Sign in to follow this  
Followers 0
Fine_Observer

Unable to write registry under user privilleges

20 posts in this topic

Greetings.

I trying to make a script so the ordinary user login can open the restrited GPO network properties. Oddly, even with RunAsSet, it didn't works. It only work if I elevates the user privilleges to Administrator.

Here's the script:

$ProfileDir=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList","ProfilesDirectory")

For $i= 1 to 10
    $UserProfileSID= RegEnumKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", $i)
    If @error <> 0 then ExitLoop
    $SIDSub="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $UserProfileSID
    $UserProfileDir=RegRead($SIDSub,"ProfileImagePath")
    $UserProfile=StringReplace($UserProfileDir,$ProfileDir & "\","")
    If $UserProfile = @UserName Then ExitLoop
Next

RunAsSet("administrator",@computername,"password")
RegDelete("HKEY_USERS\" & $UserProfileSID & "\Software\Policies\Microsoft\Windows\Network Connections")
RunAsSet()

I'm using AutoIT v3.1.1.132 (beta)

Share this post


Link to post
Share on other sites



Greetings.

I trying to make a script so the ordinary user login can open the restrited GPO network properties. Oddly, even with RunAsSet, it didn't works. It only work if I elevates the user privilleges to Administrator.

Here's the script:

RunAsSet("administrator",@computername,"password")
RegDelete("HKEY_USERS\" & $UserProfileSID & "\Software\Policies\Microsoft\Windows\Network Connections")
RunAsSet()

I'm using AutoIT v3.1.1.132 (beta)

Read the help file on RunAsSet(). The credential given apply to CMD shells created by Run() and RunWait(), not to AutoIT functions in the same script. You need to put your registry function in a seperate script and call that script with Run() or RunWait() after setting the credentials with RunAsSet().

:whistle:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Read the help file on RunAsSet(). The credential given apply to CMD shells created by Run() and RunWait(), not to AutoIT functions in the same script. You need to put your registry function in a seperate script and call that script with Run() or RunWait() after setting the credentials with RunAsSet().

:whistle:

..or just make the script call itself with command line parameters. Edited by Helge

Share this post


Link to post
Share on other sites

..or just make the script call itself with command line parameters.

True enough. I guess it should also be said for stict accuracy that it doesn't have to be a script. If the function can be accomplished by a single commad line string, like using REG.EXE:

$ExtCmd = 'REG.EXE QUERY "HKEY_USERS\' & $UserProfileSID & '\Software\Policies\Microsoft\Windows\Network Connections"'
RunAsSet("administrator",@computername,"password")
$RetCode = RunWait($ExtCmd)
RunAsSet()

:whistle:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

True enough. I guess it should also be said for stict accuracy that it doesn't have to be a script. If the function can be accomplished by a single commad line string, like using REG.EXE:

$ExtCmd = 'REG.EXE QUERY "HKEY_USERS\' & $UserProfileSID & '\Software\Policies\Microsoft\Windows\Network Connections"'
RunAsSet("administrator",@computername,"password")
$RetCode = RunWait($ExtCmd)
RunAsSet()

:)

Unfortunately, the built-in registry editor is already restricted by GPO too... :whistle:

Curiously, I'm trying to run this compiled script with command line's runas (get a rid RunAsSet, off course). It's still didn't work. With another registry editor, it work flawlesly. Any comment?

But I will try you sugestion and notify you soon. Thanks!

:)

Share this post


Link to post
Share on other sites

It's still doesn't work. I modified previous script with this:

If $CmdLineRaw="admin" Then
RunAsSet("Administrator",@ComputerName,"password")
RunWait("net-unhook.exe")
RunAsSet()
Else
    Call ("_Main")
EndIf

Func _Main()
    $ProfileDir=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList","ProfilesDirectory")
    
For $i= 1 to 10
    $UserProfileSID= RegEnumKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", $i)
    If @error <> 0 then ExitLoop
    $SIDSub="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $UserProfileSID
    $UserProfileDir=RegRead($SIDSub,"ProfileImagePath")
    $UserProfile=StringReplace($UserProfileDir,$ProfileDir & "\","")
    If $UserProfile = @UserName Then ExitLoop
Next

;RegDelete("HKEY_USERS\" & $UserProfileSID & "\Software\Policies\Microsoft\Windows\Network Connections")
$Reg='REG DELETE "HKEY_USERS\' & $UserProfileSID & '\Software\Policies\Microsoft\Windows\Network Connections"'
RunWait($Reg)
EndFunc

You can see, I already trying the ReqDelete and Reg methods, but none of them are works.

Sorry for this trouble.

