[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1415
  • Last Modified:

Active directory users and computers can i run from a machine that does not have permissions.

Hi,

Active directory users and computers can i run from a machine that does not have permissions.
Any code that can open ADSU&C console with the domain admin credentials entered.
Now when i open ADS Users and Computers i can see all but cannot edit.I dont want to give delegation.Use Run as and open.
Regards
SHarath
0
bsharath
Asked:
bsharath
  • 24
  • 20
1 Solution
 
chandru_solCommented:
Try this scrpt...........

Option Explicit

Dim objmenu, username, wshshell, fso
Set WshShell = WScript.CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")

Username = InputBox("Enter your admin username (domain\username)", "Enter Username","domainname/Username") 'Change this to your name
'create an object from the gui_menu class
Set objmenu = New gui_menu
'start the application
objmenu.getInput

Class gui_menu
    private Input, quit, strText, cmd, arrMenu, i, return, strProg
   
    Private Sub pickInput
        'if you add anything to the menu array below, make sure you add a corresponding entry here
        Select Case Input
            Case "1"
                cmd = " ""mmc %windir%\system32\compmgmt.msc"""
                startProg cmd
                getInput
            Case "2"
                cmd = " ""mmc %windir%\system32\dsa.msc"""
                startProg cmd
                getInput
            Case "3"
                cmd = " ""mmc %windir%\system32\gpmc.msc"""
                startProg cmd
                getInput
            Case "4"
                cmd = " %comspec%"
                startProg cmd
            getInput
            Case "5"
                'cmd = " ""mmc C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQL Server Enterprise Manager.MSC"""
                cmd = " ""mmc %windir%\system32\services.msc"""
            startProg cmd
                getInput
            Case "6"
                strProg = InputBox("Input the full path to the program", "User Defined","C:\WINDOWS\SYSTEM32\mstsc.exe")
                If fso.FileExists(strProg) then
                    cmd = " """ & strProg & """"
                    startProg cmd
                    getInput
                Else
                    strProg = MsgBox("File doesn't exist, try again!",48,"Error!!")
                    getInput
                End if
            Case "7"
                quit = MsgBox ("Are you sure?", 36, "Want To quit?")'52
                If quit = 6 Then
                    MsgBox ("Bye!!")
                    WScript.Quit
                Else
                    getInput
                End If
                Case "" 
                quit = MsgBox ("Are you sure?", 36, "Want To quit?")'52
                If quit = 6 Then
                    MsgBox ("Bye!!")
                    WScript.Quit
                Else
                    getInput
                End If
            Case Else
                MsgBox ("That is an incorrect entry, try again")
                getInput
        End Select
    End Sub 'pickInput
   
    Public sub getInput
        'add any menu names you want in this array, make sure you adjust the select/case in pickInput() accordingly
        arrMenu = Array("Computer Management","Active Directory","Group policy management","Command Prompt","Services","User Defined","Quit or click Cancel")
        strText = "Enter selection below." & vbNewLine
        'build the menu
        For i = 1 To (UBound(arrMenu) + 1)
            strText = strText & i & ". " & arrMenu(i - 1) & vbNewLine
        Next
        Input = InputBox(strText, "Make your selection")
        pickInput
    End sub 'getInput
   
    Private Sub startProg(cmd)
        return = WshShell.Run("%windir%\system32\runas.exe /user:" & username & cmd, 1, False)
    End Sub 'startProg
End Class 'gui_menu

Save this as vbs and it will ask your for the username of the domainadmin. Enter it as domainname/username and enter the number 2 to open ADS console, make sure you have the ADS console installed.

