RunAS() and non-password users

[Morteza]

Dears,

Some of my system users have not any password (i.e. during log-in, no password is needed). RunAs() work for password protected users without any problem, but not for non-password protected users. I used a "" instead of password for non-password users, but the function not worked at all. What can I do?

regards

Edited November 22, 2008 by Morteza

[ken82m]

I think you've discovered a bug. I'm getting the same result here.

I tried both the release version and the latest beta.

I know I've done this in the past but I haven't tried in quite a while.

I created user test locally with no password and ran this, the run failed

$1 = RunAsWait("Test", @ComputerName, "", 0, @ComSpec)
MsgBox(0,"",$1 & @CR & @error)

Then I assigned the user a password ran it with the password and it worked.

Blank password again failed.

Kenny

[ken82m]

Submitted a bug report. Ticket# 698

Kenny

[Paulchen]

Submitted a bug report. Ticket# 698

Kenny

Have you testet the OS function "runas.exe" with blank password Accounts? There are some limitations on XP and Vista with

WMI, Scheduler, sharing and other function when you use accounts with blank passwords.

[ken82m]

I'll try it now but I'm sure I've done this before.

EDIT:

Damn your right. I wonder if this got locked down by an SP or security patch

Sorry for the bad info

If you are only running this with a local account and really need it

I do have a way to make it work...depending on what your doing exactly.

Well technically it could work with domain accounts but I don't reccomend it

I have a UDF that can change windows passwords.

You could change the password to something else run your commands

and then set the password to nothing again.

Kinda crazy but just something off the top of my head.

Kenny

Edited November 23, 2008 by ken82m

[Morteza]

I'll try it now but I'm sure I've done this before.

EDIT:(...)If you are only running this with a local account and really need it

I do have a way to make it work...(...)

Thank you very much dear guys; ken82m & Paulchen

I think Paulchen is right, this is a lack in Windows. This is explained in this article by Microsoft.

However I found an utility package of Microsoft called PsTools with a utility named PsPassw for changing user passwords, but I would like to see your UDF too (My need is just on local accounts).

I will be very pleased if you share your knowledge with me I think working with an UDF is very better of working with an external program.

Best Regards

Edited November 23, 2008 by Morteza

[ken82m]

Here you go.

_ResetPassword("test", "test2")

RunAsWait("Test", @ComputerName, "test2", 0, @ComSpec)

_ResetPassword("test", "")


Func _ResetPassword($sUser , $sPass)
    $WshNetwork = ObjCreate("WScript.Network") 
    $strComputer = $WshNetwork.ComputerName 
    $strComputer = "." 
    $objUser = ObjGet("WinNT://" & $strComputer & "/" & $sUser & ",user") 
    $objUser.SetPassword ($sPass)
    $objUser.SetInfo()
EndFunc

[Paulchen]

Sometimes the following regkey can help. But this key can be a securityrisk.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

limitblankpassworduse=dword:1

[ken82m]

NICE!!! just changed it to 0 and it worked.

That ones going in my notes now

Haven't seen it documented anywhere how did you come up with that one?

Script could just change it to 0 issue the runas and change it back to 1

Kenny

[toonboon]

It is indeed a very nice find. I guess really changing it immediately before and after calling the runas() command. for safety purposes.

[Morteza]

Sometimes the following regkey can help. But this key can be a securityrisk.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

limitblankpassworduse=dword:1

Very excellent info

Before your kindness, I wrote 3 program for solving this problem!. Now, all of them are in trashcan

Best Regards