $UIA_LegacyIAccessibleValuePropertyId) MsgBox(0,"",$strText)  
    • nacerbaaziz
      By nacerbaaziz
      Hello
      Can we pause and resume the download in the InetGet function?
      If is possible, what is the solution please?
      I used this code To manage the download

      #include <INet.au3> func _downloader($name, $linc, $filepath, $RTLF = false, $link = false) global $downloader = GUICreate("downloader", 400, 200, -1, -1, $WS_CLIPCHILDREn, $RTLF, $link) global $path = $filePath $labelTxt = GUICtrlCreateLabel("downloading " & $name, 50, 10, 200, 20) global $labelTxt0 = GUICtrlCreateLabel("downloaded size 0 MB " & "OF 0 MB", 50, 60, 300, 20) global $Progress = "" global $sText = ""     For $i = 1 To Random(5, 20, 1) ; Return an integer between 5 and 20 to determine the length of the string.         $sText &= Chr(Random(65, 122, 1)) ; Return an integer between 65 and 122 which represent the ASCII characters between a (lower-case) to Z (upper-case). next global $labelTxt2 = GUICtrlCreateInput("0%", 50, 80, 50, 20) _GUICtrlEdit_SetReadOnly(-1, true) GUIStartGroup("") global $beep = GUICtrlCreateCheckBox("use the progress beep notification", 150, 120, 200, 20) GUIStartGroup("") $button = GUICtrlCreateButton("Cancel', 130, 150, 180, 25, 0x01) $iIndex = 0 global $Target global $url GUIStartGroup("") global $Progress = GUICtrlCreateProgress(50, 90, 150, 20) global $Target = $filepath global $url = $linc global $path = $filepath global $hDownloadNo = _RSMWare_GetData($url, $Target) global $status = false AdlibRegister("SetProgress") global $onprogress = false, $curent = false GUISetState(@sw_Show) While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE, $button $asc = MsgBox(4132,"exit download?","if you click yes the downloading will be cancel, do you want to cancel it ?") if $asc = 6 then AdlibUnRegister("SetProgress") GUIDelete() If $hDownloadNo <> 0 Then InetClose($hDownloadNo) exitLoop endIf EndSwitch if $status = -1 then $status = 0 $hDownloadNo = _RSMWare_GetData($url, $Target) $onprogress = false $curent = false elseIf $Status = 1 then $status = $path GUIDelete() AdlibUnRegister("SetProgress") exitLoop endIf WEnd return $status endFunc Func _RSMWare_GetData($url, $Target) Local $hDownload = InetGet($url, $Target, 1, 1) Return $hDownload EndFunc ;==>_RSMWare_GetData Func SetProgress() Local $state If $hDownloadNo <> 0 Then $state = InetGetInfo($hDownloadNo) If @error = 0 Then $infor = "downloaded size " & Round(Execute(InetGetInfo($hDownloadNo, $INET_DOWNLOADREAD) / 1048576), 2) & " MB of " & Round(Execute(InetGetInfo($hDownloadNo, $INET_DOWNLOADSIZE) / 1048576), 2) & " MB " $onprogress = Round(Ceiling(($state[0] / $state[1]) * 100)) if not (InetGetInfo($hDownloadNo, $INET_DOWNLOADSIZE) = 0) then if $onProgress <= 0 then $onProgress = 0 GUICtrlSetData($Progress, $onProgress) GUICtrlSetData($labelTxt0, $infor) GUICtrlSetData($labelTxt2, $onProgress & "%") if _isChecked($beep) then if $onprogress > $curent then beep((100 + $onprogress * 20), 100) $curent = $onprogress endIf endIf endIf If $state[2] Then If $state[3] Then InetClose($hDownloadNo) $status = 1 else InetClose($hDownloadNo) $status = -1 endIf endIf EndIf endIf EndFunc ;==>SetProgress
    • VollachR
      By VollachR
      Hi,
      I'm looking for a way to take a number value from a Row2 of a 2D array and according to this check if files that appear in rows 3-11 in the array exists.
      For example, if the number in Row2 is 5 I need to check for the files in Row 3-6 only, if it is 6 than rows 3-7 and so on.
      I thought on using a FOR loop but I have very little experience with those.
      Can you suggest the best way to do what I need?
