RunAs Alternatives

TheMSsForum.com: The Microsoft Software Forum

Hello,
We are constructing a script that will be launched from the end of the
domain login script in our AD environment. This script will query the
registry for the latest critical updates, determine which are missing and
install the missing updates. We have it working, except that we have to
reference a local Administrator/password when using the RunAs command to
install any missing patches. This Admin/Password pair is in plain text in
the script, and for security reasons, we only want to have one local
administrator per workstation. Is there a way with VBScript to hide (hash)
a domain account password, or install a patch locally while logged on as a
member of the Local Users group? Basically, the ciritical updates need to
be installed by a local administrator, and we need a way to run these
updates from a VBScript login as that local administrator while not
compromising the seecurity of the system. Any thoughts greatly
appreciated...!!

Thanks,
Chris
twinked@seajay.com
Top

RE: RunAs Alternatives by anonymous

anonymous
Tue May 25 09:36:03 CDT 2004

I actually am in the process of completing a similar project.

I used a combination of CPAU.exe - from JoeWare.net - Win32 Apps (Create Process As User) for creating the process, and ebCrypt Cryptography DLL to encrypt a password file, so it wasn't in plain text. Be sure to get version 2.0 of EBCrypt.dll, I had problems with version 1.2. (Sorry, I don't remember the location I downloaded EBCrypt from... I think I just google'd it

My script runs a routine that reads from the encrypted file, sends it through a decrypt sub, then adds it to a command string to run with CPAU.exe
Top

Re: RunAs Alternatives by R

R
Tue May 25 09:54:49 CDT 2004

Too bad we didn't all start this project together...
----> http://uphold2001.brinkster.net/vbshf/forum


"E. Heaton" <anonymous@discussions.microsoft.com> wrote in message
news:CE592990-26D7-4B50-B6AC-9E7C17C49884@microsoft.com...
> I actually am in the process of completing a similar project.
>
> I used a combination of CPAU.exe - from JoeWare.net - Win32 Apps (Create
Process As User) for creating the process, and ebCrypt Cryptography DLL to
encrypt a password file, so it wasn't in plain text. Be sure to get version
2.0 of EBCrypt.dll, I had problems with version 1.2. (Sorry, I don't
remember the location I downloaded EBCrypt from... I think I just google'd
it)
>
> My script runs a routine that reads from the encrypted file, sends it
through a decrypt sub, then adds it to a command string to run with CPAU.exe


Top

Re: RunAs Alternatives by R

R
Tue May 25 11:11:49 CDT 2004

It can be utilized to run at logon - so you could do it either way.

The script could easily be modified so as to add whatever executable you
wish to perform the runas function...

If you decide to look at it, let me know - I'd be glad to help.

Rob


"E. Heaton" <anonymous@discussions.microsoft.com> wrote in message
news:4B92CE41-367A-47FE-9B57-80DE65B602EC@microsoft.com...
> Great solution, but it wouldn't have worked for my situation. I looked
into PSInfo and PSExec (from SysInternals.com) which is what VBSHF is based
off of. It requires that the systems be on to apply the fix or update.
>
> I have roughly 2,500 computers spread accross 5 buildings in a school
district, to ensure all machines have the updates applied, I'd rather they
be applied via. a login' script than a remote installation/execution.


Top

Re: RunAs Alternatives by BrianEdwardo

BrianEdwardo
Tue May 25 12:31:06 CDT 2004

Save this as .wsf file, and then drap and drop your script onto it, this
will create .vbe file, which is an encrypted vb script. the code cannot be
seen but windows 2000 and above will process it normally.


<?xml version="1.0"?>
<package>
<comment>
Encodes a VBS or JS script file with a script file!

For more scripts, visit www.wshscripting.com
</comment>
<job id="Encode">
<reference id="FileSystemObject"
guid="{420B2830-E718-11CF-893D-00A0C9054228}" version="1.0"/>
<object id="Encoder" progid="Scripting.Encoder" events="false"/>
<script id="Encode" language="VBScript">
<![CDATA[

Option Explicit

Dim fso
Set fso = WScript.CreateObject("Scripting.FilesystemObject")

Dim argv
Set argv = WScript.Arguments

Dim SourcePath
SourcePath = argv(0)
If SourcePath = "" Then WScript.Quit

Dim szExt, bstrScript, destExt
Select Case fso.GetExtensionName(SourcePath)
Case "vbs"
szExt = ".vbs"
bstrScript = "VBScript"
destExt = ".vbe"
Case "js"
szExt = ".js"
bstrScript = "JScript"
destExt = ".jse"
Case Else
MsgBox fso.GetExtensionName(SourcePath) & " files not supported in this
script."
WScript.Quit
End Select

