I often run cmd shell using runas with multiple domain accounts, how could I get the domain name from the shell that was running under a different domain account?
Example:
C:\>echo %userdomain%
DOMAIN1
C:\>runas /netonly /user:DOMAIN2\USER cmd
Enter the password for DOMAIN2\USER:
Attempting to start cmd as user "DOMAIN2\USER" ...
Now on the new shell which is running as DOMAIN2\USER still gives me the %userdomain% output as DOMAIN1. Is there a way I could get the domain of runas account?
This is the expected behavior of RunAs when used with the /netonly parameter.
Using /netonly allows you to run your command/application/shell with your user (DOMAIN1\USER), while authenticating over the network with another user (DOMAIN2\USER).
From Microsoft Documentation:
/netonly Indicates that the user information specified is for remote access only. This parameter cannot be used with the /profile parameter.
You can however open the new cmd.exe prompt with a command that will set a variable you can then use... for example:
runas /netonly /user:DOMAIN2\USER "cmd /K SET NETONLYUSER=DOMAIN2\USER"
So you can access this variable in the new cmd.exe with %NETONLYUSER%
I have a script which has to run from an administrator level powershell/cmd prompt
Why? Because it has to use logman to get windows counters
Problem: The software for which I want to log the windows counters for has to be started with regular user level rights.
I've seen that there are lots of examples on how to run as Administrator
I don't see any on running as Regular User
Launch exe file
Start Logman (Admin level)
Run Bat File to Open Program
Bat File should run with regular user level priv's
I had a look at using RUNAS but that requires password entry, which I don't want.
Is there some other way on windows to delevate?
you could use psexec
psexec -l powershell.exe -executionpolicy unrestricted -noexit -file c:\temp\checkelevated.ps1
-l : Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity.
I am trying to create a shortcut that would take credentials from the credential manager, like so
cd C:\code\Kodex-1.4.3\EPD_Prerequisite\Anaconda2\
$line1 = "cd C:\Code\EPMD\Kodex-1.4.4\Applications\Bin\EpmdTaskManager"
$line2 = "start EpmdTaskManagerGui.exe hide"
$line1 | out-file auto1.bat -Encoding Ascii
$line2 | Out-File -append auto1.bat -Encoding Ascii
$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("C:\Users\matanv.HOBART\Desktop\Kodex 1.4.4.lnk")
$Shortcut.TargetPath = """C:\WINDOWS\system32\runas.exe"""
$argA = "/user:%computername%\Admin /savecred"
$argB = """C:\code\Kodex-1.4.3\EPD_Prerequisite\Anaconda2\auto.bat"""
$Shortcut.Arguments = $argA + " " + $argB
$Shortcut.Save()
This works fine, with one problem: The first time I run the script, I get promted for password.
I want to never get prompted for password, and to store it in the credential manager using some (maybe other) script.
How can it be done?
Thanks
Moving from comment to here for OP
Here's the thing to keep in mind with this savecred thing. It's really dangerous, depending on where you are using it. Once you do it, like you've noted, AL you have to do is pass the account name and never get prompted, which means, anyone with even the simplest of skills, could walk up to and take over this machine, even if you delete the shortcut that started it, those creds are always live, and once can create any shortcut, set the properties, and they are off to the races.
Hence, though savecred is really convenient, it should be limited to only machines in absolute control of the person using it. For Example.
Anyway, you an get creds into CredMan, without using RunAs /SaveCred, yes, even with PowerShell. The a many scripts online to show you how, even ones directly from the TechNet Powershell Gallery, and the MS powershellgallery.com.
How to add credentials to the Windows Vault (PowerShell)
This PowerShell script shows how add credentials for specific users.
Download : addwindowsCredential.zip
CredentialManager 2.0
From powershellgallery.com, via your PowerShell session.
