| MightyR1 |
| (MM club member) |
| 2003-09-12 09:25 AM |
|
ADMIN install using Runas like SU... Scripted without console!!!
|
SECURE INSTALLING STUFF USING RUNAS WITHOUT CONSOLE
The following shows an imho secure way of installing stuff on W2k and up using the RUNAS command, without the console prompting for a password.
PROCEDURE
1. Copy/Paste the codes and make the four files
2. Make sure the requirements are met (place all files in one folder)
3. Start the MAKEEXE_SANUR.cmd command file
4. Run the KASAI_SANUR_STARTER.kix script to see a messagebox displaying the admin-user and it's privileges
REQUIREMENTS
- Wkix32.exe ( http://www.kixtart.org/downloads/ )
- Wkixcrpt.exe ( http://www.sgbit.demon.co.uk/kix/files/ )
- Sanur.exe ( http://www.commandline.co.uk/sanur )
- User 'Deployer' with local admin rights and password '1234567890'
(change code if other user/password is desired)
- KASAI_SANUR.kix
- MAKEEXE_SANUR.cmd
- KASAI_SANUR_STARTER.kix
- KASAI_SANUR_SCR2RUN.kix
KASAI_SANUR.kix
MAKEEXE_SANUR.cmd
KASAI_SANUR_STARTER.kix
KASAI_SANUR_SCR2RUN.kix
Example for rolling out the MSO03-039 patch:
[ 29. September 2003, 21:04: Message edited by: MightyR1 ]
| **DONOTDELETE** |
| (Lurker) |
| 2003-09-12 04:34 PM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
MightyR1, I checked it out.....geez its so long. I'm looking to have the lines of code remain in the script to ensure that machines get the update, I have a lot of laptops that are out in the field for weeks at a time. See what I have below so far....was able to get TQCRunAs to work. Just need to be able to register a .dll on a users PC. The key exists parts are for testing, will be removed. The XP part works great, am working on the 2K now...
code:Select
Case @PRODUCTTYPE = "Windows XP Professional"
$ReturnCode = ExistKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824146")
If $ReturnCode = 0
? "Win XP Key exists...."
Else
? "Win XP Not Installed...."
Run "%COMSPEC% /c \\gtb1\os\KB824146\WindowsXP-KB824146.tqc"
MessageBox("A Windows Critical Update is being installed to your PC. Once finished, a restart may be required.","Windows Critical Update KB824146",64,30)
EndIf
Case @PRODUCTTYPE = "Windows 2000 Professional"
$ReturnCode = ExistKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB824146")
If $ReturnCode = 0
? "Key exists...."
Else
? "Not Installed...."
MessageBox("A Windows Critical Update is being installed to your PC. Once finished, a restart may be required.","Windows Critical Update KB824146",64,30)
EndIf
EndSelect
Exit
| ShaneEP |
| (MM club member) |
| 2003-09-12 08:14 PM |
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Nice script Patrick...Now if it weren't for those blasted NT4 workstations...
![[Mad]](images/icons/mad.gif){kind=icon}
| MightyR1 |
| (MM club member) |
| 2003-09-13 07:57 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Shane,
how about:
Should work...
| MightyR1 |
| (MM club member) |
| 2003-09-13 08:14 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
MODS,
May this info be an addon to the Installing an Application as an Admin FAQ???
[ 13. September 2003, 20:15: Message edited by: MightyR1 ]
| MightyR1 |
| (MM club member) |
| 2003-09-14 02:40 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
*bump*
MODS ???
| Johan van Huyssteen_dup1 |
| (Fresh Scripter) |
| 2003-09-16 03:05 PM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Can you use domain admins in the user portion
| MightyR1 |
| (MM club member) |
| 2003-09-16 11:40 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Johan,
In my example the 'deployer' user is a normal domain user placed in a domain group localadm, which is a member of the local admininistrators group.
Since domain admins are members of the local admins by default, my guess is it will work.
Try it out and let us know...
| mig21 |
| (Fresh Scripter) |
| 2003-09-17 06:27 PM |
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Hi there!
While running "makeexe_sanur.cmd" nothing happens!
I've downloaded the requested files and putted in the same directory. Then I changed user/passwd on requested scripts.
I noticed one space before $SANUR_PASSWORD=1234567890 is it so? Or is a typo?
The Kix version is 4.20.
Any thoughts will be appreciated!
