Link to home
Start Free TrialLog in
Avatar of Larry Brister
Larry BristerFlag for United States of America

asked on

Batch file or script with password

I am pasting this string below into a command prompt window and hitting enter

I am then prompted for a password.

Is there any batch file or script I can build to automate this?

C:\Windows\System32\runas.exe /netonly /user:gplrinc\lbrister"C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"
Avatar of John
John
Flag of Canada image

You can add /user:username password to automate this. The password is in clear text, so depending on who has the script and how it is used, there is a security risk.
Avatar of Larry Brister

ASKER

John
That got e a help prompt because of incorrect command

This is what I used...
C:\Windows\System32\runas.exe /netonly /user:gplrinc\larry.brister es$234v "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"
And did that work?
Nope.

User generated image
Replace /user:gplrinc\larry.brister password with /user:DOMAIN\user password.  

According to the help for this, domain needs to be used with user.
Avatar of Qlemo
John, this is not net use but runas, which does not allow to provide the password inline.

lrbrister, you cannot automate this if you want to run it on different machines. But if you need to run this for a single machine only, you can add /savecred to the command. This will prompt you once for the password, and after that runas will remember it for the current logged in user and the user you provided.

For security reasons it is not recommended, as you won't need to enter the password for gplrinc\lbrister with runas, no matter which command should then be run - and you have no control over. if the logged in account is yours, that is (almost) ok, but if you are "someone else" it might be a risk.
You can do this in a batch file
@Echo Off
Echo Password1 > password.txt
Echo. >> password.txt
RunAs.exe /netonly /user:gplrinc\lbrister "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"  < password.txt
Del password.txt

Open in new window

I would also use a batch file. But the help output for the command did seem to allow the user input. I will have to look again
I will review when I am back at my desk after lunch
This pipes the password out of text file to the runas command
RunAs.exe /netonly /user:gplrinc\lbrister "...\Ssms.exe" < password.txt
Of course a plain text password stored in a file is, ehm , unsecure.
Also, /netonly does not really change the user context (check with whoami). Piping the password only works with /netonly.
Savecred not as secure as one might think too http://superuser.com/questions/581548/runas-savecred-ask-for-password-if-another-user-runs-the-same-batch-file

The short answer: DO NOT DO THIS. You're only going to open your system to a HUGE, and I do mean HUGE system security flaw: Once you /savecred, you're saving your admin password to the users profile, UNCONDITIONALLY, for them to use any time, any way they like. That means, once saved, they can launch a console window (CMD prompt), type in "runas /savecred /user:administrator cmd.exe" and instantly launch a new command console with full admin rights to do anything they want. You probably do not want them to be able to do this!

Netonly is not suppose to change your user context, it is only used for remote connections

Added an overwrite of text file before delete. 3rd party solutions exists that can do runas with credentials securely
@Echo Off
Echo Password1 > password.txt
Echo. >> password.txt
RunAs.exe /netonly /user:gplrinc\lbrister "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"  < password.txt
Echo Dummy data to overwrite file > password.txt
Del password.txt

Open in new window

Oh yes, savecred is not safe, but using a plain text password is??? I've already said what that means for both, the above comment just confirms that in regard of savecred consequences.

I've got doubts that /netonly and SSMS really work together as expected - what is the purpose? Using Windows Authentication with SSMS to connect to MS SQL Server?
Runas might not be supported but you could use a freeware utility CPAU http://www.joeware.net/freetools/tools/cpau/index.htm
Oh yes, savecred is not safe, but using a plain text password is???
Really Qlemo, did you think I said plain text password is safe?

Added an overwrite of text file before delete. 3rd party solutions exists that can do runas with credentials securely
Runas might not be supported but you could use a freeware utility CPAU http://www.joeware.net/freetools/tools/cpau/index.htm
I interpreted USER is RUNAS in the box above as USER PASSWORD, but that appears just to have been an assumption on my part.
John, that is correct, see the screenshot in #a41991287, which shows the syntax. There is no place to provide the password directly.
GUys,
The purpose behind this is that I need to work on a SSMS that accepts ONLY the WIndows User Credentioals

So..
On my local Windows 10PC...
I connect my VPN
Then I need to open my SQL Server SSMS using those same Windows credentials to connect

In SMS though... modifying the Windows Login to add domain is not an option... everything is greyed out.

So what I am doing for now is
Open VPN in settings
Connect to the VPN
Open my CMD Prompt
Paste in the SSMS file path to open SSMS
ENTER
Type in Password
ENTER
SSMS Launches
I then set the instance
Windows Authentication
And I can connect

Wa sjust trying to make this a LOT simpler if possible
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I'll give that a try when I get back to my desk this evening
You can use the SYSTEM account if Windows Account is not allowed
PSEXEC.exe -s -i -d "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"

Open in new window

https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx
Worked like a charm