Sign in to follow this  
Followers 0
ZipleR

RunAs Startup script

6 posts in this topic

#1 ·  Posted (edited)

I am using a runas command to install an MSP file using a startup script.

The script that I wrote works fine with Windows 2000 but if I apply the same script to a windows XP machine I get an error messag. (see the screen shot attachment)

The script is being applied to the computers using Group policy, and they are in the same container.

Is there something that changes between 2k and Xp that makes startup scripts more secure?

I have had this problem with other scripts before, but just found other work arounds, now I want to get to the bottom of this :)

Oh yeah, if I log into windowsXP and run the script it works fine. Also, the Secondary Logon service is started and set to automatic.

Here is how I set the Runas command

RunAsSet ( "WorkstationAdmin", "Domain", "Password" ,0 )

Thank you!

Edited by ZipleR

Share this post


Link to post
Share on other sites



Try:

RunAsSet ( "WorkstationAdmin", "Domain", "Password" ,1 )

Msiexec + runas on xp when the profile is not loaded isn't supposed to work, I think. Setting the option to 1 should toggle it to load the profile. No promises though...


[font="Fixedsys"][list][*]All of my AutoIt Example Scripts[*]http://saneasylum.com[/list][/font]

Share this post


Link to post
Share on other sites

Ah....

Why doesn't the RunAs program accept a password on the command line?

The RunAs program demands that you type the password manually. Why doesn't it accept a password on the command line?

This was a conscious decision. If it were possible to pass the password on the command line, people would start embedding passwords into batch files and logon scripts, which is laughably insecure.

http://blogs.msdn.com/oldnewthing/archive/.../29/271551.aspx

All as not lost though, try this:

http://www.joeware.net/win/free/tools/cpau.htm


[font="Fixedsys"][list][*]All of my AutoIt Example Scripts[*]http://saneasylum.com[/list][/font]

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Is the RunAsSet command equivelant to using the runas command line utility?

I tried changing the working path from "" to "c:" and that did not help.

----

I just tried changing the 0 to a 1 to load the profile, and that did not help either.

It does not make sence that I can use the same script when logged in. There has to be some setting (even a windows setting) that allows the runas command to function during startup.

Edited by ZipleR

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

With the runasset does it really matter in XP if I load the profile or not? I dont understand why that would really make a difference, unless I were making changes to the profile.

Since I only want to install .msp's it should be safe to not load it right?

----------------------------------------------------------------------------------------------------------------

Also, I think I found a way around not being able to do runas while startup scripts are running.

Here is what I intend on doing (finished with code, just need to test it when I get time)

Have the script, if run with a command line variable of "schedule" check the necessary registry values to determine if the .msp's were installed.

As soon as the first un-installed .msp is found it will schedule a task to run the script again in 1 minute. This time WITHOUT the command line variable.

When scheduling the task I am going to use schtasks to run the command as the domain account that I want to use. This time the Script will have a workstation admin running the script.

With no variable entered from the command line, rather than schedule a task, it will install the .msp.

Let me know if you think this will work.

Thanks!

Edited by ZipleR

Share this post


Link to post
Share on other sites

Hi, have you solved the problwm allready?

I have the same error and i am not able to fix it.......

Regards,

Stefan

With the runasset does it really matter in XP if I load the profile or not? I dont understand why that would really make a difference, unless I were making changes to the profile.

Since I only want to install .msp's it should be safe to not load it right?

----------------------------------------------------------------------------------------------------------------

Also, I think I found a way around not being able to do runas while startup scripts are running.

Here is what I intend on doing (finished with code, just need to test it when I get time)

Have the script, if run with a command line variable of "schedule" check the necessary registry values to determine if the .msp's were installed.

As soon as the first un-installed .msp is found it will schedule a task to run the script again in 1 minute. This time WITHOUT the command line variable.

When scheduling the task I am going to use schtasks to run the command as the domain account that I want to use. This time the Script will have a workstation admin running the script.

With no variable entered from the command line, rather than schedule a task, it will install the .msp.

Let me know if you think this will work.

Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0