I presume that the machine is part of the domain
0
 
bsharathAuthor Commented:
Chandru i think this is the same script that we are stuck some time back.
What ever no i type in or type the correct Domain admin password none of the Msc open...
0
 
chandru_solCommented:
Can you make sure that you have the msc on the C drive?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
chandru_solCommented:
what operating system you are trying with? You don't even get the command prompt. Do you get a prompt to enter the password?
0
 
bsharathAuthor Commented:
Still does not work...
0
 
bsharathAuthor Commented:
I am using win 2003.
I get the username box then get the selection box then the password box.
After which nothing happens...
0
 
chandru_solCommented:
Can you make sure when you put this on the run command %windir%\system32\dsa.msc does the ad open up?
0
 
bsharathAuthor Commented:
Yes when i put this in the Run prompt
%windir%\system32\dsa.msc

i get the the ADUC console
0
 
chandru_solCommented:
What is the default script? Wscript or Cscript\

It should be wscript
0
 
bsharathAuthor Commented:
Sorry did not get you..

Tbhis is the script i am using....

Option Explicit

Dim objmenu, username, wshshell, fso
Set WshShell = WScript.CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")

Username = InputBox("Enter your admin username (domain\username)", "Enter Username","Development\administrator") 'Change this to your name
'create an object from the gui_menu class
Set objmenu = New gui_menu
'start the application
objmenu.getInput

Class gui_menu
    private Input, quit, strText, cmd, arrMenu, i, return, strProg
   
    Private Sub pickInput
        'if you add anything to the menu array below, make sure you add a corresponding entry here
        Select Case Input
            Case "1"
                cmd = " ""mmc %windir%\system32\compmgmt.msc"""
                startProg cmd
                getInput
            Case "2"
                cmd = " ""mmc %windir%\system32\dsa.msc"""
                startProg cmd
                getInput
            Case "3"
                cmd = " ""mmc %windir%\system32\gpmc.msc"""
                startProg cmd
                getInput
            Case "4"
                cmd = " %comspec%"
                startProg cmd
            getInput
            Case "5"
                'cmd = " ""mmc C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQL Server Enterprise Manager.MSC"""
                cmd = " ""mmc %windir%\system32\services.msc"""
            startProg cmd
                getInput
            Case "6"
                strProg = InputBox("Input the full path to the program", "User Defined","C:\WINDOWS\SYSTEM32\mstsc.exe")
                If fso.FileExists(strProg) then
                    cmd = " """ & strProg & """"
                    startProg cmd
                    getInput
                Else
                    strProg = MsgBox("File doesn't exist, try again!",48,"Error!!")
                    getInput
                End if
            Case "7"
                quit = MsgBox ("Are you sure?", 36, "Want To quit?")'52
                If quit = 6 Then
                    MsgBox ("Bye!!")
                    WScript.Quit
                Else
                    getInput
                End If
                Case "" 
                quit = MsgBox ("Are you sure?", 36, "Want To quit?")'52
                If quit = 6 Then
                    MsgBox ("Bye!!")
                    WScript.Quit
                Else
                    getInput
                End If
            Case Else
                MsgBox ("That is an incorrect entry, try again")
                getInput
        End Select
    End Sub 'pickInput
   
    Public sub getInput
        'add any menu names you want in this array, make sure you adjust the select/case in pickInput() accordingly
        arrMenu = Array("Computer Management","Active Directory","Group policy management","Command Prompt","Services","User Defined","Quit or click Cancel")
        strText = "Enter selection below." & vbNewLine
        'build the menu
        For i = 1 To (UBound(arrMenu) + 1)
            strText = strText & i & ". " & arrMenu(i - 1) & vbNewLine
        Next
        Input = InputBox(strText, "Make your selection")
        pickInput
    End sub 'getInput
   
    Private Sub startProg(cmd)
        return = WshShell.Run("%windir%\system32\runas.exe /user:" & username & cmd, 1, False)
    End Sub 'startProg
End Class 'gui_menu
0
 
chandru_solCommented:
Can you make your default script as wscript.ext? Hope this helps............
0
 
bsharathAuthor Commented:
You mean should i run the script.
with wscript.exe?
0
 
chandru_solCommented:
Can you try using the option 6 and see whether you can open up mstsc?
0
 
bsharathAuthor Commented:
When i type 6 i get the mstsc.But does not open.
The place where it asks for the password.Does it take in data as the cursor does not move when password entered.
0
 
bsharathAuthor Commented:
After entering the password can you keep the screen intact so that we can see the message.It just disappears...
0
 
chandru_solCommented:
Is the machine you are trying to is part of the domain?
0
 
bsharathAuthor Commented:
Yes its in the same Domian...
0
 
chandru_solCommented:
I have checked and it works fine here.

