Announcement

Collapse
No announcement yet.

"Run As" batch file to install software as domain admin

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Run As" batch file to install software as domain admin

    Hello

    Does anyone have a vbs.net or batch file that can install software from a network share running as the domain admin. Basically, we have some software that we need to install on macihnes and we do not allow the users to have admin privledges. We need something that a user can click that will install software on the macihne as the domain admin...

    Can anyone help us out

    Thank you very much for any help you can provide

  • #2
    Re: "Run As" batch file to install software as domain admin

    The issue of running a file (BAT, CMD, REG, GPO) with elevated permissions has been discussed a lot in the past weeks in this forum.
    Take a look at this search :http://forums.petri.com/search.php?searchid=754817 , you can find a lot of ideas and methods to accomplish what you want.

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: "Run As" batch file to install software as domain admin

      We use AutoIT to do this.
      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: "Run As" batch file to install software as domain admin

        Originally posted by sorinso View Post
        The issue of running a file (BAT, CMD, REG, GPO) with elevated permissions has been discussed a lot in the past weeks in this forum.
        Take a look at this search :http://forums.petri.com/search.php?searchid=754817 , you can find a lot of ideas and methods to accomplish what you want.
        Sorin: The lifespan of these search queries is limited. 754817 has already disappeared.
        Cheers,

        Rick

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

        Comment


        • #5
          Re: "Run As" batch file to install software as domain admin

          Originally posted by rvalstar View Post
          Sorin: The lifespan of these search queries is limited. 754817 has already disappeared.
          Didn't know that...
          Sorry, llangley.
          If you still want to see what I was talking about, you can do the search by yourself: while in the Scripting forum, go to the Search this Forum button, enter runas in the text box and click Go .
          Browse the results and see if you find something useful.
          Good luck.

          Sorin Solomon


          In order to succeed, your desire for success should be greater than your fear of failure.
          -

          Comment


          • #6
            Re: "Run As" batch file to install software as domain admin

            What you can do is having a special account that is member of the 'local group Administrators' that calls the setup file of the application during the user logon.
            So the setup is started --> and the user only have to finish it.

            What it takes:
            1.
            Create a special User account in Active Directory: "LocServiceAcc"
            Create a group in Active Directory: 'WinXP Administrators"
            Then make the new user member of that new group.

            2.
            Go to the workstations GPO ans add a restricted group: "Administrators"
            Make the groups "domain\domain Admins" and 'domain\WinXP Administrators" member of the restricted group.

            3.
            Create a LogOn script for each aplication that you want to install:
            Code:
            '//////////////////////////////////////////////////////////////////////////
            'script name: (applicationname)RunAsAtLogOn.vbs
            '  first created on 14 march 07 by Remco Simons [nl]
            '  (http://forums.petri.com/showthread.php?t=14375)
            '
            '  Usage:
            '    Run script by users GPO
            '    Use the Script-"Parameters-bar":
            '                  /u:domain\username /p:password
            '
            '   (that way no credentials needed to be stored in the script it self
            '   EDIT - becarefull... the credentials then will then appear in the registry on every client though!!! (try to play with it, like: Harcode just the user namaein the script and provide password as parameter))
            '
            'tip: create a special domain\User and make that account member of the
            '     'local Administrators Group' by using 'Restricted groups' in a GPO
            '//////////////////////////////////////////////////////////////////////////
            
            
            setupFile = "\\server\share\setup.exe"   '<-----application to runas [!]
            
            
            'Read arguments...
            '------------------------------------------------------
                                           sUsername = Null
                                           sPassword = Null
             Set Named = WScript.Arguments.Named
                 If Named.Exists("u") Then sUsername = Named.Item("u")
                 If Named.Exists("p") Then sPassword = Named.Item("p")
            
            set objShell = CreateObject("Wscript.Shell")
            
            objShell.run("runas.exe /noprofile /u:" & sUsername & " "&Chr(34)&"\"&Chr(34)& _ 
                         "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE\" &Chr(34)& _
                         " -e \"&chr(34) & setupFile & "\"&Chr(34)&Chr(34))
            
