#160600 - 2006-04-10 08:45 PM
Logon script won't run as admin
|
matthewst
Getting the hang of it
Registered: 2005-01-26
Posts: 89
|
I am calling a script from within a logon script. The called script won't run powercfg. It runs fine when I logon as admin, but it says "You do not have permission...." if I logon as a user.
In my network only admins are allowed to adjust the power configuration.
here is some of the logon script Code:
call "\\server\share\power.kix"
then power.kix runs but gives me the permission error Code:
shell 'powercfg /CREATE Power_Scheme' shell 'powercfg /SETACTIVE Power_Scheme' shell 'powercfg /CHANGE Power_Scheme /monitor-timeout-ac 15'
|
Top
|
|
|
|
#160601 - 2006-04-10 08:55 PM
Re: Logon script won't run as admin
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
ok. That sounds right, what is the problem?
|
Top
|
|
|
|
#160603 - 2006-04-10 09:00 PM
Re: Logon script won't run as admin
|
matthewst
Getting the hang of it
Registered: 2005-01-26
Posts: 89
|
The script processes but doesn't change anything. How can I get this script to run as admin when the users are logging on? I thought all logon scripts ran with admin permissions.
|
Top
|
|
|
|
#160604 - 2006-04-10 09:10 PM
Re: Logon script won't run as admin
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
nope, all scripts run as the user that logs on... that is how a user gets their network drives.
Hoops must be gone through to give a user admin privledges for installing apps and such
|
Top
|
|
|
|
#160606 - 2006-04-10 09:27 PM
Re: Logon script won't run as admin
|
Witto
MM club member
Registered: 2004-09-29
Posts: 1828
Loc: Belgium
|
If I understand well, you want to change the power scheme of a user. I think there are two easy ways to do this.
- Via GPO: EZ GPO Tool
- Via login script: just change "HEY_CURRENT_USER\Control Panel\PowerCfg","CurrentPowerPolicy" to the desired value
|
Top
|
|
|
|
#160610 - 2006-04-11 03:44 PM
Re: Logon script won't run as admin
|
matthewst
Getting the hang of it
Registered: 2005-01-26
Posts: 89
|
I think just using runas is they way to go for me.
Code:
Run 'runas /user:USERNAME "powercfg /SETACTIVE POWER_SCHEME"' $ReturnCode = SendKeys("PASSWORD") $ReturnCode = SendKeys("{ENTER}")
But when I run this a box flashes on the screen to quick for me to read and the power scheme remains unchanged. The output in the original dosbox is:
C:\drive>pwrcfg.kix Enter the password for USERNAME: Attempting to start powercfg /SETACTIVE POWER_SCHEME as user "COMPUTERNAME\USERNAME"...
C:\drive>
|
Top
|
|
|
|
#160612 - 2006-04-11 03:59 PM
Re: Logon script won't run as admin
|
matthewst
Getting the hang of it
Registered: 2005-01-26
Posts: 89
|
sorry still learnin
|
Top
|
|
|
|
#160613 - 2006-04-11 04:11 PM
Re: Logon script won't run as admin
|
matthewst
Getting the hang of it
Registered: 2005-01-26
Posts: 89
|
This works: Code:
RUN "runas /user:USERNAME notepad.exe" $ReturnCode = SendKeys("PASSWORD") $ReturnCode = SendKeys("{ENTER}")
But not this: Code:
Run "runas /user:USERNAME powercfg /SETACTIVE POWER_SCHEME" $ReturnCode = SendKeys("PASSWORD") $ReturnCode = SendKeys("{ENTER}")
|
Top
|
|
|
|
#160614 - 2006-04-11 04:20 PM
Re: Logon script won't run as admin
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
have you read up on RUNAS?
make a bat file and RUNAS it.
|
Top
|
|
|
|
#160616 - 2006-04-11 04:45 PM
Re: Logon script won't run as admin
|
matthewst
Getting the hang of it
Registered: 2005-01-26
Posts: 89
|
OOHHH!!! I must have missed that one. OK, I'll have to go about this a different way.
|
Top
|
|
|
|
#160618 - 2006-04-13 04:04 PM
Re: Logon script won't run as admin
|
matthewst
Getting the hang of it
Registered: 2005-01-26
Posts: 89
|
Thanks everyone and thanks to drillsergeant for the link.
Here is how I finally made it work.
The login script calls runas.kix Code:
RUN "runas /user:Admin cmd" $ReturnCode = SendKeys("password") $ReturnCode = SendKeys("{ENTER}")
SHELL '%COMSPEC% /C "pwrcfg.bat"' SLEEP 3 $ReturnCode = Sendkeys("exit") $ReturnCode = SendKeys("{ENTER}")
RUN "cmd" $ReturnCode = SendKeys("powercfg /Create ") $ReturnCode = SendKeys('"') $ReturnCode = SendKeys("Power_Scheme") $ReturnCode = SendKeys('"') $ReturnCode = SendKeys("{ENTER}")
$ReturnCode = SendKeys("powercfg /SetActive ") $ReturnCode = SendKeys('"') $ReturnCode = SendKeys("Power_Scheme") $ReturnCode = SendKeys('"') $ReturnCode = SendKeys("{ENTER}")
$ReturnCode = SendKeys("powercfg /Change ") $ReturnCode = SendKeys('"') $ReturnCode = SendKeys("Power_Scheme /monitor-timeout-ac 15") $ReturnCode = SendKeys('"') $ReturnCode = SendKeys("{ENTER}")
$ReturnCode = SendKeys("powercfg /Hibernate off") $ReturnCode = SendKeys("{ENTER}")
$ReturnCode = SendKeys("exit") $ReturnCode = SendKeys("{ENTER}")
runas.kix calls pwrcfg.bat Code:
setacl.exe -on "\\%computername%\HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Controls Folder\PowerCfg\GlobalPowerPolicy" -ot reg -actn ace -ace "n:%computername%\users;p:full" setacl.exe -on "\\%computername%\HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies" -ot reg -actn ace -ace "n:%computername%\users;p:full" setacl.exe -on "\\%computername%\HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Controls Folder\PowerCfg" -ot reg -actn ace -ace "n:%computername%\users;p:full"
I just need to have pwrcfg.bat, runas.kix, and SetACL.exe in the same directory. I'm also going to have the script to remove the permissions once the changes have been made.
P.S. Before I deploy runas.kix I plan on kixcrypting it so no one can trace it down and view the password.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 248 anonymous users online.
|
|
|