PramodR Posted May 28, 2018 Author Posted May 28, 2018 @TheXman Thanks for the effort mate.. above code gives me message box like "Elevated = True", but does not give any output from _GetDOSOutput function, tried with normal command ipconfig which is not required elevated permission. still no message .. message is suppressed? or not even executing GetDOSOutput.
TheXman Posted May 28, 2018 Posted May 28, 2018 Actually that's good. If you got the MsgBox saying Elevated = True, then the script successfully elevated itself to run with the full admin token. Everything that is executed in the script after that will run with elevated privileges too. CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
TheXman Posted May 28, 2018 Posted May 28, 2018 (edited) That's because the output from the command was never displayed. Try this: Of course I am assuming that your getdos command works. expandcollapse popup#include <Constants.au3> #include <WinAPI.au3> elevate_to_run_with_admin_token() $sOutput = _GetDOSOutput("wmic /namespace:\\root\dcim\sysman path dcim_biosenumeration where(attributename like '%%Microphone%%') get currentvalue") MsgBox(0,"Output",$sOutput) ;========================================================================== ; This assumes that the user is a local admin. ; Do NOT use #RequireAdmin if using this method of elevation ;========================================================================== Func elevate_to_run_with_admin_token() Local $sErrorMsg = "" Local $iPid = 0 ;Run with "runas" verb in order request full Admin token (in Windows Vista and Higher - UAC-enabled OSes). If (Not IsAdmin()) And (Not StringRegExp(@OSVersion, "_(?:XP|2000|2003))")) Then $iPid = ShellExecute(@AutoItExe, $CmdLineRaw, @ScriptDir, "runas") If $iPid Then Exit Else $sErrorMsg = "ERROR: Unable to elevate to Admin due to UAC. " & _WinAPI_GetLastErrorMessage() MsgBox($MB_ICONERROR + $MB_TOPMOST, "ERROR", $sErrorMsg) Exit -1 EndIf EndIf MsgBox( _ $MB_ICONINFORMATION + $MB_TOPMOST, _ "INFO", _ StringFormat("Elevated status = %s", (IsAdmin())?("TRUE"):("FALSE")) _ ) Return EndFunc Func _GetDOSOutput($sCommand) Local $iPID, $sOutput = "" $iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) While 1 $sOutput &= StdoutRead($iPID, False, False) If @error Then ExitLoop EndIf Sleep(10) WEnd Return $sOutput EndFunc ;==>_GetDOSOutput Edited May 28, 2018 by TheXman CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
PramodR Posted May 28, 2018 Author Posted May 28, 2018 I have used console write in my original code , but no message seen. when i remove elevate_to_run_with_admin_token function message again seen. eg: ConsoleWrite($WmiCommand)
TheXman Posted May 28, 2018 Posted May 28, 2018 I just noticed that you used %%Microphone%%. Change to just %Microphone%. %% is when you are running it from a command console and need to escape the %. CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
TheXman Posted May 28, 2018 Posted May 28, 2018 (edited) Consolewrite will not work because elevation starts a separate process. Either write the ouput to a file, use msgbox, debugout or some other method to display the output. Edited May 28, 2018 by TheXman CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
TheXman Posted May 28, 2018 Posted May 28, 2018 (edited) Although this doesn't require elevation, it works for me. Also, changed Run() to use $STDERR_MERGED. That way you will see the WMIC error message, if one exists. expandcollapse popup#include <Constants.au3> #include <WinAPI.au3> elevate_to_run_with_admin_token() $sOutput = _GetDOSOutput("wmic csproduct get /format:list") MsgBox(0,"Output",$sOutput) $sOutput = _GetDOSOutput("wmic /namespace:\\root\dcim\sysman path dcim_biosenumeration where(attributename like '%Microphone%') get currentvalue") MsgBox(0,"Output",$sOutput) ;========================================================================== ; This assumes that the user is a local admin. ; Do NOT use #RequireAdmin if using this method of elevation ;========================================================================== Func elevate_to_run_with_admin_token() Local $sErrorMsg = "" Local $iPid = 0 ;Run with "runas" verb in order request full Admin token (in Windows Vista and Higher - UAC-enabled OSes). If (Not IsAdmin()) And (Not StringRegExp(@OSVersion, "_(?:XP|2000|2003))")) Then $iPid = ShellExecute(@AutoItExe, $CmdLineRaw, @ScriptDir, "runas") If $iPid Then Exit Else $sErrorMsg = "ERROR: Unable to elevate to Admin due to UAC. " & _WinAPI_GetLastErrorMessage() MsgBox($MB_ICONERROR + $MB_TOPMOST, "ERROR", $sErrorMsg) Exit -1 EndIf EndIf MsgBox( _ $MB_ICONINFORMATION + $MB_TOPMOST, _ "INFO", _ StringFormat("Elevated status = %s", (IsAdmin())?("TRUE"):("FALSE")) _ ) Return EndFunc Func _GetDOSOutput($sCommand) Local $iPID, $sOutput = "" $iPID = Run('"' & @ComSpec & '" /c ' & $sCommand, "", @SW_HIDE, $STDERR_MERGED) ; <-- changed to $STDERR_MERGED While 1 $sOutput &= StdoutRead($iPID, False, False) If @error Then ExitLoop EndIf Sleep(10) WEnd Return $sOutput EndFunc ;==>_GetDOSOutput Edited May 28, 2018 by TheXman Updated to example PramodR 1 CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