            WScript.Sleep 600   '<----must be the max. amount of second it takes to to open the Runas: "enter password" window
             
            objShell.AppActivate "runas.exe"
            If objShell.AppActivate("runas.exe") then _
            objShell.Sendkeys sPassword&"~"  '<--- auto fill-in the password, and continues
            
            set objShell = Nothing
            Wscript.Quit
            
            'NOTE:
            '  This script use microsoft's "RunAs" tool. 
            '  With this tool you cannot add password on commandline,
            '  therefore a "sentkeys" option is used to fillin the password.
            '  If this is unstable, alternatively you can use PsExec.exe instead.
            '  http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx
            Edit the Users GPO -> link the logon script, and fill-in the script parameters on the second bar.
            Like this: /u:domain\username /p:password

            4
            put each application setup-file in the share


            \Rem
            Last edited by Rems; 24th August 2008, 19:59. Reason: added the line: If objShell.AppActivate("runas.exe") then _

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment


            • #7
              Re: &quot;Run As&quot; batch file to install software as domain admin

              As you may have noticed, in the script I used InternetExplorer with the -e switch and the 'applicationsetupfile' as 'path' to open by the browser.

              Well,, using IE to launch a program is not realy necessary. The reason why the script do uses IE is infact that I primary wanted to use IE to open a shared folder, from where the user him/her self can pick the application he/she wanted to be installed.
              You cannot use RunAs for Windows Explorer, that's why I use IE for the same purpose, and that works good. But there is a problem with opening a browser with enhanced privileges for the user. That is the user can browse with it to it's own computer and execute systemfiles from there.

              So I was writing a prosessMonitoring part for the script. It monitors the 'path' by using the "Windows Title" of the process, so it can kill the process if the path changes.
              Something like this (and a lot more):
              Code:
              '<....>
              strComputer = "."
              strUsr           = right(sUsername,len(sUsername)-InStr(sUsername,"\"))
              strDomain     = left(sUsername,InStr(sUsername,"\")-1)
              
              Set objWMIService = GetObject("winmgmts:" _
                                & "{impersonationLevel=impersonate}!\\" _ 
                                & strComputer & "\root\cimv2") 
              
              Set colProcess = objWMIService.ExecQuery _
                               ("Select * from Win32_Process where Name = 'IEXPLORE.exe'")
              
              For Each objProcess in colProcess
                  colProperties = objProcess.GetOwner(sUsernameOfUser,strUserDomain)
                    If UCase(sUsernameOfUser) = UCase(strUsr) AND UCase(strUserDomain) = UCase(strDomain) Then
                           sPID     = objProcess.ProcessID
                           winTitle = WindowsTitle(sPID)
                               End if
                     Next
              
              '<..and so on..>
              
              Function WindowsTitle(strPID) 
              Dim strCommand, objShell, objExec 
              WindowsTitle = ""
              strCommand = "%comspec% /c Tasklist.exe /V /FI " &chr(34) & "PID eq " & strPID &chr(34)& " /FO csv /NH"
              Set objShell = CreateObject("WScript.Shell") 
              Set objExec = objShell.exec(strCommand)
                '   'wait while running...
                '      Do Until objExec.Status
                '         Wscript.Sleep 500
                '      Loop
              WindowsTitle = objExec.StdOut.ReadAll
              WindowsTitle = right(WindowsTitle,len(WindowsTitle)-InStrRev(WindowsTitle,","))
              WindowsTitle = UCase(Replace(Replace(WindowsTitle(strPID),VbCrLf,""),chr(34),""))
              Set objShell = Nothing
              Set objExec = Nothing
              End Function
              (nice but..... no no grrrrr)


              So lets try an othter way, using RunAs w/out using IE this time.

              Code:
              setupFile = "\\server\share\setup.exe"   '<-----application to runas [!]
              
              hardcodedUsername = "domain\user"        '<----not nessesary,  can be used if no scriptparameters were provided
              hardcodedPassword =  "password"       '<----not nessesary,  can be used if no scriptparameters were provided
              
              
              
              'Read arguments...
              '------------------------------------------------------
                                             sUsername = Null
                                             sPassword = Null
               Set Named = WScript.Arguments.Named
                   If Named.Exists("u") Then 
                             sUsername = Named.Item("u")
                      Else sUsername = hardcodedUsername
                     End If
                   If Named.Exists("p") Then
                             sPassword = Named.Item("p")
                      Else sPassword = hardcodedPassword
                     End If
              
              set objShell = CreateObject("Wscript.Shell")
              
              objShell.run("runas.exe /noprofile /u:" & sUsername & " "&Chr(34)&"\"&Chr(34)& _ 
                           setupFile &"\" &Chr(34)&Chr(34))
              
