Page 1 of 4 1234>
Topic Options
#176138 - 2007-05-09 11:15 AM Problem!!
roedie Offline
Getting the hang of it

Registered: 2005-11-15
Posts: 52
Loc: balk friesland/holland
Hy all

I have a problem to run a kixtart script.
The script has to add a folder and a DLL on the c:\progam files\infostrait\ directory.

But there is one problem! If i'm a normal user i can't create folders there, it needs administrator right's to do so.

Is there a simpel way to run around that?
I need to run this script at the logon.

Here is a piece of the script i have now.

IF EXIST("c:\program files\infostrait\OutlookToSmarTeam\OutlookToSmarTeam.dll")
GOTO MAPPING

else

CD "c:\program files\infostrait"
md "OutlookToSmarTeam"
copy "\\server\SmData\ClientSoftware\VB6\OutlookToSmarTeam" "c:\program files\infostrait\OutlookToSmarTeam" /s

cd "OutlookToSmarTeam"
Shell "regsvr32 /s OutlookToSmarTeam.dll"


I hope you can help me out.
(srry for my bad english)

Top
#176139 - 2007-05-09 11:41 AM Re: Problem!! [Re: roedie]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
You could do a search on runnas or runas (watch the double and single n). You will still need to know the username and password of the admin account.
If you are not an admin why are you adding DLL's to the system? It can seriously screw-up the system. Maybe you could ask your admin to do this for you?

KiXtart FAQ & How to's » Installing an Application as an Admin
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176140 - 2007-05-09 11:47 AM Re: Problem!! [Re: Mart]
roedie Offline
Getting the hang of it

Registered: 2005-11-15
Posts: 52
Loc: balk friesland/holland
Well i am a admin here.

The dll is for an application that allows useres to save emails in smarteam.
but anyway
i can't just type something like: runas user="admin" pass="xxxx"
???

Top
#176141 - 2007-05-09 12:00 PM Re: Problem!! [Re: roedie]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Sure you can but that makes the password readable for all users.
If you are running GPO you can run the script as a Startup script. This way you do not need to specify the username and password in the script because the startup scripts run on the local system account that has admin privileges.

You can use the build-in runas in WinXP but like said that is not secure and everybody can read the username and password. IMHO one should not use runas.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176142 - 2007-05-09 12:20 PM Re: Problem!! [Re: Mart]
roedie Offline
Getting the hang of it

Registered: 2005-11-15
Posts: 52
Loc: balk friesland/holland
I will try it in a couple of hours. I will let you know if it worked.
Top
#176145 - 2007-05-09 01:49 PM Re: Problem!! [Re: roedie]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
Unless I'm wrong, the XP Pro version of RUNAS won't accept a password as an argument - it must be entered interactively. Specifying the password directly after the user ID, as well as using "/PASS:xx" and "/PASSWORD:xx" switches fail. Even piping fails, as shown below.
 Code:
PW1 - C:\Temp>echo PassWord | runas /user:domain\administrator cmd
Enter the password for domain\administrator:
Attempting to start cmd as user "gbcs\administrator" ...
RUNAS ERROR: Unable to run - cmd
1326: Logon failure: unknown user name or bad password.


I believe RUNnAS (double "n") is the form that will work, but you'll need to make it available to every system (via NetLogon share, possibly). It will also encode the password. It's an external tool you'll need to download.

Realize that there are tools to define and manage scheduled tasks, which can run as any user. The tcLib UDF library can create a task with specific credentials in as little as 4 lines of code, and then cause it to run immediatly. The CoDec UDF can obfuscate the account credentials stored in a file or even within the script, and these scripts should be tokenized to further hide the data and the methods of operation from casual users.

The latest tcLib can be downloaded from my web site, and CoDec is avaialble here on KORG, and in the KixDev package on my site.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#176146 - 2007-05-09 01:53 PM Re: Problem!! [Re: Glenn Barnas]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
 Quote:

Unless I'm wrong, the XP Pro version of RUNAS won't accept a password as an argument - it must be entered interactively
....


Yes. You are correct. Missed that.

 Code:
U:\>runas /?
RUNAS USAGE:

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
        /user:<UserName> program

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
        /smartcard [/user:<UserName>] program

   /noprofile        specifies that the user's profile should not be loaded.
                     This causes the application to load more quickly, but
                     can cause some applications to malfunction.
   /profile          specifies that the user's profile should be loaded.
                     This is the default.
   /env              to use current environment instead of user's.
   /netonly          use if the credentials specified are for remote
                     access only.
   /savecred         to use credentials previously saved by the user.
                     This option is not available on Windows XP Home Edition
                     and will be ignored.
   /smartcard        use if the credentials are to be supplied from a
                     smartcard.
   /user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER
   program         command line for EXE.  See below for examples

Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

[b]NOTE:  Enter user's password only when prompted.[/b]
NOTE:  USER@DOMAIN is not compatible with /netonly.
NOTE:  /profile is not compatible with /netonly.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176147 - 2007-05-09 02:44 PM Re: Problem!! [Re: Mart]
Bryce Offline
KiX Supporter
*****

Registered: 2000-02-29
Posts: 3167
Loc: Houston TX
not one comment about the use of goto??
Top
#176148 - 2007-05-09 03:02 PM Re: Problem!! [Re: Bryce]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
 Originally Posted By: Bryce
not one comment about the use of goto??


