wntRunAsUser Sample Code
Keywords: wntRunAsUser
Here are a couple of scripts that demonstrate how to set up the
AutoAdminLogon stuff in the registry and then how to autologon with admin rights and do a wntRunAsUser.
- The user running the script, not the user being "RunAs" needs the permissions.
- After the permissions are given to the user, they must log off before they take effect.
CONFIGUREIT.WBT:
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;Script #1 - CONFIGUREIT.WBT - RUN THIS SCRIPT FIRST. IT CONFIGURES
;EVERYTHING AND SETS UP THE REGISTRY TO RUN SCRIPT #2 (RUNASUSER.WBT).
;
;In this script (CONFIGUREIT.WBT):
;
;1. Check username. If currently logged on user is admin, then don't bother writing to the Winlogon
; section. Just run the test script that *does something* using wntRunAsUser and some other admin
; type activity.
;
;2. Otherwise, if not Admin user, write admin user info into the Winlogon part of registry for next
; login session. Then set up the RunOnce key to run the RUNASUSER.WBT script next logon and reboot
; the machine.
;
;~~~~~~~~~~~~~~~~~~~
;In second script (RUNASUSER.WBT) launched by CONFIGUREIT.WBT:
;
;1. The AutoAdminLogon happens.
;
;2. Do the task that requires admin privileges.
;
;3. Undo the Admin registry stuff since the current user is not the administrator, set AutoLogon to 0,
; and reboot.
AddExtender("WWWNT34I.DLL")
curuser=wntGetUser(@default)
;Message("Current User is", curuser)
reguser=RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]")
if strlower(curuser)==strlower("Administrator") ;or customize as necessary to someone with admin privileges
;You're an Admin, go ahead and do a RunAsUser without additional settings required
Group = "Users"
User = reguser
Pass = "YkSu1234"
Domain = "YOURDOMAIN"
PDC = "\\YOURPDC"
thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP)
thegroups=strreplace(thegroups,@tab,@crlf)
Message("List of Members Before Change", thegroups)
wntRunAsUser(Domain, User, Pass, 2, 0)
curuser=wntGetUser(@default)
;Message("Current User is", curuser)
;Now do the Admin task
ans = AskLine("Add User", "What is the name of a valid domain\user you want to add to %Group%?", "")
rslt = wntMemberSet(PDC, Group, ans, @LOCALGROUP)
thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP)
thegroups=strreplace(thegroups,@tab,@crlf)
Message("List of Members After Change", thegroups)
Message("All", "Done")
exit
else
;currently logged on user is NOT admin user
desktop=ShortCutDir("Desktop")
domainname="YOURDOMAIN"
username="administrator" ;or someone with admin privileges
password="YkSu1234"
;change the necessary settings for Adminautologon at next logon
RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultDomainName]",domainname)
RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]",username)
RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]",password)
RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[AutoAdminLogon]","1")
;First add the Winbatch script that'll do the autoadminlogon into the RunOnce key
RegSetValue(@REGMACHINE, "Software\Microsoft\Windows\CurrentVersion\RunOnce[wbfile]", "c:\temp\runasuser.exe")
;Message("Before", "IntControl")
;now do the logout. The machine will logout out current user, autologonadmin, and run the RUNASUSER.EXE script.
IntControl(66,0,0,0,0)
endif
RUNASUSER.WBT:
; This is script #2. It is the script that was loaded into the Runonce part of the
; registry by script #1.
;
; This script will do the wntRunAsUser and demonstrate how you can do an admin-level
; task. One problem is that if this script is cancelled at any point, the admin level
; settings in the registry and Autoadminlogon might still be set in the registry (depending
; upon when it was cancelled), so this is a potential security problem, so I've added the
; Intcontrol(12,8,0,0,0) to prevent user cancellation.
;
IntControl(12,8,0,0,0)
AddExtender("WWWNT34I.DLL")
;Now you should have administrator rights... do a RunAsUser then set Winlogon settings back to NULL
Group = "Users"
User = RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]")
Pass = RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]")
Domain = "YOURDOMAIN"
PDC = "\\YOURPDC"
thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP)
thegroups=strreplace(thegroups,@tab,@crlf)
Message("List of Members Before Change", thegroups)
ans = AskLine("Add User", "What is the domain\user you want to add", "")
;Make sure you've got the setting "Act as part of the operating system"
;set under User Manager/Policy menu (for the particular user who's logging in with Admin rights).
;Also note that after you make the above change, you have to logout and relogin for the setting
;to take effect.
wntRunAsUser(Domain, User, Pass, 2, 0)
Errormode(@off)
;now add the new user to the group
rslt = wntMemberSet(PDC, Group, ans, @LOCALGROUP)
Errormode(@cancel)
err=LastError()
if err==562
Display(1,"Warning", "Your Username was not Valid")
goto setreg
else
if err
Display(1, "Warning", "An error has occurred.")
goto setreg
endif
endif
;now list out all the new users
thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP)
thegroups=strreplace(thegroups,@tab,@crlf)
Message("List of Members After Change", thegroups)
Message("All Done", "You've accomplished your chore. Now get ready to relogon...")
;we fall through to here immediately if we get an error on the MemberSet function.
:setreg
;Now change autoadminlogon settings back to NULL
RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultDomainName]","")
;RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]","")
RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]","")
RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[AutoAdminLogon]","0")
;now logout as current admin user
IntControl(66,0,0,0,0)
Article ID: W14397
Filename: wntRunAsUser Sample Code.txt