              WScript.Sleep 600   '<----must be the max. amount of second it takes to to open the Runas: "enter password" window
               
              objShell.AppActivate "runas.exe"
              If objShell.AppActivate("runas.exe") then _
              objShell.Sendkeys sPassword&"~"  '<--- auto fill-in the password, and continues
              
              set objShell = Nothing
              Wscript.Quit
              Notice that this time there is a possibility given to hardcode the credentials in the script. So the script can be runned by the user him/herself (for security reasons not recommended though!). In that case I will advice to create that special account as I noted before! And you have to encode the script!!!
              - make a copy of the script with a vbe extension.
              - download and install Microsoft Windows script encoder
              - Encode the script by command-line:
              "%ProgramFiles%\Windows Script Encoder\SCRENC" /f "path\scriptname.vbe"

              \Rem
              Last edited by Rems; 19th July 2007, 22:32. Reason: added the line: If objShell.AppActivate("runas.exe") then _

              This posting is provided "AS IS" with no warranties, and confers no rights.

              __________________

              ** Remember to give credit where credit's due **
              and leave Reputation Points for meaningful posts

              Comment


              • #8
                Re: &quot;Run As&quot; batch file to install software as domain admin

                Don't believe for a second that encoding the script protects you. A wonderful Frenchman wrote a "VBE Decoder" long ago. You'll find it (and my improvements) without too much trouble.
                Cheers,

                Rick

                ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                Comment


                • #9
                  Re: &quot;Run As&quot; batch file to install software as domain admin

                  Originally posted by rvalstar View Post
                  Don't believe for a second that encoding the script protects you. A wonderful Frenchman wrote a "VBE Decoder" long ago. You'll find it (and my improvements) without too much trouble.
                  You are absolutely right!
                  It is still 'just hiding' untill some user finds it, encoding or converting metodes are far not as strong as encrypting.

                  I did not mension encoding as secure way to store credentials, but in some cases this little protection can be sufficient for a short period. But like I wrote, I do not recommend it. And at leased use that special domainaccount that has no more rights on the network than reading that share. And make sure its credentials are not cached on the local computer. Add only goups as members of the restricted group. AND change the password of that account very often.
                  But the best solution for this senario (besites publishing (instead of assigning) a self created MSI package) is to use the logonscript in the GPO with the credentials only provided as scriptparameters.

                  \Rem
                  Last edited by Rems; 16th March 2007, 20:23. Reason: add link about publish/assign Group-Policy-Deploy-Applications

                  This posting is provided "AS IS" with no warranties, and confers no rights.

                  __________________

                  ** Remember to give credit where credit's due **
                  and leave Reputation Points for meaningful posts

                  Comment


                  • #10
                    Re: &quot;Run As&quot; batch file to install software as domain admin

                    Another tool useful in this regard is CPAU

                    http://www.joeware.net/freetools/tools/cpau/index.htm

                    Comment


                    • #11
                      Re: &quot;Run As&quot; batch file to install software as domain admin

                      Originally posted by damnlamb
                      Another tool useful in this regard is CPAU
                      CPAU also is based on encoding the tekst.

                      other (but not free) tools are:
                      - runadminbat
                      - RunAsProfesional


                      ------------------------------------------------------------------------
                      For a (free) third-party RunTemporaryAs complete solution, based on a running 'service', check this out:
                      WinSUDO

                      ------------------------------------------------------------------------


                      Or, (for a rainy afternoon) a creative home-made way using encoding and ADstreams together to "double hide" the credentials;

                      1.
                      - Make a mainly decoy batch (called: DriveMapping.cmd )
                      BUT you must use this line somewhere in that batch;
                      Code:
                      @start wscript %0:com.exe.bat.cmd.vbs.vbe
                      (That special command-line calls a hidden vbscript, that will do the actual mapping in the background)

                      2.
                      - this is the VBScript ( DriveMapping.vbs ) that will do the mapping with credentials;
                      Code:
                       Option Explicit
                      Dim fso :       Set fso = CreateObject("Scripting.FileSystemObject") 
                      Dim net :       Set net = CreateObject("WScript.network")
                      Dim sUsername : sUsername = "domain\user"
                      Dim sPassword : sPassword = "password"
                      Dim sDrive :    sDrive = "Y:"
                      Dim sShare :    sShare = "\\server\share"
                      net.MapNetworkDrive sDrive, sShare, False, sUsername, sPassword
                      wscript.quit
                      3.
                      - use 'Windows Script Encoder' to encode the vbscript to a file: DriveMapping.vbe

