Solved

Using RunAs in a Login Script...

Posted on 2004-03-26
16
20,005 Views
Last Modified: 2013-12-04
Hello...

I need to install a program on Windows XP/2000/2003 machines via a login script.  The problem is that it will only run with admin credentials which I do not want to give to users (nor can I per company policy).  There are some 950 machines spread over a huge campus so local installs would be a major pain.

How can I write a login script that will:

A.  Check the OS version (so that it does not run on 95/98 machines)

B.  Use the RunAs command to run the install as an admin.

Thanks,
Clarence
0
Comment
Question by:dspent
16 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10691922
Hi dspent,
A) with a script you could set it to do the following

==================
@echo off
Goto %OS%

REM And then just create labels for the operating systems you want this to run against, i.e

:Windows_NT
 ::Run script
=================

But, RunAs will prompt for a password...

Do you have SMS installed in your environment? http://www.microsoft.com/windows2000/techinfo/planning/management/smsintell.asp
or via a policy:

http://support.microsoft.com/?kbid=302430


~sirbounty
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10692172
I agree with SIRBOUNTY that you should use a Software Management System, but you could use RunAs Professional in a batchjob without compromizing security
http://www.mast-computer.de/


---------------------------------
@echo off
ver > C:\TEMP\WINVER.INF
:START
cls

FIND "Windows XP" < C:\TEMP\WINVER.INF > nul
if not errorlevel=1 GOTO :RUNAS
FIND "Windows 2000" < C:\TEMP\WINVER.INF > nul
if not errorlevel=1 GOTO :RUNAS

Echo This is w9x
GOTO END

:RUNAS
Echo This is W2k or XP

Echo Use RunAs Professional here ....


:END
---------------------------------------------

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 1

Author Comment

by:dspent
ID: 10694824
the problem with programs like RunAs and TQCRunAs is they cost money.  Money that the IS department doesn't have or is not going to spend.  So its up to me and the other admins to figure out how to do this without those tools.
0
 
LVL 1

Author Comment

by:dspent
ID: 10694830
and we do have a copy of SMS but it is not licensed for full deployment.  We use Landesk 8.01.  The problem here though is that the install that we need to do is the Landesk client agents....so you see my dilemma.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10695995
Do you have a compiler for some source-code ? Then compile an exe-file with the password hidden in it. That's what I'm using, but I guess there's a lot of other compilers out there.

It could be done with www.winbatch.com, but the evaluating version does'nt have the compiler, it costs.

BTW: I'm dealing with the same issue on http://www.experts-exchange.com/Security/Win_Security/Q_20576959.html
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10696084
I don't know this compiler, but it's free

Compile C and C++ programs for either DOS or Windows for free
http://yippee.i4free.co.nz/html/win/developer/title3191.htm

0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10699806
This one also have the administrators password in readable text, but it can be saved by you on a serverfolder, where only domain admins can read, and ...

Install Software on a Remote Computer
http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm28.mspx
0
 
LVL 1

Author Comment

by:dspent
ID: 10701026
sorry but I don't understand any of that stuff.....could you explain it more......i.e. give me the Compiling C and C++....Writing Scripts for C and C++ 101 for dummies lesson.

Tnanks
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10704460
Sorry - as told "I don't know this compiler, but it's free"

The issue is, that there are a lot of compilers out there. I use www.winbatch.com, but the evaluating version does'nt have the compiler, it costs.

Maybe try to find a free compiler yourself, or by one

I recommend WinBatch, it's very powerfull, and have a lot of example programs

If so, I could easily write the winbatch-sourcecode for you.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10704461
Maybe try to find a free compiler yourself, or by one
Maybe try to find a free compiler yourself, or buy one
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10723087
Here's a free compiler
http://www.hiddensoft.com/autoit3/downloads.php

***quote***
It is possible to take your .au3 script and compile it into a standalone executable; this executable can be used without the need for AutoIt to be installed and without the need to have AutoIt3.exe on the machine.  In addition, the compiled script is compressed and encrypted and there is the option to bind additional files (also compressed/encrypted) to the exe using the FileInstall function.  Also, any #include files will also be compiled into the script so they are not required at run-time.
***end of quote***
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 500 total points
ID: 10723389
This one works in autoit3, and can be compiled to an exe-file.

Create InstallXxxxAsAdmin.au3

--------------------------------------------------------------------------------------------------
Dim $UserName, $DomainName, $Password, $RunProgram, $RunPath

$UserName = "Administrator"
$DomainName = "YourDomainName"
$Password = "zzzzzzzzzzzzzzzzzzzzzz"

$RunProgram = "Setup.exe"
$RunPath = "C:\Winnt"


RunAsSet ( $UserName, $DomainName, $Password )

$val = RunWait($RunProgram, $RunPath, @SW_MAXIMIZE)

--------------------------------------------------------------------------------------------------


Compile it, and you will have an binary InstallXxxxAsAdmin.exe
0
 
LVL 1

Author Comment

by:dspent
ID: 10727977
thanks trywaredk......you are truly someone who doesn't give up.  I made the script and compiled it and it runs perfectly.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10734370
:o) Glad I could help you - thank you for the points

You could modify the last line
$val = RunWait($RunProgram, $RunPath, @SW_MAXIMIZE)


  @SW_HIDE = Hidden window
  @SW_MINIMIZE = Minimized window
  @SW_MAXIMIZE = Maximized
0
 

Expert Comment

by:netguru6
ID: 12824958
Another tip to add value to this script:

If you set $domainName to "."   (without the quotes), then you could use local accounts from the local workstation or member server local SAM. Great for those without an NT or AD domain.

If you neet to execute commandline commands like DIR then change the command to "CMD.EXE /C  <command>"

Example:
CMD /C DIR
This will execute a DIR then close the DOS window

CMD /K DIR
This will execute a DIR then keep the DOS windows open at the command prompt

Enjoy,

Netguru6
0
 

Expert Comment

by:mdubon3
ID: 14980898
there is a tool called CPAU.exe that u can use
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now