Larry Brister
asked on
Batch file or script with password
I am pasting this string below into a command prompt window and hitting enter
I am then prompted for a password.
Is there any batch file or script I can build to automate this?
C:\Windows\System32\runas. exe /netonly /user:gplrinc\lbrister"C:\ Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\Mana gementStud io\Ssms.ex e"
I am then prompted for a password.
Is there any batch file or script I can build to automate this?
C:\Windows\System32\runas.
You can add /user:username password to automate this. The password is in clear text, so depending on who has the script and how it is used, there is a security risk.
ASKER
John
That got e a help prompt because of incorrect command
This is what I used...
C:\Windows\System32\runas. exe /netonly /user:gplrinc\larry.briste r es$234v "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\Mana gementStud io\Ssms.ex e"
That got e a help prompt because of incorrect command
This is what I used...
C:\Windows\System32\runas.
And did that work?
Replace /user:gplrinc\larry.briste r password with /user:DOMAIN\user password.
According to the help for this, domain needs to be used with user.
According to the help for this, domain needs to be used with user.
John, this is not net use but runas, which does not allow to provide the password inline.
lrbrister, you cannot automate this if you want to run it on different machines. But if you need to run this for a single machine only, you can add /savecred to the command. This will prompt you once for the password, and after that runas will remember it for the current logged in user and the user you provided.
For security reasons it is not recommended, as you won't need to enter the password for gplrinc\lbrister with runas, no matter which command should then be run - and you have no control over. if the logged in account is yours, that is (almost) ok, but if you are "someone else" it might be a risk.
lrbrister, you cannot automate this if you want to run it on different machines. But if you need to run this for a single machine only, you can add /savecred to the command. This will prompt you once for the password, and after that runas will remember it for the current logged in user and the user you provided.
For security reasons it is not recommended, as you won't need to enter the password for gplrinc\lbrister with runas, no matter which command should then be run - and you have no control over. if the logged in account is yours, that is (almost) ok, but if you are "someone else" it might be a risk.
You can do this in a batch file
@Echo Off
Echo Password1 > password.txt
Echo. >> password.txt
RunAs.exe /netonly /user:gplrinc\lbrister "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe" < password.txt
Del password.txt
I would also use a batch file. But the help output for the command did seem to allow the user input. I will have to look again
ASKER
I will review when I am back at my desk after lunch
This pipes the password out of text file to the runas command
RunAs.exe /netonly /user:gplrinc\lbrister "...\Ssms.exe" < password.txt
RunAs.exe /netonly /user:gplrinc\lbrister "...\Ssms.exe" < password.txt
Of course a plain text password stored in a file is, ehm , unsecure.
Also, /netonly does not really change the user context (check with whoami). Piping the password only works with /netonly.
Also, /netonly does not really change the user context (check with whoami). Piping the password only works with /netonly.
Savecred not as secure as one might think too http://superuser.com/questions/581548/runas-savecred-ask-for-password-if-another-user-runs-the-same-batch-file
Netonly is not suppose to change your user context, it is only used for remote connections
Added an overwrite of text file before delete. 3rd party solutions exists that can do runas with credentials securely
The short answer: DO NOT DO THIS. You're only going to open your system to a HUGE, and I do mean HUGE system security flaw: Once you /savecred, you're saving your admin password to the users profile, UNCONDITIONALLY, for them to use any time, any way they like. That means, once saved, they can launch a console window (CMD prompt), type in "runas /savecred /user:administrator cmd.exe" and instantly launch a new command console with full admin rights to do anything they want. You probably do not want them to be able to do this!
Netonly is not suppose to change your user context, it is only used for remote connections
Added an overwrite of text file before delete. 3rd party solutions exists that can do runas with credentials securely
@Echo Off
Echo Password1 > password.txt
Echo. >> password.txt
RunAs.exe /netonly /user:gplrinc\lbrister "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe" < password.txt
Echo Dummy data to overwrite file > password.txt
Del password.txt
Oh yes, savecred is not safe, but using a plain text password is??? I've already said what that means for both, the above comment just confirms that in regard of savecred consequences.
I've got doubts that /netonly and SSMS really work together as expected - what is the purpose? Using Windows Authentication with SSMS to connect to MS SQL Server?
I've got doubts that /netonly and SSMS really work together as expected - what is the purpose? Using Windows Authentication with SSMS to connect to MS SQL Server?
Runas might not be supported but you could use a freeware utility CPAU http://www.joeware.net/freetools/tools/cpau/index.htm
Oh yes, savecred is not safe, but using a plain text password is???Really Qlemo, did you think I said plain text password is safe?
Added an overwrite of text file before delete. 3rd party solutions exists that can do runas with credentials securelyRunas might not be supported but you could use a freeware utility CPAU http://www.joeware.net/freetools/tools/cpau/index.htm
I interpreted USER is RUNAS in the box above as USER PASSWORD, but that appears just to have been an assumption on my part.
John, that is correct, see the screenshot in #a41991287, which shows the syntax. There is no place to provide the password directly.
ASKER
GUys,
The purpose behind this is that I need to work on a SSMS that accepts ONLY the WIndows User Credentioals
So..
On my local Windows 10PC...
I connect my VPN
Then I need to open my SQL Server SSMS using those same Windows credentials to connect
In SMS though... modifying the Windows Login to add domain is not an option... everything is greyed out.
So what I am doing for now is
Open VPN in settings
Connect to the VPN
Open my CMD Prompt
Paste in the SSMS file path to open SSMS
ENTER
Type in Password
ENTER
SSMS Launches
I then set the instance
Windows Authentication
And I can connect
Wa sjust trying to make this a LOT simpler if possible
The purpose behind this is that I need to work on a SSMS that accepts ONLY the WIndows User Credentioals
So..
On my local Windows 10PC...
I connect my VPN
Then I need to open my SQL Server SSMS using those same Windows credentials to connect
In SMS though... modifying the Windows Login to add domain is not an option... everything is greyed out.
So what I am doing for now is
Open VPN in settings
Connect to the VPN
Open my CMD Prompt
Paste in the SSMS file path to open SSMS
ENTER
Type in Password
ENTER
SSMS Launches
I then set the instance
Windows Authentication
And I can connect
Wa sjust trying to make this a LOT simpler if possible
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'll give that a try when I get back to my desk this evening
You can use the SYSTEM account if Windows Account is not allowed
PSEXEC.exe -s -i -d "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"
https://technet.microsoft.com/en-us/sysinternals/pxexec.aspx
ASKER
Worked like a charm