• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 437
  • Last Modified:

need a VBS that will run a command as another user

This may be beyond the scope for me to expect an answer but I figure it could not hurt to ask.
I often need to do a gpupdate on multiple users pcs based on a sms report I get regularly.

This  company has strict policies on any third party software and often it can take months to get it approved to use so a third party solution are out.
So when I get this list I will call the user and do a run as on the command line with either my credentials or the credentials of a local admin account we have on all the pcs as none of the users have local admin rights.

I am pretty good at bat files and can do some great things with them but I see I really need to learn VB as it would make some of these things easier.  For one a bat file cannot save username and password.  I could do a run as in a bat but not save my password in it.  

I can change a VBS or BAT to an exe so the user cant read it. So I dont mind if my username and password is in it.

OK so my question is, does anyone have a script or know one that I could use that would allow me to drop in my username and password and would run the gpupdate /force command under that account.

This way I could just sent the user a link and ask them to click it.  It would run gpupdate /force as the local admin or even with my domain admin credentials.

Thanks so much.
0
SLPowers
Asked:
SLPowers
  • 4
  • 4
  • 4
2 Solutions
 
Donald StewartNetwork AdministratorCommented:
I would use psexec(from microsoft)
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
 
psexec \\* gpupdate <<<<this will run it on all computers
psexec @c:\computers.txt gpupdate<<<<this will run it on computers in computers.txt
0
 
SLPowersEngineerAuthor Commented:
Thanks so much dstewartjr and I have looked at this before.  It is a powerful set of tools.  Still I do need a solution where I could send it to the user.  As I get a list of what could be 20 or 30 users.  I would then need to either create a bat file with each of their pc names and run it that way or from a command prompt do it one at a time.  If I can send a link to a file it is done on its own as I have the list of the users emails as well.  I know some users wont but most will and I can assist the users that chose not to.  Also the using a wildcard is great but gpupdate /force often requires a log off.  I dont want that for every user in the domain.  Still thanks for the reply.
0
 
Donald StewartNetwork AdministratorCommented:
I do highly recommend against using a script with a username/password in it. This will be easily read. Here's an add-on that you can install to your gpmc that is well touted.
http://www.specopssoft.com/products/specopsgpupdate/ 
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TakedaTCommented:
I answered a question just like this the other day.  Though, the previous experts are correct when they say its not a good idea to save passwords in scripts.

http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_24339464.html
0
 
SLPowersEngineerAuthor Commented:
i agree.

But if i change the vbs to a exe and then just put the exe on a share and send the user a link to the share it would be safe.  once the vbs is encoded to a exe it would be very safe.
0
 
TakedaTCommented:
Give it a try and see if it works for you too.
strUsername = "administrator"
strPassword = "password"
strPath = "\\test\cmt\time.bat"
 
Set objShell = CreateObject("wscript.shell")
objShell.run "cmd /c title RUNASINSTALL & runas /user:"&strUsername&" "&chr(34)&strPath&chr(34)
Success=False
For i=0 to 5 or Success
	wscript.sleep 100
	Success=objShell.AppActivate("RUNASINSTALL")
	i=i+1
Next
If Success then
	wscript.sleep 100
	objShell.SendKeys strPassword&"{ENTER}"
End if

Open in new window

0
 
Donald StewartNetwork AdministratorCommented:
Why dont you just change your group policy refresh interval ?
 
http://technet.microsoft.com/en-us/library/cc757597.aspx 
0
 
Donald StewartNetwork AdministratorCommented:
Also how do propose to change the vbs to a exe ?
0
 
SLPowersEngineerAuthor Commented:
we have a approved app to convert the program to a exe.  also as far as the refreash intervals well some users just dont get the group policy for what ever reason.  


strUsername = "domain\username"
strPassword = "password"
strPath = "c:\windows\gpupdate /force"
 
Set objShell = CreateObject("wscript.shell")
objShell.run "cmd /c title RUNASINSTALL & runas /user:"&strUsername&" "&chr(34)&strPath&chr(34)
Success=False
For i=0 to 5 or Success
      wscript.sleep 100
      Success=objShell.AppActivate("RUNASINSTALL")
      i=i+1
Next
If Success then
      wscript.sleep 100
      objShell.SendKeys strPassword&"{ENTER}"
End if




The above solution from TakedaT: is very close but it keeps asking for me to enter my password after i run it.    

0
 
TakedaTCommented:
What OS are you using it on?  I used it for XP, but Im not sure if it will work for vista as I dont have a vista box to test it on.  The appactivate part waits for a cmd window to open with the titlebar displaying RUNASINSTALL.  What does the titlebar show when it is waiting for your password?  Try to change the for statement to wait a bit longer.  Right now it waits 5 times 1 tenth of a second which is half a second.  Make it  For i=0 to 20 or Success to wait 2 seconds if there is a delay for whatever reason.
0
 
TakedaTCommented:
If it still doesnt work, its probably not finding the window to activate.  As long as the cmd window that opens is active when sendkeys sends the password, you can just send the keys like below.  But, if another window is active when sendkeys sends the password, whatever window that is may display the password, hence the danger in this method.
strUsername = "domain\username"
strPassword = "password"
strPath = "c:\windows\gpupdate /force"
 
Set objShell = CreateObject("wscript.shell")
objShell.run "cmd /c title RUNASINSTALL & runas /user:"&strUsername&" "&chr(34)&strPath&chr(34)
wscript.sleep 100
objShell.SendKeys strPassword&"{ENTER}"

Open in new window

0
 
SLPowersEngineerAuthor Commented:
Thanks so much to everyone that helped.  I split the points because ultimately the pstools is the best solution for this issue and I thank you for the suggestion to use it.  The VBS works and I thank you for your work.  After thinking about it the security risk it might pose was not worth it with I can use the pstools with the @file option.   Thanks to all.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now