Jump to content
Sign in to follow this  
Airwolf

RunAsSet() and Interactive Programs

Recommended Posts

Airwolf

I am trying to create a script that will run a program which needs to interact with the desktop environment. Basically, if I'm logged on as Administrator in another session and I run script.exe from a different session then the script works. If the Administrator session is closed (i.e. I logoff as Administrator) and then run script.exe in my normal user session then the script fails.

Is there any way to accomplish this without being logged in to an idle session as Administrator?


Certifications: A+, Network+, Security+, Linux+, LPIC-1, MCSA | Languages: AutoIt, C, SQL, .NETBooks: AutoIt v3: Your Quick Guide - $7.99 - O'Reilly Media - September 2007-------->[u]AutoIt v3 Development - newbie to g33k[/u] - Coming Soon - Fate Publishing - Spring 2013UDF Libraries: SkypeCOM UDF Library | ADUC Computers OU Cleanup | Find PixelChecksumExamples: Skype COM Examples - Skype4COMLib Examples converted from VBS to AutoIt

Share this post


Link to post
Share on other sites
Jos

I am trying to create a script that will run a program which needs to interact with the desktop environment. Basically, if I'm logged on as Administrator in another session and I run script.exe from a different session then the script works. If the Administrator session is closed (i.e. I logoff as Administrator) and then run script.exe in my normal user session then the script fails.

Is there any way to accomplish this without being logged in to an idle session as Administrator?

Just run the script with PSEXEC ...

:)


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Airwolf

Just run the script with PSEXEC ...

:)

I still don't seem to be getting anywhere with it. I have it setup to use a password and when I login to the machine and the login script calls this program psexec still prompts for a password. Here is what I have so far... SubInAcls commands are not working, the permissions don't change at all so it seems PSexec is still not running this interactively.

Global $admin
Global $pass
Global $user

$admin = "admin"
$pass = "password"
$user = @username

RunWait(@ComSpec & " /c Start" & '%LOGONSERVER%\NETLOGON\Misc\psexec.exe /accepteula -u ' & $admin & '-p ' & $pass & ' -i %LOGONSERVER%\NETLOGON\Misc\subinacl.exe /file "C:\Documents and Settings\' & $user & '\Desktop" /revoke=DOMAIN\' & $user,"",@SW_HIDE);revoke desktop permissions for logged on user

RunWait(@ComSpec & " /c Start" & '%LOGONSERVER%\NETLOGON\Misc\psexec.exe /accepteula -u ' & $admin & '-p ' & $pass & ' -i %LOGONSERVER%\NETLOGON\Misc\subinacl.exe /file "C:\Documents and Settings\' & $user & '\Desktop" /grant=DOMAIN\' & $user & '=E',"",@SW_HIDE);grant Read/Execute permissions for logged on user's desktop

My ultimate goal is to have a user's desktop locked down to read/execute when they login instead of the full access control they receive by default. I can get the script to work but the admin account has to be logged into the machine when users logon in order to succeed.

Edited by Airwolf123

Certifications: A+, Network+, Security+, Linux+, LPIC-1, MCSA | Languages: AutoIt, C, SQL, .NETBooks: AutoIt v3: Your Quick Guide - $7.99 - O'Reilly Media - September 2007-------->[u]AutoIt v3 Development - newbie to g33k[/u] - Coming Soon - Fate Publishing - Spring 2013UDF Libraries: SkypeCOM UDF Library | ADUC Computers OU Cleanup | Find PixelChecksumExamples: Skype COM Examples - Skype4COMLib Examples converted from VBS to AutoIt

Share this post


Link to post
Share on other sites
PsaltyDS

Just run the script with PSEXEC ...

:D

I'm not a fan of PSEXEC. At least back-n-the-day, it sent passwords in the clear over the network. Got in the habit of authenticated user CIFS file transfers and kicking off programs with SCHTASKS.EXE (or AT.EXE back then). Of course PSTools and Mark Russinovich are Microsoft owned products now. Might be much updated by now...

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
PsaltyDS

Is this something that can't be done WITHOUT a desktop? Like with SetACL.EXE? Without the need for a Windows GUI desktop, you don't need the logged in session.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
Airwolf

I finally got something to work... but it has nothing to do with AutoIt. :)

I ended up using cacls.exe with the user's rights (no runas since the user is the directory owner... not needed). All I had to do was add this code to the logon script:

C:\WINDOWS\system32\cacls.exe "C:\Documents and Settings\%USERNAME%\Desktop" /E /P DOMAIN\%USERNAME%:R

Thanks for the suggestions!


Certifications: A+, Network+, Security+, Linux+, LPIC-1, MCSA | Languages: AutoIt, C, SQL, .NETBooks: AutoIt v3: Your Quick Guide - $7.99 - O'Reilly Media - September 2007-------->[u]AutoIt v3 Development - newbie to g33k[/u] - Coming Soon - Fate Publishing - Spring 2013UDF Libraries: SkypeCOM UDF Library | ADUC Computers OU Cleanup | Find PixelChecksumExamples: Skype COM Examples - Skype4COMLib Examples converted from VBS to AutoIt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×