Deleting a file using a VBScript run as a restricted user

I need to delete a file from c:\windows during logon. The file being run at logon is a VBS file. When I use WSHFilesys.DeleteFile({filename.xxx}) I get permission denied. I've tried using CPAU and RUNAS but neither work. I have set a cmdPATH = "del /f {filename.xx} and then added WSHShell.Run "+cpau.exe -u {username} -p {password} -ex " & Chr(34) & cmdPath & Chr(34) & " -lwp -hide",0 ,True. Any assistance would be great.
tonysummersAsked:
Who is Participating?
 
RobSampsonConnect With a Mentor Commented:
Would you be able to run your login script via the Computer Configuration --> Windows Settings --> Scripts --> Startup in Group Policy for Active Directory?  This would run the script using the System account, and so would have access to delete a file from the Windows folder....

Regards,

Rob.
0
 
tonysummersAuthor Commented:
Group Policy runs before the user is able to login, the VBScript I need to run does a number of things in sequence that rely on each other to process.

The scripts does the following, and is reliant on the user being logged in, because of everything else that needs to be done....

Checks Add-in's Exist
Removes Add-in's
Cleans the Add-in Manager Registry Key
Removes the Add-in toolbars
Then I need to delete to add-in Admin files from windows.

When I need to run something in a script as the user that needs elevated privilge, I usually use the CPAU program using the following syntax:

cpau -u{user} -p{password} -ex "What to run" -lwp -hide.

The problem was that all I was trying to pass into the "What to run" section was simply "del /f {filename}" and it kept telling me the parameters were incorrect.

So about 10 minutes after posting my question I sort-of cheated and simply used CPAU to run xcacls which gave EVERYONE full control to the two files I need to delete and the simply used WSHShell.Run "cmd /c del /f " & Chr(34) & "{filename} & Chr(34), 0, True.

This seemed to work fine.

I know this solution works, and of cource because I am using CPAU which has an admin password I encrypt all my VBS files, but if you know a clean way to elevate privilege, using WMI, WSH or anything else that will run inside a VBScript, then that would be great.....

Otherwise I'm happy to close this call as completed. (P.S) How do I do that??? - Close this call?

Regards
SummO!
0
 
RobSampsonConnect With a Mentor Commented:
You're right, in your script, while running as a normal user, you should be able use:
strCommand = "cpau -u username -p password -ex ""cmd /c del /f /q c:\windows\script.vbs"" -lwp -hide"
Set objShell = CreateObject("WScript.Shell")
objShell.Run strCommand, 0, True

Does that work?

Regards,

Rob.
0
 
tonysummersAuthor Commented:
No - for some reason CPAU doesn't like the 'del /F command'. I'm happy with my solution at this stage. It's probably not a bad way to do it anyway, I'm not elevating privilege. All i'm doing is giving users access to files that are then deleted, so it's probably a better solution.

Regards
SummO!
0
 
RobSampsonConnect With a Mentor Commented:
Yeah, that's true.  Good thinking.  You could even specify the rights of those specific files via Group Policy, if you didn't want to run a script....

Regards,

Rob.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.