darkleton Posted February 27, 2008 Posted February 27, 2008 Hi, I'm trying to create a script that will create new active directory users. Obviously this needs to be done under a domain admin account. The script itself works perfect but I wanted an IsAdmin check so that if a normal user runs it, it will ask for domain credentials. Every time I run the script as a normal user with the isadmin function in, i still get told i have domain admin access and it tries to continue. This is what I have so far, any help would be greatly appreciated: If IsAdmin() = 0 Then $usercheck = InputBox("Security Check", "Username", "", "") $passcheck = InputBox("Security Check", "Password", "", "*") $domaincheck = InputBox("Security Check", "Domain", "", "") RunAsSet($usercheck, $domaincheck, $passcheck, 1) Run('"' & @AutoItExe & '"' & ' "' & @ScriptFullPath & '"', @WorkingDir) Elseif IsAdmin() = 1 Then MsgBox(0, 'Message', 'Now running with admin rights.') EndIf Run as an admin I get the msgbox appear as it should, but run as a normal user I still get the msgbox saying running with admin rights and it continues. Thanks
herewasplato Posted February 27, 2008 Posted February 27, 2008 (edited) I think that IsAdmin checks to see if the person logged on is listed as an administrator of the local machine, not a domain admin. Is your "normal user" an admin locally?I could be wrong about all of that... but I have two domain accounts. One for "normal work" and another for active directory work. If I were to log onto my computer using my domain admin account, IsAdmin would return a 0 since that account is not listed as a member of the local administrator group.All of the above is just my limited understanding of the IsAdmin function. I usually like to test my assumptions before posting - but I can't do so right now.Edit: Maybe some of the UDFs in this thread will helphttp://www.autoitscript.com/forum/index.ph...st&p=280092 Edited February 27, 2008 by herewasplato [size="1"][font="Arial"].[u].[/u][/font][/size]
darkleton Posted February 28, 2008 Author Posted February 28, 2008 thank you very much for your help. my problem is, the test user i use as non-admin is not an admin of domain or local machine yet still gets the message 'now running with admin rights.' i know i could just use windows in built run-as function, i just thought it would be easier to incorporate the lot into the exe. i'll keep testing and playing about
alwaysZeroHour Posted February 28, 2008 Posted February 28, 2008 (edited) If UserInGroup(@LogonDomain,@UserName,"YourGroup") then msgbox(0,"Validate",@LogonDomain &"/"&@UserName&" : User in your groupname " & $InGroup) Else msgbox(0,"Validate",@LogonDomain &"/"&@UserName&" : User NOT in your groupname") EndIf Exit Check if User is in a group Func UserInGroup($Domain, $UserName, $InGroup) ;local $sRet Local $objUser = ObjGet("WinNT://" & $Domain & "/" & $UserName) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 Next Return 0 EndFuncFrom http://www.autoitscript.com/forum/index.ph...adfunctions.au3It should help you test groups if IsAdmin() is a problem.Hope this helps (MK ) Edited February 28, 2008 by alwaysZeroHour Z
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now