Dim bstrStreamIn
bstrStreamIn = fso.OpenTextFile(SourcePath, 1).ReadAll

Dim enc, EncodedText
Set enc = WScript.CreateObject("Scripting.Encoder")
EncodedText = enc.EncodeScriptFile(szExt, bstrStreamIn, 0, bstrScript)
Set enc = Nothing

Dim DestPath
DestPath = Replace(SourcePath, szExt, destExt)
If Not fso.FileExists(DestPath) Then
Dim DestFile
Set DestFile = fso.OpenTextFile(DestPath, 2, true)
DestFile.Write Left(EncodedText, Len(EncodedText) - 1)
DestFile.Close
Set DestFile = Nothing
End If

Set fso = Nothing

]]>
</script>
</job>
</package>

--
BRIAN EDWARDO
"R Dunn" <q1c2_3m4e5t6a7l8@hotmail.com> wrote in message
news:OzhLPLnQEHA.3232@TK2MSFTNGP11.phx.gbl...
> It can be utilized to run at logon - so you could do it either way.
>
> The script could easily be modified so as to add whatever executable you
> wish to perform the runas function...
>
> If you decide to look at it, let me know - I'd be glad to help.
>
> Rob
>
>
> "E. Heaton" <anonymous@discussions.microsoft.com> wrote in message
> news:4B92CE41-367A-47FE-9B57-80DE65B602EC@microsoft.com...
> > Great solution, but it wouldn't have worked for my situation. I looked
> into PSInfo and PSExec (from SysInternals.com) which is what VBSHF is
based
> off of. It requires that the systems be on to apply the fix or update.
> >
> > I have roughly 2,500 computers spread accross 5 buildings in a school
> district, to ensure all machines have the updates applied, I'd rather they
> be applied via. a login' script than a remote installation/execution.
>
>


Top

Re: RunAs Alternatives by Al

Al
Tue May 25 20:00:20 CDT 2004


"BrianEdwardo" <brianedwardo@mail.uophx.edu> wrote in message
news:uh5eP4nQEHA.556@TK2MSFTNGP10.phx.gbl...
> Save this as .wsf file, and then drap and drop your script onto it, this
> will create .vbe file, which is an encrypted vb script. the code cannot be
> seen but windows 2000 and above will process it normally.

Just beware that screnc hacks exist that actually can read your screnc
encoded files.

/Al

> <?xml version="1.0"?>
> <package>
> <comment>
> Encodes a VBS or JS script file with a script file!
>
> For more scripts, visit www.wshscripting.com
> </comment>
> <job id="Encode">
> <reference id="FileSystemObject"
> guid="{420B2830-E718-11CF-893D-00A0C9054228}" version="1.0"/>
> <object id="Encoder" progid="Scripting.Encoder" events="false"/>
> <script id="Encode" language="VBScript">
> <![CDATA[
>
> Option Explicit
>
> Dim fso
> Set fso = WScript.CreateObject("Scripting.FilesystemObject")
>
> Dim argv
> Set argv = WScript.Arguments
>
> Dim SourcePath
> SourcePath = argv(0)
> If SourcePath = "" Then WScript.Quit
>
> Dim szExt, bstrScript, destExt
> Select Case fso.GetExtensionName(SourcePath)
> Case "vbs"
> szExt = ".vbs"
> bstrScript = "VBScript"
> destExt = ".vbe"
> Case "js"
> szExt = ".js"
> bstrScript = "JScript"
> destExt = ".jse"
> Case Else
> MsgBox fso.GetExtensionName(SourcePath) & " files not supported in this
> script."
> WScript.Quit
> End Select
>
> Dim bstrStreamIn
> bstrStreamIn = fso.OpenTextFile(SourcePath, 1).ReadAll
>
> Dim enc, EncodedText
> Set enc = WScript.CreateObject("Scripting.Encoder")
> EncodedText = enc.EncodeScriptFile(szExt, bstrStreamIn, 0, bstrScript)
> Set enc = Nothing
>
> Dim DestPath
> DestPath = Replace(SourcePath, szExt, destExt)
> If Not fso.FileExists(DestPath) Then
> Dim DestFile
> Set DestFile = fso.OpenTextFile(DestPath, 2, true)
> DestFile.Write Left(EncodedText, Len(EncodedText) - 1)
> DestFile.Close
> Set DestFile = Nothing
> End If
>
> Set fso = Nothing
>
> ]]>
> </script>
> </job>
> </package>
>
> --
> BRIAN EDWARDO
> "R Dunn" <q1c2_3m4e5t6a7l8@hotmail.com> wrote in message
> news:OzhLPLnQEHA.3232@TK2MSFTNGP11.phx.gbl...
> > It can be utilized to run at logon - so you could do it either way.
> >
> > The script could easily be modified so as to add whatever executable you
> > wish to perform the runas function...
> >
> > If you decide to look at it, let me know - I'd be glad to help.
> >
> > Rob
> >
> >
> > "E. Heaton" <anonymous@discussions.microsoft.com> wrote in message
> > news:4B92CE41-367A-47FE-9B57-80DE65B602EC@microsoft.com...
> > > Great solution, but it wouldn't have worked for my situation. I looked
> > into PSInfo and PSExec (from SysInternals.com) which is what VBSHF is
> based
> > off of. It requires that the systems be on to apply the fix or update.
> > >
> > > I have roughly 2,500 computers spread accross 5 buildings in a school
> > district, to ensure all machines have the updates applied, I'd rather
they
> > be applied via. a login' script than a remote installation/execution.
> >
> >
>
>


