Sign in to follow this  
Followers 0
Novack

RunAsSet problems

6 posts in this topic

#1 ·  Posted (edited)

Hello,

I have some problems running a script like this:

RunAsSet("user","domain","password")
RunWait("notepad.exe")

It works OK when running as any normal user, but if I run it using the LocalSystem account (which I need to), I get "access denied".

To get to LocalSystem run this command in prompt (you need to be logged in as admin):

at XX:YY /interactive cmd

where XX:YY is some time (24-hour clock) in future, like one minute. When the time is hit, windows opens another command prompt as svchost.exe. Then try to run the script again and you will get an "access denied" error.

I don't know if this is a bug or not (a "feature" of Windows, perhaps?), but I'd really need this working (if anyone has experience with the LANDesk Management Suite, you might guess why).

Edited by Novack

Share this post


Link to post
Share on other sites



Hello,

I have some problems running a script like this:

RunAsSet("user","domain","password")
RunWait("notepad.exe")

It works OK when running as any normal user, but if I run it using the LocalSystem account (which I need to), I get "access denied".

To get to LocalSystem run this command in prompt (you need to be logged in as admin):

at XX:YY /interactive cmd

where XX:YY is some time (24-hour clock) in future, like one minute. When the time is hit, windows opens another command prompt as svchost.exe. Then try to run the script again and you will get an "access denied" error.

I don't know if this is a bug or not (a "feature" of Windows, perhaps?), but I'd really need this working (if anyone has experience with the LANDesk Management Suite, you might guess why).

Your RunAsSet() function should have worked fine with @ComputerName for the domain. You didn't show us your actual code so we can't evaluate how you set "user", "domain", or "password". Are they literal strings, string variables, array references, ...? :)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

To me it looks like you can't "downgrade" your credentials and get access to a screen with higher credentials. If that makes sence:unsure:

Tried this on w2k +SP4 +some updates using with autoit-v3.1.1.126 and autoit-v3.2.1.1.

#Region Compiler directives section
#compiler_compression = 4
#compiler_OutFile_Type=exe
#compiler_run_after=move /Y "%out%" "%TEMP%"        ;Putt it somwhere in PATH where your suposed to have access
;#compiler_run_after="%TEMP%\%scriptfile%.exe"
#compiler_run_after=at 14:36 /interactive "%TEMP%\%scriptfile%.exe"
#endregion
If RunAsSet("Guest", @ComputerName,  "guest") Then 
    Local $runfoo = 'cmd /c dir c:'
    $fooPID = RunWait($runfoo, @TempDir, @SW_HIDE)
    if @error then 
        $ret = 0
        msgbox(16, "ERROR in " & @ScriptName, "Could not make a test run so you are probably not logged in as wanted or you have no access to: " & $runfoo)
    Else 
        ProcessClose($fooPID)
        Run("cmd /c notepad.exe", @TempDir, @SW_HIDE)       
    EndIf                   
Else 
    MsgBox(16, "ERROR: " & @ScriptName, "RunAsSet is not suported by OS")
EndIf

EDIT: Modified notpad location.

Edited by Uten

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Darn, enabling the Guest account did help a bit :">

Also making sure everything is running in a directory where the Guest has access did help a lot.

The %TEMP% and @TEMP dir is not the same for the original user and the downgraded user.

So after enabling the Guest account and setting the right privileges to c:\cmdtools this works:

#Region Compiler directives section
#compiler_compression = 4
#compiler_OutFile_Type=exe
#compiler_run_after=move /Y "%out%" "%TEMP%"        ;Putt it somwhere in PATH where your suposed to have access
#compiler_run_after="%TEMP%\%scriptfile%.exe"
#compiler_run_after=at 14:54 /interactive "%TEMP%\%scriptfile%.exe"
#endregion
;If RunAsSet("Guest",@LogonDomain,  "guest") Then ; LogonFalure: User account restrictions
If RunAsSet("Guest", @ComputerName,  "guest") Then 
    Local $runfoo = 'cmd /c dir c:\cmdtools'
    $fooPID = RunWait($runfoo, "c:\cmdtools", @SW_HIDE)
    if @error then 
        $ret = 0
        msgbox(16, "ERROR in " & @ScriptName, "Could not make a test run so you are probably not logged in as wanted or you have no access to: " & $runfoo)
    Else 
        ProcessClose($fooPID)
        Run("cmd /c notepad.exe", "c:\cmdtools", @SW_HIDE)      
    EndIf                   
Else 
    MsgBox(16, "ERROR: " & @ScriptName, "RunAsSet is not suported by OS")
EndIf
Edited by Uten

Share this post


Link to post
Share on other sites

The username, password and domain are all literal string variables, and I'm trying to access a DFS (Distributed File System) share in a domain DFS root.

The actual shares are modifed to be non-system shares, with everyone read access so that LocalSystem can access them. However, this is not possible with DFS and I need to switch to an admin user existing in the domain before I can access the DFS. The DFS is used since it allows the same script to always fetch the files from the nearest DFS mirror.

$Password = "mypass"
$Domain = "DOMAIN" ;In short format, not domain.mycompany.net
$User = "Username"

$Run = "\\domain.mycompany.net\DFSRoot\Share\File.exe"

RunAsSet($User,$Domain,$Password)
FileChangeDir("C:\")  ;This is needed since the default profile points to Z: and no commands can run before switched to an existing drive. I got "invalid directory" error before putting this here, even when starting the script with a normal user.
RunWait($Run)

Share this post


Link to post
Share on other sites

Did you try my sample?

Add a folder where your RunAsSet has priveleges in the RunWait statement and you should have more success.

RunWait($cmd, "c:\NoRestrictionsFolder", @SW_SHOW)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0