MattX Posted December 16, 2009 Posted December 16, 2009 RunAsSet is what I used to use [ I know it was bad but I used to have it at the start and then at the end of huge chunks of code ] but now we have RunAs and I can't for the love of god get it work on this chunk of code. I have tried RunAsWait, I have tried with local computer name and local admin rights but NO it won't run - it won't pull the EventLog, & it won't run procmon - the screenshot works and the zipping of the files but procmon and the eventlog just refuse. Someone please help me before I throw a hissy fit. While 1 $nMsg = GUIGetMsg() Select Case $nMsg = $Button1 FileWriteLine($file, $sMsg) FileClose($file) Local $sUserName = "administrator" Local $sPassword = "PASSWORD" local $domain = "MYFQDN" _ScreenCapture_Capture($helpdesk_screenshots & "\helpdesk_Image1.jpg") _EventLog__Backup ($hEventLog, "n:\helpdesk_screenshots\EventLog.evt") _EventLog__Close ($hEventLog) RunAs($sUserName, $domain, $sPassword, 1, @ScriptDir & '\procmon.exe /AcceptEula /Quiet /Minimized /BackingFile n:\helpdesk_screenshots\snapshot.PML') Sleep(5000) RunAs($sUserName, $domain, $sPassword, 1, @ScriptDir & '\procmon /terminate') Sleep(1000) $Zip = _Zip_Create($ziploc & "\zip_data.zip") _Zip_AddFolder($Zip,$ziploc,4) FileDelete("n:\helpdesk_screenshots\*.jpg") FileDelete("n:\helpdesk_screenshots\*.txt") FileDelete("n:\helpdesk_screenshots\*.evt") FileDelete("n:\helpdesk_screenshots\snapshot.pml") _IECreate($portalsite) Case $nMsg = $Button2 _IECreate($portalsite) Case $nMsg = $infoitem MsgBox(0, "Portal Launcher 1.5", "Written By Matt." & @CRLF & "Comments & Suggestions to:" & @CRLF & "matt" & @CRLF & "Last update: Dec 2009") Case $nMsg = $GUI_EVENT_CLOSE GUIDelete($Form1) Return EndSelect WEnd EndFunc ;==>ShowMessage
MattX Posted December 16, 2009 Author Posted December 16, 2009 Have also tried: RunAs($sUserName, @ComputerName, $sPassword, 0, 'procmon.exe /Quiet /Minimized /BackingFile n:\helpdesk_screenshots\snapshot.PML', @ScriptDir) Still no luck.
Developers Jos Posted December 16, 2009 Developers Posted December 16, 2009 Is the N: map available for the RunAs credentials? Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
MattX Posted December 16, 2009 Author Posted December 16, 2009 Is the N: map available for the RunAs credentials? Jos The N: drive is the user's home directory - does this make a difference ?
Developers Jos Posted December 16, 2009 Developers Posted December 16, 2009 (edited) The N: drive is the user's home directory - does this make a difference ?Depends if the account used has access to it which I doubt since you use a MAPPED drive which is only know to the original users session.What account do you use for Runas? Is it a domain or Local PC account?From where is the Script ran? Local disk or Network Share?Jos Edited December 16, 2009 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
MattX Posted December 16, 2009 Author Posted December 16, 2009 Depends if the account used has access to it which I doubt since you use a MAPPED drive which is only know to the original users session. What account do you use for Runas? Is it a domain or Local PC account? From where is the Script ran? Local disk or Network Share? Jos Thanks for the help so far - the account I am using for the RunAs is a local admin account [ to the PC ] - I have also tried the domain FQDN admin account too but still no luck. Would the netbios name make a difference ? The location the script is running [ and where procmon is ] is on a mapped drive the user has access to [ which is a hidden drive P: ]
Developers Jos Posted December 16, 2009 Developers Posted December 16, 2009 Thanks for the help so far - the account I am using for the RunAs is a local admin account [ to the PC ] - I have also tried the domain FQDN admin account too but still no luck. Would the netbios name make a difference ? The location the script is running [ and where procmon is ] is on a mapped drive the user has access to [ which is a hidden drive P: ] You always should use the UNC (\\server\share\path) when using different credentials since that userid doesn't have these Mapping available. The local admin account will not work at all since it doesn't have any access to the share. What I normally do is to download the file from the share to a local temp directory and then use the Local Admin account to run it, this to avoid having to use a domain admin account with all its security risks. Give that a try. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
aseitz Posted December 16, 2009 Posted December 16, 2009 You always should use the UNC (\\server\share\path) when using different credentials since that userid doesn't have these Mapping available. The local admin account will not work at all since it doesn't have any access to the share. What I normally do is to download the file from the share to a local temp directory and then use the Local Admin account to run it, this to avoid having to use a domain admin account with all its security risks. Give that a try. I just map the drive with the account before doing the run as... here is a sample script I use: ; Map U: Drive to Local Account and run the executable, then exit. RunAsWait($sUserName, @ComputerName, $sPassword, 4, @ComSpec & " /k NET USE /PERSISTENT:YES "& $sNetDrive & " " & $sNetPath & " /USER:"& $sNetUserName &" """& $sNetPassword &""" && "& $sNetDrive &" && CD && START /WAIT """" "& $sNetDrive &"\"& $sFilePath &" && exit", "", @SW_SHOW) I attached the file I sampled this from if you need it for reference.Elevate.au3
MattX Posted December 17, 2009 Author Posted December 17, 2009 Thanks for the help so far - just going to try and run the procmon part locally now - will report back on how I get on with that. Whilst I am at it - how can you run a whole section of code with admin rights now ? With the old RunAsSet function you could start have lines of code run as an admin and then close it with afterwards with RunAsSet() Can this still be done ? Just thinking as if I can get this to work by running it locally I will copy the file over to the c: drive but of course I will need admin rights to the c: drive to create a dir and copy over the file..... The change to this function has really thrown me and some of my scripts into a mess.
