Solved

Using RunAs in a Login Script...

Posted on 2004-03-26
16
20,018 Views
Last Modified: 2013-12-04
Hello...

I need to install a program on Windows XP/2000/2003 machines via a login script.  The problem is that it will only run with admin credentials which I do not want to give to users (nor can I per company policy).  There are some 950 machines spread over a huge campus so local installs would be a major pain.

How can I write a login script that will:

A.  Check the OS version (so that it does not run on 95/98 machines)

B.  Use the RunAs command to run the install as an admin.

Thanks,
Clarence
0
Comment
Question by:dspent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
16 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10691922
Hi dspent,
A) with a script you could set it to do the following

==================
@echo off
Goto %OS%

REM And then just create labels for the operating systems you want this to run against, i.e

:Windows_NT
 ::Run script
=================

But, RunAs will prompt for a password...

Do you have SMS installed in your environment? http://www.microsoft.com/windows2000/techinfo/planning/management/smsintell.asp
or via a policy:

http://support.microsoft.com/?kbid=302430


~sirbounty
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10692172
I agree with SIRBOUNTY that you should use a Software Management System, but you could use RunAs Professional in a batchjob without compromizing security
http://www.mast-computer.de/


---------------------------------
@echo off
ver > C:\TEMP\WINVER.INF
:START
cls

FIND "Windows XP" < C:\TEMP\WINVER.INF > nul
if not errorlevel=1 GOTO :RUNAS
FIND "Windows 2000" < C:\TEMP\WINVER.INF > nul
if not errorlevel=1 GOTO :RUNAS

Echo This is w9x
GOTO END

:RUNAS
Echo This is W2k or XP

Echo Use RunAs Professional here ....


:END
---------------------------------------------

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 1

Author Comment

by:dspent
ID: 10694824
the problem with programs like RunAs and TQCRunAs is they cost money.  Money that the IS department doesn't have or is not going to spend.  So its up to me and the other admins to figure out how to do this without those tools.
0
Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

 
LVL 1

Author Comment

by:dspent
ID: 10694830
and we do have a copy of SMS but it is not licensed for full deployment.  We use Landesk 8.01.  The problem here though is that the install that we need to do is the Landesk client agents....so you see my dilemma.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10695995
Do you have a compiler for some source-code ? Then compile an exe-file with the password hidden in it. That's what I'm using, but I guess there's a lot of other compilers out there.

It could be done with www.winbatch.com, but the evaluating version does'nt have the compiler, it costs.

BTW: I'm dealing with the same issue on http://www.experts-exchange.com/Security/Win_Security/Q_20576959.html
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10696084
I don't know this compiler, but it's free

Compile C and C++ programs for either DOS or Windows for free
http://yippee.i4free.co.nz/html/win/developer/title3191.htm

0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10699806
This one also have the administrators password in readable text, but it can be saved by you on a serverfolder, where only domain admins can read, and ...

Install Software on a Remote Computer
http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm28.mspx
0
 
LVL 1

Author Comment

by:dspent
ID: 10701026
sorry but I don't understand any of that stuff.....could you explain it more......i.e. give me the Compiling C and C++....Writing Scripts for C and C++ 101 for dummies lesson.

Tnanks
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10704460
Sorry - as told "I don't know this compiler, but it's free"

The issue is, that there are a lot of compilers out there. I use www.winbatch.com, but the evaluating version does'nt have the compiler, it costs.

Maybe try to find a free compiler yourself, or by one

I recommend WinBatch, it's very powerfull, and have a lot of example programs

If so, I could easily write the winbatch-sourcecode for you.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10704461
Maybe try to find a free compiler yourself, or by one
Maybe try to find a free compiler yourself, or buy one
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10723087
Here's a free compiler
http://www.hiddensoft.com/autoit3/downloads.php

***quote***
It is possible to take your .au3 script and compile it into a standalone executable; this executable can be used without the need for AutoIt to be installed and without the need to have AutoIt3.exe on the machine.  In addition, the compiled script is compressed and encrypted and there is the option to bind additional files (also compressed/encrypted) to the exe using the FileInstall function.  Also, any #include files will also be compiled into the script so they are not required at run-time.
***end of quote***
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10723389
This one works in autoit3, and can be compiled to an exe-file.

Create InstallXxxxAsAdmin.au3

--------------------------------------------------------------------------------------------------
Dim $UserName, $DomainName, $Password, $RunProgram, $RunPath

$UserName = "Administrator"
$DomainName = "YourDomainName"
$Password = "zzzzzzzzzzzzzzzzzzzzzz"

$RunProgram = "Setup.exe"
$RunPath = "C:\Winnt"


RunAsSet ( $UserName, $DomainName, $Password )

$val = RunWait($RunProgram, $RunPath, @SW_MAXIMIZE)

--------------------------------------------------------------------------------------------------


Compile it, and you will have an binary InstallXxxxAsAdmin.exe
0
 
LVL 1

Author Comment

by:dspent
ID: 10727977
thanks trywaredk......you are truly someone who doesn't give up.  I made the script and compiled it and it runs perfectly.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10734370
:o) Glad I could help you - thank you for the points

You could modify the last line
$val = RunWait($RunProgram, $RunPath, @SW_MAXIMIZE)


  @SW_HIDE = Hidden window
  @SW_MINIMIZE = Minimized window
  @SW_MAXIMIZE = Maximized
0
 

Expert Comment

by:netguru6
ID: 12824958
Another tip to add value to this script:

If you set $domainName to "."   (without the quotes), then you could use local accounts from the local workstation or member server local SAM. Great for those without an NT or AD domain.

If you neet to execute commandline commands like DIR then change the command to "CMD.EXE /C  <command>"

Example:
CMD /C DIR
This will execute a DIR then close the DOS window

CMD /K DIR
This will execute a DIR then keep the DOS windows open at the command prompt

Enjoy,

Netguru6
0
 

Expert Comment

by:mdubon3
ID: 14980898
there is a tool called CPAU.exe that u can use
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question