I'd like to run an OSX application with admin privileges, so the user would be asked first for his admin log/pass.
Is there a bash command or an applescript command that would allow me to do that ?
Sort of a sudo command but with a graphic dialog shown to the user, similar to what the Finder shows when asking permission to write files in restricted folders.
thanks !
(if by OSX application are you talking about the applescript one?)
In applescript, you can display a dialog that finder displays for the users login and password but this will not tell you the password, it will basically run a shell script as sudo:
do shell script "myadminshellcommand arguments" with administrator privileges
By adding "with administrator privileges" you are telling AppleScript to run a shell script in sudo with the users password
(Don't add sudo to the command)
to carry an application on any Mac, you have to ask for password
tell application "System Events"
set fullname to full name of current user
end tell
display dialog fullname & " Enter your password " default answer "" with hidden answer
set the adminpass to the text returned of the result
set PW to result
do shell script "echo " & quoted form of (fullname & " " & PW) user name fullname password PW with administrator privileges
tell application "System Events"
set TheUse to ("/Users/" & name of current user & "/Desktop/")
end tell
Related
The short and skinny is that I am trying to create a script for a self serve password reset script that can be delivered via our remote application program (in this case, 2X).
The current iteration of my script is as follows:
#ECHO OFF
SET passchange=%username%
ECHO Changing password for %passchange%
runas /profile /user:administrator "net user %passchange% * /domain"
PAUSE
I arrived at the current iteration because net user on its own returned "System Error 5 has occurred. Access Denied." As a result I am attempting to elevate the command using runas.
That elevation is also why I'm attempting to map a custom variable to a system variable, as when using runas, %username% maps to administrator instead of the logged in user. So what I'd like to do is find some way to lock that %passchange% variable.
Or maybe there's a better way to accomplish this so that it can be run as the user without the runas method of elevation? We do not plan to give users admin rights. Unless this is another permission issue?
I want to launch an exe file of my product (C:\ClassConnect\class_server.cmd) on user login.
I tried 2 solutions ( but nothing seems to work)
Solution 1 : ( Added Startup Shortcut )
It asks the user for UAC dialog, which obviously my users will not accept as its a spy app.
Solution 2 : ( Added batch to windows scheduler so that it runs for any user)
It runs fine with the administrator account but fails for other users.
Moreover I am not able to view scheduled tasks on other users
Please help. ( I want the batch to run on startup for all users on my machine)
I would recommend you to put your class_server.cmd file in the alluser start-up folder:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Or call your .cmd file via shortcut and runas in the start-up folder to solve the UAC problem. Follow this documentation: http://www.howtogeek.com/124087/how-to-create-a-shortcut-that-lets-a-standard-user-run-an-application-as-administrator/
After struggling my head for so many days, I finally found the answer for running the program as admin
I wrote the following batch file to run one of my system program in admin mode without UAC Popup( it auto Enters the admin password )
I wrote a batch file run.bat with following content => it then executes a vb script which waits for 5 second and keys in the password.
================run.bat Start========================
set USER_NAME="administrator"
set PASSWORD="test"
set PROGRAM_NAME="C:\\ClassConnect\\class_student.bat"
set "cm=cscript /B /nologo runas4.vbs %PASSWORD%"
%cm%
runas /profile /env /user:%USER_NAME% "%PROGRAM_NAME%"
================run.bat End========================
================runas4.vbs Start========================
Set objArgs = Wscript.Arguments
password=objArgs(0)
set WshShell = WScript.CreateObject("Wscript.Shell")
WScript.Sleep 5000
bWindowFound = WshShell.AppActivate("ClassConnect_Teacher")
WScript.Sleep 500
WshShell.SendKeys password
WshShell.SendKeys "{ENTER}"
set WshShell = nothing
================runas4.vbs End========================
The above script waits for 5 second and then enters the password for runas command thus I am able to run the script in admin mode.