Share this post


Link to post
Share on other sites

It's still doesn't work. I modified previous script with this:

Thy THIS

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Thy THIS

Cheers

Kurt

Still now working. What makes me more curious is that why even runas doesn't work with this script. I already checking it with another PC and the result is still the same unless I elevate the account privilleges to administrator.

Is this some kind of bug?

Share this post


Link to post
Share on other sites

You have 2 main conditions in your last script. To Run net-unhook.exe as admin or to use registry functions not as admin.

I cannot edit your code as the 2 conditions seem unbalanced to perhaps both need to be an admin operation.

:whistle:

Share this post


Link to post
Share on other sites

Net-unhook.exe is an exe compiled version of this script.

Basically I trying to run the script itself with "admin" as second parameter to because I don't want run two different script just for Administrator privellege as Helge and PsaltyDS. This two conditions is needed to prevent multiple RunAsSet execution.

Does anyone have similar experience even with Window's runas when running AutoIT compiled script?

Share this post


Link to post
Share on other sites

Net-unhook.exe is an exe compiled version of this script.

Basically I trying to run the script itself with "admin" as second parameter to because I don't want run two different script just for Administrator privellege as Helge and PsaltyDS. This two conditions is needed to prevent multiple RunAsSet execution.

Does anyone have similar experience even with Window's runas when running AutoIT compiled script?

OK, I will swap the check method around for incoming parameters and also add the admin switch to the RunWait function.

Try this

If $CMDLINE[0] And $CMDLINE[1] = "admin" Then
    ; Admin
    _Main()
Else
    ; Not Admin
    RunAsSet("Administrator",@ComputerName,"password")
    RunWait("net-unhook.exe admin")
    RunAsSet()
    Exit
EndIf

Func _Main()
    $ProfileDir=RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList","ProfilesDirectory")
    For $i= 1 to 10
        $UserProfileSID= RegEnumKey("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", $i)
        If @error <> 0 then ExitLoop
        $SIDSub="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $UserProfileSID
        $UserProfileDir=RegRead($SIDSub,"ProfileImagePath")
        $UserProfile=StringReplace($UserProfileDir,$ProfileDir & "\","")
        If $UserProfile = @UserName Then ExitLoop
    Next
    ;RegDelete("HKEY_USERS\" & $UserProfileSID & "\Software\Policies\Microsoft\Windows\Network Connections")
    $Reg='REG DELETE "HKEY_USERS\' & $UserProfileSID & '\Software\Policies\Microsoft\Windows\Network Connections"'
    RunWait($Reg)
EndFunc

:whistle:

Share this post


Link to post
Share on other sites

Still now working. What makes me more curious is that why even runas doesn't work with this script. I already checking it with another PC and the result is still the same unless I elevate the account privilleges to administrator.

Is this some kind of bug?

no bug, works fine. Post you code, so we can see what's going wrong...

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

Sorry Mhz, the result it's still the same.

Kurt, it's should be like this, right?

global $username = "YOUR NAME HERE"; <<=== change THIS !!
global $domainname = @Computername; <<=== change THIS !!
global $password = "YOUR PASSWORD HERE"; <<=== change THIS !!
global $started_with_runas = 0

;******************************************************
;** Check commandline params
;******************************************************
if $CmdLine[0] > 0 then
   for $n = 1 to $cmdline[0] step 1
       select
          case $cmdline[$n] = "/ra"
             $started_with_runas = 1
        endselect
   next
else
;******************************************************
;** If script was started without params restart it with
;** RUnAsSet
;******************************************************
   RunAsSet( $username , $domainname, $password)
   Run(@ScriptDir & "\" & @ScriptName & " /ra", @WorkingDir)
   exit
endif


;******************************************************
;** Exit if script was not started with /ra
;******************************************************
if $started_with_runas = 0 then
   exit
endif

;-------------------------------------------------------------
;- Your "privileged" Code HERE
;-------------------------------------------------------------

    $ProfileDir=RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList","ProfilesDirectory")
    For $i= 1 to 10
        $UserProfileSID= RegEnumKey("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList", $i)
        If @error <> 0 then ExitLoop
        $SIDSub="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & $UserProfileSID
        $UserProfileDir=RegRead($SIDSub,"ProfileImagePath")
        $UserProfile=StringReplace($UserProfileDir,$ProfileDir & "\","")
        If $UserProfile = @UserName Then ExitLoop
    Next
    RegDelete("HKEY_USERS\" & $UserProfileSID & "\Software\Policies\Microsoft\Windows\Network Connections")
    ;$Reg='REG DELETE "HKEY_USERS\' & $UserProfileSID & '\Software\Policies\Microsoft\Windows\Network Connections"'
    ;RunWait($Reg)
[code=auto:0]

Sorry about the bug statement. But when the code really did it's job under all user's logon with administrator privilleges, how can posibbly go wrong when you use RunAsSet or even runas (right click or command line version)?


