Jump to content

Toggle Admin Mode


ken82m
 Share

Recommended Posts

When activated this tool will set the computer to AutoLogin with the local admin account.

When deactivated it will disable autologon and set the logon screen to display the username and domain of the user that initiated the program.

It also writes to a log file who activates and deactivates the tool and when.

If @OSVersion <> "WIN_2000" AND @OSVersion <> "WIN_2003" AND @OSVersion <> "WIN_XP" AND @OSVersion <> "WIN_VISTA" Then
 MsgBox(4096, "Toggle Install Mode", "This application is designed for Windows 2000 or greater.")
 Exit
EndIf

If $CMDLine[0] = 1 Then
 If $CMDLine[1] = "Activate" Then Activate()
 If $CMDLine[1] = "Deactivate" Then Deactivate()
 Exit
EndIf

;Make sure script's path can be called again. (In case it is running from Temporary Internet Files or something)
If FileExists(@ScriptFullPath) = 0 Then
 MsgBox(4096,"Toggle Install Mode", "An error occured identifying the script location.")
 Exit
EndIf

;Activate and test local Admin credentials
AutoItSetOption("RunErrorsFatal", 0)
RunAsSet ( "Administrator", @Computername, "a1s2d3f4g5")
RunWait(@ComSpec & " /c", @SystemDir, @SW_HIDE) 
If @error = 1 then
  msgbox(4096,"Toggle Install Mode","An error occurred authenticating as: " & @ComputerName & "\Administrator")
  Exit
EndIf
AutoItSetOption("RunErrorsFatal", 1)

$AutoAdminLogon = RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
$AdminActive = RegRead("HKLM\Software\ToggleAdmin", "AdminActive")
If $AdminActive = "" Then $AdminActive = 0

If $AdminActive = 0 And $AutoAdminLogon = 1 Then 
 If MsgBox(4096+4,"Toggle Install Mode", "Install Mode does not show as active however automatic login is enabled." & @CR & @CR & "Would you like to disabled it now?") = 6 Then
  Run('"' & @ScriptFullPath & '" Deactivate', @ScriptDir)
  Exit
 Else
  Exit
 EndIf
EndIf

If $AdminActive = 0 Then
 If MsgBox(4096+4,"Toggle Install Mode", "Install Mode is not currently active." & @CR & @CR & "Would you like to activate it now?") = 6 Then
  Run('"' & @ScriptFullPath & '" Activate', @ScriptDir)
  Exit
 Else
  Exit
 EndIf
EndIf

If $AdminActive = 1 Then 
 If MsgBox(4096+4,"Toggle Install Mode", "Install Mode is currently active." & @CR & @CR & "Would you like to deactivate it now?") = 6 Then
  Run('"' & @ScriptFullPath & '" Deactivate', @ScriptDir)
  Exit
 Else
  Exit
 EndIf
EndIf

Exit

;Custom Functions
Func Activate()
If @OSVersion = "WIN_VISTA" Then
 $User = RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI", "LastLoggedOnUser")
 $UserPOS = StringInStr($User, "\")
 If $UserPOS = 0 Then
  $CurrentUser = $User
  $CurrentDomain = @ComputerName
 Else
  $UserPOS = $UserPOS - 1
  $CurrentDomain = StringLeft($User, $UserPOS)
  $UserPOS = $UserPOS + 1
  $User = StringTrimLeft($User, $UserPOS)
  $CurrentUser = $User
 EndIf
Else
 $CurrentUser = RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultUserName")
 $CurrentDomain = RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultDomainName")
EndIf
RegWrite("HKLM\Software\ToggleAdmin", "CurrentUser", "REG_SZ", $CurrentUser)
RegWrite("HKLM\Software\ToggleAdmin", "CurrentDomain", "REG_SZ", $CurrentDomain)
RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultUserName", "REG_SZ", "Administrator")
RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultPassword", "REG_SZ", "a1s2d3f4g5")
RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultDomainName", "REG_SZ", @ComputerName)
RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon", "REG_SZ", "1")
;Verify reg entries here
$Errors = 0
If RegRead("HKLM\Software\ToggleAdmin", "CurrentUser") <> $CurrentUser Then $Errors = $Errors + 1
If RegRead("HKLM\Software\ToggleAdmin", "CurrentDomain") <> $CurrentDomain Then $Errors = $Errors + 1
If RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultUserName") <> "Administrator" Then $Errors = $Errors + 1
If RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultPassword") <> "a1s2d3f4g5" Then $Errors = $Errors + 1
If RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultDomainName") <> @ComputerName Then $Errors = $Errors + 1
If RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon") <> "1" Then $Errors = $Errors + 1
If $Errors <> 0 Then
 RegDelete("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
 RegDelete("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultPassword")
 MsgBox(4096,"Toggle Install Mode","An error occurred writing the required registry entries as: " & @ComputerName & "\Administrator" & @CR & @CR & "Operation Aborted.")
 Exit
EndIf
RegWrite("HKLM\Software\ToggleAdmin", "AdminActive", "REG_SZ", "1")
$LogFile = FileOpen(@ScriptDir & "\ToggleAdmin.log", 1)
FileWriteLine($LogFile, "Start of Record...")
FileWriteLine($LogFile, "Admin Mode Activated   " & @MON & "/" & @MDAY & "/" & @YEAR & "   " & @HOUR & ":" & @MIN & ":" & @SEC)
FileClose($LogFile)
MsgBox(4096,"Toggle Install Mode","Install Mode Activated" & @CR & @CR & "You must restart your computer to enter Install Mode.")
Exit
EndFunc


