Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 20066
  • Last Modified:

Using RunAs in a Login Script...

Hello...

I need to install a program on Windows XP/2000/2003 machines via a login script.  The problem is that it will only run with admin credentials which I do not want to give to users (nor can I per company policy).  There are some 950 machines spread over a huge campus so local installs would be a major pain.

How can I write a login script that will:

A.  Check the OS version (so that it does not run on 95/98 machines)

B.  Use the RunAs command to run the install as an admin.

Thanks,
Clarence
0
dspent
Asked:
dspent
1 Solution
 
sirbountyCommented:
Hi dspent,
A) with a script you could set it to do the following

==================
@echo off
Goto %OS%

REM And then just create labels for the operating systems you want this to run against, i.e

:Windows_NT
 ::Run script
=================

But, RunAs will prompt for a password...

Do you have SMS installed in your environment? http://www.microsoft.com/windows2000/techinfo/planning/management/smsintell.asp
or via a policy:

http://support.microsoft.com/?kbid=302430


~sirbounty
0
 
trywaredkCommented:
I agree with SIRBOUNTY that you should use a Software Management System, but you could use RunAs Professional in a batchjob without compromizing security
http://www.mast-computer.de/


---------------------------------
@echo off
ver > C:\TEMP\WINVER.INF
:START
cls

FIND "Windows XP" < C:\TEMP\WINVER.INF > nul
if not errorlevel=1 GOTO :RUNAS
FIND "Windows 2000" < C:\TEMP\WINVER.INF > nul
if not errorlevel=1 GOTO :RUNAS

Echo This is w9x
GOTO END

:RUNAS
Echo This is W2k or XP

Echo Use RunAs Professional here ....


:END
---------------------------------------------

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
dspentAuthor Commented:
the problem with programs like RunAs and TQCRunAs is they cost money.  Money that the IS department doesn't have or is not going to spend.  So its up to me and the other admins to figure out how to do this without those tools.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
dspentAuthor Commented:
and we do have a copy of SMS but it is not licensed for full deployment.  We use Landesk 8.01.  The problem here though is that the install that we need to do is the Landesk client agents....so you see my dilemma.
0
 
trywaredkCommented:
Do you have a compiler for some source-code ? Then compile an exe-file with the password hidden in it. That's what I'm using, but I guess there's a lot of other compilers out there.

It could be done with www.winbatch.com, but the evaluating version does'nt have the compiler, it costs.

BTW: I'm dealing with the same issue on http://www.experts-exchange.com/Security/Win_Security/Q_20576959.html
0
 
trywaredkCommented:
I don't know this compiler, but it's free

Compile C and C++ programs for either DOS or Windows for free
http://yippee.i4free.co.nz/html/win/developer/title3191.htm

0
 
trywaredkCommented:
This one also have the administrators password in readable text, but it can be saved by you on a serverfolder, where only domain admins can read, and ...

Install Software on a Remote Computer
http://www.microsoft.com/technet/community/scriptcenter/compmgmt/scrcm28.mspx
0
 
dspentAuthor Commented:
sorry but I don't understand any of that stuff.....could you explain it more......i.e. give me the Compiling C and C++....Writing Scripts for C and C++ 101 for dummies lesson.

Tnanks
0
 
trywaredkCommented:
Sorry - as told "I don't know this compiler, but it's free"

The issue is, that there are a lot of compilers out there. I use www.winbatch.com, but the evaluating version does'nt have the compiler, it costs.

Maybe try to find a free compiler yourself, or by one

I recommend WinBatch, it's very powerfull, and have a lot of example programs

If so, I could easily write the winbatch-sourcecode for you.
0
 
trywaredkCommented:
Maybe try to find a free compiler yourself, or by one
Maybe try to find a free compiler yourself, or buy one
0
 
trywaredkCommented:
Here's a free compiler
http://www.hiddensoft.com/autoit3/downloads.php

***quote***
It is possible to take your .au3 script and compile it into a standalone executable; this executable can be used without the need for AutoIt to be installed and without the need to have AutoIt3.exe on the machine.  In addition, the compiled script is compressed and encrypted and there is the option to bind additional files (also compressed/encrypted) to the exe using the FileInstall function.  Also, any #include files will also be compiled into the script so they are not required at run-time.
***end of quote***
0
 
trywaredkCommented:
This one works in autoit3, and can be compiled to an exe-file.

Create InstallXxxxAsAdmin.au3

--------------------------------------------------------------------------------------------------
Dim $UserName, $DomainName, $Password, $RunProgram, $RunPath

$UserName = "Administrator"
$DomainName = "YourDomainName"
$Password = "zzzzzzzzzzzzzzzzzzzzzz"

$RunProgram = "Setup.exe"
$RunPath = "C:\Winnt"


RunAsSet ( $UserName, $DomainName, $Password )

$val = RunWait($RunProgram, $RunPath, @SW_MAXIMIZE)

--------------------------------------------------------------------------------------------------


Compile it, and you will have an binary InstallXxxxAsAdmin.exe
0
 
dspentAuthor Commented:
thanks trywaredk......you are truly someone who doesn't give up.  I made the script and compiled it and it runs perfectly.
0
 
trywaredkCommented:
:o) Glad I could help you - thank you for the points

You could modify the last line
$val = RunWait($RunProgram, $RunPath, @SW_MAXIMIZE)


  @SW_HIDE = Hidden window
  @SW_MINIMIZE = Minimized window
  @SW_MAXIMIZE = Maximized
0
 
netguru6Commented:
Another tip to add value to this script:

If you set $domainName to "."   (without the quotes), then you could use local accounts from the local workstation or member server local SAM. Great for those without an NT or AD domain.

If you neet to execute commandline commands like DIR then change the command to "CMD.EXE /C  <command>"

Example:
CMD /C DIR
This will execute a DIR then close the DOS window

CMD /K DIR
This will execute a DIR then keep the DOS windows open at the command prompt

Enjoy,

Netguru6
0
 
mdubon3Commented:
there is a tool called CPAU.exe that u can use
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now