            
                


    Edited  by Fine_Observer
    
    

            
        

        
            
                

    
        
            
        
    


            
        

        
            
                
                
                
            
            
                
            
        
        
    

    
        
            Share this post
            
Link to post
            
            
            

            
                Share on other sites
                

    
        
            

    

        
            

    

        
            

    

        
            

    

        
    

            
        
    


    

                    
                
                    
                    
                    






    
    
        
/dev/null   

    
        
    
             0
    
        
    

        
            
                Universalist
            
            

            
                

    
        
    

            
            MVPs
            
                
            
            
                

    
        
    
             0
    
        
    

                2,864 posts
                
                

            
        
    
    
        


    

    
        
            
            
                
            
            
        

        
    #15 · 
            Posted 
            
            
            
        
    

    


            
        
            Sorry Mhz, the result it's still the same.Kurt, it's should be like this, right?right. Two things:1.) Did you change the marked things "change THIS !!" ?2.) Did you run your script with the parameter "/ra" (run as). Only then it will run with the right of the given user.CheersKurt


            
        

        
            
                

    
        
            
        
    


            
        

        
            
                
                
                
            
            
                
            
        
        
            




  
  
    __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *
  


        
    

    
        
            Share this post
            
Link to post
            
            
            

            
                Share on other sites
                

    
        
            

    

        
            

    

        
            

    

        
            

    

        
    

            
        
    


    

                    
                
                    
                    
                    






    
    
        
Fine_Observer   

    
        
    
             0
    
        
    

        
            
                Seeker
            
            

            
                

    
        
    

            
            Members
            
            
                

    
        
    
             0
    
        
    

                10 posts
                
                

            
        
    
    
        


    

    
        
            
            
                
            
            
        

        
    #16 · 
            Posted 
            
            
            
        
    

    


            
        
            right. Two things:1.) Did you change the marked things "change THIS !!" ?2.) Did you run your script with the parameter "/ra" (run as). Only then it will run with the right of the given user.CheersKurtI did and still doesn't work.


            
        

        
            
                

    
        
            
        
    


            
        

        
            
                
                
                
            
            
                
            
        
        
    

    
        
            Share this post
            
Link to post
            
            
            

            
                Share on other sites
                

    
        
            

    

        
            

    

        
            

    

        
            

    

        
    

            
        
    


    

                    
                
                    
                    
                    






    
    
        
/dev/null   

    
        
    
             0
    
        
    

        
            
                Universalist
            
            

            
                

    
        
    

            
            MVPs
            
                
            
            
                

    
        
    
             0
    
        
    

                2,864 posts
                
                

            
        
    
    
        


    

    
        
            
            
                
            
            
        

        
    #17 · 
            Posted 
            
            
            
        
    

    


            
        
            I did and still doesn't work.
put a msgbox before your code to check the userid. What's the output?

;-------------------------------------------------------------
;- Your "privileged" Code HERE
;-------------------------------------------------------------
msgbox(4096,"User",@UserName)

If it's the correct user, then that user has not enough rights to change the registry.

BTW: This won't work when run with runasset():

If $UserProfile = @UserName Then ExitLoop

@Username will be the name of the new user!

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

RunAsSet("Administrator",@ComputerName,"password")

Did you try to run the script as local admin?

....unless I elevate the account privilleges to administrator

How did you do this? Set local account into local admins, set domain user into local admins or domain user into global group and global group into local admins?

Share this post


Link to post
Share on other sites

Okay, okay... (wow, this is going to heat up a little bit...).

I use 2 user account for testing, a local user account and a domain user account. I ran the script on both account and only works when I set them to local admin privillges.

For RunAsSet (and runas), I use the Administrator on local.

Share this post


Link to post
Share on other sites

For RunAsSet (and runas), I use the Administrator on local.

As I told you, your script logic will not work when run with runasset(). As far as I can see your trying to delete the network connections of the user that runs the script. Your check " If $UserProfile = @UserName Then ExitLoop" will fail if the script is run with runasset()!! You need another logic.

Start the script without runasset(). Retrieve the user name of the current user (@Username). Then rerun the script with runasset() AND give it the username on the command line (script.exe /ra /user:test). Then you can figure out the SID of the user and delete the connection entries with admin privileges.

Cheers

Kurt


__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0