Jump to content
Sign in to follow this  
darkleton

IsAdmin help with user creation

Recommended Posts

darkleton

Hi,

I'm trying to create a script that will create new active directory users. Obviously this needs to be done under a domain admin account. The script itself works perfect but I wanted an IsAdmin check so that if a normal user runs it, it will ask for domain credentials.

Every time I run the script as a normal user with the isadmin function in, i still get told i have domain admin access and it tries to continue.

This is what I have so far, any help would be greatly appreciated:

If IsAdmin() = 0 Then
    $usercheck = InputBox("Security Check", "Username", "", "")
    $passcheck = InputBox("Security Check", "Password", "", "*")
    $domaincheck = InputBox("Security Check", "Domain", "", "")
    RunAsSet($usercheck, $domaincheck, $passcheck, 1)
    Run('"' & @AutoItExe & '"' & ' "' & @ScriptFullPath & '"', @WorkingDir)
Elseif IsAdmin() = 1 Then
    MsgBox(0, 'Message', 'Now running with admin rights.')
    EndIf

Run as an admin I get the msgbox appear as it should, but run as a normal user I still get the msgbox saying running with admin rights and it continues.

Thanks

Share this post


Link to post
Share on other sites
herewasplato

I think that IsAdmin checks to see if the person logged on is listed as an administrator of the local machine, not a domain admin. Is your "normal user" an admin locally?

I could be wrong about all of that... but I have two domain accounts. One for "normal work" and another for active directory work. If I were to log onto my computer using my domain admin account, IsAdmin would return a 0 since that account is not listed as a member of the local administrator group.

All of the above is just my limited understanding of the IsAdmin function. I usually like to test my assumptions before posting - but I can't do so right now.

Edit: Maybe some of the UDFs in this thread will help

http://www.autoitscript.com/forum/index.ph...st&p=280092

Edited by herewasplato

[size="1"][font="Arial"].[u].[/u][/font][/size]

Share this post


Link to post
Share on other sites
darkleton

thank you very much for your help.

my problem is, the test user i use as non-admin is not an admin of domain or local machine yet still gets the message 'now running with admin rights.'

i know i could just use windows in built run-as function, i just thought it would be easier to incorporate the lot into the exe.

i'll keep testing and playing about

Share this post


Link to post
Share on other sites
alwaysZeroHour

If  UserInGroup(@LogonDomain,@UserName,"YourGroup") then
    msgbox(0,"Validate",@LogonDomain &"/"&@UserName&" : User in your groupname " & $InGroup)
Else
    msgbox(0,"Validate",@LogonDomain &"/"&@UserName&" : User NOT in your groupname")
EndIf

Exit
  Check if User is in a group 
Func UserInGroup($Domain, $UserName, $InGroup)
  ;local $sRet
    Local $objUser = ObjGet("WinNT://" & $Domain & "/" & $UserName)
    
    For $oGroup in $objUser.Groups
       If $oGroup.Name = $InGroup Then  Return 1
    Next
    Return 0
EndFunc

From http://www.autoitscript.com/forum/index.ph...adfunctions.au3

It should help you test groups if IsAdmin() is a problem.

Hope this helps (MK :) )

Edited by alwaysZeroHour

Z

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×