Login script with admin priveleges

TheMSsForum.com: The Microsoft Software Forum

Wondering if anyone could help me out with the following:

On NT, W2K and XP client machines I need a way to run an exe, through the
login script, with admin priveleges. I've looked into "runas" and "su",
however, they're not the best options as I run into problems with
compatability with NT or the fact that one has to insert the password when
prompted. I've also looked into "Admin Script Editor" and its packager
which lets one create and .exe to be run with alterante credentials.

Anyone know if this is possible through VBScript using impersonation?

Any enlightment into this matter would be appreciated.

Thanks!
JCOliveira
Top

Re: Login script with admin priveleges by Mike

Mike
Fri Feb 18 17:34:13 CST 2005

'VBRUNAS.VBS
'v1.3 March 2003
'Jeffery Hicks
'jhicks@jdhitsolutions.com http://www.jdhitsolutions.com
'USAGE: cscript|wscript VBRUNAS.VBS Username Password Command
'DESC: A RUNAS replacement to take password at a command prompt.
'NOTES: This is meant to be used for local access. If you want to run a
command
'across the network as another user, you must add the /NETONLY switch to
the RUNAS
'command.

'
*********************************************************************************
' * THIS PROGRAM IS OFFERED AS IS AND MAY BE FREELY MODIFIED OR ALTERED
AS *
' * NECESSARY TO MEET YOUR NEEDS. THE AUTHOR MAKES NO GUARANTEES OR
WARRANTIES, *
' * EXPRESS, IMPLIED OR OF ANY OTHER KIND TO THIS CODE OR ANY USER
MODIFICATIONS. *
' * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED IN A
SECURED LAB *
' * ENVIRONMENT. USE AT YOUR OWN RISK.
*
'
*********************************************************************************

On Error Resume Next
dim WshShell,oArgs,FSO

set oArgs=wscript.Arguments

if InStr(oArgs(0),"?")<>0 then
wscript.echo VBCRLF & "? HELP ?" & VBCRLF
Usage
end if

if oArgs.Count <3 then
wscript.echo VBCRLF & "! Usage Error !" & VBCRLF
Usage
end if

sUser=oArgs(0)
sPass=oArgs(1)&VBCRLF
sCmd=oArgs(2)

set WshShell = CreateObject("WScript.Shell")
set WshEnv = WshShell.Environment("Process")
WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"
set FSO = CreateObject("Scripting.FileSystemObject")

if FSO.FileExists(winpath) then
'wscript.echo winpath & " " & "verified"
else
wscript.echo "!! ERROR !!" & VBCRLF & "Can't find or verify " &
winpath &"." & VBCRLF & "You must be running Windows 2000 for this
script to work."
set WshShell=Nothing
set WshEnv=Nothing
set oArgs=Nothing
set FSO=Nothing
wscript.quit
end if

rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34),
2, FALSE)
'new code from Nick Staff (nstaff@angelsin.com) to loop until window opens.

Do until WshShell.AppActivate (WinPath)
Wscript.Sleep 5
WshShell.AppActivate (WinPath)
loop
WshShell.SendKeys sPass


set WshShell=Nothing
set oArgs=Nothing
set WshEnv=Nothing
set FSO=Nothing

wscript.quit

'************************
'* Usage Subroutine *
'************************
Sub Usage()
On Error Resume Next
msg="Usage: cscript|wscript vbrunas.vbs Username Password Command" &
VBCRLF & VBCRLF & "You should use the full path where necessary and put
long file names or commands" & VBCRLF & "with parameters in quotes" &
VBCRLF & VBCRLF &"For example:" & VBCRLF &" cscript vbrunas.vbs
jdhitsolutions\jhicks luckydog e:\scripts\admin.vbs" & VBCRLF & VBCRLF
&" cscript vbrunas.vbs jdhitsolutions\jhicks luckydog " & CHR(34)
&"e:\program files\scripts\admin.vbs 1stParameter 2ndParameter" &
CHR(34)& VBCRLF & VBCRLF & VBCLRF & "cscript vbrunas.vbs /?|-? will
display this message."

wscript.echo msg

wscript.quit

end sub




JCO wrote:
> Wondering if anyone could help me out with the following:
>
> On NT, W2K and XP client machines I need a way to run an exe, through the
> login script, with admin priveleges. I've looked into "runas" and "su",
> however, they're not the best options as I run into problems with
> compatability with NT or the fact that one has to insert the password when
> prompted. I've also looked into "Admin Script Editor" and its packager
> which lets one create and .exe to be run with alterante credentials.
>
> Anyone know if this is possible through VBScript using impersonation?
>
> Any enlightment into this matter would be appreciated.
>
> Thanks!
> JCOliveira
>
>
Top

Re: Login script with admin priveleges by Gerry

Gerry
Fri Feb 18 20:55:23 CST 2005

JCO wrote:

> Any enlightment into this matter would be appreciated.

