jcmpix Posted February 14, 2008 Share Posted February 14, 2008 (edited) Hi, I am trying to write a script that will deny read access to certain registry entries. The following works on an administrator account: RunAsSet('Admin',@ComputerName,'xxxx') RunWait('subinacl /keyreg "HKEY_LOCAL_MACHINE\HARDWARE\Devicemap\Scsi\Scsi Port 0" /deny=Everyone=r') RunWait('subinacl /keyreg "HKEY_LOCAL_MACHINE\HARDWARE\Devicemap\Scsi\Scsi Port 2" /deny=Everyone=r') RunAsSet() MsgBox(64, "SCSI", "Ready!") It won't work on a limited user account. When I try to run the .exe it returns Line -1: Error: Unable to execute the external program. Access is denied. When I try running the script it says there is an error on the first RunWait. I guess that means the RunAsSet didn't work properly. When I run subinacl from the command prompt it works, though of course it won't let me change registry permissions. Is this a problem with my script or with the way subinacl works (i.e. can't be used with secondary logon)? Thanks in advance! Forgot to mention running XP SP2. Edited February 14, 2008 by jcmpix Link to comment Share on other sites More sharing options...
Developers Jos Posted February 14, 2008 Developers Share Posted February 14, 2008 Is the workdir available under the Admin account ? Maybe try adding a valid workdir to the runwait command.. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
jcmpix Posted February 14, 2008 Author Share Posted February 14, 2008 I tried adding @CommonFilesDir and other directories as the working directory, still same error. Link to comment Share on other sites More sharing options...
Developers Jos Posted February 14, 2008 Developers Share Posted February 14, 2008 Is the script running from a UNC or mapped drive ? SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
jcmpix Posted February 14, 2008 Author Share Posted February 14, 2008 I'm not really sure what that means, but this computer isn't part of a network, if that helps. The subinacl command is on D:\Program Files\Windows Resource Kits\Tools, where D: is on the same disk as C:. Would it help if I typed in the whole path in the RunWait? Sorry, new to this. First time scripting actually. Link to comment Share on other sites More sharing options...
Developers Jos Posted February 14, 2008 Developers Share Posted February 14, 2008 I'm not really sure what that means, but this computer isn't part of a network, if that helps. The subinacl command is on D:\Program Files\Windows Resource Kits\Tools, where D: is on the same disk as C:. Would it help if I typed in the whole path in the RunWait? Sorry, new to this. First time scripting actually.Yes its worth a try. The key thing to remember here is that you change the credentials to another Userid and directories/paths could not be accessible anymore.One other thing you could try is to go into the cmd window and run "RUNAS /user:newuser CMD.exe" and then try to run your command. This will more or less simulate what your are trying to do.Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
jcmpix Posted February 14, 2008 Author Share Posted February 14, 2008 (edited) I tried replacing subinacl with a few other .exe files which I'm sure this (limited user) account can run, all came up with the same error. For example using RunWait with the Firefox.exe didn't work either, with or without the RunAsSet preceding it! Also, I tried simulating the script by typing Runas at the command prompt, I get an access is denied error. When I type in the password, should the cursor stay at the same position? Because that's what it does. Wait, let me check if secondary logon is enabled... If that's the problem this would be really embarassing... Edited February 14, 2008 by jcmpix Link to comment Share on other sites More sharing options...
jcmpix Posted February 14, 2008 Author Share Posted February 14, 2008 Yup, the secondary logon service was disabled. I was staring at the Help file all this time and couldn't see the answer right in front of me! The script works perfectly now. Thank you for your patience! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now