Jump to content

Certain Windows folders seem protected

Avocado
 Share

Recommended Posts

Avocado Seeker

Avocado

Posted
Posted

Hey Guys, 

Running into some problems with Autoit and PowerShell and I'm wondering if I'm not understanding Autoit correctly or Windows protects the startup folder from "scripts".

Problem: 

Non-admin users need a method to move files (presentations, programs, etc.) to the system startup folder which requires admin. 

My proposed Fix: 

Create an Autoit GUI that can be ran as a normal user which will then run PowerShell scripts as the local use, utilizing the compiling of AutoIt scripts to keep the local admin password from view.  We've been doing this a lot lately since users have been at home and not connected to domain but still need certain things installed by local admin. 

What issue I'm having is running the PowerShell script to transfer files from whatever the user selected to the Win 10 system startup folder: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" running the PowerShell script itself while running as local admin works fine, once it's ran from Autoit under the same account, it will suddenly get access denied errors. 

The strange thing being, the delete script works fine, just attempting to move files creates the problem. 

Can other people try this out and lemme know their results to make sure I'm not crazy.

 

AutoIT Script: 

#NoTrayIcon
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=C:\Scripts\Icon\icon.ico
#AutoIt3Wrapper_Res_Description=Startup_Folder_Tools
://////=__=
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

; AutoIt Version: 3.0
; Language:       English
; Author:         -
; Date:           5/14/2020
; Script Function:
;   GUI for Startup Item Add
;
; Default tray menu items (Script Paused/Exit) will not be shown.
Opt("TrayMenuMode",1)

#include <Misc.au3>
#include <GUIConstantsEx.au3>

;Ensure script can only run once at a time
_Singleton("Startup Folder Tool")

DirCreate("C:\Temp\StartupFolderScript")
FileInstall("Startup_Delete.ps1","C:\Temp\StartupFolderScript\Startup_Delete.ps1",1)
FileInstall("Startup_Transfer.ps1","C:\Temp\StartupFolderScript\Startup_Transfer.ps1",1)

Tools()

Func Tools()
    ; Create a folder tools GUI with two buttons.
    Local $hGUI = GUICreate("Startup Folder Tool", 500, 200)

    ; Create a button control.
    Local $idStartMove = GUICtrlCreateButton("Move Files to Startup", 10, 30, 205, 45)
    Local $idDelStart = GUICtrlCreateButton("Delete All Startup Files", 280, 30, 205, 45)
    Local $idClose = GUICtrlCreateButton("Close", 150, 100, 205, 45)

    ; Display the GUI.
    GUISetState(@SW_SHOW, $hGUI)

    Local $iPID = 0

    ; Loop until the user exits.
    While 1
        Switch GUIGetMsg()
            Case $GUI_EVENT_CLOSE, $idClose
                ExitLoop

            Case $idStartMove
                ; Run Notepad with the window maximized.
                RunAs("LocalAdmin", "", "LocalAdminPassword", 1, @ComSpec & " /c powershell.exe -executionpolicy bypass -File " & '"' & "C:\Temp\StartupFolderScript\Startup_Transfer.ps1" & '"')

            Case $idDelStart
                RunAs("LocalAdmin", "", "LocalAdminPassword", 1, @ComSpec & " /c powershell.exe -executionpolicy bypass -windowstyle hidden -File " & '"' & "C:\Temp\StartupFolderScript\Startup_Delete.ps1" & '"')

        EndSwitch
    WEnd

    ; Delete the previous GUI and all controls.
    GUIDelete($hGUI)

EndFunc   ;==>Startup Folder Tool

 

Powershell Startup_Transfer 

# --------------------------------------------------------------------------------
# WRITTEN BY: 		-
# DATE CREATED: 	May 14th 2020
#
# PURPOSE:
# Move files to the Startup Folder using Local Admin
# This is to allow normal people to add items to startup without requiring admin.
# Script meant to ran from Auto-it pop up
# --------------------------------------------------------------------------------

#Select files
[void] [System.Reflection.Assembly]::LoadWithPartialName('System.windows.forms')#Required for file open
$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog -Property @{ 
    InitialDirectory = 'C:\temp'
    Multiselect      = $True
    Filter           = 'All files (*.*)|*.*'
}
$null = $FileBrowser.ShowDialog()#Makes the file open dialog appear

#Confirm File List
$FileList = $FileBrowser.FileNames
Add-Type -AssemblyName PresentationFramework #Required for pop-ups 
$Response = [System.Windows.MessageBox]::Show("The following files will be transfered to the Windows startup folder.:`n$FileList", "Confirmation", 1, 32)
if ($Response -eq "cancel") { exit }

#Move Files
$error.clear() #clear any and all errors
try { $FileBrowser.FileNames | Move-Item  -Destination 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup' -ErrorAction stop }
catch {
    $whoami = whoami
    $ErrorMessage = $_.Exception.Message
    $FailedItem = $_.Exception.ItemName
    $null = [System.Windows.MessageBox]::Show("ERROR`nUnable to move the files.`n`n $error`n`n $whoami `n $ErrorMessage `n ", "Finish", 0, 16)
    exit
}
$null = [System.Windows.MessageBox]::Show("The files have been moved to the following folder:`nC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup", "Finish", 0, 32)

Powershell Startup_Delete 

# --------------------------------------------------------------------------------
# WRITTEN BY:       -
# DATE CREATED:     May 14th 2020
#
# PURPOSE:
# Deletes all items from System Startup Menu and notifies running user
# --------------------------------------------------------------------------------
$error.clear() #Clear error var

#Delete Files, catch if there is an error
try {Remove-Item -Path "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\*" -ErrorAction stop}
catch{ $null = [System.Windows.MessageBox]::Show("ERROR`nUnable to delete the files.`n`n $error ", "Finish", 0, 16)
exit}

#notify user
$null = [System.Windows.MessageBox]::Show("The files have been deleted from the startup folder.", "Finish", 0, 32)

 

Avocado Seeker

Avocado

Posted
  • Author
Posted

I did try it with #requireadmin and the same problem occurs. 

Additionally we're trying to use autoit to users don't require admin when using it. 

thanks

  • 2 weeks later...
Avocado Seeker

Avocado

Posted
  • Author
Posted

I believe I found the root cause of my problem. 

The actual local admin account is disabled in our environment and instead we setup 2 local admin accounts (one for Helpdesk, one for second level) 

So Autoit/Powershell grabs the file listed and attempts to transfer it to the startup folder. however since windows reads permissions top-down, Autoit seems to have a glitch in where it stops at the first result it gets. 

 

The permission of the startup folder is as follows:

  • Everyone - Read & Execute 
  • System - Full Permissions
  • LocalAdmin 1 - No Rights
  • LocalAdmin 2 - No Rights
  • local Administrators Group - Full Permissions
  • Local Users - Read & Execute

 

So once Auto-it/powershell tries to transfer the file, It starts reading down the list, Finds "LocalAdmin 1" which the script is running as and stops there saying it has no rights instead of continuing to read down to the administrators group. 

Has this behavior been seen with Runas? is it possible a different login method is possible? I've attempted the different level with runas() but got the same results. 

If this is ran in powershell itself, it's fine, if it's ran in Auto-It it errors out with access denied. 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...