All right, all right. Goto sucks \:D
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176149 - 2007-05-09 03:03 PM Re: Problem!! [Re: Bryce]
roedie Offline
Getting the hang of it

Registered: 2005-11-15
Posts: 52
Loc: balk friesland/holland
is there really not an otherway around? it's not like that i have to install a whole program. it's just for making a dir and copy one file into that dir. For the rest of the script it works fine.
Top
#176150 - 2007-05-09 03:07 PM Re: Problem!! [Re: roedie]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
You can also use a startup script or a scheduled task to do the things you want done.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176151 - 2007-05-09 03:09 PM Re: Problem!! [Re: Mart]
roedie Offline
Getting the hang of it

Registered: 2005-11-15
Posts: 52
Loc: balk friesland/holland
It has to be done in the login script. Thats what the boss wants

*edit* post of the whole script */edit*

 Code:
IF EXIST("c:\program files\infostrait\OutlookToSmarTeam\OutlookToSmarTeam.dll")
GOTO MAPPING

else

; --Hier maak je een een nieuwe map aan in de infostrait map. En er wordt  een dll in de nieuwe map gekopieerd.

CD "c:\program files\infostrait"
md "OutlookToSmarTeam"
copy "\\serverxx\SmData\ClientSoftware\VB6\OutlookToSmarTeam" "c:\program files\infostrait\OutlookToSmarTeam" /s

; -- hier registreer je de dll.

cd "OutlookToSmarTeam"
Shell "regsvr32 /s OutlookToSmarTeam.dll"

; -- hier kopieer je 2 bestandjes voor de save in smarteam knop.

copy "\\serverxx\NETLOGON\Kixscripts\OLtoST\" "%userprofile%\Application Data\Microsoft\Outlook" /s

; -- hier zet je de macro security level in outlook op low

WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Security\","Level","00000001","REG_DWORD")

; -- hier maak je een nieuwe map aan op de netwerk Y schijf.

CD "y:"
MD "outlookmsg"

:MAPPING


Edited by roedie (2007-05-09 03:14 PM)

Top
#176152 - 2007-05-09 03:25 PM Re: Problem!! [Re: roedie]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
So security is not an issue for your boss. Then you might as well make everyone admin.

If it has to be done in the logon script you are stuck with something like runas which is a huge security risk


Edited by Mart (2007-05-09 03:26 PM)
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176153 - 2007-05-09 03:27 PM Re: Problem!! [Re: Mart]
roedie Offline
Getting the hang of it

Registered: 2005-11-15
Posts: 52
Loc: balk friesland/holland
so you say the best thing to do is to install it manualy on every pc with the admin acc?
Top
#176154 - 2007-05-09 03:35 PM Re: Problem!! [Re: roedie]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
That would be a lot more secure the using something like runas.
A GPO startup script (runs with elevated privileges) or a scheduled task (runs with whatever account you specify) would also be a secure option and they prevent you from running around in the office because a scheduled task can be scheduled from a remote computer and a GPO only has to be created once.

Sure you can use runas but it is almost the same as sending an e-mail to everyone telling them the admins username and password and asking them to (ab)use it. But hey, it’s not my network so you should use whatever you want. If runas is your choice then I’m not gonna to stop you from using it. I’m only saying that runas sucks and is a huge security risk.

SCHEDULETASK() - Schedules a task on any computer using the Task Scheduler


Edited by Mart (2007-05-09 03:36 PM)
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176156 - 2007-05-09 03:57 PM Re: Problem!! [Re: Glenn Barnas]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
 Originally Posted By: Glenn Barnas
Unless I'm wrong, the XP Pro version of RUNAS won't accept a password as an argument - it must be entered interactively.
There have been work-arounds using a VBS wrapper or other wrappers such as sanur (runas spelled backwards).
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#176157 - 2007-05-09 05:01 PM Re: Problem!! [Re: Les]
Adolfo Offline
Fresh Scripter
*****

Registered: 2007-01-25
Posts: 49
Loc: Cali, CO
why don't you convert a bat into a com or a kix into an exe? so users can't see the administrator password. is it possible?
Top
#176158 - 2007-05-09 05:09 PM Re: Problem!! [Re: Adolfo]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Sure you can package a kix script in an executable file (for example with ASE or Kix2Exe by Senser). Imho these are all workarounds.
Imho runas is only to be used in these cases where nothing else (better/more secure) can be done and these cases are very, VERRY, VERRY rare almost nonexistent.


Edited by Mart (2007-05-09 05:10 PM)
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#176159 - 2007-05-09 06:17 PM Re: Problem!! [Re: Adolfo]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
 Originally Posted By: Adolfo
why don't you convert a bat into a com or a kix into an exe? so users can't see the administrator password. is it possible?
Not needed for obfuscation since KiX has tokenization with obfuscation built in.

ASE can do things differently whereby you don't have to elevate with a runas type utility and embed a password. Using ASE to make an EXE is less secure than using the ASE alternate creds feature.

If you don't understand the implications of security you should not be trying to elevate permissions.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#176169 - 2007-05-10 08:53 AM Re: Problem!! [Re: Les]
roedie Offline
Getting the hang of it

Registered: 2005-11-15
Posts: 52
Loc: balk friesland/holland
I think a startup script is not going to work becaus that the script is also making a folder on a network drive that is nessesary for the application to run.

i shall try to make an exe file. Maby that will do the trick.

Top
Page 1 of 4 1234>


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 557 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.076 seconds in which 0.028 seconds were spent on a total of 14 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org