Page 1 of 2 12>
Topic Options
#76648 - 2003-09-12 09:25 AM ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
SECURE INSTALLING STUFF USING RUNAS WITHOUT CONSOLE


The following shows an imho secure way of installing stuff on W2k and up using the RUNAS command, without the console prompting for a password.


PROCEDURE

1. Copy/Paste the codes and make the four files
2. Make sure the requirements are met (place all files in one folder)
3. Start the MAKEEXE_SANUR.cmd command file
4. Run the KASAI_SANUR_STARTER.kix script to see a messagebox displaying the admin-user and it's privileges


REQUIREMENTS

- Wkix32.exe ( http://www.kixtart.org/downloads/ )
- Wkixcrpt.exe ( http://www.sgbit.demon.co.uk/kix/files/ )
- Sanur.exe ( http://www.commandline.co.uk/sanur )
- User 'Deployer' with local admin rights and password '1234567890'
(change code if other user/password is desired)
- KASAI_SANUR.kix
- MAKEEXE_SANUR.cmd
- KASAI_SANUR_STARTER.kix
- KASAI_SANUR_SCR2RUN.kix


KASAI_SANUR.kix



SetL 'SPWD='+$SANUR_password

If Exist('%WINDIR%\system32\runas.exe')
    Sleep 1
    Shell '%COMSPEC% /c runas.exe /env /user:%%SUSER%% "%%SCMD%%" | '+@SCRIPTDIR+'\sanur.exe %%SPWD%%'
     If @ERROR
        $rc=WriteProfileString(@SCRIPTDIR+'\KASAI_SANUR.log',@DATE+' '+@TIME,'Cmd-result','-E- (EC=@ERROR) While executing --> %SCMD%.')
    EndIf
    Sleep 1
EndIf
Exit 0




MAKEEXE_SANUR.cmd



wkixcrpt -f ".\WKIX32.EXE" -f ".\SANUR.EXE" -m "" -e """"%%KIXCRYPTDIR%%\wkix32.exe""" """%%KIXCRYPTFILE%%""" $SANUR_PASSWORD=1234567890" ".\KASAI_SANUR.kix"




KASAI_SANUR_STARTER.kix



Break on
$cmd=@scriptdir+'\wkix32.exe '+@scriptdir+'\kasai_sanur_scr2run.kix'
SetL 'SUSER=Deployer'
SetL 'SCMD='+$cmd
Shell @scriptdir+"\KASAI_SANUR"
Exit 0




KASAI_SANUR_SCR2RUN.kix



$rc=MessageBox("@userid (@priv)","")
Exit 0






Example for rolling out the MSO03-039 patch:


;****************************************************************************
;SCRIPT/FUNCTION : HotFix.kix
;
;ACTION          : Installs hotfixes
;
;AUTHOR          : Patrick Rutten (MightyR1@hotmail.com)
;
;CONTRIBUTORS    : 
;                 
;
;SCRIPT VERSION  :
;                  1.0.0.0 - 2003-09-12
;                    Initial Release
;
;SYNTAX          : -
;
;PARAMETERS      : -
;
;RETURNS         : -
;
;REMARKS         : -
;
;DEPENDENCIES    : KASAI_SANUR.exe
;
;EXAMPLE(S)      : -
;
;KNOWN ISSUES    : -
;
;KIXTART VERSION : -

;KIXTART BBS     : -
;
;****************************************************************************
;
;

;Enable Break to allow killing the script without logoff
Break on

;Set some global options
$rc=SetOption('NoVarsInStrings','ON')
$rc=SetOption('Explicit','ON')

;Declare variables
Dim $SecSrc,$Hotfix,$HotfixExe,$HotfixChk,$Parms

;Assign Variables
$SecSrc='\\HOTFIXSERVER\Security$'

;MS03-039: A Buffer Overrun in RPCSS May Allow Code Execution
;http://support.microsoft.com/?kbid=824146
$Hotfix='Q824146'

$HotfixExe=HfExe($Hotfix)
$HotfixExe=$SecSrc+'\'+$Hotfix+'\'+$HotfixExe
$Parms=' /q /u /z'

$HotfixChk=GetFileVersion('%windir%\system32\Rpcrt4.dll','Productversion')

Select
    ;W2k
    Case InStr(@PRODUCTTYPE,'Windows 2000') AND $HotfixChk<>'5.0.2195.6802'
        $rc=ApplyHotfix($HotfixExe,$Parms)
    ;Wxp
    Case InStr(@PRODUCTTYPE,'Windows XP') AND ($HotfixChk<>'5.1.2600.109' OR $HotfixChk<>'5.1.2600.1254')
        $rc=ApplyHotfix($HotfixExe,$Parms)
EndSelect

