Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How do I use a VBScript with admin rights

Posted on 2008-11-05
5
Medium Priority
?
1,055 Views
Last Modified: 2012-05-05
I have a VBscript that works with all PC's.  We are now locking down our PC's and taking away Local Admin rights.  Now I am getting an error you do not have admin rights to execute this VBScript.

Here is the VBscript:
Dim WshShell, objShell, Shell
Dim objEnv
Dim strlogonserver, strFilePath1, strFilePath2, strFilePath3, strVerKey, strVersion
Dim objFSO, objScreensaver, objBackgroundlogo, objFolder
Dim ExistingSCSize, ExistingBGSize, FolderExisted


' Get the WshShell object.
Set WshShell = CreateObject("WScript.Shell")
Set objShell = WScript.CreateObject("WScript.Shell")
Set Shell = CreateObject("WScript.Shell")

' Get collection by using the Environment property.
Set objEnv = WshShell.Environment("Process")

strlogonserver = objShell.ExpandEnvironmentStrings("%logonserver%")
strFilePath1 = strlogonserver & "\NetLogon\Westbackgroundlogo.jpg"
strFilePath2 = strlogonserver & "\NetLogon\Westscreensaver.scr"
strFilePath3 = strlogonserver & "\NetLogon\Vista\Westscreensaver.scr"
strVerKey = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"
strVersion = Shell.regread(strVerKey & "CurrentVersion")

' These constansts contain the size of each of the files that need to be copied
Const intScreensaverSize_XP2K=313083
Const intScreensaverSize_Vista=1370624
Const intBackgroundlogoSize=72720
Const OverwriteExisting=TRUE


Set objFSO = CreateObject("Scripting.FileSystemObject")

' Get File sizes of the existing screensaver and logo
If objFSO.FileExists("C:\West\Westscreensaver.scr") Then
      Set objScreensaver = objFSO.getFile("C:\West\Westscreensaver.scr")
      ExistingSCSize=objScreensaver.Size
Else
      ExistingSCSize=0
End If  

If objFSO.FileExists("C:\West\Westbackgroundlogo.jpg") Then
      Set objBackgroundlogo = objFSO.getFile("C:\West\Westbackgroundlogo.jpg")
      ExistingBGSize=objBackgroundlogo.Size
Else
      ExistingBGSize=0
End If


' Check if folder c:\west exists, if not, create it
If Not objFSO.FolderExists("C:\West") Then
      Set objFolder = objFSO.CreateFolder("C:\West")
      FolderExisted=False
Else
      FolderExisted=True
End If


' Check logo
' If the folder did not exist or if the filesize does not match, copy the logo to the computer again
If ( (Not FolderExisted) Or (Not (ExistingBGSize =intBackgroundlogoSize)) ) Then
      objFSO.CopyFile strFilePath1 , "C:\West\", OverwriteExisting
End If


' Check the screensaver
' If the folder did not exist or if the filesize does not match, copy the screensaver to the computer again
If strVersion => "6.0" Then

      If ((Not FolderExisted) Or (Not (ExistingSCSize= intScreensaverSize_Vista)) ) Then
            objFSO.CopyFile strFilePath3 , "C:\West\", OverwriteExisting
      End If

Else

      If ((Not FolderExisted) Or (Not (ExistingSCSize= intScreensaverSize_XP2K)) ) Then
            objFSO.CopyFile strFilePath2 , "C:\West\", OverwriteExisting
      End If

End If
0
Comment
Question by:smkgrbmk
  • 2
4 Comments
 
LVL 3

Expert Comment

by:fraserc
ID: 22887432
Hi,

There are a number of was to achive this the simplest one being to run the script with administrative privalages. i.e. runas /profile /user:domain\admin "cscript.exe C:\MyVBScript.vbs"
Where "domain\admin" is the the domain and account name of an administrator and "C:\MyVBScript.vbs" is the path to your script.

Another option would be to grant the users the correct permissions on the objects that are used in the script. i.e.
read permissions on the reg key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"
read/write permissons on the directory "C:\West\"

A third option would be to apply the script as a computer start up script in group policy so that it runs with system privileges rather than under a user account.

Hope one of these helps!

Regards,

F.
0
 
LVL 6

Expert Comment

by:JimsZ
ID: 22895073
There are also run-as programs available to be able to run a batch file as a different user.

LSRunasE is one such program that's pretty easy to set up.  It pipes in the runas command an encrypted password and runs the script as any user/password chosen after setting up the encryption first.


0
 

Author Comment

by:smkgrbmk
ID: 22895301
This script is being used with a GPO for Active Directory.  So I will try your suggestion of the third option and execute this VBScript in the Computer startup script of the policy.  The only problem I could see here is that file are being copied from other shared drive that may not be available until the user logs in.  If so the script would fail.
0
 
LVL 3

Accepted Solution

by:
fraserc earned 2000 total points
ID: 22895416
smkgrbmk,

Startup scripts run with System privileges on the local computer but with the privileges of the computer object elsewhere in the domain. So if the script does fail for that reason then give 'domain computers' read access to the share. Also if the share is mapped to a drive letter then it would be best to use a UNC path rather than the mapped drive. i.e use: "\\server\share\folder" rather than "X:\folder"

F.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question