• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 444
  • Last Modified:

need a VBS that will run a command as another user

This may be beyond the scope for me to expect an answer but I figure it could not hurt to ask.
I often need to do a gpupdate on multiple users pcs based on a sms report I get regularly.

This  company has strict policies on any third party software and often it can take months to get it approved to use so a third party solution are out.
So when I get this list I will call the user and do a run as on the command line with either my credentials or the credentials of a local admin account we have on all the pcs as none of the users have local admin rights.

I am pretty good at bat files and can do some great things with them but I see I really need to learn VB as it would make some of these things easier.  For one a bat file cannot save username and password.  I could do a run as in a bat but not save my password in it.  

I can change a VBS or BAT to an exe so the user cant read it. So I dont mind if my username and password is in it.

OK so my question is, does anyone have a script or know one that I could use that would allow me to drop in my username and password and would run the gpupdate /force command under that account.

This way I could just sent the user a link and ask them to click it.  It would run gpupdate /force as the local admin or even with my domain admin credentials.

Thanks so much.
0
SLPowers
Asked:
SLPowers
  • 4
  • 4
  • 4
2 Solutions
 
DonNetwork AdministratorCommented:
I would use psexec(from microsoft)
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
 
psexec \\* gpupdate <<<<this will run it on all computers
psexec @c:\computers.txt gpupdate<<<<this will run it on computers in computers.txt
0
 
SLPowersEngineerAuthor Commented:
Thanks so much dstewartjr and I have looked at this before.  It is a powerful set of tools.  Still I do need a solution where I could send it to the user.  As I get a list of what could be 20 or 30 users.  I would then need to either create a bat file with each of their pc names and run it that way or from a command prompt do it one at a time.  If I can send a link to a file it is done on its own as I have the list of the users emails as well.  I know some users wont but most will and I can assist the users that chose not to.  Also the using a wildcard is great but gpupdate /force often requires a log off.  I dont want that for every user in the domain.  Still thanks for the reply.
0
 
DonNetwork AdministratorCommented:
I do highly recommend against using a script with a username/password in it. This will be easily read. Here's an add-on that you can install to your gpmc that is well touted.
http://www.specopssoft.com/products/specopsgpupdate/ 
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
TakedaTCommented:
I answered a question just like this the other day.  Though, the previous experts are correct when they say its not a good idea to save passwords in scripts.

http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_24339464.html
0
 
SLPowersEngineerAuthor Commented:
i agree.

But if i change the vbs to a exe and then just put the exe on a share and send the user a link to the share it would be safe.  once the vbs is encoded to a exe it would be very safe.
0
 
TakedaTCommented:
Give it a try and see if it works for you too.
strUsername = "administrator"
strPassword = "password"
strPath = "\\test\cmt\time.bat"
 
Set objShell = CreateObject("wscript.shell")
objShell.run "cmd /c title RUNASINSTALL & runas /user:"&strUsername&" "&chr(34)&strPath&chr(34)
Success=False
For i=0 to 5 or Success
	wscript.sleep 100
	Success=objShell.AppActivate("RUNASINSTALL")
	i=i+1
Next
If Success then
	wscript.sleep 100
	objShell.SendKeys strPassword&"{ENTER}"
End if

Open in new window

0
 
DonNetwork AdministratorCommented:
Why dont you just change your group policy refresh interval ?
 
http://technet.microsoft.com/en-us/library/cc757597.aspx 
0
 
DonNetwork AdministratorCommented:
Also how do propose to change the vbs to a exe ?
0
 
SLPowersEngineerAuthor Commented:
we have a approved app to convert the program to a exe.  also as far as the refreash intervals well some users just dont get the group policy for what ever reason.  


strUsername = "domain\username"
strPassword = "password"
strPath = "c:\windows\gpupdate /force"
 
Set objShell = CreateObject("wscript.shell")
objShell.run "cmd /c title RUNASINSTALL & runas /user:"&strUsername&" "&chr(34)&strPath&chr(34)
Success=False
For i=0 to 5 or Success
      wscript.sleep 100
      Success=objShell.AppActivate("RUNASINSTALL")
      i=i+1
Next
If Success then
      wscript.sleep 100
      objShell.SendKeys strPassword&"{ENTER}"
End if




The above solution from TakedaT: is very close but it keeps asking for me to enter my password after i run it.    

0
 
TakedaTCommented:
What OS are you using it on?  I used it for XP, but Im not sure if it will work for vista as I dont have a vista box to test it on.  The appactivate part waits for a cmd window to open with the titlebar displaying RUNASINSTALL.  What does the titlebar show when it is waiting for your password?  Try to change the for statement to wait a bit longer.  Right now it waits 5 times 1 tenth of a second which is half a second.  Make it  For i=0 to 20 or Success to wait 2 seconds if there is a delay for whatever reason.
0
 
TakedaTCommented:
If it still doesnt work, its probably not finding the window to activate.  As long as the cmd window that opens is active when sendkeys sends the password, you can just send the keys like below.  But, if another window is active when sendkeys sends the password, whatever window that is may display the password, hence the danger in this method.
strUsername = "domain\username"
strPassword = "password"
strPath = "c:\windows\gpupdate /force"
 
Set objShell = CreateObject("wscript.shell")
objShell.run "cmd /c title RUNASINSTALL & runas /user:"&strUsername&" "&chr(34)&strPath&chr(34)
wscript.sleep 100
objShell.SendKeys strPassword&"{ENTER}"

Open in new window

0
 
SLPowersEngineerAuthor Commented:
Thanks so much to everyone that helped.  I split the points because ultimately the pstools is the best solution for this issue and I thank you for the suggestion to use it.  The VBS works and I thank you for your work.  After thinking about it the security risk it might pose was not worth it with I can use the pstools with the @file option.   Thanks to all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 4
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now