Page 4 of 5 <12345>
Topic Options
#154100 - 2006-07-18 12:53 AM Re: RUNNAS - Tokenized Runas Utility
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Hello and welcome to the board lurker.

Let's see your code please as the entire script can be run without being seen so we need to see where you're code is not managing the feedback.
You should check for Admin rights too yourself if you do or don't want to run something based on current rights of the user.

Please use CODE TAGS and post your code for review.

Top
#154101 - 2006-07-18 05:16 AM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Hi imjin

The other thing, what OS are you running runnas on ? xp ? sp1 or sp2 ?

Top
#154102 - 2006-07-18 03:15 PM Re: RUNNAS - Tokenized Runas Utility
imjin Offline
Lurker

Registered: 2006-03-17
Posts: 4
I'm testing on XP SP2, but we've got 2000 SP4 out there as well. The 98 machines I just ignore, hoping they'll fall into a pit somewhere. Most of our user base are set as Power Users, so everything we'd need to use runnas would almost always require local admin to execute.

Here's the line I'm currently using that executes great, but in this sample I'm not trying to pipe the stdout anywhere, but because I have to do a "net localgroup" for every entry in the local administrators group, I've got 4 lines, each of which pops a dos window up, although it closes quickly. I put the Runnas.exe command in it's own function called RunAs($TargetApp) so I could shorten main line that calls it. Forgive the chr() commands... old VB habit and I have a few helpdesk techs that could be editing these scripts down the road and the multiple quote characters would probably throw them, and they'd leave out a triple-quote somewhere.

Code:
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\domain admins" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\integrators" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\schoolsmca" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\trfcmca" + Chr(34) + " /add")
;
Function RunAs($TargetApp)
Shell "%COMSPEC% /c runnas.exe /user:adminuserid " + Chr(34) + $TargetApp + Chr(34) + " /password:adminpassword"
EndFunction



Normally, in ScriptLogic's app launcher we'd call a batch file that sits in the netlogon folder that has several things in it pertaining to these "net localgroup" commands and a few other cacls folder permission setting entries, so if I could call the batch file on one line, all the better. This was actually the way I first started trying to do it, by executing the teacher.bat file using Runnas.exe, but because the results dos window would appear every time displaying the "net localgroup" errors, I switched to the method above since it as least hide the failed "net localgroup" messages. I've tried adding a " > NUL" to each line in the batch file, which does hide successful commmand results, but any failed commands that error out show up in the popup dos window.

I just played around with Howard Bullock's GrpMaint tool which I'm thinking may be easier to use by passing a member file to it. Then it just logs failed group membership additions and doesn't fly em across the screen like the command prompt method does.


Top
#154103 - 2006-07-18 03:46 PM Re: RUNNAS - Tokenized Runas Utility
bizcuts Offline
Fresh Scripter

Registered: 2006-07-04
Posts: 10
sorry for posting in here, but i cant seem to see the make new thread/post button...and i have a few things i need to ask?

"n00b!!!!" yes i know... green as green can be

any help would good

Top
#154104 - 2006-07-18 04:22 PM Re: RUNNAS - Tokenized Runas Utility
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Quote:


Tried adding " > NUL" to each line in the batch file, which does hide successful commmand results, but any failed commands that error out show up in the popup dos window.





To hide failed commands, add 2>NUL

Top
#154105 - 2006-07-18 04:48 PM Re: RUNNAS - Tokenized Runas Utility
imjin Offline
Lurker

Registered: 2006-03-17
Posts: 4
Always the last thing I seem to find... a typo.

If you're using Runnas.exe to fire off a batch file, is there a way to hide the DOS window the batch file spawns?


Edited by imjin (2006-07-18 07:12 PM)

Top
#154106 - 2006-11-09 04:26 PM Re: RUNNAS - Tokenized Runas Utility
rickscott Offline
Lurker

Registered: 2004-01-28
Posts: 3
Loc: x
Hi.. great utility..

I have a Q.

Is it possible to run the runnas.exe from network-drive like L:\folder\runnas.exe setup.tok??

Because when trying I get the following the error:
"RUNNAS: The system cannot find the path specified"

Thx..
Ejner

Top
#154107 - 2006-11-09 04:45 PM Re: RUNNAS - Tokenized Runas Utility
Björn Offline
Korg Regular
*****

Registered: 2005-12-07
Posts: 953
Loc: Stockholm, Sweden.
perhaps if you mapp it as the user you're trying to run it as, but best practise seems to be to run it locally, easiest at least.
Top
#154108 - 2006-11-09 04:46 PM Re: RUNNAS - Tokenized Runas Utility
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
What happens if you specify the full path to setup.tok?
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#154109 - 2006-11-09 05:20 PM Re: RUNNAS - Tokenized Runas Utility
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Quote:

Is it possible to run the runnas.exe from network-drive like L:\folder\runnas.exe setup.tok??




Tricky.

When you run in the context of another user you normally create a new environment, and that environment does not have the mapped drives of the session that you started the command in.

This means that the process is effectively orphaned from the drive on which it started, so of course cannot find the file to open it.

Clear?

Top
#170824 - 2006-11-29 12:57 PM Re: RUNNAS - Tokenized Runas Utility [Re: Richard H.]
darkblueturbo Offline
Lurker

Registered: 2006-07-24
Posts: 3
On a similar vain I'm getting the error "unknown command [runnas]" when trying the simple example script of "runnas /user:admin mmc"

I've tried runnas.exe and the full path to runnas.exe, as mentioned above, but still get the same error.

I'm obviously being quite thick here - the runnas.exe file is in the same directory as kix32.exe - so just wondered if anyone could help.