Thx,
Mig21
| Sealeopard |
| (KiX Master) |
| 2003-09-17 08:55 PM |
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Hmm, I still don't see a reason to not use the Task Scheduler for these things.
| MightyR1 |
| (MM club member) |
| 2003-09-17 09:31 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Mig,
checked and no type errors... These codes work for me.
Jens,
challenge was to install stuff from within logon proces. Scheduletask is not allowed by normal users... This method is also a good start of installing applics on demand!
[ 17. September 2003, 21:32: Message edited by: MightyR1 ]
| Sealeopard |
| (KiX Master) |
| 2003-09-17 11:25 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Login script sends install request to KiXtart script running on admin server, which checks for requests on a regular basis. If request is detected it sends back a scheduled task to install and removed the request from the queue (.e.g .INI file).
BTW, whenever I install something I reboot the system right after as a precaution. That's why my installs normally happen during nighttime hours.
KSMS, BTW, demonstrates this behavior. I don't have any application that is so important that it must be installed during the login process.
| mig21 |
| (Fresh Scripter) |
| 2003-09-19 12:26 AM |
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Patrick,
I've run MAKEEXE_SANUR.cmd after replacing Wkixcrpt.exe from a version downloaded from "http://home.wanadoo.nl/scripting". The file you've mentioned taken from "http://www.sgbit.demon.co.uk/kix/files" couldn't run.
...now the problem seems to be while running KASAI_SANUR_STARTER.kix nothing happens. For what I've understood I should see a messagebox displaying the admin-user and privileges.
If I run directly KASAI_SANUR_SCR2RUN.kix, which is mentioned on previous script, I've no problem. But when called fron within KASAI_SANUR_STARTER.kix, the console returns nothing
![[Frown]](images/icons/frown.gif){kind=icon}
Regards,
Mig21
| mig21 |
| (Fresh Scripter) |
| 2003-09-18 01:18 PM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Sorry foxes!
It was typo I had on "KASAI_SANUR_STARTER.kix"!
Iarghhh!
Sorry to post this stupid error!
Thanks to all,
Mig21
| MightyR1 |
| (MM club member) |
| 2003-09-19 12:12 AM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Jens,
I've looked at KSMS and I'm sure it works great. Challenge is that in me env. not all 'client' software is installed on all machines. By doing an install on demand my way, the software gets installed the fastest way.
The scheduletask is a nice option, but if you wanted to install the app immediately, there must be two things. 1 = really 'short' loop on server, 2 = exact time sync in env.
The first needs no explaining I guess. The second does.
What if your client runs a minute ahead of your server, and the server starts a now job at 11:59:45 (so execution time = 12:00:00)?
The job will never start on the client since it's time has been 12:00:00 already!!!
| Sealeopard |
| (KiX Master) |
| 2003-09-19 05:57 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
We have automatic time synchronization via Windows Time Service.
| Paul_Berquam |
| (Hey THIS is FUN) |
| 2003-09-24 02:42 AM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Nice demonstration for usage of Sanur Patrick. This will be much easier to use in the cases where I don't (or don't want to) have SU set up. Makes a lot more sense using the built-in Runas functionality anyway.
One note, it does not like being tested in paths with spaces, and encapsulating didn't seem to help.
| Sealeopard |
| (KiX Master) |
| 2003-09-24 04:54 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
See the FAQ Forum under Proper use of quotes and please do not hijack threads.
| jdogg |
| (Getting the hang of it) |
| 2003-09-24 05:10 PM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Sorry Sealeopard.
I have removed my post.
Thanks.
| ulro |
| (Fresh Scripter) |
| 2003-09-26 10:28 PM |
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Hi
I’ve tried to follow procedure as described here is what I’ve done:
In KASAI_SANUR_STARTER.kix I changed SUSER
Break on
$cmd=@scriptdir+'\wkix32.exe '+@scriptdir+'\kasai_sanur_scr2run.kix'
SetL 'SUSER=administrator'
SetL 'SCMD='+$cmd
Shell @scriptdir+"\KASAI_SANUR.exe"
Exit 0
And in MAKEEXE_SANUR.cmd changed SANUR_PASSWORD
wkixcrypt -f ".\WKIX32.EXE" -f ".\SANUR.EXE" -m "" -e """"%%KIXCRYPTDIR%%\wkix32.exe""" """%%KIXCRYPTFILE%%""" $SANUR_PASSWORD=hejmedig" ".\KASAI_SANUR.kix"
KASAI_SANUR.kix
KASAI_SANUR_SCR2RUN.kix I just copied...
