Jump to content

Spotty RunAs behavior after 22h2 / Best way to test win credentials?

DrLarch
 Share

Recommended Posts

DrLarch Wayfarer

DrLarch

Posted
Posted (edited)

Didn't want to necro this old post, but asking essentially the same question here. I can't disable UAC like the poster in that old thread did.

I need to check if credentials are correct before proceeding. I had no problems with this prior to 22h2 but get inconsistent results now. I'm in a domain environment. 

Local $iCheck = 1
RunAs($sUsername, $sComputerName, $sPassword, 0, @ComSpec & " /c  echo checking password...", @TempDir, @SW_HIDE)
If @error Then $iCheck = 0

Here's a full example: 

#NoTrayIcon
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=C:\Program Files (x86)\AutoIt3\Aut2Exe\Icons\AutoIt_Main_v10_48x48_RGB-A.ico
#AutoIt3Wrapper_Compression=0
#AutoIt3Wrapper_UseX64=n
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.3.14.5
 Author:         myName

 Script Function:
    Template AutoIt script.

#ce ----------------------------------------------------------------------------

; Script Start - Add your code below here
#include <EditConstants.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>


Global $sUser = "UserNull", _
        $sPassword = "PasswordNull", _
        $domain = "mydomain", _
        $sAppName = "Test"

_GUIGetCreds()

Exit


;FUNCTIONS ================================================================================


Func _GUIGetCreds()
    #Region
    $Form1 = GUICreate($sAppName, 274, 122, 191, 122)
    $Input1 = GUICtrlCreateInput("", 116, 8, 149, 24)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Input2 = GUICtrlCreateInput("", 116, 48, 149, 24, $ES_PASSWORD)
    GUICtrlSetFont(-1, 10, 400, 0, "MS Sans Serif")
    $Button1 = GUICtrlCreateButton("OK", 176, 80, 89, 33, $BS_DEFPUSHBUTTON)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label1 = GUICtrlCreateLabel("Username:", 6, 14, 108, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    $Label2 = GUICtrlCreateLabel("Password:", 6, 54, 72, 20)
    GUICtrlSetFont(-1, 10, 800, 0, "MS Sans Serif")
    GUISetState(@SW_SHOW)
    #EndRegion ### END Koda GUI section ###

    While 1
        Sleep(50)
        $nMsg = GUIGetMsg()
        Select
            Case $nMsg = $GUI_EVENT_CLOSE
                Exit
            Case $nMsg = $Button1
                $sUser = GUICtrlRead($Input1)
                $sPassword = GUICtrlRead($Input2)
                If _CheckUserPass($sUser, $sPassword, $domain) Then
                    ExitLoop
                Else
                    GUICtrlSetData($Input2, "")
                    MsgBox(16, $sAppName, "Bad credentials, please try again")
                EndIf
        EndSelect
    WEnd
    GUIDelete($Form1)

EndFunc   ;==>_GUIGetCreds


Func _CheckUserPass($sUsername, $sPassword, $sComputerName)
    Local $iCheck = 1
    RunAs($sUsername, $sComputerName, $sPassword, 0, @ComSpec & " /c  echo checking password...", @TempDir, @SW_HIDE)
    If @error Then $iCheck = 0
    Return $iCheck
EndFunc   ;==>_CheckUserPass

I'm wondering if there's a better way to check if credentials are valid or not. I looked at the AD UDF but nothing obvious jumped out at me there. Any ideas?
 

Edited by DrLarch
  • DrLarch changed the title to Spotty RunAs behavior after 22h2 / Best way to test win credentials?
rudi Universalist

rudi

Posted
Posted (edited)

Try this one:

  

Func IsValidCredential($sUsername, $sPassword, $sDomain)
    Local $LOGON32_LOGON_NETWORK = 3
    Local $LOGON32_PROVIDER_DEFAULT = 0

    Local $aRet = DllCall("advapi32.dll", "bool", "LogonUserW", _
        "wstr", $sUsername, _
        "wstr", $sDomain, _
        "wstr", $sPassword, _
        "dword", $LOGON32_LOGON_NETWORK, _
        "dword", $LOGON32_PROVIDER_DEFAULT, _
        "ptr*", 0)

    If @error Then
        ConsoleWrite("DLL call error: " & @error & @CRLF)
        Return False
    EndIf

    If $aRet[0] Then
        ; Optional: close handle
        DllCall("kernel32.dll", "bool", "CloseHandle", "ptr", $aRet[6])
        Return True
    Else
        Return False
    EndIf
EndFunc


$user=InputBox("username","username")
$dom=InputBox("domain","domain")
$pwd=InputBox("password","password","","*")

If IsValidCredential($user, $pwd, $dom) Then
    MsgBox(64, "OK", "credentials accepted")
Else
    MsgBox(16, "Failure", "credentials rejected")
EndIf

 

Edited by rudi

Earth is flat, pigs can fly, and Nuclear Power is SAFE!

DrLarch Wayfarer

DrLarch

Posted
  • Author
Posted

Hey Rudy - that works great! Thank you so much! I just confirmed it works for me on Win11 with UAC enabled in our domain environment.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...