Search the Community
Showing results for tags 'permissions'.
-
I'm trying to install some setup stuff on Win10. One part of the script requires just regular user privileges but the other requires admin privileges. When I run it from the Autoit Editor it works like a champ. When I build it, Windows slaps the admin stamp on it and then when I attempt to run the part that only requires regular users....it gets all hosed up. Is there a way to remove #RequireAdmin? I've tried RunAs(username, "", myPassword, "", "cmd.exe", "") but that never seems to work. Can someone help me out?
-
Curious if anyone knows if the permissions UDF can be used with certificates and if so, how. This is the code in the UDF for $_SE_OBJECT_TYPE which doesn't state anything about certs and not sure if it would fall under one of the object types listed: Global Enum _ ;$_SE_OBJECT_TYPE $SE_UNKNOWN_OBJECT_TYPE = 0, _ ;Unknown object type. $SE_FILE_OBJECT, _ ;Indicates a file or directory. Can be an absolute path, such as FileName.dat, C:\DirectoryName\FileName.dat, or a handle to an opened file $SE_SERVICE, _;Indicates a Windows service. A service object can be a local service, such as ServiceName, or a remote service, such as \\ComputerName\ServiceName, or a handle to a service $SE_PRINTER, _;Indicates a printer. A printer object can be a local printer, such as PrinterName, or a remote printer, such as \\ComputerName\PrinterName. $SE_REGISTRY_KEY, _;Indicates a registry key. The names can be in the format 'HKLM\SOFTWARE\Example', or 'HKEY_LOCAL_MACHINE\SOFTWARE\Example'. It can also be a handle to a registry key $SE_LMSHARE, _;Indicates a network share. A share object can be local, such as ShareName, or remote, such as \\ComputerName\ShareName. $SE_KERNEL_OBJECT, _;Indicates a local kernel object. All types of kernel objects are supported. ie, A process handle obtained with _Permissions_OpenProcess $SE_WINDOW_OBJECT, _;Indicates a window station or desktop object on the local computer. $SE_DS_OBJECT, _;Indicates a directory service object or a property set or property of a directory service object. e.g.CN=SomeObject,OU=ou2,OU=ou1,DC=DomainName,DC=CompanyName,DC=com,O=internet $SE_DS_OBJECT_ALL, _;Indicates a directory service object and all of its property sets and properties. $SE_PROVIDER_DEFINED_OBJECT, _;Indicates a provider-defined object. $SE_WMIGUID_OBJECT, _;Indicates a WMI object. $SE_REGISTRY_WOW64_32KEY;Indicates an object for a registry entry under WOW64. ;$_SE_OBJECT_TYPE What I'm trying to do is add another user to a cert in Certificates (Local Computer) > Personal > Certificates as if using the "manage private keys" command via the MMC. Thanks...
-
I am trying to create anti-procrastination software, basically by utilizing the DisallowRun parameter in the Group Policy. I am adding registry values into the register to add the programs I want disallowed through the restricted.txt file (each line in the file is a program I want to disallow) So, this is what I have so far and it does work, but There was a time that it didn't, and the only reason is because of permissions. ;Anti-Procrastinator V0.1 ;Checks version of windows, if 32x or 64x Dim $registryKey If @OSType = "WIN32_NT" Then $registryKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" EndIf Dim $restrictionFile startup() Func startup() RegWrite($registryKey, "DisallowRun", "REG_DWORD", 1) $registryKey &= "\DisallowRun" addToReg() EndFunc ;Adds programs in Restricted.txt into the registry Func addToReg() $restrictionFile = FileOpen("Restricted.txt") Dim $str = FileReadLine($restrictionFile), $count = 1 While Not @error While $str <> "" RegWrite($registryKey, ""&$count, "REG_SZ", $str) $str = FileReadLine($restrictionFile) $count += 1 WEnd WEnd FileClose($restrictionFile) EndFunc ;...What I had to do, to get this working, is go into the registry and manually set the Explorer folders permissions to full access for my account. If I use #REQUIREADMIN it will work (assuming that access is given, but I don't want to ask for admin privileges, well, unless I can brute force a yes). I have also noticed in other posts, it doesn't mention you need to change permissions, something I had to piece together myself! So, what I want to know, is how to I get the permissions to be full control to me, without having to manually set them. Or be able to brute force admin rights (which I don't think is possible)
-
I've hit a wall here and don't know how to get over it. I need to access a server using WMI to retrieve Win32_Printer information to load printers based on location. I have admin rights on the server and have no problem accessing the WMI service. My regular users cannot access WMI on the server due to not having permission. I'm wondering if you can use the machine account to gain permission? Is it possible to use the machine account, which is in Active Directory, to access the WMI service on the server? I checked the security settings for the machine account and it has the same groups that I have all-be-it 2 containers below me in Active Directory. Any help would be appreciated. Below is the code that I am using for WMI access. I have tried the impersonationLevel and authentication entries and nothing seems to work. ----------- Local $objWMIService, $wbemFlagReturnImmediately = 0x10, $wbemFlagForwardOnly = 0x20 $colItems = "" $objWMIService = ObjGet("winmgmts:" & $strComputer & "rootCIMV2") if IsObj($objWMIService) Then $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Printer"), "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) Else MsgBox(0,"", "WMI Service did not connect. Not an object " & @error) Exit ;stop the program since WMI doesn't have access EndIf ---------- Thanks Michael