Need to run a non Winbatch Program as a different user

Started by dragon49, August 14, 2014, 09:55:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

dragon49

August 14, 2014, 09:55:52 AM
I've been browsing through recent threads and found this:

http://forum.winbatch.com/index.php?topic=1022.0

This quote from a responder is disheartening:

"As you discovered, you cannot use wntRunAsUser() from a non-privileged account, and therefore it cannot be used to allow a normal user to "escalate" their privileges to administrator levels.,"  but perhaps there is another way for me as my problem is a little different.

I need to launch a third party program as a different user with local administrative rights, while the logged in user does not have local administrative rights.  Of course, I need to have this done without having the credentials laying around in clear text in a batch file somewhere, so I thought that a compiled Winbatch exe would be perfect for the job.  Can this be done?

Thanks





td

#1
August 14, 2014, 10:51:34 AM
Which Windows version(s) is/are installed on the computer(s) your planned script will be executed on and what is the UAC state(s) of that/those computer(s)?

Here is a Tech Database link the discusses two workarounds for UAC related user escalation issues.

http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/UAC+RunWithLogon~and~UAC.txt 

Here is another link that exposes some UAC related issue.

http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/UAC+UAC~Administrator~Account.txt
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

dragon49

#2
August 14, 2014, 11:01:24 AM
Windows 7 32 bit - UAC is on.  The PC will soon be replaced with 64 bit win7 with UAC on as well.  I only have to do this because some vendor can't figure how to get their software to launch without the user being logged in with admin rights.

I'll take a look at the articles.

td

#3
August 14, 2014, 12:52:31 PM
More reading in case you haven't needed to discover how UAC affects the running WinBatch scripts yet.

http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+~+Run~Scripts~on~Windows~Vista~and~Newer.txt
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

dragon49

#4
August 15, 2014, 12:34:21 PM
I haven't tried the suggestions yet, but already discovered network drive problems with running a program as a different user.

I have a Winbatch exe that sits on a network drive (can't post the script as I lost the source code years ago)  that returns a list of users that have an open connection to a database on a network share.  If I run this while logged in as a non administrative user who is also not a domain admin, Winbatch returns with "access denied."  If I try running this as a local administrator who is also a domain admin, Winbatch returns that it can not find the network drive where the executable is located.  This I solved by copying the executable directly to my desktop.  I can then run it with the domain admin credentials and it works as intended.

Deana

#5
August 17, 2014, 08:32:15 AM
When running as an Administrator, the user has two contexts: the limited user context, and the administrator context. When you map drives in Windows Explorer, they are added only for the limited user context. Thus when the script runs in the administrative context, no mapped drives are 'seen' by the script. WBT files run with user elevation 'HighestAvilable', which means when running under an Administrator account the script is running in the context of the administrator NOT the user.

Reference: http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/nftechsupt.web+WinBatch/UAC+Mapped~Drives~Issue~with~UAC.txt
Deana F.
Technical Support
Wilson WindowWare Inc.

dragon49

#6
August 19, 2014, 08:29:48 AM
Thanks,

My Old version (2003J) does not have the option to compile with the AsInvoker manifest.  I should probably upgrade one of these days. :)  I know I've purchased later versions, just never installed them.  The only thing that worried me was potential problems with different versions of dlls.  While I check for the latest Winbatch version that I have, can you let me know what the earliest version of Winbatch is, that supports the compiler options mentioned in this thread.

td

#7
August 19, 2014, 09:29:55 AM
Not sure what you mean by problems with different versions of dlls but the WIL interpreter dll's name has been changing with each version of WinBatch for quite a few years.  You would need at least 2007B to fully support Windows Vista and newer, and embedded manifest settings.

Detailed version information can be found here:
http://www.winbatch.com/whatsnew.html
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade
Print
Go Up Pages1
User actions