digibuddha Posted March 12, 2008 Share Posted March 12, 2008 (edited) Hey guys, I'm working with a customer that is implementing a zenworks deployment and also during that time they are moving to a new domain, putting out new computers, setting new GPO's, and implementing Single Sign on (good thing I'm already bald). I have been working with AutoIT for a bit trying to figure out a way to elevate the users rights during install of certain programs. The problem arises because the installation makes changes specific to that user and if you use runasset () then the run as user is the one that gets the benefit, so my solution was to use the net localgroup command in DOS to try and elevate the logged on user to and administrator then take it away when I'm done. (yes I know old school geek, but it works). Here is the issue, I have to be an administrator to add a user to the administrators group, but if i use runAsSet () then it only wants to add the run as user as the admin, not the logged in user. I have tried all the profile variables (0,1,2) with no joy. 0 gives me nothing, 1 sets the run as user, 2 only works for network stuff not locally. Any thoughts would be appreciated, here's my code so far: RunAsSet("username", "domain", "password", 2) If IsAdmin() = 0 Then;Checks if user is local Administrator, If Yes then coninues to next line, if No continues to PID runwait("net localgroup Administrators %username% /Add");sets logged in user to administrator group sleep(1000) EndIf MsgBox(0, 'Message', 'Now running with admin rights.', 2) $pid = ProcessExists("cmd.exe");set to process created by installing program While ProcessExists ($pid) Sleep(5000);While the Installing program process exists script sleeps or waits if NOT ProcessExists ($pid) Then ExitLoop;Obvious if process does not exist the program continues EndIf WEnd If IsAdmin() = 0 Then;After completion of installation removes user from Administrator group runwait("net localgroup administrators %username% /delete") EndIf MsgBox(0, 'Message', 'Your rights have been taken away, Sorry!.', 2) If @error = 1 Then MsgBox(64, "Warning", "Can not run Admin, Please contact your IS Helpdesk for further assistance.") EndIf Edited March 12, 2008 by digibuddha Link to comment Share on other sites More sharing options...
FreeFry Posted March 12, 2008 Share Posted March 12, 2008 Try replacing runwait("net localgroup Administrators %username% /Add");sets logged in user to administrator group With: runwait("net localgroup Administrators " & @UserName & " /Add");sets logged in user to administrator group That should work, as @UserName is the username the AutoIt script was run by, whilst %username% would be the user you set with RunAsSet. Link to comment Share on other sites More sharing options...
digibuddha Posted March 12, 2008 Author Share Posted March 12, 2008 PERFECT!!!!!!!!! Your an AutoIT Ninja!! Here is the finished code if anyone is interested:AutoItSetOption("RunErrorsFatal", 0) AutoItSetOption("TrayIconHide", 0) RunAsSet("username", "domain", "password", 0) If IsAdmin() = 0 Then;Checks if user is local Administrator, If NO then coninues to next line, if YES continues to PID sleep(2000) runwait("net localgroup Administrators " & @UserName & " /Add");sets logged in user to administrator group sleep(1000) EndIf MsgBox(0, 'Message', 'Now running with admin rights.', 2) $pid = ProcessExists("cmd.exe");set to process created by installing program While ProcessExists ($pid) Sleep(5000);While the Installing program process exists script sleeps or waits if NOT ProcessExists ($pid) Then ExitLoop;Obvious if process does not exist the program continues EndIf WEnd If IsAdmin() = 0 Then;After completion of installation removes user from Administrator group runwait("net localgroup Administrators " & @UserName & " /delete") EndIf MsgBox(0, 'Message', 'Your rights have been taken away, Sorry!.', 2) If @error = 1 Then MsgBox(64, "Warning", "Can not run Admin, Please contact your IS Helpdesk for further assistance.") EndIf Link to comment Share on other sites More sharing options...
FreeFry Posted March 12, 2008 Share Posted March 12, 2008 (edited) Hehe, Thank you. Just a few notes about your script though:AutoItSetOption("RunErrorsFatal", 0) AutoItSetOption("TrayIconHide", 0) RunAsSet("username", "domain", "password", 0) If Not IsAdmin() Then ; Use the Not keyword instead of = 0 ; no need to sleep here is it? RunWait("net localgroup Administrators " & @UserName & " /Add");sets logged in user to administrator group ; again I belive there's no need to sleep here EndIf ; do you really want to alert the user? ;~ MsgBox(0, 'Message', 'Now running with admin rights.', 2) ; Might want to use ProcessWait here? depends on what you're doing While ProcessExists("cmd.exe") ; No need to get the pid first ;no need to check if the process doesn't exist, as if it doesn't your While loop won't execute(ie. the script will continue by itself) Sleep(250) ; no need to wait for 5 seconds really :P WEnd If Not IsAdmin() Then RunWait("net localgroup Administrators " & @UserName & " /delete") EndIf ;~ MsgBox(0, 'Message', 'Your rights have been taken away, Sorry!.', 2) ; again, do you really want to alert the user? depends on what you're doing :P ; This error check would be checking the result of the MsgBox above, so it would never show this message, because MsgBox never sets @error to 1(it's just reseted to 0 by the MsgBox) ; and on a further notice, if this was meant to check the result of the RunWait, it's not really an accurate way to detect if it failed, as RunWait won't return if the NET command actually succeeded or not If @error = 1 Then MsgBox(64, "Warning", "Can not run Admin, Please contact your IS Helpdesk for further assistance.") EndIfEdit:Also, depending on what you're doing(if this is used to make some maintenance on the computer(by an admin)), perhaps you should just run the applications you're going to use as admin instead of adding the user to the admin group.This is really an 'insecure' way of doing it really, better have your script run the applications that should be used as admin instead(but still would be insecure as if the programs launched has a file open/select menu in them, the user could run other programs as admin too(like cmd, or explorer :|)) Edited March 12, 2008 by FreeFry Link to comment Share on other sites More sharing options...
digibuddha Posted March 12, 2008 Author Share Posted March 12, 2008 Hey Man Thanks for the constructive criticism, but trust me when I say that those pauses are probably not over kill, maybe a little, but needed. Mainly waiting on certain things to happen before the script decides that the process isn't there and goes on. That script is actually missing a line calling the application installation and that is what I'm waiting on mostly. Thanks again for the insight though. Link to comment Share on other sites More sharing options...
FreeFry Posted March 12, 2008 Share Posted March 12, 2008 Aight, Greatest of Luck Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now