The KASAI_SANUR.exe is created alright - but when I run KASAI_SANUR_STARTER.kix with a .bat looking like this:
@echo off
REM echo run MM6_11_d.exe
\CWTCPH06\multimark\KIX_install\Wkix32.exe \CWTCPH06\multimark\KIX_install\KASAI_SANUR_STARTER.kix
I do not get window showing admin-user and privilege.
What am I doing wrong??
| Paul_Berquam |
| (Hey THIS is FUN) |
| 2003-09-27 01:04 AM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
I ran into a couple problems when I tried it initially. Are you getting any sort of message at all?
Try running the MAKEEXE_SANUR.cmd with console version to make sure it's processing correctly.
Is the CWTCPH06 a server name? If so you may want to prefix it with a \\ instead of a single.
You may also want to rename your 'administrator' user to something else so it can't be brute-forced so easily
![[Smile]](images/icons/smile.gif){kind=icon}
| ulro |
| (Fresh Scripter) |
| 2003-09-29 10:54 AM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Thank you for amwsering Paul_Berquam !
I ran into a couple problems when I tried it initially. Are you getting any sort of message at all?
But how due i run the MAKEEXE_SANUR.cmd with console version ??
i've prefix the server CWTCPH06 with a \\ in my .bat
| Paul_Berquam |
| (Hey THIS is FUN) |
| 2003-09-29 10:59 AM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
To test it with the console you can just replace the wkixcrpt.exe with kixcrypt.exe in the .cmd file.
No errors after I sorted out my initial syntax issues (Due to the long file path since I was running it on my desktop).
| ulro |
| (Fresh Scripter) |
| 2003-09-29 11:22 AM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Hi agin
it seems to de running ok:
C:\kix>kixcrypt -f ".\WKIX32.EXE" -f ".\SANUR.EXE" -m "" -e """"%%KIXCRYPTDIR%%\
wkix32.exe""" """%%KIXCRYPTFILE%%""" $SANUR_PASSWORD=123456" ".\KASAI_SANUR.ki
x"
Crypting with KiXcrypt version 003.00b
KiXcrypt author: Richard Howarth (rhowarth@sgb.co.uk)
Encrypted file is ".\KASAI_SANUR.exe"
or ?
how come that i don't get the window showing admin-user and privilege.
@echo off
REM echo run MM6_11_d.exe
\\CWTCPH06\multimark\KIX_install\Wkix32.exe \\CWTCPH06\multimark\KIX_install\KASAI_SANUR_STARTER.kix
What am I doing wrong??
[ 29. September 2003, 15:05: Message edited by: ulro ]
| Kdyer |
| (KiX Supporter) |
| 2003-09-29 02:19 PM |
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Patrick,
Added to - Installing an Application as an Admin under the RunAS section.
One thing of notice in your original post, you list links like the following:
Sanur.exe (http://www.commandline.co.uk/sanur)
If you add a space after each parenthesis, you should get an active url -
Sanur.exe ( http://www.commandline.co.uk/sanur ), or you can type in the URL code by hand.
![[Wink]](images/icons/wink.gif){kind=icon}
Thanks,
Kent
[ 29. September 2003, 14:23: Message edited by: kdyer ]
| MightyR1 |
| (MM club member) |
| 2003-09-29 09:04 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
Kent,
thanks for the tip... I modified the post.
| Trish |
| (Fresh Scripter) |
| 2003-10-24 03:40 PM |
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
With the superstars on the forum:
>I have created the kasai_sanur.exe
>I run a batch file that runs the kasai_sanur_starter.kix
>I noted I required sanur.exe on the local PC.
If I log in as a Domain Admin and run the batch it works well.
>I receive my window Administrator (ADMIN)
>I receive my window from a locally created script and from the network script.
If I log in as a Domain User I don't receive my Admin window. Locally or from the network.
Note: Domain user has full rights to the local script.
Any thoughts to what I'm missing? Should I post my code? It's nearly the same as what you have posted under all other FAQ's.
My PC's are XP and I unfortunately still have a NT server base. No active directory.
Thanks.
| Sealeopard |
| (KiX Master) |
| 2003-10-25 02:27 PM |
|
|
|
Re: ADMIN install using Runas like SU... Scripted without console!!!
|
NEVER use a script that puts admin passwords in plain text into it! See the FAQ Forum for alternate options to install applications under an admin account.