MattX Posted December 17, 2009 Author Posted December 17, 2009 Righty Ho - got procmon working running locally with a RunAs which is great - only snag I have now is that the _EventLog_Backup does not work - have tried including that too within the RunAs function but to no avail - on checking the help file it states the function fails if the user does not have SE_BACKUP_NAME - excuse my dumb arse question but what is that ? I've done a search but found nothing. The function works with Admin Rights but not a normal user......
MattX Posted December 17, 2009 Author Posted December 17, 2009 Works for Admin, [ understandably ] but not as normal user - any ideas anyone ? RunAs($sUserName, @ComputerName, $sPassword, 0, _EventLog__Backup ($hEventLog, "c:\logs\EventLog.evt")) RunAs($sUserName, @ComputerName, $sPassword, 0, _EventLog__Close ($hEventLog))
MattX Posted December 17, 2009 Author Posted December 17, 2009 (edited) This is getting stupid - the only way I can get the _EventLog__Backup to work for a user without admin rights is to create a separate compiled script: #include <EventLog.au3> Dim $hEventLog = _EventLog__Open ("", "Application") _EventLog__Backup ($hEventLog, "c:\logs\EventLog.evt") _EventLog__Close ($hEventLog) Exit And then call that from the original script: RunAsWait($sUserName, @ComputerName, $sPassword, 0, 'c:\logs\event_test.exe', 'c:\logs') Someone please tell me there is a way to use RunAs or RunAsWait and the _EventLog__Backup function..... Edited December 17, 2009 by MattX
Developers Jos Posted December 17, 2009 Developers Posted December 17, 2009 See you are having a ball here. What happens when you run it with RunWait() in stead of RunAs() as the regular user? Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
MattX Posted December 17, 2009 Author Posted December 17, 2009 See you are having a ball here. What happens when you run it with RunWait() in stead of RunAs() as the regular user? Jos As a regular user ? Nothing !! I am at a loss as now as I have no idea how to code around other functions with the new RunAs - for example I want to use the _EventLog__Backup function but I know it won't work for a regular user as I have tested it - so I stick in: RunAs($sUserName, @ComputerName, $sPassword, 0, _EventLog__Backup ($hEventLog, "c:\logs\EventLog.evt")) RunAs($sUserName, @ComputerName, $sPassword, 0, _EventLog__Close ($hEventLog)) But this refuses to work - what am I doing wrong ? Christ things were easier with the RunAsSet function !!
Developers Jos Posted December 17, 2009 Developers Posted December 17, 2009 couple of things here: You are trying to "RUN" an UDF in stead of an EXE? That obviously will not work. What i normally would do in these cases to avoid needing multiple scripts is to have the script start itself with admin credentials and supply a parameter on the commandline which will be used as trigger for the Admin level tasks. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
MattX Posted December 18, 2009 Author Posted December 18, 2009 couple of things here:You are trying to "RUN" an UDF in stead of an EXE? That obviously will not work.What i normally would do in these cases to avoid needing multiple scripts is to have the script start itself with admin credentials and supply a parameter on the commandline which will be used as trigger for the Admin level tasks.JosDon't suppose you have an example I could look at do you which does this ?
Developers Jos Posted December 18, 2009 Developers Posted December 18, 2009 Don't suppose you have an example I could look at do you which does this ? Something like this: ; Demo restart with admin rights MsgBox(0, "$cmdline[0]", $cmdline[0]) For $x = 1 To $cmdline[0] If $cmdline[$x] = "/test" Then ; script code to be run with Admin rights go here MsgBox(0, "/test", "Username:" & @UserName) Exit EndIf Next MsgBox(0, "Normal", "Username:" & @UserName) $rc = RunAsWait("admin", @ComputerName, "test123", 0, '"' & @ScriptFullPath & '" /test', @ScriptDir) MsgBox(0, "Rc", "Rc:" & $rc & @LF & "@error:" & @error) Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
MattX Posted December 18, 2009 Author Posted December 18, 2009 Thanks for the example - but on looking at it I don't really have a clue as to what is going on. What is the $cmdline variable actually doing ? Is it telling me what user is currently running the script as ? Also what is the $rc variable and the error level if run is returning the value as 1 and the RC value as 0. I'm not quite sure what is going on here - sorry to sound thick but like I said I don't script for a living just and when I can so I don't really understand what the $rc variable is returning from the RunAsWait function.... Something like this: ; Demo restart with admin rights MsgBox(0, "$cmdline[0]", $cmdline[0]) For $x = 1 To $cmdline[0] If $cmdline[$x] = "/test" Then ; script code to be run with Admin rights go here MsgBox(0, "/test", "Username:" & @UserName) Exit EndIf Next MsgBox(0, "Normal", "Username:" & @UserName) $rc = RunAsWait("admin", @ComputerName, "test123", 0, '"' & @ScriptFullPath & '" /test', @ScriptDir) MsgBox(0, "Rc", "Rc:" & $rc & @LF & "@error:" & @error) Jos
Developers Jos Posted December 18, 2009 Developers Posted December 18, 2009 (edited) The helpfile tells you all about what RunAsWait() returns in case of success and Failure. Anyways, The MsgBox() statements are there for testing and showing you the different steps ... just have a play with this script by running it with a valid account and try understanding it after you ran it. It really is pretty strait forward. Jos Edited December 18, 2009 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now