In my view, this should never happen. The whole point of a logon script
is to set up the user environment, not to run silly EXE files as the admin.

--
Gerry Hickman (London UK)
Top

Re: Login script with admin priveleges by Roland

Roland
Sat Feb 19 12:42:07 CST 2005

"Gerry Hickman" wrote in message
news:eKfZr5iFFHA.1932@TK2MSFTNGP14.phx.gbl...
: JCO wrote:
:
: > Any enlightment into this matter would be appreciated.
:
: In my view, this should never happen. The whole point of a logon script
: is to set up the user environment, not to run silly EXE files as the
admin.

So, what's the difference between a silly EXE file and a serious one and is
it alright to run those as the admin in a logon script? (O:=

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp


Top

Re: Login script with admin priveleges by Michael

Michael
Sat Feb 19 21:40:53 CST 2005

On Sat, 19 Feb 2005 12:42:07 -0600, "Roland Hall" <nobody@nowhere> wrote
in microsoft.public.scripting.vbscript,
microsoft.public.win32.programmer.wmi, microsoft.public.windowsxp.wmi:

>"Gerry Hickman" wrote in message
>news:eKfZr5iFFHA.1932@TK2MSFTNGP14.phx.gbl...
>: JCO wrote:
>:
>: > Any enlightment into this matter would be appreciated.
>:
>: In my view, this should never happen. The whole point of a logon script
>: is to set up the user environment, not to run silly EXE files as the
>admin.
>
>So, what's the difference between a silly EXE file and a serious one and is
>it alright to run those as the admin in a logon script? (O:=

By definition, a silly (=inappropriate) EXE file in a login script is
one which requires more privileges than the current user has. They
belong in a machine startup script and necessary rights granted to
Domain Computers.

--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
Top

Re: Login script with admin priveleges by Roland

Roland
Sun Feb 20 04:25:37 CST 2005

"Michael Bednarek" wrote in message
news:p91g11l1s48v0n69b9chkk6nthpsuf6u51@4ax.com...
: On Sat, 19 Feb 2005 12:42:07 -0600, "Roland Hall" <nobody@nowhere> wrote
: in microsoft.public.scripting.vbscript,
: microsoft.public.win32.programmer.wmi, microsoft.public.windowsxp.wmi:
:
: >"Gerry Hickman" wrote in message
: >news:eKfZr5iFFHA.1932@TK2MSFTNGP14.phx.gbl...
: >: JCO wrote:
: >:
: >: > Any enlightment into this matter would be appreciated.
: >:
: >: In my view, this should never happen. The whole point of a logon script
: >: is to set up the user environment, not to run silly EXE files as the
: >admin.
: >
: >So, what's the difference between a silly EXE file and a serious one and
is
: >it alright to run those as the admin in a logon script? (O:=
:
: By definition, a silly (=inappropriate) EXE file in a login script is
: one which requires more privileges than the current user has. They
: belong in a machine startup script and necessary rights granted to
: Domain Computers.

I was just being silly but the response was worth reading. Thanks.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp


Top

Re: Login script with admin priveleges by Gerry

Gerry
Sun Feb 20 07:41:00 CST 2005

Hi Roland,

> I was just being silly but the response was worth reading. Thanks.

Hehe:)

The point we're making is that logging on time is for getting the user's
desktop and drives up as quickly as possible, it's not the right time to
be messing around with admin programs.

Maybe there's a legitimate use for such a program (?), but in the first
instance I'd suggest trying to re-design your systems so that this kind
of thing isn't needed at logon time. e.g. on my own netowrk, I run the
admin programs overnight.

--
Gerry Hickman (London UK)
Top

Re: Login script with admin priveleges by Roland

Roland
Sun Feb 20 15:07:54 CST 2005

"Gerry Hickman" <gerry666uk@yahoo.co.uk> wrote in message
news:%23FoOHH1FFHA.1528@TK2MSFTNGP09.phx.gbl...
: Hi Roland,
:
: > I was just being silly but the response was worth reading. Thanks.
:
: Hehe:)
:
: The point we're making is that logging on time is for getting the user's
: desktop and drives up as quickly as possible, it's not the right time to
: be messing around with admin programs.
:
: Maybe there's a legitimate use for such a program (?), but in the first
: instance I'd suggest trying to re-design your systems so that this kind
: of thing isn't needed at logon time. e.g. on my own netowrk, I run the
: admin programs overnight.

Yes, that makes sense. I guess I'm going to have to agree with you, but I'm
fighting it. *smirk*

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp


Top