Airwolf Posted May 3, 2007 Posted May 3, 2007 I am trying to create a script that will run a program which needs to interact with the desktop environment. Basically, if I'm logged on as Administrator in another session and I run script.exe from a different session then the script works. If the Administrator session is closed (i.e. I logoff as Administrator) and then run script.exe in my normal user session then the script fails. Is there any way to accomplish this without being logged in to an idle session as Administrator? Certifications: A+, Network+, Security+, Linux+, LPIC-1, MCSA | Languages: AutoIt, C, SQL, .NETBooks: AutoIt v3: Your Quick Guide - $7.99 - O'Reilly Media - September 2007-------->[u]AutoIt v3 Development - newbie to g33k[/u] - Coming Soon - Fate Publishing - Spring 2013UDF Libraries: SkypeCOM UDF Library | ADUC Computers OU Cleanup | Find PixelChecksumExamples: Skype COM Examples - Skype4COMLib Examples converted from VBS to AutoIt
Developers Jos Posted May 3, 2007 Developers Posted May 3, 2007 I am trying to create a script that will run a program which needs to interact with the desktop environment. Basically, if I'm logged on as Administrator in another session and I run script.exe from a different session then the script works. If the Administrator session is closed (i.e. I logoff as Administrator) and then run script.exe in my normal user session then the script fails.Is there any way to accomplish this without being logged in to an idle session as Administrator?Just run the script with PSEXEC ... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Airwolf Posted May 3, 2007 Author Posted May 3, 2007 (edited) Just run the script with PSEXEC ... I still don't seem to be getting anywhere with it. I have it setup to use a password and when I login to the machine and the login script calls this program psexec still prompts for a password. Here is what I have so far... SubInAcls commands are not working, the permissions don't change at all so it seems PSexec is still not running this interactively. Global $admin Global $pass Global $user $admin = "admin" $pass = "password" $user = @username RunWait(@ComSpec & " /c Start" & '%LOGONSERVER%\NETLOGON\Misc\psexec.exe /accepteula -u ' & $admin & '-p ' & $pass & ' -i %LOGONSERVER%\NETLOGON\Misc\subinacl.exe /file "C:\Documents and Settings\' & $user & '\Desktop" /revoke=DOMAIN\' & $user,"",@SW_HIDE);revoke desktop permissions for logged on user RunWait(@ComSpec & " /c Start" & '%LOGONSERVER%\NETLOGON\Misc\psexec.exe /accepteula -u ' & $admin & '-p ' & $pass & ' -i %LOGONSERVER%\NETLOGON\Misc\subinacl.exe /file "C:\Documents and Settings\' & $user & '\Desktop" /grant=DOMAIN\' & $user & '=E',"",@SW_HIDE);grant Read/Execute permissions for logged on user's desktop My ultimate goal is to have a user's desktop locked down to read/execute when they login instead of the full access control they receive by default. I can get the script to work but the admin account has to be logged into the machine when users logon in order to succeed. Edited May 3, 2007 by Airwolf123 Certifications: A+, Network+, Security+, Linux+, LPIC-1, MCSA | Languages: AutoIt, C, SQL, .NETBooks: AutoIt v3: Your Quick Guide - $7.99 - O'Reilly Media - September 2007-------->[u]AutoIt v3 Development - newbie to g33k[/u] - Coming Soon - Fate Publishing - Spring 2013UDF Libraries: SkypeCOM UDF Library | ADUC Computers OU Cleanup | Find PixelChecksumExamples: Skype COM Examples - Skype4COMLib Examples converted from VBS to AutoIt
PsaltyDS Posted May 3, 2007 Posted May 3, 2007 Just run the script with PSEXEC ...I'm not a fan of PSEXEC. At least back-n-the-day, it sent passwords in the clear over the network. Got in the habit of authenticated user CIFS file transfers and kicking off programs with SCHTASKS.EXE (or AT.EXE back then). Of course PSTools and Mark Russinovich are Microsoft owned products now. Might be much updated by now... Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
PsaltyDS Posted May 3, 2007 Posted May 3, 2007 Is this something that can't be done WITHOUT a desktop? Like with SetACL.EXE? Without the need for a Windows GUI desktop, you don't need the logged in session. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Airwolf Posted May 3, 2007 Author Posted May 3, 2007 I finally got something to work... but it has nothing to do with AutoIt. I ended up using cacls.exe with the user's rights (no runas since the user is the directory owner... not needed). All I had to do was add this code to the logon script: C:\WINDOWS\system32\cacls.exe "C:\Documents and Settings\%USERNAME%\Desktop" /E /P DOMAIN\%USERNAME%:R Thanks for the suggestions! Certifications: A+, Network+, Security+, Linux+, LPIC-1, MCSA | Languages: AutoIt, C, SQL, .NETBooks: AutoIt v3: Your Quick Guide - $7.99 - O'Reilly Media - September 2007-------->[u]AutoIt v3 Development - newbie to g33k[/u] - Coming Soon - Fate Publishing - Spring 2013UDF Libraries: SkypeCOM UDF Library | ADUC Computers OU Cleanup | Find PixelChecksumExamples: Skype COM Examples - Skype4COMLib Examples converted from VBS to AutoIt
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now