• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 20040
  • Last Modified:

Using RunAs in a Login Script...

Hello...

I need to install a program on Windows XP/2000/2003 machines via a login script.  The problem is that it will only run with admin credentials which I do not want to give to users (nor can I per company policy).  There are some 950 machines spread over a huge campus so local installs would be a major pain.

How can I write a login script that will:

A.  Check the OS version (so that it does not run on 95/98 machines)

B.  Use the RunAs command to run the install as an admin.

Thanks,
Clarence
0
dspent
Asked:
dspent
1 Solution
 
sirbountyCommented:
Hi dspent,
A) with a script you could set it to do the following

==================
@echo off
Goto %OS%

REM And then just create labels for the operating systems you want this to run against, i.e

:Windows_NT
 ::Run script
=================

But, RunAs will prompt for a password...

Do you have SMS installed in your environment? http://www.microsoft.com/windows2000/techinfo/planning/management/smsintell.asp
or via a policy:

http://support.microsoft.com/?kbid=302430


~sirbounty
0
 
trywaredkCommented:
I agree with SIRBOUNTY that you should use a Software Management System, but you could use RunAs Professional in a batchjob without compromizing security
http://www.mast-computer.de/


---------------------------------
@echo off
ver > C:\TEMP\WINVER.INF
:START
cls

FIND "Windows XP" < C:\TEMP\WINVER.INF > nul
if not errorlevel=1 GOTO :RUNAS
FIND "Windows 2000" < C:\TEMP\WINVER.INF > nul
if not errorlevel=1 GOTO :RUNAS

Echo This is w9x
GOTO END

:RUNAS
Echo This is W2k or XP

Echo Use RunAs Professional here ....


:END
---------------------------------------------

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
dspentAuthor Commented:
the problem with programs like RunAs and TQCRunAs is they cost money.  Money that the IS department doesn't have or is not going to spend.  So its up to me and the other admins to figure out how to do this without those tools.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
dspentAuthor Commented:
and we do have a copy of SMS but it is not licensed for full deployment.  We use Landesk 8.01.  The problem here though is that the install that we need to do is the Landesk client agents....so you see my dilemma.
0
 
trywaredkCommented:
Do you have a compiler for some source-code ? Then compile an exe-file with the password hidden in it. That's what I'm using, but I guess there's a lot of other compilers out there.

It could be done with www.winbatch.com, but the evaluating version does'nt have the compiler, it costs.

BTW: I'm dealing with the same issue on http://www.experts-exchange.com/Security/Win_Security/Q_20576959.html
0
 
trywaredkCommented:
I don't know this compiler, but it's free

Compile C and C++ programs for either DOS or Windows for free
http://yippee.i4free.co.nz/html/win/developer/title3191.htm

0
 
trywaredkCommented:
This one also have the administrators password in readable text, but it can be saved by you on a serverfolder, where only domain admins can read, and ...

Install Software on a Remote Computer
http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm28.mspx
0
 
dspentAuthor Commented:
sorry but I don't understand any of that stuff.....could you explain it more......i.e. give me the Compiling C and C++....Writing Scripts for C and C++ 101 for dummies lesson.

Tnanks
0
 
trywaredkCommented:
Sorry - as told "I don't know this compiler, but it's free"

The issue is, that there are a lot of compilers out there. I use www.winbatch.com, but the evaluating version does'nt have the compiler, it costs.

Maybe try to find a free compiler yourself, or by one

I recommend WinBatch, it's very powerfull, and have a lot of example programs

If so, I could easily write the winbatch-sourcecode for you.
0
 
trywaredkCommented:
Maybe try to find a free compiler yourself, or by one
Maybe try to find a free compiler yourself, or buy one
0
 
trywaredkCommented:
Here's a free compiler
http://www.hiddensoft.com/autoit3/downloads.php

***quote***
It is possible to take your .au3 script and compile it into a standalone executable; this executable can be used without the need for AutoIt to be installed and without the need to have AutoIt3.exe on the machine.  In addition, the compiled script is compressed and encrypted and there is the option to bind additional files (also compressed/encrypted) to the exe using the FileInstall function.  Also, any #include files will also be compiled into the script so they are not required at run-time.
***end of quote***
0
 
trywaredkCommented:
This one works in autoit3, and can be compiled to an exe-file.

Create InstallXxxxAsAdmin.au3

--------------------------------------------------------------------------------------------------
Dim $UserName, $DomainName, $Password, $RunProgram, $RunPath

$UserName = "Administrator"
$DomainName = "YourDomainName"
$Password = "zzzzzzzzzzzzzzzzzzzzzz"

$RunProgram = "Setup.exe"
$RunPath = "C:\Winnt"


RunAsSet ( $UserName, $DomainName, $Password )

$val = RunWait($RunProgram, $RunPath, @SW_MAXIMIZE)

--------------------------------------------------------------------------------------------------


Compile it, and you will have an binary InstallXxxxAsAdmin.exe
0
 
dspentAuthor Commented:
thanks trywaredk......you are truly someone who doesn't give up.  I made the script and compiled it and it runs perfectly.
0
 
trywaredkCommented:
:o) Glad I could help you - thank you for the points

You could modify the last line
$val = RunWait($RunProgram, $RunPath, @SW_MAXIMIZE)


  @SW_HIDE = Hidden window
  @SW_MINIMIZE = Minimized window
  @SW_MAXIMIZE = Maximized
0
 
netguru6Commented:
Another tip to add value to this script:

If you set $domainName to "."   (without the quotes), then you could use local accounts from the local workstation or member server local SAM. Great for those without an NT or AD domain.

If you neet to execute commandline commands like DIR then change the command to "CMD.EXE /C  <command>"

Example:
CMD /C DIR
This will execute a DIR then close the DOS window

CMD /K DIR
This will execute a DIR then keep the DOS windows open at the command prompt

Enjoy,

Netguru6
0
 
mdubon3Commented:
there is a tool called CPAU.exe that u can use
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now