What is the name of the vbscript you have saved? Hope it is not runas.vbs
0
 
chandru_solCommented:
Can you check by entering a wrong password and see if you can get the wrong password message?

Can you try this version which will display 0 if everything is fine and if something wrong it will display 1?


Option Explicit

Dim objmenu, username, wshshell, fso
Set WshShell = WScript.CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")

Username = InputBox("Enter your admin username (domain\username)", "Enter Username","domainname/Username") 'Change this to your name
'create an object from the gui_menu class
Set objmenu = New gui_menu
'start the application
objmenu.getInput

Class gui_menu
    private Input, quit, strText, cmd, arrMenu, i, return, strProg
   
    Private Sub pickInput
        'if you add anything to the menu array below, make sure you add a corresponding entry here
        Select Case Input
            Case "1"
                cmd = " ""mmc %windir%\system32\compmgmt.msc"""
                startProg cmd
                getInput
            Case "2"
                cmd = " ""mmc %windir%\system32\dsa.msc"""
                startProg cmd
                getInput
            Case "3"
                cmd = " ""mmc %windir%\system32\gpmc.msc"""
                startProg cmd
                getInput
            Case "4"
                cmd = " %comspec%"
                startProg cmd
            getInput
            Case "5"
                'cmd = " ""mmc C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQL Server Enterprise Manager.MSC"""
                cmd = " ""mmc %windir%\system32\services.msc"""
            startProg cmd
                getInput
            Case "6"
                strProg = InputBox("Input the full path to the program", "User Defined","C:\WINDOWS\SYSTEM32\mstsc.exe")
                If fso.FileExists(strProg) then
                    cmd = " """ & strProg & """"
                    startProg cmd
                    getInput
                Else
                    strProg = MsgBox("File doesn't exist, try again!",48,"Error!!")
                    getInput
                End if
            Case "7"
                quit = MsgBox ("Are you sure?", 36, "Want To quit?")'52
                If quit = 6 Then
                    MsgBox ("Bye!!")
                    WScript.Quit
                Else
                    getInput
                End If
                Case "" 
                quit = MsgBox ("Are you sure?", 36, "Want To quit?")'52
                If quit = 6 Then
                    MsgBox ("Bye!!")
                    WScript.Quit
                Else
                    getInput
                End If
            Case Else
                MsgBox ("That is an incorrect entry, try again")
                getInput
        End Select
    End Sub 'pickInput
   
    Public sub getInput
        'add any menu names you want in this array, make sure you adjust the select/case in pickInput() accordingly
        arrMenu = Array("Computer Management","Active Directory","Group policy management","Command Prompt","Services","User Defined","Quit or click Cancel")
        strText = "Enter selection below." & vbNewLine
        'build the menu
        For i = 1 To (UBound(arrMenu) + 1)
            strText = strText & i & ". " & arrMenu(i - 1) & vbNewLine
        Next
        Input = InputBox(strText, "Make your selection")
        pickInput
    End sub 'getInput
   
    Private Sub startProg(cmd)
        return = WshShell.Run("%windir%\system32\runas.exe /user:" & username & cmd, 1, True)
wscript.echo return
    End Sub 'startProg
End Class 'gui_menu
0
 
chandru_solCommented:
Can you check with you local domain user credentials and let me know?
0
 
bsharathAuthor Commented:
I get 1 for every option that i select with any username and password.

Chandru the place where i type the password.How can i keep the scree still without disappearing.As i can see some error displaying there but before i can read it disappears...
0
 
bsharathAuthor Commented:
But when i give the wrong credentials i can notice that it says wrong login username or password.
0
 
chandru_solCommented:
Try this in the normal command prompt to see what you get

runas.exe /user:" & username & "mmc %windir%\system32\services.msc"

It will prompt you for the password
0
 
chandru_solCommented:
runas.exe /user:development\administrator "mmc %windir%\system32\services.msc"

try this
0
 
bsharathAuthor Commented:
I get this...


