Shaun Burdick Posted November 28, 2006 Share Posted November 28, 2006 (edited) Hello, feel free to read my previous post to see what started this whole thingOk, I seem to be having a problem with RunAsSet() not working for AD Domain users.In windows, I can run a program as another user by right-clicking and choosing Run As... This allows me to enter any user I wish in my entire domain, and run the program with their permissions on the machine.For instance I have 2 accounts: bob and adm-bobI log on to the computer with bob, now bob is in an AD group called people. The group people is in the Power Users group on this machine. Now lets say I want to install something the requires Admin rights. To do that I would right-click on the file and choose Run As..., and supply it with my adm-bob account, pretty standard stuff.adm-bob is in a group called LAN Admins, that group is in the Administrators Group in this computer in question.This allows me to install or run any file I want as an administrator while being logged in as a normal user.Now what I am trying to do is automate this process a little bit. I would like to do this with AutoIT and as far as I know it should work.I ask the user for the account they would like to use, then supply it to RunAsSet() and proceed to run the file with that account. Now my problem seems that RunAsSet() will only work for local accounts or domain accounts that have physically logged into the machine. This doesn't make any sense?! Is this a bug or just a limitation of the language?To show you what I mean, here is the function that does the job for me:expandcollapse popup;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ;~ Name: usr_RunASBox ;~ Usage: usr_RunASBox() ;~ Returns: null ;~ Description: ;~ usr_RunASBox will prompt user for an additional user account, then open a ;~ window that will accept dragged files and run them as the additional user ;%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Func usr_RunASBox() Local $ptrDragBox, $ptrPromptWindow Local $ptrUserName, $ptrPassword, $ptrDomain, $ptrDropLabel Local $intWindowHeight = 170 Local $intWindowWidth = 400 Local $intWindowGroupHeight = 120 Local $intRow = 10 Local $strBKCOLOR = 0xFF0000;Red Local $strCOLOR = 0xFFFFFF;White Local $buttonOK, $buttonCancel Local $boolCanceled = False Local $strUserName, $strPassword, $strDomain $ptrPromptWindow = GUICreate("Enter Account Information:", $intWindowWidth, $intWindowHeight, -1, -1) GUICtrlCreateGroup("Account:", 10, $intRow, $intWindowWidth-20, $intWindowGroupHeight) $intRow += 30 GUICtrlCreateLabel("Username:", 15, $intRow, 60) $ptrUserName = GUICtrlCreateInput("", 85, $intRow, 300) $intRow += 30 GUICtrlCreateLabel("Password:", 15, $intRow, 60) $ptrPassword = GUICtrlCreateInput("", 85, $intRow, 300,-1, $ES_PASSWORD) $intRow += 30 GUICtrlCreateLabel("Domain:", 15, $intRow, 60) $ptrDomain = GUICtrlCreateInput(@LogonDomain, 85, $intRow, 300) $intRow += 40 $buttonOK = GUICtrlCreateButton("OK", $intWindowWidth/2 - 50, $intRow, 40) $buttonCancel = GUICtrlCreateButton("Cancel", $intWindowWidth/2 + 10, $intRow, 40) GUICtrlSetState($buttonOK, $GUI_DEFBUTTON) GUISetState(@SW_SHOW, $ptrPromptWindow) While 1 $msg = GUIGetMsg() Switch $msg Case $buttonOK $strUserName = GUICtrlRead($ptrUserName) $strPassword = GUICtrlRead($ptrPassword) $strDomain = GUICtrlRead($ptrDomain) ExitLoop Case $buttonCancel, $GUI_EVENT_CLOSE $boolCanceled = True ExitLoop EndSwitch WEnd GuiDelete($ptrPromptWindow) If $strUserName <> "" And $strPassword <> "" And $strDomain <> "" Then;open runas box $intWindowHeight = 200 $intWindowWidth = 200 RunAsSet($strUsername, $strDomain, $strPassword, 1) $ptrDragBox = GUICreate("RunAS: " & $strUserName, $intWindowHeight, _ $intWindowWidth, -1, -1, -1, $WS_EX_ACCEPTFILES) $ptrDropLabel = GUICtrlCreateLabel(@LF & @LF & "Run as: " & @LF & $strUserName & @LF & _ @LF &"Drag File here", 1, 1, $intWindowWidth, $intWindowHeight, $SS_CENTER) GUICtrlSetState($ptrDropLabel, $GUI_DROPACCEPTED) GUICtrlSetBkColor($ptrDropLabel, $strBKCOLOR) GUICtrlSetColor($ptrDropLabel, $strCOLOR) GUICtrlSetFont($ptrDropLabel, 16, "BOLD") GUISetState(@SW_SHOW, $ptrDragBox) While 1 $msg = GUIGetMsg() Switch $msg Case $GUI_EVENT_DROPPED Run(@GUI_DragFile) If @error = 1 Then;M'aide! MsgBox(32, "Error", "Error in either entered user data," & _ @LF & "or system cannot run program." & @LF & @LF & _ "Please Re-enter your data, click OK to continue" & _ @LF & @LF & "Error: " & @error) GUIDelete($ptrDragBox) RunAsSet() usr_RunASBox();Yay recursion ExitLoop EndIf Case $GUI_EVENT_CLOSE RunAsSet() GUIDelete($ptrDragBox) ExitLoop EndSwitch WEnd ElseIf $boolCanceled Then;Exit Loop Else MsgBox(32, "Error", "Error: Every field needs to be completed!") usr_RunASBox();Yay recursion! EndIf EndFunc;End usr_RunASBox()I would greatly appreciate any help/ideas/comments you could provide. Even if it is to point me in the right direction of who to ask.