Sign in to follow this  
Followers 0
darkleton

IsAdmin help with user creation

4 posts in this topic

Hi,

I'm trying to create a script that will create new active directory users. Obviously this needs to be done under a domain admin account. The script itself works perfect but I wanted an IsAdmin check so that if a normal user runs it, it will ask for domain credentials.

Every time I run the script as a normal user with the isadmin function in, i still get told i have domain admin access and it tries to continue.

This is what I have so far, any help would be greatly appreciated:

If IsAdmin() = 0 Then
    $usercheck = InputBox("Security Check", "Username", "", "")
    $passcheck = InputBox("Security Check", "Password", "", "*")
    $domaincheck = InputBox("Security Check", "Domain", "", "")
    RunAsSet($usercheck, $domaincheck, $passcheck, 1)
    Run('"' & @AutoItExe & '"' & ' "' & @ScriptFullPath & '"', @WorkingDir)
Elseif IsAdmin() = 1 Then
    MsgBox(0, 'Message', 'Now running with admin rights.')
    EndIf

Run as an admin I get the msgbox appear as it should, but run as a normal user I still get the msgbox saying running with admin rights and it continues.

Thanks

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I think that IsAdmin checks to see if the person logged on is listed as an administrator of the local machine, not a domain admin. Is your "normal user" an admin locally?

I could be wrong about all of that... but I have two domain accounts. One for "normal work" and another for active directory work. If I were to log onto my computer using my domain admin account, IsAdmin would return a 0 since that account is not listed as a member of the local administrator group.

All of the above is just my limited understanding of the IsAdmin function. I usually like to test my assumptions before posting - but I can't do so right now.

Edit: Maybe some of the UDFs in this thread will help

http://www.autoitscript.com/forum/index.ph...st&p=280092

Edited by herewasplato

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites

thank you very much for your help.

my problem is, the test user i use as non-admin is not an admin of domain or local machine yet still gets the message 'now running with admin rights.'

i know i could just use windows in built run-as function, i just thought it would be easier to incorporate the lot into the exe.

i'll keep testing and playing about

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

If  UserInGroup(@LogonDomain,@UserName,"YourGroup") then
    msgbox(0,"Validate",@LogonDomain &"/"&@UserName&" : User in your groupname " & $InGroup)
Else
    msgbox(0,"Validate",@LogonDomain &"/"&@UserName&" : User NOT in your groupname")
EndIf

Exit
  Check if User is in a group 
Func UserInGroup($Domain, $UserName, $InGroup)
  ;local $sRet
    Local $objUser = ObjGet("WinNT://" & $Domain & "/" & $UserName)
    
    For $oGroup in $objUser.Groups
       If $oGroup.Name = $InGroup Then  Return 1
    Next
    Return 0
EndFunc

From http://www.autoitscript.com/forum/index.ph...adfunctions.au3

It should help you test groups if IsAdmin() is a problem.

Hope this helps (MK :) )

Edited by alwaysZeroHour

Z

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0