                      ""%ProgramFiles%\Windows Script Encoder""\SCRENC DriveMapping.vbs DriveMapping.vbe

                      4.
                      - now copy the encoded content of the script into the batch file with this command;
                      type DriveMapping.vbe > DriveMapping.cmd:com.exe.bat.cmd.vbs.vbe

                      (we now are making use of the "alternate data stream" available for folders and files on a NTFS formatted partitions.
                      We give the streamname "com.exe.bat.cmd.vbs.vbe" to the fork for extra confusion)

                      5.
                      - destroy the two files DriveMapping.vbs and DriveMapping.vbe they are not needed any more.

                      6. Run the batch as usual. (the special command-line will do the job)


                      \Rem
                      Last edited by Rems; 19th June 2007, 11:58.

                      This posting is provided "AS IS" with no warranties, and confers no rights.

                      __________________

                      ** Remember to give credit where credit's due **
                      and leave Reputation Points for meaningful posts

                      Comment


                      • #12
                        Re: &quot;Run As&quot; batch file to install software as domain admin

                        The VBscript it self in the previous example may look Off_Topic for this thread, although it uses stored credentials that must be hidden, like with a 'runas' command. So the basic idea matters.

                        I wrote the vbScript 'mapDriveWithOtherCredential.vbs' as an answer to a question in an other forum. But I realise putting it here, it would be confusing. You must realise that 'mapping with other credentials' is not the same as 'opening a browser with other credentials'. Because after the mapping is made, then you use your own user account again to access the files and folders in that drive. If the browser is opened by other credentials that other account is used when you open folders and files with that browser.
                        And, you can only use different credentials for dive mappings if there are no other connections from that same computer to the other computer. Mapping with other credentials is typically used in peer-to-peer networking.


                        On_Topic;
                        If I have time tonight I wil write an appropriate 'RunAs vbscript'.
                        You can encode that script and then copy it to the Data Streams of the host batch file to hide it.

                        of course you can also write your own vbscript, encode and copy that to the Data Streams of the host batch file.
                        OR... you can write even a batch file, in that case compile that to an exe-file instead of encoding it (free compilers AutoIt or AutoHotkey (you can even write the complete RunAs-script with the last tool, it uses the source code of AutoIt to make the exe-file)), and copy that exe-file to the Data Streams of the host batch file

                        When you are copying the confidential script into the host file (of course after it was encoded or compiled), choose a good streamname for it. It must have the appropriate extension!,
                        so in case of an encoded vbs-file the extension must be *.vbe,
                        and in case of a batch converted to an exe-file the extension must be *.exe.
                        And because the streamname will be visible in the host batch file itself, choose a confusing name. I prefere for vbe this steamname: com.exe.bat.cmd.vbs.vbe. And for exe-file this streamname: bat.cmd.vbs.vbe.com.exe

                        In the batch it self (the hostfile), a camouflaged command to run the hidden script in the file's Data Streams can look like this;
                        Code:
                        REM *** (re-)SETTING THE BATCH ENVIRONMENT
                        @set USR = 
                        @set PWD = 
                        @set FILE =
                        @start %decHost%=wscript  %0%FileTypes%:com.exe.bat.cmd.vbs.vbe "%1"
                        @cls
                        REM *** start RUNAS.EXE (encoded with jDE, using a unique domain algorithm) 
                           %decode%:key:1,5789:rljh 34w363 3y 24236578q345786wvw8v q3568w5 v8578q345786wv9w3v689 jkq34k6b7b32k2k 3g 56n58c12c5782389p6578q345786wvv23 82578q345786wv89 gj4kl785 78q345786wvnq2n 95w35789q27890qw 3v6nqn9vqnv8935 n78906 w37890656 qw389w49876 89356879 4v3n890w476 w48963948 6njkjb3 u:78q345&$786wv3862 p:34w3578963 2v2 f:578q3434w35789635 786wv2323t2v 3t, 2, 625 $app(runas.exe),gv767568v ui 8 ,"/u:$USR" ,target($FILE) $wait,5$ hjj56kl4jk8b 892jj qe ,"pars($PWD)" w45nh wrt7835m q578sfs84
                           REM *** CLEANING
                           %decode%:key:1,5789:awrjkk jlse5u kq34k6b7b32k2k 3g 76k a34ukl78578 u:kl78578u p:kl78578u f:kl78578u h6
                        @exit
                        Compare this to the batch in the previous post, and see that you can use a lot of crap, and even more, all for for decoy. Only the 5th line matters, and even that one contains some nonsence. You can also call some fake exe files in the batch to keep even the gurus busy.
                        (note; the "%1" here still is experimental, you can leave it out. Maybe more about it in my next post)