;Exit the script
Exit 0

;****************************************************************************
;
;ADDITIONAL FUNCTIONS
;
;
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Function HfExe($Hf)
    Select
        Case InStr(@PRODUCTTYPE,'Windows 2000')
            $HfExe=$Hf+'-W2K-'
        Case InStr(@PRODUCTTYPE,'Windows XP')
            $HfExe=$Hf+'-WXP-'
        Case 1
            $HfExe=0
    EndSelect
    Select
        Case @SYSLANG = '0413DUTCH'
            $HfExe=$HfExe+'NLD.exe'
        Case @SYSLANG = '0409ENGLISH'
            $HfExe=$HfExe+'ENU.exe'
        Case 1
            $HfExe=0
    EndSelect
EndFunction

Function ApplyHotfix($Exe,$Par)
    Dim $KASAI_SANUR
   
    $KASAI_SANUR='\\HOTFIXSERVER\Security$\KASAI_SANUR\KASAI_SANUR.exe'
   
    If Exist($Exe)
        SetL 'SUSER=Deployer'
        SetL 'SCMD='+$Exe+$Par
        Shell $KASAI_SANUR
    EndIf
EndFunction



[ 29. September 2003, 21:04: Message edited by: MightyR1 ]
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
#76649 - 2003-09-12 04:34 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Anonymous
Unregistered


MightyR1, I checked it out.....geez its so long. I'm looking to have the lines of code remain in the script to ensure that machines get the update, I have a lot of laptops that are out in the field for weeks at a time. See what I have below so far....was able to get TQCRunAs to work. Just need to be able to register a .dll on a users PC. The key exists parts are for testing, will be removed. The XP part works great, am working on the 2K now...

code:
Select
Case @PRODUCTTYPE = "Windows XP Professional"
$ReturnCode = ExistKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824146")
If $ReturnCode = 0
? "Win XP Key exists...."
Else
? "Win XP Not Installed...."
Run "%COMSPEC% /c \\gtb1\os\KB824146\WindowsXP-KB824146.tqc"
MessageBox("A Windows Critical Update is being installed to your PC. Once finished, a restart may be required.","Windows Critical Update KB824146",64,30)
EndIf
Case @PRODUCTTYPE = "Windows 2000 Professional"
$ReturnCode = ExistKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB824146")
If $ReturnCode = 0
? "Key exists...."
Else
? "Not Installed...."
MessageBox("A Windows Critical Update is being installed to your PC. Once finished, a restart may be required.","Windows Critical Update KB824146",64,30)

EndIf
EndSelect

Exit


Top
#76650 - 2003-09-12 08:14 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Nice script Patrick...Now if it weren't for those blasted NT4 workstations... [Mad]
Top
#76651 - 2003-09-13 07:57 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
Shane,

how about:



if @inwin=1 and instr(@producttype,'NT')
    $rc=Messagebox('You have an outdated computer.'+' Ask your boss for a new one.'+
    @crlf+@crlf+'Until you have got one, go home...')
endif



Should work...
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
#76652 - 2003-09-13 08:14 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
MODS,

May this info be an addon to the Installing an Application as an Admin FAQ???

[ 13. September 2003, 20:15: Message edited by: MightyR1 ]
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
#76653 - 2003-09-14 02:40 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
*bump*

MODS ???
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
#76654 - 2003-09-16 03:05 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Johan van Huyssteen_dup1 Offline
Fresh Scripter

Registered: 2003-08-28
Posts: 22
Loc: RSA
Can you use domain admins in the user portion
Top
#76655 - 2003-09-16 11:40 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
Johan,

In my example the 'deployer' user is a normal domain user placed in a domain group localadm, which is a member of the local admininistrators group.
Since domain admins are members of the local admins by default, my guess is it will work.

Try it out and let us know...
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
#76656 - 2003-09-17 06:27 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
mig21 Offline
Fresh Scripter

Registered: 2000-07-13
Posts: 21
Loc: Lisbon, Portugal
Hi there!

While running "makeexe_sanur.cmd" nothing happens!

I've downloaded the requested files and putted in the same directory. Then I changed user/passwd on requested scripts.
I noticed one space before $SANUR_PASSWORD=1234567890 is it so? Or is a typo?
The Kix version is 4.20.

Any thoughts will be appreciated!
Thx,

Mig21

Top
#76657 - 2003-09-17 08:55 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Hmm, I still don't see a reason to not use the Task Scheduler for these things.
_________________________
There are two types of vessels, submarines and targets.

Top
#76658 - 2003-09-17 09:31 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
Mig,

checked and no type errors... These codes work for me.

Jens,

challenge was to install stuff from within logon proces. Scheduletask is not allowed by normal users... This method is also a good start of installing applics on demand!

[ 17. September 2003, 21:32: Message edited by: MightyR1 ]
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
#76659 - 2003-09-17 11:25 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Login script sends install request to KiXtart script running on admin server, which checks for requests on a regular basis. If request is detected it sends back a scheduled task to install and removed the request from the queue (.e.g .INI file).

