Jump to content

Recommended Posts

Posted

Hello,

In this forum many of you have asked about executing a process with elevated privileges i.e. executing a process as "system".

The most common answer being "execute the process as Service" or Schedule a job.

Dim $time = @HOUR & ':' & @MIN + 2
Run(@ComSpec & ' /c at ' & $time & ' /interactive c:\WINDOWS\system32\calc.exe"', @ScriptDir, @SW_HIDE)

On some systems executing "at" will give access denied. then you will have to consider using

psexec -s -i -d "path_to_calc.exe"

Regards

DeltaRocked

Posted

Another way of executing with elevated privileges is to use the #RequireAdmin command at the beginning of the script. It's not quite system but it is elevated privileges.

  • 1 month later...
Posted (edited)

A new addition:

eventtriggers.exe found in almost all systems right from win 2000 .

C:Documents and SettingsTEMP>eventtriggers /create /?

C:Documents and SettingsTEMP>eventtriggers /?

you can also run the task as a system user.

  Reveal hidden contents

Edited by deltarocked
Posted (edited)

I had a tough time when my company converted to Windoze 7 because of this issue. Using psexec is an option if you want to run the program immediatly, but I really didn't want to be that limited and I didn't want to use an external app. Also, the Windows 7 "Do you want to run this" popup is hard to avoid. So, I wrote and have thoroughly tested a script that runs programs with elevated rights on remote Windows 7 computers without a popup - and I just wedged a time adjustment in there yesterday.

It uses schtasks. schtasks is a lot more complicated and a bit more mis-documented than AT, but its also more flexible and powerful - and more appropriate for Windows 7 systems.

Here is the function code that I use :

Func RunProgram($strPCName, $pcc)
Dim $Command, $Results = "", $Line, $et, $TName
$copyfile = FileCopy($program, "" & $strPCName & "c$temp" & $progarray[$last], 9)
$TName = StringTrimRight($progarray[$last], 4)
If $copyfile = 1 Then
  _GetTime()
  $runtime = @MON & "/" & @MDAY & "/" & @YEAR & " " & $time
  ;MsgBox(0, "Run Time", $runtime & @CRLF & $et)
  $Command = 'schtasks /Create /S ' & $strPCName & ' /RU ' & $UserName & ' /RP ' & $Paswrd & ' /SC ONCE /TN ' & _
  $TName & ' /TR "' & $CommandLine & '" /ST ' & $time & ' /RL HIGHEST /F' ; /ST ' & $time & ' /ET ' & $et & '
  ;/ET ' & $et & '
  ;MsgBox(0,"Command",$Command)
  ;FileWriteLine($LogFile,$Command)
  $runAt = Run(@ComSpec & ' /c "' & $Command & '"', "", @SW_HIDE, $STDOUT_CHILD)
  While 1
   $Line = StdoutRead($runAt)
   If @error Then ExitLoop
   If $Line <> "" Then
    $Results = $Results & " " & $Line
   EndIf
  WEnd
  FileWriteLine($LogFile, $strPCName & "," & $time & "," & $Results)
Else
  ;FileWriteLine($LogFile, $strPCName & ",Run Program Results,Error Copying File," & $progarray[$last] & " ,Error:," & $copyfile)
  If FileExists("" & $strPCName & "c$temp" & $progarray[$last]) Then
   _GetTime()
   $runtime = @MON & "/" & @MDAY & "/" & @YEAR & " " & $time
   ;MsgBox(0, "Run Time Else", $runtime & @CRLF & $et)
   $Command = 'schtasks /Create /S ' & $strPCName & ' /RU ' & $UserName & ' /RP ' & $Paswrd & ' /SC ONCE /TN ' & _
   $TName & ' /TR "' & $CommandLine & '" /ST ' & $time & ' /RL HIGHEST /F' ;/ST ' & $time & ' /ET ' & $et & ' /RI 599940
   ;/ET ' & $et & '
   ;MsgBox(0,"Command Else",$Command)
   ;FileWriteLine($LogFile,$Command)
   $runAt = Run(@ComSpec & ' /c "' & $Command & '"', "", @SW_HIDE, $STDOUT_CHILD)
   While 1
    $Line = StdoutRead($runAt)
    If @error Then ExitLoop
    If $Line <> "" Then
     $Results = $Results & " " & $Line
    EndIf
   WEnd
   FileWriteLine($LogFile, $strPCName & "," & $time & "," & $Results)
  Else
   FileWriteLine($LogFile, $strPCName & _
   ",Run Program Results,Scheduled task not created. Could not copy or find file on endpoint.")
  EndIf
EndIf
EndFunc   ;==>RunProgram