                        To check if copying of the script into the file was succesful you can use one of these tools;
                        ADS streamviewers standalone tools;
                        - Streams
                        - LADS (List Alternate Data Streams)
                        - Microsoft-commands
                        ADS stream viewer applications;
                        - ADS Locater (German only)
                        - CrucialADS
                        - StreamExplorer
                        - AdAware SE
                        - Stream Viewer Utility "shell extension" (my favorite)

                        additional:
                        You can add many more than one stream in one file!
                        When you copy a file containing ADS to a non-NTFS partition all ADS will be lost! (Dit you know with SP2 for windowsXP that IE use ADS for marking downloads with a Zone Identifier)


                        Unfortunately now this 'hide-and-seek' trick is posted here, it did became less usefull for protection. But, if the next day still is a rainy afternoon, you can try to make it more complex. . And always use the credentials of a special LocalAdmin account, added to the local group Administrators by using Restricted Groups!
                        Or better, of course and again, is to check first if you do can use a GPO anyhow or, for applications, a published msi package.

                        \Rem
                        Last edited by Rems; 30th March 2007, 18:03.

                        This posting is provided "AS IS" with no warranties, and confers no rights.

                        __________________

                        ** Remember to give credit where credit's due **
                        and leave Reputation Points for meaningful posts

                        Comment


                        • #13
                          Re: &quot;Run As&quot; batch file to install software as domain admin

                          Here is a new Runas.vbs

                          improvements/changes:
                          1- support also installation of msi and vbs files.
                          2- must hardcode the username but optionally you can leave the password out if you want. In that case an InputBox pops-up.
                          3- you can hardcode the path\installationFile (recommended),
                          but if you leave it blank, then the script supports drag & drop of files on top to open (try your self if the batch supports that to, that is where the "%1" is meant for), or run it on a command-line with the file as parameter. Or you could even add the batch to a right-click menu in Windows Explorer. These 3 features are only available when no file is hardcoded in the script.
                          4- If no file is provided on anyways, then a 'File Open dialogbox' will be opened.

                          (when you choose not to hardcode a path\file in the script then it is advisable not to store the password needer!)

                          Code:
                          ' Runas.vbs
                          ' by Remco Simons [nl], 22 March 2007
                          '  Use this script in combination with a 'normal' batchfile,
                          '  first 'encode' this script then copy the content into the batchfile's 'Alternate Data Streams' (on NTFS only).
                          
                          'note,
                          ' use the credentials of a specialy created domain useraccount, add this
                          ' account to the local administrators group by using 'Restricted Groups'  
                          
                          'example and explaining given:
                          'http://forums.petri.com/showthread.php?t=14375&page=2
                          
                          '----------------------------------------------------------------------------------------
                          ' Two options for opening a file:
                          ' Fill in for 'setupFile': "path\application" (between quotes) to runas,
                          ' or else, fill in: Null without quotes instead-> for opening a filebrower and then runas.
                          ' (tip: if setupFile = Null then you could also Drag'nDrop a file to open on top of this file)
                          
                          
                             setupFile = "\\server\share\setup.exe"   ' <--- Or: Null (w/out quotes)
                          
                          '//-=c=-=o=-=n=-=f=-=e=-=n=-=t=-=i=-=a=-=l=-\\
                             sUsername = "domain\user"
                             sPassword = "password"
                          '\\-=c=-=o=-=n=-=f=-=e=-=n=-=t=-=i=-=a=-=l=-//
                          
                          If IsNull(sPassword) Or sPassword = "" then
                             If IsNull(sUsername) Or sUsername = "" then wscript.exit
                             sPassword = Trim(InputBox(vbcr&vbcr&vbcrl&vbcr&vbcrl&vbcr&vbcrl&vbcr&vbcrl& _
                                "(empty the box) Enter Password only:", "Password needed (be careful, "& _
                                "typed in visible characters!)", "("&sUsername&")", l, t))
                          End If
                          
