Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

Math - Random

• CD Burn Code for XP
• Change Win95 NT MenuShowDelay
• Code to Automatically Minimize Open Windows
• Deploying App Using Winbatch Wrapper Via Web
• Determining if Checkboxes are Checked
• Digital FingerPrinting using SHA1
• Directory Move
• Emergency Repair Disk Companion NT 4
• FileTimeCode-Find Newest Files
• Hexdump
• Hint of the day
• Holidays and Work Day Calculation
• KidProofwbt Provides Parental Control Over Desktop
• Massive Edit for Many Files
• Parrot Script to Playback Recorded Wave File
• Phone Dialer Example
• Quickly read last line in text file
• Rename file with file creation date
• SemiTransparent Windows
• Send Email with dialog
• Shell Window Details
• Test if App Exists before Exit Windows
• Utility to Pass Parms to WBT while in WB Studio
• Wait for AVI to finish
• WBT Scrolls across a Window and Makes it Larger
• Winbatch Script to Convert ScriptIt INI Files
• WinBatch Setup Source
• WinPopup - Send Message to Remote Machine using Mailslot
• wntRunAsUser Sample Code

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

wntRunAsUser Sample Code

Keywords: 	 wntRunAsUser

---

Here are a couple of scripts that demonstrate how to set up the AutoAdminLogon stuff in the registry and then how to autologon with admin rights and do a wntRunAsUser.

1. The user running the script, not the user being "RunAs" needs the permissions.

2. After the permissions are given to the user, they must log off before they take effect.

---

CONFIGUREIT.WBT:

;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;Script #1  - CONFIGUREIT.WBT - RUN THIS SCRIPT FIRST.  IT CONFIGURES 
;EVERYTHING AND SETS UP THE REGISTRY TO RUN SCRIPT #2 (RUNASUSER.WBT).
;
;In this script (CONFIGUREIT.WBT):
;
;1. Check username.  If currently logged on user is admin, then don't bother writing to the Winlogon 
;   section.   Just run the test script that *does something* using wntRunAsUser and some other admin
;   type activity.
;
;2. Otherwise, if not Admin user, write admin user info into the Winlogon part of registry for next 
;   login session.  Then set up the RunOnce key to run the RUNASUSER.WBT script next logon and reboot 
;   the machine.
;
;~~~~~~~~~~~~~~~~~~~
;In second script (RUNASUSER.WBT) launched by CONFIGUREIT.WBT:
;
;1.  The AutoAdminLogon happens.
;
;2.  Do the task that requires admin privileges.
;
;3.  Undo the Admin registry stuff since the current user is not the administrator, set AutoLogon to 0,
;    and reboot.

AddExtender("WWWNT34I.DLL")

curuser=wntGetUser(@default)
;Message("Current User is", curuser)

reguser=RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]")

if strlower(curuser)==strlower("Administrator") ;or customize as necessary to someone with admin privileges

  ;You're an Admin, go ahead and do a RunAsUser without additional settings required
  Group = "Users"
  User = reguser
  Pass = "YkSu1234"

  Domain = "YOURDOMAIN"
  PDC = "\\YOURPDC" 
  thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP)
  thegroups=strreplace(thegroups,@tab,@crlf)
  Message("List of Members Before Change", thegroups)

  wntRunAsUser(Domain, User, Pass, 2, 0)

  curuser=wntGetUser(@default)
  ;Message("Current User is", curuser)

  ;Now do the Admin task
  ans = AskLine("Add User", "What is the name of a valid domain\user you want to add to %Group%?", "")
  rslt = wntMemberSet(PDC, Group, ans, @LOCALGROUP)

  thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP)
  thegroups=strreplace(thegroups,@tab,@crlf)
  Message("List of Members After Change", thegroups)

  Message("All", "Done")
  exit
else
  ;currently logged on user is NOT admin user
  desktop=ShortCutDir("Desktop")

  domainname="YOURDOMAIN"
  username="administrator"  ;or someone with admin privileges
  password="YkSu1234"

  ;change the necessary settings for Adminautologon at next logon
  RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultDomainName]",domainname)
  RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]",username)
  RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]",password)
  RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[AutoAdminLogon]","1")

  ;First add the Winbatch script that'll do the autoadminlogon into the RunOnce key
  RegSetValue(@REGMACHINE, "Software\Microsoft\Windows\CurrentVersion\RunOnce[wbfile]", "c:\temp\runasuser.exe")
  ;Message("Before", "IntControl")

  ;now do the logout.  The machine will logout out current user, autologonadmin, and run the RUNASUSER.EXE script.
  IntControl(66,0,0,0,0)
endif

---

RUNASUSER.WBT:

; This is script #2.  It is the script that was loaded into the Runonce part of the 
; registry by script #1.  
;
; This script will do the wntRunAsUser and demonstrate how you can do an admin-level
; task.  One problem is that if this script is cancelled at any point, the admin level
; settings in the registry and Autoadminlogon might still be set in the registry (depending
; upon when it was cancelled), so this is a potential security problem, so I've added the
; Intcontrol(12,8,0,0,0) to prevent user cancellation.
;


IntControl(12,8,0,0,0)
AddExtender("WWWNT34I.DLL")

;Now you should have administrator rights... do a RunAsUser then set Winlogon settings back to NULL
Group = "Users"
User = RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]")
Pass = RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]")

Domain = "YOURDOMAIN"
PDC = "\\YOURPDC" 
thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP)
thegroups=strreplace(thegroups,@tab,@crlf)
Message("List of Members Before Change", thegroups)

ans = AskLine("Add User", "What is the domain\user you want to add", "")

;Make sure you've got the setting "Act as part of the operating system"
;set under User Manager/Policy menu (for the particular user who's logging in with Admin rights).
;Also note that after you make the above change, you have to logout and relogin for the setting
;to take effect.

wntRunAsUser(Domain, User, Pass, 2, 0)

Errormode(@off)
;now add the new user to the group
rslt = wntMemberSet(PDC, Group, ans, @LOCALGROUP)
Errormode(@cancel)
err=LastError()

if err==562 
   Display(1,"Warning", "Your Username was not Valid")
	goto setreg
else
  if err
    Display(1, "Warning", "An error has occurred.")
    goto setreg
  endif
endif

;now list out all the new users
thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP)
thegroups=strreplace(thegroups,@tab,@crlf)
Message("List of Members After Change", thegroups)

Message("All Done", "You've accomplished your chore.  Now get ready to relogon...")

;we fall through to here immediately if we get an error on the MemberSet function.
:setreg
;Now change autoadminlogon settings back to NULL
  RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultDomainName]","")
  ;RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]","")
  RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]","")
  RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[AutoAdminLogon]","0")

;now logout as current admin user
IntControl(66,0,0,0,0)

---

Article ID:   W14397

Filename:   wntRunAsUser Sample Code.txt

File Created: 2003:02:20:15:27:50

Last Updated: 2003:02:20:15:27:50