BTW, whenever I install something I reboot the system right after as a precaution. That's why my installs normally happen during nighttime hours.

KSMS, BTW, demonstrates this behavior. I don't have any application that is so important that it must be installed during the login process.
_________________________
There are two types of vessels, submarines and targets.

Top
#76660 - 2003-09-19 12:26 AM Re: ADMIN install using Runas like SU... Scripted without console!!!
mig21 Offline
Fresh Scripter

Registered: 2000-07-13
Posts: 21
Loc: Lisbon, Portugal
Patrick,

I've run MAKEEXE_SANUR.cmd after replacing Wkixcrpt.exe from a version downloaded from "http://home.wanadoo.nl/scripting". The file you've mentioned taken from "http://www.sgbit.demon.co.uk/kix/files" couldn't run.

...now the problem seems to be while running KASAI_SANUR_STARTER.kix nothing happens. For what I've understood I should see a messagebox displaying the admin-user and privileges.
If I run directly KASAI_SANUR_SCR2RUN.kix, which is mentioned on previous script, I've no problem. But when called fron within KASAI_SANUR_STARTER.kix, the console returns nothing [Frown]

Regards,
Mig21

Top
#76661 - 2003-09-18 01:18 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
mig21 Offline
Fresh Scripter

Registered: 2000-07-13
Posts: 21
Loc: Lisbon, Portugal
Sorry foxes!

It was typo I had on "KASAI_SANUR_STARTER.kix"!
Iarghhh!
Sorry to post this stupid error!

Thanks to all,
Mig21

Top
#76662 - 2003-09-19 12:12 AM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
Jens,

I've looked at KSMS and I'm sure it works great. Challenge is that in me env. not all 'client' software is installed on all machines. By doing an install on demand my way, the software gets installed the fastest way.

The scheduletask is a nice option, but if you wanted to install the app immediately, there must be two things. 1 = really 'short' loop on server, 2 = exact time sync in env.

The first needs no explaining I guess. The second does.
What if your client runs a minute ahead of your server, and the server starts a now job at 11:59:45 (so execution time = 12:00:00)?
The job will never start on the client since it's time has been 12:00:00 already!!!
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
#76663 - 2003-09-19 05:57 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
We have automatic time synchronization via Windows Time Service.
_________________________
There are two types of vessels, submarines and targets.

Top
#76664 - 2003-09-24 02:42 AM Re: ADMIN install using Runas like SU... Scripted without console!!!
Paul_Berquam Offline
Hey THIS is FUN

Registered: 2000-08-02
Posts: 310
Loc: Sacramento, CA USA
Nice demonstration for usage of Sanur Patrick. This will be much easier to use in the cases where I don't (or don't want to) have SU set up. Makes a lot more sense using the built-in Runas functionality anyway.

One note, it does not like being tested in paths with spaces, and encapsulating didn't seem to help.
_________________________
He was a good little monkey and always very curious...

Top
#76665 - 2003-09-24 04:54 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
See the FAQ Forum under Proper use of quotes and please do not hijack threads.
_________________________
There are two types of vessels, submarines and targets.

Top
#76666 - 2003-09-24 05:10 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
jdogg Offline
Getting the hang of it

Registered: 2003-09-11
Posts: 91
Loc: RTP, North Cakalaka, USA
Sorry Sealeopard.
I have removed my post.
Thanks.

Top
#76667 - 2003-09-26 10:28 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
ulro Offline
Fresh Scripter

Registered: 2003-09-25
Posts: 9
Loc: Denmark
Hi

I’ve tried to follow procedure as described here is what I’ve done:

In KASAI_SANUR_STARTER.kix I changed SUSER
Break on
$cmd=@scriptdir+'\wkix32.exe '+@scriptdir+'\kasai_sanur_scr2run.kix'
SetL 'SUSER=administrator'
SetL 'SCMD='+$cmd
Shell @scriptdir+"\KASAI_SANUR.exe"
Exit 0

And in MAKEEXE_SANUR.cmd changed SANUR_PASSWORD
wkixcrypt -f ".\WKIX32.EXE" -f ".\SANUR.EXE" -m "" -e """"%%KIXCRYPTDIR%%\wkix32.exe""" """%%KIXCRYPTFILE%%""" $SANUR_PASSWORD=hejmedig" ".\KASAI_SANUR.kix"

KASAI_SANUR.kix
KASAI_SANUR_SCR2RUN.kix I just copied...

The KASAI_SANUR.exe is created alright - but when I run KASAI_SANUR_STARTER.kix with a .bat looking like this:

@echo off
REM echo run MM6_11_d.exe

\CWTCPH06\multimark\KIX_install\Wkix32.exe \CWTCPH06\multimark\KIX_install\KASAI_SANUR_STARTER.kix

I do not get window showing admin-user and privilege.

What am I doing wrong??

Top
Page 1 of 2 12>


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.034 seconds in which 0.011 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org