                          '----------------------------------------------------------------------------------------
                          
                          If IsNull(setupFile) Or setupFile = "" then
                             If Wscript.Arguments.Count <> 0 Then
                                setupFile = Wscript.Arguments.Item(0)
                             Else
                                Set objDialog = CreateObject("UserAccounts.CommonDialog")
                                '=> http://blogs.msdn.com/gstemp/archive.../17/74868.aspx
                                objDialog.Filter = "Setup Files|*.com; *.exe; *.msi|Script Files|*.bat; *.cmd; *.vbs; *.vbe"
                                objDialog.Flags = &H0200 '<-- multi-select File Open dialog box
                                objDialog.FilterIndex = 1
                                objDialog.InitialDir = "."
                                intResult = objDialog.ShowOpen
                                  If intResult = 0 Then
                                     Wscript.Quit
                                  Else
                                     setupFile = objDialog.FileName
                                  End If
                              End If
                          End If
                          
                          strFileExtension = Right(setupFile,len(setupFile)-InStrRev(setupFile,"."))
                                If LCase(strFileExtension) = "vbe" _
                                Or LCase(strFileExtension) = "vbs" _
                                 Then setupFile = "wscript.exe //I \"&chr(34)& setupFile &"\"&chr(34)
                                If LCase(strFileExtension) = "msi" _
                                 Then setupFile = "msiexec /i \"&chr(34)& setupFile &"\"&chr(34)
                                '=> http://msdn2.microsoft.com/en-us/library/aa367988.aspx
                          
                          set objShell = CreateObject("Wscript.Shell")
                          objShell.run("runas.exe /noprofile /u:" & sUsername & _
                                       " "& chr(34) & setupFile & chr(34))
                          
                          WScript.Sleep 333   '<----(miliseconds, needed to fully open the Runas: "enter password" window
                          objShell.AppActivate "runas.exe"
                          objShell.AppActivate "runas.exe"
                          objShell.AppActivate "runas.exe"
                          If objShell.AppActivate("runas.exe") then _
                          objShell.Sendkeys sPassword&"~"  '<--- auto fill-in the password, and continue
                          
                          set objShell = Nothing
                          Wscript.Quit
                          
                          
                          ' example for the batch-file to call the above VBscript within the file its own ADS;
                          ' @start wscript %0:streamname "%1"
                          You can encode this script, and copy it to the ADS of a batchfile.
                          If you choose a thirdparty tool to encode (eg. CPAU) you must edit the line in the batch, --> change wscript to the executable of the thirtparty decoder.

                          \Rem

                          NB.:
                          This script uses the runas.exe command, therefore the password needs to be provided by 'sendkeys' to the screen. But the characters that are send this way in the runas_password_ box are, like if you would have typed them your self, not going to be displayed in that box.
                          This script is written to run Runas with the UseraccountName, and it will send the Password automatically directly after.

                          But... it will be much reliable if you could replace the runas.exe with a tool where you can provide the UseraccountName together with the Password in one same command line!! So you don't have to use 'sendkeys' any more.
                          The tool PsExec (free, from the microsoft site) kan do this. But keep in mind that this tool is not installed on every computer, therefore place it in a sharedfolder and provide a unc-path pointing the tool in the script.
                          (You can copy psecec.exe as wel in the hostfile's ADS, but you have to come with a special trick then to be able to run it from the script.)

                          If you planned to use psexec (recommended) then edit the script lines 64 and 65 to run psecec.exe with its specific switches instead of using runas.exe. Then you can delete the tricky 'sendkeys' lines 67 till 72.


                          Or,, better (again) is to check first if you do can use a GPO anyhow (very recommended see previous replies how to provide a password to a script with a GPO) or, for applications a published msi package. So you can keep admin password much and much more secured ! ! ! ! ! ! !
                          Last edited by Rems; 12th July 2007, 21:18. Reason: added the line: If objShell.AppActivate("runas.exe") then _

                          This posting is provided "AS IS" with no warranties, and confers no rights.

                          __________________

                          ** Remember to give credit where credit's due **
                          and leave Reputation Points for meaningful posts

                          Comment

                          Working...
                          X