Solved

Running VBscript as a local admin

Posted on 2012-03-19
13
1,727 Views
Last Modified: 2012-04-18
I'm trying to have this vbscript run as a admin account that is local to every machine on our network. "!Admin". How do i get this to work without having to put the specific local hostname of each machine and where would i have the password in the script for the admin account not to prompt?
RemoveVirtScroll.vbs
0
Comment
Question by:TropicalPriest
  • 7
  • 4
13 Comments
 
LVL 10

Expert Comment

by:CSI-Windows_com
ID: 37738197
Will the script be run by users who do not have admin rights or will it be run by a background service of the software distribution system?
0
 

Author Comment

by:TropicalPriest
ID: 37738214
the script will be run remotely through a Kaseya server. No user interaction.
0
 
LVL 10

Expert Comment

by:CSI-Windows_com
ID: 37738221
If the script is configuring something that is NOT part of a user profile, you can configure it as a "System Startup" script to get admin rights.

In Group Policy Editor this is under "Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) > Startup"

A reboot will be required to run the script.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 10

Expert Comment

by:CSI-Windows_com
ID: 37738237
I am not familiar with Kaseya server - but most likely it runs your scripts using a background process that already has admin rights.  

Services under Windows 7 DO NOT HAVE UAC even when UAC is enabled.

In otherwords services with admin rights work just like they did on XP.

This is called an "unfiltered token."

If, however, Kaseya is actually running the script silent, but under the logged in user's non-admin profile - that is a completely different problem and I can propose some solutions for it as well.
0
 
LVL 10

Expert Comment

by:CSI-Windows_com
ID: 37738249
Forgot to mention - if you are sending it through a background service, the best way to test what your script (or any program for that matter) will do in regard to UAC is to run it in an elevated command prompt.  If you get no UAC prompt there, then you have a 99.999% chance you won't get one running under a service that is logged in as SYSTEM or any account with local admin.
0
 

Author Comment

by:TropicalPriest
ID: 37740228
i need something like this,

Set objShell = CreateObject("WScript.Shell")
WshShell.Run """%systemroot%\system32\runas.exe"" /user:(domian here)\testtaker-team ""%programfiles(x86)%\testtkr\testtkr.exe""", 1, false

objShell.Exec("rundll32.exe ""C:\Program Files\Lenovo\VIRTSCRL\cleanup.dll"",InfUninstall  DefaultUninstall.LH 132 C:\Program Files\Lenovo\VIRTSCRL\tpdu_vs.inf")

The second part is the command i want to run. That part works when i run it as my domain admin account locally. the first part is a run as domain account example but i don't know how to change that to reflect the use of a local admin account then run the second line.
0
 
LVL 10

Expert Comment

by:CSI-Windows_com
ID: 37740292
Should be:

Set objShell = CreateObject("WScript.Shell")
WshShell.Run """%systemroot%\system32\runas.exe"" /user:(domian here)\testtaker-team "rundll32.exe ""C:\Program Files\Lenovo\VIRTSCRL\cleanup.dll"",InfUninstall  DefaultUninstall.LH 132 ""C:\Program Files\Lenovo\VIRTSCRL\tpdu_vs.inf"" ", 1, false
0
 

Author Comment

by:TropicalPriest
ID: 37740312
So Admin account is called "!Admin" how do i set it to use that account?

/user:localhost\!Admin?

When using these scripts there is now need to put the password for the specified account anywhere in the script?
0
 

Author Comment

by:TropicalPriest
ID: 37740568
I've been trying the following and i've had no luck.

Set objShell = CreateObject("WScript.Shell")
WshShell.Run """%systemroot%\system32\runas.exe"" /user:teamschools\!Admin "rundll32.exe ""C:\Program Files\Lenovo\VIRTSCRL\cleanup.dll"",InfUninstall  DefaultUninstall.LH 132 ""C:\Program Files\Lenovo\VIRTSCRL\tpdu_vs.inf"" ", 1, false
0
 
LVL 10

Accepted Solution

by:
CSI-Windows_com earned 410 total points
ID: 37742661
TropicalPriest,
There is no way to automate the runas command prompt.

I realize you and I never caught up on how you are running the script on clients.  Are you going to run the script through Kaseya's windows service on each desktop?

If so, then you don't need "runas" at all - your entire script will run with admin rights and there is no need to attempt to do a runas with an admin account.

Make sure you have tested your script through the distribution system or under an elevated CMD prompt WITHOUT the runas part - if it works, you're done.

If it does not work, there are many tools that do a secure runas with alternate credentials:

http://www.steelsonic.com/steelrunas.htm - this is not free, but the last freeware version (1.2) can be found here: http://www.freewarefiles.com/downloads_counter.php?programid=26832

http://www.joeware.net/freetools/tools/cpau/

http://www.chessware.ch/runitas/

There is also a free enterprise tool that allows you to configure anything to run with admin credentials via group policy - a little bit fussy if this is a one time need:

http://www.scriptlogic.com/products/privilegeauthority/
0
 
LVL 10

Expert Comment

by:CSI-Windows_com
ID: 37742685
If the group of machines is small enough to do manually from your desk, you could also use psexec to remotely execute commands with admin.

http://live.sysinternals.com/psexec.exe
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question