-Shaun Edited November 28, 2006 by Shaun Burdick --ShaunProject PageProjects:[Drive and Printer List Tool] [RunAS Box Tool] Link to comment Share on other sites More sharing options...
Developers Jos Posted November 28, 2006 Developers Share Posted November 28, 2006 Why start and new thread in stead of continuing the previous one ? The file you drag&drop, is that located on the local drive of a network share ? SciTE4AutoIt3 Full installer Download page  - Beta files    Read before posting   How to post scriptsource   Forum etiquette Forum Rules  Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Shaun Burdick Posted November 28, 2006 Author Share Posted November 28, 2006 Why start and new thread in stead of continuing the previous one ? The file you drag&drop, is that located on the local drive of a network share ? I started the new one because as I progressed through it, I felt my point/question got blurred. I was mistaken when I created the earlier post. The File is on the Local computer. The way I test it is to use the compiled version of this little script: MsgBox(0,"","I'm " & @UserName & " on " & @LogonDomain) When you drag it into the box, it will display the account you provided to it. --ShaunProject PageProjects:[Drive and Printer List Tool] [RunAS Box Tool] Link to comment Share on other sites More sharing options...
Developers Jos Posted November 28, 2006 Developers Share Posted November 28, 2006 The File is on the Local computer. The way I test it is to use the compiled version of this little script: MsgBox(0,"","I'm " & @UserName & " on " & @LogonDomain) When you drag it into the box, it will display the account you provided to it.Does it only work with domain accounts that have local cached credentials (truely logged in before and have their User Hive created in the registry\) ? SciTE4AutoIt3 Full installer Download page  - Beta files    Read before posting   How to post scriptsource   Forum etiquette Forum Rules  Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Shaun Burdick Posted November 28, 2006 Author Share Posted November 28, 2006 Does it only work with domain accounts that have local cached credentials (truely logged in before and have their User Hive created in the registry\) ?Correct, it will work for local users and domain accounts with cached credentials.The weird point is regular windows runas will work with non-cached users? --ShaunProject PageProjects:[Drive and Printer List Tool] [RunAS Box Tool] Link to comment Share on other sites More sharing options...
Developers Jos Posted November 28, 2006 Developers Share Posted November 28, 2006 Correct, it will work for local users and domain accounts with cached credentials.The weird point is regular windows runas will work with non-cached users?I can't test here at the moment but you could try :RunAsSet(user,domain,password,0) or RunAsSet(user,domain,password,2)Believe 0 will avoid trying to load the Userhive that doesn't exists ... SciTE4AutoIt3 Full installer Download page  - Beta files    Read before posting   How to post scriptsource   Forum etiquette Forum Rules  Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Shaun Burdick Posted November 28, 2006 Author Share Posted November 28, 2006 I was premature... I don't think this works... Using "RunAs" to run "cmd.exe" I see that %Username% is correct... Using "RunAsSet()" to run "cmd.exe", I see that %username% is incorrect.This may need to be entered into the bug forum... with a short reproduce script... please.Lar.Yeah I noticed that too, I thought 2 would work but when I ran my test script it came back with the current (bob's) credentials.I will make a post in the bug forums.Thanks for your help! --ShaunProject PageProjects:[Drive and Printer List Tool] [RunAS Box Tool] Link to comment Share on other sites More sharing options...
