Sign in to follow this  
Followers 0
GregThompson

COM Objects, RegWrite, and IMPERSONATE

7 posts in this topic

I would like to write a script that does the following:

Read an INF

Store a variable

Use the stored variable in a registry key

So, I can do all of this in normal AutoIT, but I don't want to use the RunAS command to write the registry entries. I'd like to use the Com Obj stuff and the Impersonate command, then write the registry keys.

Can someone point me in the right direction? I've been searching the site for example, can't find any, and I've been reading vbs sites/tutorials, and can't get a decent piece of code to work from.

Share this post


Link to post
Share on other sites



Google these-

ImpersonateLoggedOnUser

LogonUser

RevertToSelf

The process is you logon a user with the 'logonuser' function pass the token to the 'impersonteloggedonuser' and the use 'reverttoself' to go back to normal.

details could take a bit of searching but theres a start

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Google these-

ImpersonateLoggedOnUser

LogonUser

RevertToSelf

The process is you logon a user with the 'logonuser' function pass the token to the 'impersonteloggedonuser' and the use 'reverttoself' to go back to normal.

details could take a bit of searching but theres a start

Hrm, I appreciate the response, but I'm not sure what this is? I was under the impression I had to use the WMI stuff, like

$strComputer = "."
$objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\CIMV2")

And then use something like objwmiservice.regwrite, etc, etc

Edited by GregThompson

Share this post


Link to post
Share on other sites

@GregThompson

This example sets the proxy settings of your browser.

Const $HKEY_CURRENT_USER = 0x80000001

$strComputer = "."
$objRegistry = ObjGet("winmgmts:\\" & $strComputer & "\root\default:StdRegProv")
 
$strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"

$strValueName = "ProxyEnable"
$dwValue = 1
$objRegistry.SetDWORDValue ($HKEY_CURRENT_USER, $strKeyPath, $strValueName, $dwValue)

This should you get going. You don't need "impersonation" if you are the Admin who is running the scripts.

regards,

ptrex

Share this post


Link to post
Share on other sites

Hrm, I appreciate the response, but I'm not sure what this is? I was under the impression I had to use the WMI stuff, like

$strComputer = "."

$objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\CIMV2")

And then use something like objwmiservice.regwrite, etc, etc

I don't know about that. i know you an use the method i mentioned. They are dll functions you'd use with dll call (Advapi32.dll). Once the impersonation is made, the program runs under that identity untill you switch back...any commands you use untill you switch bcak are ran under the impersonated identity... i have never done the WMI way if there is one so i cant speak to it.

Share this post


Link to post
Share on other sites

@GregThompson

This example sets the proxy settings of your browser.

Const $HKEY_CURRENT_USER = 0x80000001

$strComputer = "."
$objRegistry = ObjGet("winmgmts:\\" & $strComputer & "\root\default:StdRegProv")
 
$strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"

$strValueName = "ProxyEnable"
$dwValue = 1
$objRegistry.SetDWORDValue ($HKEY_CURRENT_USER, $strKeyPath, $strValueName, $dwValue)

This should you get going. You don't need "impersonation" if you are the Admin who is running the scripts.

regards,

ptrex

PTRex, thanks, assume that I'm NOT the admin though. The deal is that we want to push out a script without credentials of an Admin, to impersonate one and make the registry settings for our WSUS pilot group.

Share this post


Link to post
Share on other sites

@GregThompson

Maybe this will get you get going.

#include <date.au3>

$strComputer = "."
 $objWMIService = ObjGet("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")

 $colItems = $objWMIService.ExecQuery _
    ("Select * from Win32_NetworkLoginProfile")

For $objItem in $colItems
    $dtmWMIDate = $objItem.AccountExpires
    $strReturn = WMIDateStringToDate($dtmWMIDate)
    Consolewrite ("Account Expires: " & $strReturn & @CR)
    Consolewrite ("Authorization Flags: " & $objItem.AuthorizationFlags & @CR)
    Consolewrite ("Bad Password Count: " & $objItem.BadPasswordCount & @CR)
    Consolewrite ("Caption: " & $objItem.Caption & @CR)
    Consolewrite ("CodePage: " & $objItem.CodePage & @CR)
    Consolewrite ("Comment: " & $objItem.Comment & @CR)
    Consolewrite ("Country Code: " & $objItem.CountryCode & @CR)
    Consolewrite ("Description: " & $objItem.Description & @CR)
    Consolewrite ("Flags: " & $objItem.Flags & @CR)
    Consolewrite ("Full Name: " & $objItem.FullName & @CR)
    Consolewrite ("Home Directory: " & $objItem.HomeDirectory & @CR)
    Consolewrite ("Home Directory Drive: " & $objItem.HomeDirectoryDrive & @CR)
    $dtmWMIDate = $objItem.LastLogoff
    $strReturn = WMIDateStringToDate($dtmWMIDate)
    Consolewrite ("Last Logoff: " & $strReturn & @CR)
    $dtmWMIDate = $objItem.LastLogon
    $strReturn = WMIDateStringToDate($dtmWMIDate)
    Consolewrite ("Last Logon: " & $strReturn & @CR)
    Consolewrite ("Logon Hours: " & $objItem.LogonHours & @CR)
    Consolewrite ("Logon Server: " & $objItem.LogonServer & @CR)
    Consolewrite ("Maximum Storage: " & $objItem.MaximumStorage & @CR)
    Consolewrite ("Name: " & $objItem.Name & @CR)
    Consolewrite ("Number Of Logons: " & $objItem.NumberOfLogons & @CR)
    Consolewrite ("Password Age: " & $objItem.PasswordAge & @CR)
    $dtmWMIDate = $objItem.PasswordExpires
    $strReturn = WMIDateStringToDate($dtmWMIDate)
    Consolewrite ("Password Expires: " & $strReturn & @CR)
    Consolewrite ("Primary Group ID: " & $objItem.PrimaryGroupId & @CR)
    Consolewrite ("Privileges: " & $objItem.Privileges & @CR)
    Consolewrite ("Profile: " & $objItem.Profile & @CR)
    Consolewrite ("Script Path: " & $objItem.ScriptPath & @CR)
    Consolewrite ("Setting ID: " & $objItem.SettingID & @CR)
    Consolewrite ("Units Per Week: " & $objItem.UnitsPerWeek & @CR)
    Consolewrite ("User Comment: " & $objItem.UserComment & @CR)
    Consolewrite ("User Id: " & $objItem.UserId & @CR)
    Consolewrite ("User Type: " & $objItem.UserType & @CR)
    Consolewrite ("Workstations: " & $objItem.Workstations & @CR)
   
Next
 
Func WMIDateStringToDate($dtmWMIDate)
    Local $Return
    If Not $dtmWMIDate ="" Then
  
    Return (StringMid($dtmWMIDate, 5, 2) & "/" & _
            StringMid($dtmWMIDate, 7, 2) & "/" & StringLeft($dtmWMIDate, 4) _
            & " " & StringMid($dtmWMIDate, 9, 2) & ":" & StringMid($dtmWMIDate, 11, 2) & ":" & StringMid($dtmWMIDate,13, 2))

    Return $Return
    Endif
EndFunc

Enjoy!!

ptrex

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0