; because schtasks is so picky about it's time format...
Func _GetTime()
    If @MIN > 55 Then
        If StringLen(@HOUR) < 2 Then
            If @HOUR = "9" Then
                $Hour = (@HOUR + 1)
            Else
                $Hour = "0" & (@HOUR + 1)
            EndIf
        Else
            $Hour = (@HOUR + 1)
        EndIf
        If $Hour > 23 Then
            $Hour = "01"
        EndIf
        $time = $Hour & ":02"
    Else
        If StringLen(@HOUR) < 2 Then
            $Hour = "0" & @HOUR
        Else
            $Hour = @HOUR
        EndIf
        If StringLen((@MIN + 2)) < 2 Then
            $Minu = "0" & (@MIN + 2)
        Else
            $Minu = (@MIN + 2)
        EndIf
        If $Hour > 23 Then
            $Hour = "01"
        EndIf
        $time = $Hour & ":" & $Minu
    EndIf
; Just spliced this in to be able to schedule the task to run at night... or any time...
    $userTime = InputBox("Run Later?","Run at Time (24hr Format)",$time)
    $time = $userTime
EndFunc   ;==>_GetTime

$TName is a task name. I pull it from the $CommandLine, which is the program to run. So, if the program is installgame.exe the task name is installgame. I select the program to run using :

$program = FileOpenDialog("Select Program to Launch", "c:temp", "Executable Files (*.bat;*.exe;*.msi;*.msp)", 3, "runthis.exe")
Select
Case @error = 1
  MsgBox(0, "Nnnnnnnnttt", "File selection Failed")
  Exit
Case @error = 2
  MsgBox(0, "Nnnnnnnnnntttt", "Bad file filter")
  Exit
EndSelect
$progarray = StringSplit($program, "")
$last = $progarray[0]
$launchfile = FileExists($program)
If $launchfile = 0 Then
MsgBox(0, "File not found", "The program to launch was not found, please check location and try again.")
Exit
;Return 0
EndIf
; Check for any arguements the program needs
$args = InputBox("Arguements", "Any arguements the program needs to run?", "None")
Select
Case StringInStr($progarray[$last], ".msi")
  If $args = "None" Then
   Global $CommandLine = "MsiExec.exe /I c:temp" & $progarray[$last]
  Else
   Global $CommandLine = "MsiExec.exe /I c:temp" & $progarray[$last] & " " & $args
  EndIf
Case StringInStr($progarray[$last], ".msp")
  If $args = "None" Then
   Global $CommandLine = "MsiExec.exe /P c:temp" & $progarray[$last] & " REINSTALL=ALL REINSTALLMODE=amus"
  Else
   Global $CommandLine = "MsiExec.exe /P c:temp" & $progarray[$last] & " " & $args & " REINSTALL=ALL REINSTALLMODE=amus"
  EndIf
Case Else
  If $args = "None" Then
   Global $CommandLine = "c:temp" & $progarray[$last]
  Else
   Global $CommandLine = "c:temp" & $progarray[$last] & " " & $args
  EndIf
EndSelect

I always copy the file to the endpoint, because it is always best to run a program, especially installs, from the local machine. Also, I usually run scripts I've written that put a log file in their folder, so its always easier to check the log file on the endpoint - in the temp directory.

I just used this to schedule updates for Acrobat Standard from the install 9.0 up to patch level 9.4.6 on 10 desktops across three states. ( They all ran and Acrobat is updated this morning, even on the 7 windows 7 machines, so it works. Might not be pretty, but it works. )

Oh, yes, using your user name and password is necessary. Whatever account you use must be an administrator on the computer. AT just used the account you were logged on under as your account, but schtasks doesn't seem to do that. And you have to be sure that the secondary logon service is running on the remote computer before schtasks will work properly. Increased security almost always means decreased functionality and a harder time for Systems Administrators.

Edited by Graywalker
  • 2 months later...
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...