Func Deactivate()
If @OSVersion = "WIN_VISTA" Then
 $User = RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI", "LastLoggedOnUser")
 $UserPOS = StringInStr($User, "\")
 If $UserPOS = 0 Then
  $CurrentUser = $User
  $CurrentDomain = @ComputerName
 Else
  $UserPOS = $UserPOS - 1
  $CurrentDomain = StringLeft($User, $UserPOS)
  $UserPOS = $UserPOS + 1
  $User = StringTrimLeft($User, $UserPOS)
  $CurrentUser = $User
 EndIf
Else
 $CurrentUser = RegRead("HKLM\Software\ToggleAdmin", "CurrentUser")
 $CurrentDomain = RegRead("HKLM\Software\ToggleAdmin", "CurrentDomain")
EndIf
RegDelete("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
RegDelete("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultPassword")
RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultUserName", "REG_SZ", $CurrentUser)
RegWrite("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "DefaultDomainName", "REG_SZ", $CurrentDomain)
;Verify reg entries here
If RegRead("HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon") = "1" Then
 MsgBox(4096,"Toggle Install Mode","An error occurred removing the required registry entries as: " & @ComputerName & "\Administrator" & @CR & @CR & "Operation Aborted.")
 Exit
EndIf
RegWrite("HKLM\Software\ToggleAdmin", "AdminActive", "REG_SZ", "0")
RegDelete("HKLM\Software\ToggleAdmin", "CurrentUser")
RegDelete("HKLM\Software\ToggleAdmin", "CurrentDomain")
$LogFile = FileOpen(@ScriptDir & "\ToggleAdmin.log", 1)
FileWriteLine($LogFile, "Admin Mode Deactivated " & @MON & "/" & @MDAY & "/" & @YEAR & "   " & @HOUR & ":" & @MIN & ":" & @SEC)
FileWriteLine($LogFile, "End of Record...")
FileClose($LogFile)
MsgBox(4096,"Toggle Install Mode","Install Mode Deactivated")
Exit
EndFunc

 "I believe that when we leave a place, part of it goes with us and part of us remains... Go anywhere, when it is quiet, and just listen.. After a while, you will hear the echoes of all our conversations, every thought and word we've exchanged.... Long after we are gone our voices will linger in these walls for as long as this place remains."

Link to comment
Share on other sites

I wrote it at work for my mobile sales force. I don't want them working with admin rights cause I know they'll break the machines.

But sometimes they need additional permissions to install printers for example.

The log is nice because if they decide to leave it on and break the machine I can prove it :)

 "I believe that when we leave a place, part of it goes with us and part of us remains... Go anywhere, when it is quiet, and just listen.. After a while, you will hear the echoes of all our conversations, every thought and word we've exchanged.... Long after we are gone our voices will linger in these walls for as long as this place remains."

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

You're right, but you'd have to know where to look, and my users aren't to smart have trouble turning on their machines (literally)

I could have written a run once value that silently deactivated the feature including deleting the password upon login.

Thanks,

Kenny

 "I believe that when we leave a place, part of it goes with us and part of us remains... Go anywhere, when it is quiet, and just listen.. After a while, you will hear the echoes of all our conversations, every thought and word we've exchanged.... Long after we are gone our voices will linger in these walls for as long as this place remains."

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...