      BTW, the files in Rows 3-11 will usually have blank value for any row above the number in Row2 (e.g. Row2 = 5 so Rows3-6 will have values but 8-11 be empty), The values I need are in Column 1 of the array, the name of the key from the INI file that the array was created from is in Column 0.
      Full Example:
      Row2 of Array:
      Col0 = Games# - Col1 = 5
      Rows3-6
      Col0 = Exe2 - Col1 = Path To File
      Col0 = Exe3 - Col1 = Path To File
      Col0 = Exe4 - Col1 = Path To File
      Col0 = Exe5 - Col1 = Path To File
      I need that if Row2 is 5 to check these above for rows if the file exists, if it was 6 then the next row as well and so on up until number 10 in Row2 as it can't go above 10.
      So basically for whatever number in Row2 from 2-10 need to check 1-9 rows from 3-11 to see if the files in Col1 exists and if any of them don't exist it should call a function that shows an error message.
      I'm pretty sure I have the first line of the for look correct:
      For $i = 1 To $aAIO[2][1] Just not sure how to continue from there, also not sure if $i should be equal 1 or 2.
      Help will be appreciated.
    • VollachR
      By VollachR
      Hi,
      I've written a specialty INI file editor for a specific set of INI files related to a bigger script I'm working on.
      I'm trying to create a verification script that checks the ini files structure and format and gives an error if they are not in expected format.
      What I did so far is create a couple of custom arrays, each with the list of Sections expected in the files and I use IniReadSectionNames in order to read the sections from the selected INI file and compare it to the array.
      It works fine, excepts it only gives an error if one or more of the sections in the custom array is missing, if they all exist but there are other additional sections that shouldn't be there it doesn't give an error and continue to open the editor screen.
      Here are the relevant part of my script:
      The Custom Verification Arrays:
      ;Creating Arrays for INI Verification Global $aSettingsVerify[7] $aSettingsVerify[1] = "Conversion" $aSettingsVerify[2] = "AIO" $aSettingsVerify[3] = "Data" $aSettingsVerify[4] = "Redist" $aSettingsVerify[5] = "Split" $aSettingsVerify[6] = "Autorun" Global $aDataVerify[6] $aDataVerify[1] = "Compression" $aDataVerify[2] = "Exclude" $aDataVerify[3] = "LangExclude" $aDataVerify[4] = "PreCommands" $aDataVerify[5] = "PostCommands" The IniReadSectionNames verification part:
      Case $OK If StringInStr($ActiveConfig, "Settings.ini") Then $CheckArray1 = IniReadSectionNames($ActiveConfig) $CheckArray2 = _ArrayCompare($aSettingsVerify, $CheckArray1) $CheckArray3 = UBound($CheckArray2, 1) If $CheckArray3 = 1 Then GUIDelete($ConfigStart) SettingsGUI() EndIf If $CheckArray3 > 1 Then WrongIni() EndIf EndIf If StringInStr($ActiveConfig, "Data") Then $CheckArray1 = IniReadSectionNames($ActiveConfig) $CheckArray2 = _ArrayCompare($aDataVerify, $CheckArray1) $CheckArray3 = UBound($CheckArray2, 1) If $CheckArray3 = 1 Then GUIDelete($ConfigStart) DataGUI() EndIf If $CheckArray3 > 1 Then WrongIni() EndIf EndIf The Function that performs the compare: (Found it in another thread on this forums somewhere by using Google Search)
      ;Compares Imported INI file with the Verification array Func _ArrayCompare(ByRef $a1, ByRef $a2) Local $nOldSize = UBound($a2) Local $a3[$nOldSize], $nNewSize = $nOldSize For $i = 0 To UBound($a1) - 1 For $j = 0 To $nOldSize - 1 If Not $a3[$j] And ($a1[$i] = $a2[$j]) Then $a3[$j] = 1 $nNewSize -= 1 EndIf Next Next Local $a4[$nNewSize], $j = 0 For $i = 0 To $nOldSize - 1 If Not $a3[$i] Then $a4[$j] = $a2[$i] $j += 1 EndIf Next Return $a4 EndFunc ;==>_ArrayCompare  
      Any way to make a check if there are sections other than the ones in the Verification Array and produce an error?
      Thanks
    • Valnurat
      By Valnurat
      Can you explain why my mouseclick don't work in my shockwave fullscreen.
       
      I know my syntax is ok, because it moves to coordinates, but this will only press 1 time, even that I want to press 5 times.
      How can that be?
×