Jump to content

using RunAsSet with subinacl

jcmpix

By jcmpix
in AutoIt General Help and Support

 Share

Recommended Posts

jcmpix Seeker

jcmpix

Posted
Posted (edited)

Hi, I am trying to write a script that will deny read access to certain registry entries. The following works on an administrator account:

RunAsSet('Admin',@ComputerName,'xxxx')

RunWait('subinacl /keyreg "HKEY_LOCAL_MACHINE\HARDWARE\Devicemap\Scsi\Scsi Port 0" /deny=Everyone=r')

RunWait('subinacl /keyreg "HKEY_LOCAL_MACHINE\HARDWARE\Devicemap\Scsi\Scsi Port 2" /deny=Everyone=r')

RunAsSet()

MsgBox(64, "SCSI", "Ready!")

It won't work on a limited user account. When I try to run the .exe it returns

Line -1:

Error: Unable to execute the external program.

Access is denied.

When I try running the script it says there is an error on the first RunWait. I guess that means the RunAsSet didn't work properly. When I run subinacl from the command prompt it works, though of course it won't let me change registry permissions. Is this a problem with my script or with the way subinacl works (i.e. can't be used with secondary logon)? Thanks in advance!

Forgot to mention running XP SP2.

Edited by jcmpix
jcmpix Seeker

jcmpix

Posted
  • Author
Posted

I'm not really sure what that means, but this computer isn't part of a network, if that helps. The subinacl command is on D:\Program Files\Windows Resource Kits\Tools, where D: is on the same disk as C:. Would it help if I typed in the whole path in the RunWait? Sorry, new to this. First time scripting actually.

  • Developers
Jos Universalist

Jos

Posted
  • Developers
Posted

I'm not really sure what that means, but this computer isn't part of a network, if that helps. The subinacl command is on D:\Program Files\Windows Resource Kits\Tools, where D: is on the same disk as C:. Would it help if I typed in the whole path in the RunWait? Sorry, new to this. First time scripting actually.

Yes its worth a try. The key thing to remember here is that you change the credentials to another Userid and directories/paths could not be accessible anymore.

One other thing you could try is to go into the cmd window and run "RUNAS /user:newuser CMD.exe" and then try to run your command. This will more or less simulate what your are trying to do.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.  :)

jcmpix Seeker

jcmpix

Posted
  • Author
Posted (edited)

I tried replacing subinacl with a few other .exe files which I'm sure this (limited user) account can run, all came up with the same error. For example using RunWait with the Firefox.exe didn't work either, with or without the RunAsSet preceding it! Also, I tried simulating the script by typing Runas at the command prompt, I get an access is denied error. When I type in the password, should the cursor stay at the same position? Because that's what it does.

Wait, let me check if secondary logon is enabled... If that's the problem this would be really embarassing...

Edited by jcmpix
jcmpix Seeker

jcmpix

Posted
  • Author
Posted

Yup, the secondary logon service was disabled. I was staring at the Help file all this time and couldn't see the answer right in front of me! The script works perfectly now. Thank you for your patience!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...