Find-Module -Name '*credentialmanager*' | Format-Table -AutoSize
Version Name Repository Description
------- ---- ---------- -----------
2.0 CredentialManager PSGallery Provides access to credentials in the Windows Credential Manager
1.1.1.0 IntelliTect.CredentialManager PSGallery Provides an easy-to-use interface to the Windows Credential Manager via PowerShell.
1.0.9 pscredentialmanager PSGallery This module allows management and automation of Windows cached credentials.
1.0.0.0 BAMCIS.CredentialManager PSGallery Provides a PowerShell wrapper around the Windows Credential Manager Win32 APIs.
See also:
Manipulate credentials in the Windows 8/2012 PasswordVault using Powershell
This module demonstrates how to use the new Windows 8/2012
PasswordVault API from Powershell.
Download : PasswordVault.psm1
You can also do this with the built-in cmdkey.exe
Creates, lists, and deletes stored user names and passwords or
credentials.
But you would need to run in the user context to do this, and that is what MS SysInternals PSExec can provide. Just create a ScheduledTask for RunOnce / at startup to fire off the command to do this.
OK, I digress. So, all-in-all, there are a few ways to set up Kiosk Mode on windows and MS has documented Kiosk mode for some time now
(You don't say what OS you are targeting - as similar articles exits for them).
For Win 10 it is here:
Set up a single-app kiosk
The above provides direct instructions how to set this mode up in PowerShell, snippet of those steps below, but be sure to read the entire document.
Set up a kiosk using Windows PowerShell
App type: UWP OS edition: Windows 10 Pro, Ent, Edu Account type: Local
standard user
You can use any of the following PowerShell cmdlets to set up assigned
access on multiple devices. Before you run the cmdlet:
Log in as administrator.
Create the user account for Assigned Access.
Log in as the Assigned Access user account.
Install the Universal Windows app that follows the assigned
access/above the lock guidelines.
Log out as the Assigned Access user account.
Log in as administrator.
To open PowerShell on Windows 10, search for PowerShell and find
Windows PowerShell Desktop app in the results. Run PowerShell as
administrator.
# Configure assigned access by AppUserModelID and user name
Set-AssignedAccess -AppUserModelId <AUMID> -UserName <username>
# Configure assigned access by AppUserModelID and user SID
Set-AssignedAccess -AppUserModelId <AUMID> -UserSID <usersid>
# Configure assigned access by app name and user name
Set-AssignedAccess -AppName <CustomApp> -UserName <username>
# Configure assigned access by app name and user SID
Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
Note To set up assigned access using -AppName, the user account that
you specify for assigned access must have logged on at least once.
Learn how to get the AUMID. Learn how to get the AppName (see
Parameters).
The short and skinny is that I am trying to create a script for a self serve password reset script that can be delivered via our remote application program (in this case, 2X).
The current iteration of my script is as follows:
#ECHO OFF
SET passchange=%username%
ECHO Changing password for %passchange%
runas /profile /user:administrator "net user %passchange% * /domain"
PAUSE
I arrived at the current iteration because net user on its own returned "System Error 5 has occurred. Access Denied." As a result I am attempting to elevate the command using runas.
That elevation is also why I'm attempting to map a custom variable to a system variable, as when using runas, %username% maps to administrator instead of the logged in user. So what I'd like to do is find some way to lock that %passchange% variable.
Or maybe there's a better way to accomplish this so that it can be run as the user without the runas method of elevation? We do not plan to give users admin rights. Unless this is another permission issue?
I'd like to run a windows application in the context of another user. I have an administrator and several user accounts in one machine and I would like to have the administrator start certain applications for each user account (preferably using shell commands).
I tried the runas command but that appears to run in the administrator session as the specified user. I want to run the application as the user session in the user context (hope that makes sense).
For example, using user administrator I would like to start notepad.exe so that user1 (logged in) can see it appear onscreen. Is that possible?
You can use PsExec for this : http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
use with argument : -i Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
ex. This will start IE on other computer
psexec \client -i "c:\program files\internet explorer\iexplore.exe"
/René