I have an openvpn server running on a windows 10 host. The openvpn server config has a parameter -auth-user-pass-verify which allows you to specify a script that will receive a login username and password in the form of a temporary file.
In the .bat file I capture the username and pass as follows
set /A count=0
for /F "tokens=*" %%A in (%~1) do (
if !count!==1 (
set password=%%A
set /A count=2
)
if !count!==0 (
set username=%%A
set /A count=1
)
)
This part works and is verified, both when the script is run by myself and when it is called by openvpn. I then call an external .exe to verify the password.
for /f %%i in ('c:\"Program Files"\OpenVPN\config\foo\foo.exe %password%') do set RESULT=%%i
Now this last parts works when I call the .bat from command prompt myself, but it fails when the .bat is run by openvpn -- nothing is written to "RESULT". I don't even know if the exe is being called at all.
I have tried openvpn server with admin privileges. I have tried --script-security 2 and 3. Openvpn documentation says it calls the script "as a shell command" for what it's worth.
Try this:
for /f %%i in ('"c:\Program Files\OpenVPN\config\foo\foo.exe" %password%') do set RESULT=%%i
Related
I'm trying to create a batch file to automate vnc connections, this is what i came up with:
#echo off
:Begin
set "PASS=123"
set /p IP=Enter IP Address:
echo Connecting...
start /d "C:\Program Files (x86)\UltraVNC\" VNCVIEWER.EXE %IP%
goto Begin
problem is that the program comes up with a second pop up display for the password which is always 123 but i don't know how to make that automatic too, once the process is open how do i make the batch file enter the password as well automatically ?
I have a batch script in Windows7 to update the hosts file that fails.
I am logged as a user with administrative rights.
Even if I run the script with the "Run as administrator" option I get Access denied. 0 files copied when executing this part of the script:
for /f "tokens=1-2 delims=:" %%a in ('ipconfig^|find "IPv4"') do set ip=%%b
set ip=%ip:~1%
REM create changing part of hosts file...
if exist %temp%\temp.txt del %temp%\temp.txt
echo %ip% myproxy >> %temp%\temp.txt
REM check this...
set hostpath=C:\WINDOWS\system32\drivers\etc
REM add static part of hosts file
type "%hostpath%\hosts-static" >> %temp%\temp.txt
REM replace hosts file
copy /y %temp%\temp.txt "%hostpath%\hosts"
ipconfig /flushdns
netsh interface IP delete arpcache
pause
I also tried to create a shortcut and set the "Advanced -> Run as Administrator" option but no luck.
If I open a cmd shell as Administrator and then run the script from there everything works fine, but no way of running it directly double-clicking on the file (or its link).
Any idea?
EDIT:
added the whole script.
I tried creating a shortcut for the following command to execute as Administrator
C:\Windows\System32\cmd.exe /c script.bat
and it is also failing.
From the same shortcut (without arguments) I can open a window where I can execute the batch correctly. I really cannot see why.
Obviously a late response, but just solved this issue with a very straightforward solution so I thought I'd share:
Using ICACLS you can modify access control lists (ACLs) to bypass access denied errors.
Run the following command:
ICACLS C:\path\to\batch\file\directory\* /C
the parameter /C tells the batch file to bypass access denied errors. Cheers.
Try attrib -r -s -h -a "%hostpath%\hosts" before your copy command. If any file is attributed +r, +s, or +h, you'll get "Access is denied" if you try to overwrite it using copy.
i have looked around a fair bit, but cant seem to find an answer to this.
I am creating a script that is a part of the off boarding process for our company. As part of the process, it grants permssion for another user to access the exiting users profile share (working fine). The next part will map a network drive remotely (im having trouble with this. I am using PSEXEC to dispatch a bat script which maps the users drive:
#echo off
::Welcome note
echo Welcome to the User EXIT script!
