RunAsSet problems

[Novack]

Hello,

I have some problems running a script like this:

RunAsSet("user","domain","password")
RunWait("notepad.exe")

It works OK when running as any normal user, but if I run it using the LocalSystem account (which I need to), I get "access denied".

To get to LocalSystem run this command in prompt (you need to be logged in as admin):

at XX:YY /interactive cmd

where XX:YY is some time (24-hour clock) in future, like one minute. When the time is hit, windows opens another command prompt as svchost.exe. Then try to run the script again and you will get an "access denied" error.

I don't know if this is a bug or not (a "feature" of Windows, perhaps?), but I'd really need this working (if anyone has experience with the LANDesk Management Suite, you might guess why).

Edited September 12, 2006 by Novack

[PsaltyDS]

Hello,

I have some problems running a script like this:

RunAsSet("user","domain","password")
RunWait("notepad.exe")

It works OK when running as any normal user, but if I run it using the LocalSystem account (which I need to), I get "access denied".

To get to LocalSystem run this command in prompt (you need to be logged in as admin):

at XX:YY /interactive cmd

where XX:YY is some time (24-hour clock) in future, like one minute. When the time is hit, windows opens another command prompt as svchost.exe. Then try to run the script again and you will get an "access denied" error.

I don't know if this is a bug or not (a "feature" of Windows, perhaps?), but I'd really need this working (if anyone has experience with the LANDesk Management Suite, you might guess why).

Your RunAsSet() function should have worked fine with @ComputerName for the domain. You didn't show us your actual code so we can't evaluate how you set "user", "domain", or "password". Are they literal strings, string variables, array references, ...?

[Uten]

To me it looks like you can't "downgrade" your credentials and get access to a screen with higher credentials. If that makes sence:unsure:

Tried this on w2k +SP4 +some updates using with autoit-v3.1.1.126 and autoit-v3.2.1.1.

#Region Compiler directives section
#compiler_compression = 4
#compiler_OutFile_Type=exe
#compiler_run_after=move /Y "%out%" "%TEMP%"        ;Putt it somwhere in PATH where your suposed to have access
;#compiler_run_after="%TEMP%\%scriptfile%.exe"
#compiler_run_after=at 14:36 /interactive "%TEMP%\%scriptfile%.exe"
#endregion
If RunAsSet("Guest", @ComputerName,  "guest") Then 
    Local $runfoo = 'cmd /c dir c:'
    $fooPID = RunWait($runfoo, @TempDir, @SW_HIDE)
    if @error then 
        $ret = 0
        msgbox(16, "ERROR in " & @ScriptName, "Could not make a test run so you are probably not logged in as wanted or you have no access to: " & $runfoo)
    Else 
        ProcessClose($fooPID)
        Run("cmd /c notepad.exe", @TempDir, @SW_HIDE)       
    EndIf                   
Else 
    MsgBox(16, "ERROR: " & @ScriptName, "RunAsSet is not suported by OS")
EndIf

EDIT: Modified notpad location.

Edited September 12, 2006 by Uten

[Uten]

Darn, enabling the Guest account did help a bit :">

Also making sure everything is running in a directory where the Guest has access did help a lot.

The %TEMP% and @TEMP dir is not the same for the original user and the downgraded user.

So after enabling the Guest account and setting the right privileges to c:\cmdtools this works:

#Region Compiler directives section
#compiler_compression = 4
#compiler_OutFile_Type=exe
#compiler_run_after=move /Y "%out%" "%TEMP%"        ;Putt it somwhere in PATH where your suposed to have access
#compiler_run_after="%TEMP%\%scriptfile%.exe"
#compiler_run_after=at 14:54 /interactive "%TEMP%\%scriptfile%.exe"
#endregion
;If RunAsSet("Guest",@LogonDomain,  "guest") Then ; LogonFalure: User account restrictions
If RunAsSet("Guest", @ComputerName,  "guest") Then 
    Local $runfoo = 'cmd /c dir c:\cmdtools'
    $fooPID = RunWait($runfoo, "c:\cmdtools", @SW_HIDE)
    if @error then 
        $ret = 0
        msgbox(16, "ERROR in " & @ScriptName, "Could not make a test run so you are probably not logged in as wanted or you have no access to: " & $runfoo)
    Else 
        ProcessClose($fooPID)
        Run("cmd /c notepad.exe", "c:\cmdtools", @SW_HIDE)      
    EndIf                   
Else 
    MsgBox(16, "ERROR: " & @ScriptName, "RunAsSet is not suported by OS")
EndIf

Edited September 12, 2006 by Uten

[Novack]

The username, password and domain are all literal string variables, and I'm trying to access a DFS (Distributed File System) share in a domain DFS root.

The actual shares are modifed to be non-system shares, with everyone read access so that LocalSystem can access them. However, this is not possible with DFS and I need to switch to an admin user existing in the domain before I can access the DFS. The DFS is used since it allows the same script to always fetch the files from the nearest DFS mirror.

$Password = "mypass"
$Domain = "DOMAIN" ;In short format, not domain.mycompany.net
$User = "Username"

$Run = "\\domain.mycompany.net\DFSRoot\Share\File.exe"

RunAsSet($User,$Domain,$Password)
FileChangeDir("C:\")  ;This is needed since the default profile points to Z: and no commands can run before switched to an existing drive. I got "invalid directory" error before putting this here, even when starting the script with a normal user.
RunWait($Run)

[Uten]

Did you try my sample?

Add a folder where your RunAsSet has priveleges in the RunWait statement and you should have more success.

RunWait($cmd, "c:\NoRestrictionsFolder", @SW_SHOW)