TheXman Posted May 28, 2018 Posted May 28, 2018 I updated the snippet above. You weren't capturing the StdErr correctly. Now you will see the WMIC error messages, if they exist. PramodR 1 CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
PramodR Posted May 28, 2018 Author Posted May 28, 2018 @TheXman I shall confirm observation with this in an hour , Got the output from in the message box as i expected. Problem = I kept UAC account settings to lower level to do execution now, as mentioned in the previous thread. i would need to do that settings back and check the observation. will keep you posted
Subz Posted May 28, 2018 Posted May 28, 2018 Can you tell us what information you're expecting from the output? You might be able to obtain the same information without using wmi, recently I had to package an app that required audio information, playback and microphone device information so it could be stored in an xml file, Not sure if that information will help.
PramodR Posted May 28, 2018 Author Posted May 28, 2018 @TheXman i get UAC POP up with all the other 3 higher UAC level, i need to keep UAC to lower level Never notify to run this script, at last i will do one more check. i will try to select UAC ok button by UI automtion. how it sounds?
TheXman Posted May 28, 2018 Posted May 28, 2018 I figured that it would trigger UAC since it basically did the same as running with the #RequireAdmin directive. 4 minutes ago, PramodR said: i will try to select UAC ok button by UI automtion. how it sounds? I don't think the script will continue to run while the UAC prompt is waiting unless you spawned another script to actually do the clicking of the button. If the main goal is to be able to run without prompting, and your users are already local admins, it just seems easier to modify the one registry setting to automatically elevate for admins without prompting. It's a one-time modification for each workstation. If you plan on being able to run additional scripts that require elevation in the future, then it seems like the best solution. Good luck. PramodR 1 CryptoNG UDF: Cryptography API: Next Gen jq UDF: Powerful and Flexible JSON Processor | jqPlayground: An Interactive JSON Processor Xml2Json UDF: Transform XML to JSON | HttpApi UDF: HTTP Server API | Roku Remote: Example Script About Me How To Ask Good Questions On Technical And Scientific Forums (Detailed) | How to Ask Good Technical Questions (Brief) "Any fool can know. The point is to understand." -Albert Einstein "If you think you're a big fish, it's probably because you only swim in small ponds." ~TheXman
PramodR Posted May 28, 2018 Author Posted May 28, 2018 (edited) Hope you mean below settings. Navigate to the following path using the sidebar folder structure: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ConsentPromptBehaviorAdmin 0: A value of 0 allows administrators to perform operations that require elevation without consent (meaning prompts) or credentials (meaning authentication). Note:- This Registry is basically keeping your UI UAC settings to lower, means when you change from UAC UI also this registry will get changed to 0. @TheXman Thanks for All your suggestions. Edited May 28, 2018 by PramodR
PramodR Posted May 28, 2018 Author Posted May 28, 2018 @Subz I am looking to get Current Values set in BIOS for each BIOS tokens, Eg: enable or Disable numlock.
PramodR Posted May 28, 2018 Author Posted May 28, 2018 @Everyone However i could not elevate powershell window automatically but I am able to solve this problem by reducing only security level for specific WMI Class. By manual you can navigate to wmimgmt.msc and add your user.. if you have to add by automation use script available in the below link, after this you no longer needs to elevate power shell console. https://live.paloaltonetworks.com/t5/Management-Articles/PowerShell-Script-for-setting-WMI-Permissions-for-User-ID/ta-p/53646 Thanks everyone for your effort. Regards Pramod R
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now