Top

Re: RunAs Alternatives by copycat

copycat
Tue Jul 12 22:57:23 CDT 2005


Took a look at this website on how to automate the runas. I believe this
guy will also write custom programs.

[url]www.geocities.com/fightclub20002000[/url]




RCN wrote:
> *Hello,
> We are constructing a script that will be launched from the end of
> the
> domain login script in our AD environment. This script will query
> the
> registry for the latest critical updates, determine which are missing
> and
> install the missing updates. We have it working, except that we have
> to
> reference a local Administrator/password when using the RunAs command
> to
> install any missing patches. This Admin/Password pair is in plain
> text in
> the script, and for security reasons, we only want to have one local
> administrator per workstation. Is there a way with VBScript to hide
> (hash)
> a domain account password, or install a patch locally while logged on
> as a
> member of the Local Users group? Basically, the ciritical updates
> need to
> be installed by a local administrator, and we need a way to run
> these
> updates from a VBScript login as that local administrator while not
> compromising the seecurity of the system. Any thoughts greatly
> appreciated...!!
>
> Thanks,
> Chris
> twinked@seajay.com *



--
copycat
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------

Top

Re: RunAs Alternatives by Richard

Richard
Wed Jul 13 20:37:12 CDT 2005

Microsoft has a scripted version of Runas also called Runas+.exe. Free

Richard Glenn
NewsGroups@RaptorConsulting.org


"copycat" <copycat.1s3ohn@mail.codecomments.com> wrote in message
news:copycat.1s3ohn@mail.codecomments.com...
>
> Took a look at this website on how to automate the runas. I believe this
> guy will also write custom programs.
>
> [url]www.geocities.com/fightclub20002000[/url]
>
>
>
>
> RCN wrote:
>> *Hello,
>> We are constructing a script that will be launched from the end of
>> the
>> domain login script in our AD environment. This script will query
>> the
>> registry for the latest critical updates, determine which are missing
>> and
>> install the missing updates. We have it working, except that we have
>> to
>> reference a local Administrator/password when using the RunAs command
>> to
>> install any missing patches. This Admin/Password pair is in plain
>> text in
>> the script, and for security reasons, we only want to have one local
>> administrator per workstation. Is there a way with VBScript to hide
>> (hash)
>> a domain account password, or install a patch locally while logged on
>> as a
>> member of the Local Users group? Basically, the ciritical updates
>> need to
>> be installed by a local administrator, and we need a way to run
>> these
>> updates from a VBScript login as that local administrator while not
>> compromising the seecurity of the system. Any thoughts greatly
>> appreciated...!!
>>
>> Thanks,
>> Chris
>> twinked@seajay.com *
>
>
>
> --
> copycat
> ------------------------------------------------------------------------
> Posted via http://www.codecomments.com
> ------------------------------------------------------------------------
>


Top

Re: RunAs Alternatives by newsletter1

newsletter1
Thu Jul 14 23:45:22 CDT 2005

There are many tools on the net like this one. I use runasspc with an
encrypt password. It is easy and safe to use. Find it on
www.robotronic.de/runasspcEn.html

Top

Re: RunAs Alternatives by Richard

Richard
Sat Jul 16 21:50:14 CDT 2005

Thanks for the info, I will check it out!


Richard Glenn
NewsGroups@RaptorConsulting.org



<newsletter1@roboman.de> wrote in message
news:1121402722.636641.199100@g47g2000cwa.googlegroups.com...
> There are many tools on the net like this one. I use runasspc with an
> encrypt password. It is easy and safe to use. Find it on
> www.robotronic.de/runasspcEn.html
>


Top