C:\>runas.exe /user:" & development\administrator & "mmc %windir%\system32\servi
ces.msc"
Enter the password for  & development\administrator & mmc:
RUNAS ERROR: Unable to acquire user password
0
 
chandru_solCommented:
Hope you are entering the correct password.

Can you try using this?

runas /noprofile /User:development\administrator cmd.exe

Can you try this script in any other machine?
0
 
chandru_solCommented:
C:\>runas.exe /user:" & development\administrator & "mmc %windir%\system32\servi
ces.msc"
Enter the password for  & development\administrator & mmc:
RUNAS ERROR: Unable to acquire user password

In this it should be something like this

runas.exe /user:development\administrator "mmc %windir%\system32\services.msc"
0
 
bsharathAuthor Commented:
I get this..


C:\>runas /noprofile /User:development\administrator cmd.exe
Enter the password for development\administrator:
Attempting to start cmd.exe as user "development\administrator" ...
RUNAS ERROR: Unable to run - cmd.exe
1385: Logon failure: the user has not been granted the requested logon type at t
his computer.


C:\>runas.exe /user:development\administrator "mmc %windir%\system32\services.ms
c"
Enter the password for development\administrator:
Attempting to start mmc C:\WINDOWS\system32\services.msc as user "development\ad
ministrator" ...
RUNAS ERROR: Unable to run - mmc C:\WINDOWS\system32\services.msc
1385: Logon failure: the user has not been granted the requested logon type at t
his computer.

I have checked in couple of machines too the same message.
The password is correct
0
 
chandru_solCommented:
Do you have any policy in all the system?
0
 
bsharathAuthor Commented:
Like...We have many GPO's...Anything specific i need to check...
0
 
chandru_solCommented:
Can you check this?

Check the Local Security Policy and see who has the 'Access this computer from the network' right.  If the users trying to access the share do not have this you will receive the error message you are seeing.

Start->Administrative Tools->Local Security Policy
0
 
bsharathAuthor Commented:
I have
Eveyrone
Administrators
Powerusers
Users
Localmachine
0
 
chandru_solCommented:
Can you check whether this service is running?

Secondary Logon
0
 
chandru_solCommented:
Can you also check when you login with runas for the AD console you can open the console?
0
 
chandru_solCommented:
This will give you more information for troubleshooting

http://www.petri.co.il/disable_runas.htm

0
 
bsharathAuthor Commented:
Yes the service is running
0
 
chandru_solCommented:
Try this........
http://forums.techguy.org/networking/533210-solved-user-has-not-been.html

Did you check whether you are able to open the ad using runas in GUI?
0
 
bsharathAuthor Commented:
Chandru Strange...

When i went to the dsa.msc and runas with my credentials it opened.
When i used Domain admin credentials
I get this message.

---------------------------
C:\WINDOWS\system32\dsa.msc
---------------------------
C:\WINDOWS\system32\dsa.msc



Logon failure: the user has not been granted the requested logon type at this computer.


---------------------------
OK  
---------------------------
0
 
chandru_solCommented:
Can you try the script with your credentials and see if that works?
0
 
bsharathAuthor Commented:
Chandru...

It works when i use my credentials...

But i dont know why it does not work with Domain\admin credentials...I am sure the password is correct...
0
 
chandru_solCommented:
O.K. I think that needs to be checked in your environment. Do you maintain Gp's?

So the script seems to work fine...........
0
 
chandru_solCommented:
I thought we can trouble shoot the issue. Anyway you can open a new question and we can work on that issue?

regards
Chandru
0
 
bsharathAuthor Commented:
Ok chandru thanks shall open a Q...

This script is a excellent way to delegate control without giving permissions to the users in the ADS...
0
 
bsharathAuthor Commented:
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 24
  • 20
Tackle projects and never again get stuck behind a technical roadblock.
Join Now