thepip3r Posted August 20, 2008 Posted August 20, 2008 so... lets say you're an admin on a machine and you runas cmd.exe so you get a command shell that's running with admin rights. if you run a SET command from that window, you'll see all the env variables propoated with your "admin account's" information. if you could NOT get out of that newly spanwed admin shell, is there a way to tell what account is the normal account actually logged into that machine? like maybe some parameter in the registry or wmi query or the like?? TIA. My Additions:- RunAs AdminDeviant Fun:- Variable Sound Volume
Monamo Posted August 20, 2008 Posted August 20, 2008 so... lets say you're an admin on a machine and you runas cmd.exe so you get a command shell that's running with admin rights. if you run a SET command from that window, you'll see all the env variables propoated with your "admin account's" information. if you could NOT get out of that newly spanwed admin shell, is there a way to tell what account is the normal account actually logged into that machine? like maybe some parameter in the registry or wmi query or the like?? TIA.Here's a WMI query process I use to differentiate between the logged in user and the account that actually "owns" my script's process: $sLoggedInUser = "" $sLoggedInDomain = "" $sResults = "" $strComputer = "." $objWMIService = ObjGet("winmgmts:" & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2") If IsObj($objWMIService) Then $colComputer = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem") For $objComputer In $colComputer $sLoggedInUser = $objComputer.UserName Next If StringInStr($sLoggedInUser,"\") Then $iSplit = StringInStr($sLoggedInUser,"\") $sLoggedInDomain = StringTrimRight($sLoggedInUser,(StringLen($sLoggedInUser) - $iSplit)+1) $sLoggedInUser = StringTrimLeft($sLoggedInUser,$iSplit) EndIf If $sLoggedInDomain <> "" Then $sResults &= "Logged in domain: " &$sLoggedInDomain &@CRLF If $sLoggedInUser <> "" Then $sResults &= "Logged in user: " &$sLoggedInUser & @CRLF $sResults &= "@UserName value: " &@UserName &@CRLF ConsoleWrite($sResults) Else ConsoleWrite("Unable to connect to WMI Service" & @CRLF) EndIf - MoChr(77)& Chr(97)& Chr(100)& Chr(101)& Chr(32)& Chr(121)& Chr(97)& Chr(32)& Chr(108)& Chr(111)& Chr(111)& Chr(107)-------I've told you 100,000 times not to exaggerate!-------Don't make me hit you with my cigarette hand...-------My scripts:Random Episode Selector, Keyboard MouseMover, CopyPath v2.1, SmartRename for XP,Window Tracer[sup]New![/sup]
thepip3r Posted August 20, 2008 Author Posted August 20, 2008 you're the man Monamo... tyvm. My Additions:- RunAs AdminDeviant Fun:- Variable Sound Volume
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now