This is before I start looking at tokenizing files and suchlike, which is liable to get my very basic knowledge of Kix very condfused...

Thanks for any help guys...

Top
#174270 - 2007-02-26 04:42 PM Re: RUNNAS - Tokenized Runas Utility [Re: Shawn]
Huron Offline
Lurker

Registered: 2007-01-31
Posts: 1
I'm not usually active with posts on the board since I'm more of a silent reader, but in this case I wanted to make an exception to thank you personally Shawn.

I've been looking at 'the best way for me' to perform some actions with admin privs calling one loginscript from the other. And I've tested a whole bunch of tools/ways to do this.

But I'm impressed by the simplicity and quality of your RUNNAS.EXE tool.
I got it to work doing what I wanted in less than no time at all.

I was almost ready to start building my own runas tool, but I'm not going to reinvent the wheel since your tool has all I need.

I'm using this in a multi-site corporate environment with about 1000 workstations. And it's working like a charm.

Kudo's Shawn !

Greetz,

Huron.

Top
#180329 - 2007-09-10 04:57 AM Re: RUNNAS - Tokenized Runas Utility [Re: Huron]
babyjosef17 Offline
Lurker

Registered: 2007-09-10
Posts: 2
I need you help on this one pls.

I want to remotely install SAP on the network.

i wanted to make a bacth file, that later I can insert to the logon script.

I keep getting the error:

RUNNAS: Access is Denied.

here is my bat file for your review:

 Code:
  @Echo off
\\sgnas1\library\General\Install\SAP\runnas /user:username "sap.bat" /password:password


and here are the contents of that sap.bat:

 Code:
 
@Echo off
L:\General\Install\SAP\SapFrontEnd640\Setup\SapSetup /install /checkdb /p:"Mhis"


I also tried not using the sap.bat ang typing the installation command directly like so:

 Code:
\\sgnas1\library\General\Install\SAP\runnas /user:username "L:\General\Install\SAP\SapFrontEnd640\Setup\SapSetup /install /checkdb /p:"Mhis"" /password:password


but keep getting this error
Runnas: Cannot find the specified path

pls help is there anything wrong in the code or maybe some mo attributes to add. Thank you very much

Top
#180332 - 2007-09-10 05:27 AM Re: RUNNAS - Tokenized Runas Utility [Re: babyjosef17]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Network drives are mapped per user so I suspect there is no L: mapping for the elevated user.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#180340 - 2007-09-10 06:20 AM Re: RUNNAS - Tokenized Runas Utility [Re: Les]
babyjosef17 Offline
Lurker

Registered: 2007-09-10
Posts: 2
tnx for the reply.

That's the thing. L:\ drive is standard in all our workstation so every pc has it. Really having trouble with this one. \:\)

is there a way for runnas to lets say, use the instalation folder in the server machine? so i would not use a network drive folder anymore.

Top
#180341 - 2007-09-10 07:16 AM Re: RUNNAS - Tokenized Runas Utility [Re: babyjosef17]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
No, when you launch RUNNAS that has it's own profile and there is no mapping for it.

Please read through the examples and discussions in the RUNNAS thread and you hopefully will find the answer by understanding the process more.

Top
#180346 - 2007-09-10 01:28 PM Re: RUNNAS - Tokenized Runas Utility [Re: babyjosef17]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
Run your command, but add a
 Code:
Shell '%COMSPEC% /c Net Use > c:\mapped.txt'
to the beginning of it - you may be surprised by what you find in the file.

I would NOT use UNCs for installations - if you change the server or share, the program may have problems checking for updates and uninstall. I always map a drive during installations, and use a consistent drive letter, and have never had such issues since doing so.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#180347 - 2007-09-10 01:44 PM Re: RUNNAS - Tokenized Runas Utility [Re: Glenn Barnas]
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
also, your command line has double-quotes within double-quotes. may have to escape those inside quotes with the \ char ...

\\sgnas1\library\General\Install\SAP\runnas /user:username "L:\General\Install\SAP\SapFrontEnd640\Setup\SapSetup /install /checkdb /p:\"Mhis\"" /password:password

or you might try just removing those inside quotes


Edited by Shawn (2007-09-10 01:46 PM)

Top
#180367 - 2007-09-11 01:27 AM Re: RUNNAS - Tokenized Runas Utility [Re: Shawn]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
hmm...
could also try manual install.
it's always refreshing. \:\)
_________________________
!

download KiXnet

Top
#187026 - 2008-04-17 05:36 PM Re: RUNNAS - Tokenized Runas Utility [Re: Les]
Rixter Offline
Fresh Scripter

Registered: 2005-03-15
Posts: 15
Shawn,

I'm trying to use your RUNNAS to perform the MXLOGIN.CMD command file for Vista users to login to our network. My MXLOGIN.KIX runs fine but the portion before that using XCOPY is where I get stuck.

I've created an XCOPY.TOK file using the syntax: (using a real acct and password)
runnas /user:domainadmin "xcopy.exe" /pass:acctpwd /tok:xcopy.tok /logononly

Now I'm not at all sure how to take the XCOPY.TOK (which by the way is the version that comes with Vista) and actually incorporate it into my logon script.

Can you please help me out? Thanks VERY much!

MXLOGON.CMD:
@echo off
if exist %systemdrive%\kix32.exe goto logon
xcopy %0\..\*.exe c:\ >nul
:logon
REM %0\..\Kix32.exe %0\..\MXlogin.kix
%systemdrive%\Kix32.exe %0\..\MXlogin.kix
if errorlevel 1 copy %0\..\*.exe %systemdrive%\ >nul
exit

Top
Page 4 of 5 <12345>


Moderator:  Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 339 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.08 seconds in which 0.027 seconds were spent on a total of 15 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org