Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: wntRunAsUser
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ;Script #1 - CONFIGUREIT.WBT - RUN THIS SCRIPT FIRST. IT CONFIGURES ;EVERYTHING AND SETS UP THE REGISTRY TO RUN SCRIPT #2 (RUNASUSER.WBT). ; ;In this script (CONFIGUREIT.WBT): ; ;1. Check username. If currently logged on user is admin, then don't bother writing to the Winlogon ; section. Just run the test script that *does something* using wntRunAsUser and some other admin ; type activity. ; ;2. Otherwise, if not Admin user, write admin user info into the Winlogon part of registry for next ; login session. Then set up the RunOnce key to run the RUNASUSER.WBT script next logon and reboot ; the machine. ; ;~~~~~~~~~~~~~~~~~~~ ;In second script (RUNASUSER.WBT) launched by CONFIGUREIT.WBT: ; ;1. The AutoAdminLogon happens. ; ;2. Do the task that requires admin privileges. ; ;3. Undo the Admin registry stuff since the current user is not the administrator, set AutoLogon to 0, ; and reboot. AddExtender("WWWNT34I.DLL") curuser=wntGetUser(@default) ;Message("Current User is", curuser) reguser=RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]") if strlower(curuser)==strlower("Administrator") ;or customize as necessary to someone with admin privileges ;You're an Admin, go ahead and do a RunAsUser without additional settings required Group = "Users" User = reguser Pass = "YkSu1234" Domain = "YOURDOMAIN" PDC = "\\YOURPDC" thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP) thegroups=strreplace(thegroups,@tab,@crlf) Message("List of Members Before Change", thegroups) wntRunAsUser(Domain, User, Pass, 2, 0) curuser=wntGetUser(@default) ;Message("Current User is", curuser) ;Now do the Admin task ans = AskLine("Add User", "What is the name of a valid domain\user you want to add to %Group%?", "") rslt = wntMemberSet(PDC, Group, ans, @LOCALGROUP) thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP) thegroups=strreplace(thegroups,@tab,@crlf) Message("List of Members After Change", thegroups) Message("All", "Done") exit else ;currently logged on user is NOT admin user desktop=ShortCutDir("Desktop") domainname="YOURDOMAIN" username="administrator" ;or someone with admin privileges password="YkSu1234" ;change the necessary settings for Adminautologon at next logon RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultDomainName]",domainname) RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]",username) RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]",password) RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[AutoAdminLogon]","1") ;First add the Winbatch script that'll do the autoadminlogon into the RunOnce key RegSetValue(@REGMACHINE, "Software\Microsoft\Windows\CurrentVersion\RunOnce[wbfile]", "c:\temp\runasuser.exe") ;Message("Before", "IntControl") ;now do the logout. The machine will logout out current user, autologonadmin, and run the RUNASUSER.EXE script. IntControl(66,0,0,0,0) endif
; This is script #2. It is the script that was loaded into the Runonce part of the ; registry by script #1. ; ; This script will do the wntRunAsUser and demonstrate how you can do an admin-level ; task. One problem is that if this script is cancelled at any point, the admin level ; settings in the registry and Autoadminlogon might still be set in the registry (depending ; upon when it was cancelled), so this is a potential security problem, so I've added the ; Intcontrol(12,8,0,0,0) to prevent user cancellation. ; IntControl(12,8,0,0,0) AddExtender("WWWNT34I.DLL") ;Now you should have administrator rights... do a RunAsUser then set Winlogon settings back to NULL Group = "Users" User = RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]") Pass = RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]") Domain = "YOURDOMAIN" PDC = "\\YOURPDC" thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP) thegroups=strreplace(thegroups,@tab,@crlf) Message("List of Members Before Change", thegroups) ans = AskLine("Add User", "What is the domain\user you want to add", "") ;Make sure you've got the setting "Act as part of the operating system" ;set under User Manager/Policy menu (for the particular user who's logging in with Admin rights). ;Also note that after you make the above change, you have to logout and relogin for the setting ;to take effect. wntRunAsUser(Domain, User, Pass, 2, 0) Errormode(@off) ;now add the new user to the group rslt = wntMemberSet(PDC, Group, ans, @LOCALGROUP) Errormode(@cancel) err=LastError() if err==562 Display(1,"Warning", "Your Username was not Valid") goto setreg else if err Display(1, "Warning", "An error has occurred.") goto setreg endif endif ;now list out all the new users thegroups=wntMemberLst2(PDC,Group,@LOCALGROUP) thegroups=strreplace(thegroups,@tab,@crlf) Message("List of Members After Change", thegroups) Message("All Done", "You've accomplished your chore. Now get ready to relogon...") ;we fall through to here immediately if we get an error on the MemberSet function. :setreg ;Now change autoadminlogon settings back to NULL RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultDomainName]","") ;RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]","") RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultPassword]","") RegSetValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[AutoAdminLogon]","0") ;now logout as current admin user IntControl(66,0,0,0,0)
Article ID: W14397
Filename: wntRunAsUser Sample Code.txt
File Created: 2003:02:20:15:27:50
Last Updated: 2003:02:20:15:27:50