?
Solved

Deleting a file using a VBScript run as a restricted user

Posted on 2007-10-10
5
Medium Priority
?
2,013 Views
Last Modified: 2012-08-13
I need to delete a file from c:\windows during logon. The file being run at logon is a VBS file. When I use WSHFilesys.DeleteFile({filename.xxx}) I get permission denied. I've tried using CPAU and RUNAS but neither work. I have set a cmdPATH = "del /f {filename.xx} and then added WSHShell.Run "+cpau.exe -u {username} -p {password} -ex " & Chr(34) & cmdPath & Chr(34) & " -lwp -hide",0 ,True. Any assistance would be great.
0
Comment
Question by:tonysummers
  • 3
  • 2
5 Comments
 
LVL 65

Accepted Solution

by:
RobSampson earned 375 total points
ID: 20054487
Would you be able to run your login script via the Computer Configuration --> Windows Settings --> Scripts --> Startup in Group Policy for Active Directory?  This would run the script using the System account, and so would have access to delete a file from the Windows folder....

Regards,

Rob.
0
 

Author Comment

by:tonysummers
ID: 20061667
Group Policy runs before the user is able to login, the VBScript I need to run does a number of things in sequence that rely on each other to process.

The scripts does the following, and is reliant on the user being logged in, because of everything else that needs to be done....

Checks Add-in's Exist
Removes Add-in's
Cleans the Add-in Manager Registry Key
Removes the Add-in toolbars
Then I need to delete to add-in Admin files from windows.

When I need to run something in a script as the user that needs elevated privilge, I usually use the CPAU program using the following syntax:

cpau -u{user} -p{password} -ex "What to run" -lwp -hide.

The problem was that all I was trying to pass into the "What to run" section was simply "del /f {filename}" and it kept telling me the parameters were incorrect.

So about 10 minutes after posting my question I sort-of cheated and simply used CPAU to run xcacls which gave EVERYONE full control to the two files I need to delete and the simply used WSHShell.Run "cmd /c del /f " & Chr(34) & "{filename} & Chr(34), 0, True.

This seemed to work fine.

I know this solution works, and of cource because I am using CPAU which has an admin password I encrypt all my VBS files, but if you know a clean way to elevate privilege, using WMI, WSH or anything else that will run inside a VBScript, then that would be great.....

Otherwise I'm happy to close this call as completed. (P.S) How do I do that??? - Close this call?

Regards
SummO!
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 375 total points
ID: 20062539
You're right, in your script, while running as a normal user, you should be able use:
strCommand = "cpau -u username -p password -ex ""cmd /c del /f /q c:\windows\script.vbs"" -lwp -hide"
Set objShell = CreateObject("WScript.Shell")
objShell.Run strCommand, 0, True

Does that work?

Regards,

Rob.
0
 

Author Comment

by:tonysummers
ID: 20062878
No - for some reason CPAU doesn't like the 'del /F command'. I'm happy with my solution at this stage. It's probably not a bad way to do it anyway, I'm not elevating privilege. All i'm doing is giving users access to files that are then deleted, so it's probably a better solution.

Regards
SummO!
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 375 total points
ID: 20062902
Yeah, that's true.  Good thinking.  You could even specify the rights of those specific files via Group Policy, if you didn't want to run a script....

Regards,

Rob.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
Suggested Courses
Course of the Month17 days, 10 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question