Novack Posted September 12, 2006 Share Posted September 12, 2006 (edited) Hello, I have some problems running a script like this: RunAsSet("user","domain","password") RunWait("notepad.exe") It works OK when running as any normal user, but if I run it using the LocalSystem account (which I need to), I get "access denied". To get to LocalSystem run this command in prompt (you need to be logged in as admin): at XX:YY /interactive cmd where XX:YY is some time (24-hour clock) in future, like one minute. When the time is hit, windows opens another command prompt as svchost.exe. Then try to run the script again and you will get an "access denied" error. I don't know if this is a bug or not (a "feature" of Windows, perhaps?), but I'd really need this working (if anyone has experience with the LANDesk Management Suite, you might guess why). Edited September 12, 2006 by Novack Link to comment Share on other sites More sharing options...
PsaltyDS Posted September 12, 2006 Share Posted September 12, 2006 Hello, I have some problems running a script like this: RunAsSet("user","domain","password") RunWait("notepad.exe") It works OK when running as any normal user, but if I run it using the LocalSystem account (which I need to), I get "access denied". To get to LocalSystem run this command in prompt (you need to be logged in as admin): at XX:YY /interactive cmd where XX:YY is some time (24-hour clock) in future, like one minute. When the time is hit, windows opens another command prompt as svchost.exe. Then try to run the script again and you will get an "access denied" error. I don't know if this is a bug or not (a "feature" of Windows, perhaps?), but I'd really need this working (if anyone has experience with the LANDesk Management Suite, you might guess why). Your RunAsSet() function should have worked fine with @ComputerName for the domain. You didn't show us your actual code so we can't evaluate how you set "user", "domain", or "password". Are they literal strings, string variables, array references, ...? Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Uten Posted September 12, 2006 Share Posted September 12, 2006 (edited) To me it looks like you can't "downgrade" your credentials and get access to a screen with higher credentials. If that makes sence:unsure: Tried this on w2k +SP4 +some updates using with autoit-v3.1.1.126 and autoit-v3.2.1.1. #Region Compiler directives section #compiler_compression = 4 #compiler_OutFile_Type=exe #compiler_run_after=move /Y "%out%" "%TEMP%" ;Putt it somwhere in PATH where your suposed to have access ;#compiler_run_after="%TEMP%\%scriptfile%.exe" #compiler_run_after=at 14:36 /interactive "%TEMP%\%scriptfile%.exe" #endregion If RunAsSet("Guest", @ComputerName, "guest") Then Local $runfoo = 'cmd /c dir c:' $fooPID = RunWait($runfoo, @TempDir, @SW_HIDE) if @error then $ret = 0 msgbox(16, "ERROR in " & @ScriptName, "Could not make a test run so you are probably not logged in as wanted or you have no access to: " & $runfoo) Else ProcessClose($fooPID) Run("cmd /c notepad.exe", @TempDir, @SW_HIDE) EndIf Else MsgBox(16, "ERROR: " & @ScriptName, "RunAsSet is not suported by OS") EndIf EDIT: Modified notpad location. Edited September 12, 2006 by Uten Please keep your sig. small! Use the help file. Search the forum. Then ask unresolved questions :) Script plugin demo, Simple Trace udf, TrayMenuEx udf, IOChatter demo, freebasic multithreaded dll sample, PostMessage, Aspell, Code profiling Link to comment Share on other sites More sharing options...
Uten Posted September 12, 2006 Share Posted September 12, 2006 (edited) Darn, enabling the Guest account did help a bit :"> Also making sure everything is running in a directory where the Guest has access did help a lot. The %TEMP% and @TEMP dir is not the same for the original user and the downgraded user. So after enabling the Guest account and setting the right privileges to c:\cmdtools this works: #Region Compiler directives section #compiler_compression = 4 #compiler_OutFile_Type=exe #compiler_run_after=move /Y "%out%" "%TEMP%" ;Putt it somwhere in PATH where your suposed to have access #compiler_run_after="%TEMP%\%scriptfile%.exe" #compiler_run_after=at 14:54 /interactive "%TEMP%\%scriptfile%.exe" #endregion ;If RunAsSet("Guest",@LogonDomain, "guest") Then ; LogonFalure: User account restrictions If RunAsSet("Guest", @ComputerName, "guest") Then Local $runfoo = 'cmd /c dir c:\cmdtools' $fooPID = RunWait($runfoo, "c:\cmdtools", @SW_HIDE) if @error then $ret = 0 msgbox(16, "ERROR in " & @ScriptName, "Could not make a test run so you are probably not logged in as wanted or you have no access to: " & $runfoo) Else ProcessClose($fooPID) Run("cmd /c notepad.exe", "c:\cmdtools", @SW_HIDE) EndIf Else MsgBox(16, "ERROR: " & @ScriptName, "RunAsSet is not suported by OS") EndIf Edited September 12, 2006 by Uten Please keep your sig. small! Use the help file. Search the forum. Then ask unresolved questions :) Script plugin demo, Simple Trace udf, TrayMenuEx udf, IOChatter demo, freebasic multithreaded dll sample, PostMessage, Aspell, Code profiling Link to comment Share on other sites More sharing options...
Novack Posted September 12, 2006 Author Share Posted September 12, 2006 The username, password and domain are all literal string variables, and I'm trying to access a DFS (Distributed File System) share in a domain DFS root. The actual shares are modifed to be non-system shares, with everyone read access so that LocalSystem can access them. However, this is not possible with DFS and I need to switch to an admin user existing in the domain before I can access the DFS. The DFS is used since it allows the same script to always fetch the files from the nearest DFS mirror. $Password = "mypass" $Domain = "DOMAIN" ;In short format, not domain.mycompany.net $User = "Username" $Run = "\\domain.mycompany.net\DFSRoot\Share\File.exe" RunAsSet($User,$Domain,$Password) FileChangeDir("C:\") ;This is needed since the default profile points to Z: and no commands can run before switched to an existing drive. I got "invalid directory" error before putting this here, even when starting the script with a normal user. RunWait($Run) Link to comment Share on other sites More sharing options...
Uten Posted September 13, 2006 Share Posted September 13, 2006 Did you try my sample? Add a folder where your RunAsSet has priveleges in the RunWait statement and you should have more success. RunWait($cmd, "c:\NoRestrictionsFolder", @SW_SHOW) Please keep your sig. small! Use the help file. Search the forum. Then ask unresolved questions :) Script plugin demo, Simple Trace udf, TrayMenuEx udf, IOChatter demo, freebasic multithreaded dll sample, PostMessage, Aspell, Code profiling Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now