Shaun Burdick Posted November 28, 2006 Author Share Posted November 28, 2006 Reported in Bug ForumsPost --ShaunProject PageProjects:[Drive and Printer List Tool] [RunAS Box Tool] Link to comment Share on other sites More sharing options...
toofat Posted December 1, 2006 Share Posted December 1, 2006 OK I didn't even look at your code, I will just tell you about my case. We have domain of some 1500 to 1600 PC-s. I use this code and it works for me. Func RunAs($RunAsApplication) Dim $RunAsSet[3][2][2] $RunAsSet[0][0][0] = 2 $RunAsSet[1][0][0] = 'DomainAdmin' $RunAsSet[1][1][0] = 'DomainAdminPass' $RunAsSet[1][0][1] = @LogonDomain $RunAsSet[2][0][0] = 'LocalAdmin' $RunAsSet[2][1][0] = 'LoaclAdminPass' $RunAsSet[2][0][1] = @Computername If NOT FileExists ($RunAsApplication) Then Exit For $i = 1 to $RunAsSet[0][0][0] RunAsSet ($RunAsSet[$i][0][0], $RunAsSet[$i][0][1], $RunAsSet[$i][1][0], 0) Run ('"' & $RunAsApplication & '"') If @error = 1 Then ContinueLoop ExitLoop Next Exit EndFunc Script uses my account name and my pass and I swear I haven't LogedOn on 90% of the computers in our domain. App is installed through entire domain by AD Group Policy (MSI install) ... maybe I missunderstud the problem, and if such I am sorry ... Just one more thing; app that is run through this script is app that must be run with DomainAdmin account (conects to the SQL database and uses shared folder on a diferent server) and it generates an error if it is run with LocalAdmin account ... in this script I use LocalAdmin account only if the connection to the server is down, and another app that is run through this script is NERO ... so then app that uses SQL would crash but NERO would still work ) ... script is compiled with AutoIt version 3.1.1 ... P.S. Sorry for bad spelling if any ... Link to comment Share on other sites More sharing options...
Shaun Burdick Posted December 14, 2006 Author Share Posted December 14, 2006 OK I didn't even look at your code, I will just tell you about my case. We have domain of some 1500 to 1600 PC-s. I use this code and it works for me. Func RunAs($RunAsApplication) Dim $RunAsSet[3][2][2] $RunAsSet[0][0][0] = 2 $RunAsSet[1][0][0] = 'DomainAdmin' $RunAsSet[1][1][0] = 'DomainAdminPass' $RunAsSet[1][0][1] = @LogonDomain $RunAsSet[2][0][0] = 'LocalAdmin' $RunAsSet[2][1][0] = 'LoaclAdminPass' $RunAsSet[2][0][1] = @Computername If NOT FileExists ($RunAsApplication) Then Exit For $i = 1 to $RunAsSet[0][0][0] RunAsSet ($RunAsSet[$i][0][0], $RunAsSet[$i][0][1], $RunAsSet[$i][1][0], 0) Run ('"' & $RunAsApplication & '"') If @error = 1 Then ContinueLoop ExitLoop Next Exit EndFunc Script uses my account name and my pass and I swear I haven't LogedOn on 90% of the computers in our domain. App is installed through entire domain by AD Group Policy (MSI install) ... maybe I missunderstud the problem, and if such I am sorry ... Just one more thing; app that is run through this script is app that must be run with DomainAdmin account (conects to the SQL database and uses shared folder on a diferent server) and it generates an error if it is run with LocalAdmin account ... in this script I use LocalAdmin account only if the connection to the server is down, and another app that is run through this script is NERO ... so then app that uses SQL would crash but NERO would still work ) ... script is compiled with AutoIt version 3.1.1 ... P.S. Sorry for bad spelling if any ... Right, looking at your code it would work for you, because when it fails with the network account it will use the local account. The local account will work, its the network account that does not seem to work, I bet if you removed the local account fall over, it will not work at all. --ShaunProject PageProjects:[Drive and Printer List Tool] [RunAS Box Tool] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now