If you are not sure about your access rights, download the isadmin.exe from internet.
if you do not have admin access on the system , activate the default disabled Administrator account. You can activate the account by using
net user administrator /active:yes
For resetting the default administrator password use:
net user administrator *
I am trying to schedule a vbs script to run with regular user rights. The script runs fine when logged in as the user, but when I try to run the script from the task scheduler as "Run whether user is logged on or not", it gets stuck on the following line:
Set IE = CreateObject("InternetExplorer.Application")
I have tried running it with "Run with highest privileges" checked and unchecked. I am running the program from task scheduler as:
program/script: "c:\windows\system32\cscript.exe"
arguments: "test.vbs"
start in: c:\
Here is the full code:
Set fso = WScript.CreateObject("Scripting.Filesystemobject")
set tfo = fso.createTextFile("c:\123.txt")
tfo.writeline("1")
Set IE = CreateObject("InternetExplorer.Application")
tfo.writeline("2")
tfo.close
output when ran as "Run only when user is logged on":
1
2
output when ran as "Run whether user is logged on or not":
1
additionally, the task will run correctly as "Run whether user is logged on or not" when using an admin account, but I cannot use an admin account as a solution.
You need to grant the user the "Log on as a batch job" privilege. This can be done either via GUI:
start gpedit.msc
navigate to Computer Configuration → Windows Settings → Security Settings → Local Policies → User Righst Assignment
double-click "Log on as a batch job" privilege
add the user account
click "OK" and close gpedit.msc
or on the commandline:
ntrights +r SeBatchLogonRight -u domain\username
ntrights.exe is part of the Windows Server 2003 Resource Kit Tools, but works on Windows 7 too. You don't have to install the whole package. Instead you can use e.g. 7-zip to open/unpack the rktools.msi inside the rktools.exe.
Edit: Since you already did that, the issue is probably that the script can't spawn a GUI application, because you don't have an interactive desktop when the user isn't logged on. Try adding some debugging code to your script:
...
On Error Resume Next
Set IE = CreateObject("InternetExplorer.Application")
If Err Then tfo.writeline Err.Number & vbTab & Err.Description
On Error Goto 0
...
A test-run of this code snippet gave me a "permission denied" error. Apparently limited users cannot create an IE instance in a scheduled task.
That said, what are you trying to achieve with the Internet Explorer object? Using an XMLHttpRequest might be a better approach for background tasks.
I am logging into the server as Administrator to winserver2008.
I created a script called: vbscript.vbs
The purpose of this script is to auto login to linux via putty, then perform command line task.
Dim Shell
Set Shell = CreateObject("WScript.Shell")
output = Shell.Run("C:\putty.exe 1.2.3.4 9321")
wscript.sleep(500)
Shell.Sendkeys "root" & VBCrLf
wscript.sleep(30)
Shell.Sendkeys "password" & VBCrLf
wscript.sleep(30)
When I manually click on vbscript.vbs to execute it, vbscript will fill in root and password to putty.
When I use windows scheduler call to vbscript.vbs to execute it, vbscript won't fill in root and password to putty.
I suspect some permission issue.
I already set putty.exe to run as administrator, allow administrator, administrators group permission for it, but still fail to work when call via windows scheduler.
=====
I just tried with the second scenario, send 2 to the windows calculator, fail too..
testcalc.vbs
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run "Calc.exe"
objShell.AppActivate "Calculator"
objShell.SendKeys "2"
Give up on trying to get SendKeys to work from a scheduled task, it's not going to happen. Instead simply pass the login and password on the command line:
output = Shell.Run("C:\putty.exe -l root -pw password 1.2.3.4 9321")
Alternatively do it with a session file and use -load.
If you are then going to execute commands over this connection then I believe you actually want plink rather than putty.
On windows machine(with Windows 7 running, x86-64) is it possible to open 'etc/hosts' file which is in system32/drivers/etc, modify it and save from ruby?
I get "not opened for writing(IOError)" error
The code is very simple
file = File.open("C:/Windows/System32/drivers/etc/hosts")
file << "new line"
Instead of trying to acquire privileges from code ( which maybe won't be portable across different windows OS'es ), do like this:
open a command prompt as an administrator
run your script from there
By doing like this, all the programs you're executing will have administrative privileges as well.
EDIT: This is your problem:
file = File.open("C:/Windows/System32/drivers/etc/hosts","w")
file << "new line"
You have to open the file in write mode.
My best work around is have ruby open an elevated command prompt when necessary. It will prompt the user for a password, but it is better than nothing.
username = `whoami`.chomp
run = "runas /noprofile /user:#{username} \"cmd /C #{cmd}\""
system(run)
cmd can be any command that you want to run with permissions. What I do to edit a host file is:
hosts_path = 'C:\windows\System32\drivers\etc\hosts'
hosts_file = File.open(host_path,'r') {|f| f.read}
...
--edit the hosts_file here--
...
cmd = "echo \"#{hosts_file}\" > #{hosts_path}"