:Start
:: set variable to be used throughout script for the username of the person exiting.
set /p uname="Please enter the username for exit:"
set /p cleanupu="Please enter the username for homedrive & mailbox cleanup:"
set /p computermap="Please enter the Computer to clean up the Homedrive:"
echo The username for exit is: %uname%
echo The username that is cleaning up is: %cleanupu%
echo The computer for the homedrive to be mapped to is %computermap%
set /P c=Is this correct [Y/N]?
if /I "%c%" EQU "Y" goto :init_confirm
if /I "%c%" EQU "N" goto :start
:init_confirm
::confirmation....
echo This script will exit the user: %uname%
pause
icacls "\\server\home$\%uname%" /grant DOMAIN\%cleanupu%:(OI)(CI)F
pause
echo net use z: \\server\home$\%uname%\ > map_temp.bat
psexec \\%computermap% -c -i -d map_temp.bat
pause
exit
This will copy the file to the remote computer and open up a blank command prompt window.
Can anyone see why this wont actually run map_tem.bat?
cheers
I am using the sc command to remotely restart a process under runas. This works perfectly with a service that has no spaces, but if it has spaces, forcing me to use ' inside the runas "command" quotes, it fails and cannot find the service.
I have already checked the properties of this particular service to ensure the service name (it is the same as the display name).
#ECHO OFF
REM Prompt for Domain & Username. Password will be prompted when run.
set /P Domainn=Enter Domain Name:
set /P Usern=Enter Username:
set service=workingservice
REM set service='Not a working service'
REM Define Start Stops
set userrunasstop=runas /profile /user:%domainn%\%usern% "sc \\%domainn% stop %service%"
set userrunasstart=runas /profile /user:%domainn%\%usern% "sc \\%domainn% start %service%"
:optionmenu
CLS
ECHO 1 - Stop Service
ECHO 2 - Start Service
ECHO q - Quit
ECHO.
set /P optionnum=Enter command number:
GOTO option%optionnum%
:option1
REM Stop Client
%userrunasstop%
goto optionmenu
:option2
REM Start Client
%userrunasstart%
goto optionmenu
:optionq
EXIT
This script works great as shown, but when I comment out set service=workingservice and un-comment set service='Not a working service it doesn't work. Also, if I use runas to open its open cmd.exe, I can then successfully run the sc command with quotes around the service name.
I have set up a workaround for this issue by opening up a new command prompt under runas. And in the new command prompt calling another bat file that executes the sc stop service command. This removes the multiple quoting that was causing the error.
I am still working on passing variables from the runas batch file to the sc batch file to allow the %domain% variable to be input into the sc command.
File runas.bat
set /P Domainn=Enter Domain Name:
set /P Usern=Enter Username:
runas /profile /user:%domainn%\%usern% "cmd sc.bat"
File sc.bat (minus all the frills in the original script)
set service='Service with spaces'
sc \\domainname stop %service%
I am trying to write a windows batch script which detects if it runs under system user to launch an other application. The application needs to run as system. But the batch file launching it will be called by an Admin user.
Here is what I have now:
IF "%USERPROFILE:~-13%" == "systemprofile" (
PUSHD "%~dp0\.."
CALL "init some variables"
CALL "my command" %*
POPD
) ELSE (
FOR %%X IN (psexec.exe) DO (SET FOUND=%%~$PATH:X)
IF DEFINED FOUND (
CALL psexec -s %0 %*
) ELSE (
ECHO Must be run as user SYSTEM
ECHO If psexec is in PATH, it will be automatically used.
)
)
For now I check %USERPROFILE% but I guess it is a bad way to do that.
When launching my script with psexec -s, echo %USERNAME% gives the name of the server with a $ at the end.
What is the best way to know if the batch script is running on system user?
Maybe there is a better alternative to achieve that?
Thank you
If you mean running with administrator privileges you can check with something like this:
OPENFILES >nul 2>nul
IF ERRORLEVEL 1 (
COLOR CF
ECHO.You must 'Run as administrator'
PAUSE
GOTO :eof
)
Note that the
2>nul is needed because 2012 Server and Windows 8 return ERRORLEVEL 0 but output "ERROR: Unable to retrieve data."
I don't think it is right that a command returns an error code of 0 but still outputs to STDERR, but...