vbs script access denied permission change - windows

I want to change the permissions of etc/host file.
i am running this vbs script
Dim objShell
Set objShell = WScript.CreateObject ("WScript.shell")
objShell.run "cmd cacls C:\Windows\System32\drivers\etc /e /p everyone:f "
Set objShell = Nothing
now the problem is that whenever i run this i get access denied. Yes, i am administrator.
but when i manually click the file and go to security settings and change permission, it prompt for domain admin name and password and when i enter it it works.
but with command line , how can i enable domain user name and password so that access is not denied. I want to integrate this in vbs script.
I hope i am clear and thank you

Looks like you have UAC enabled, so try running the command via ShellExecute with the "runas" verb set:
cmd = "cacls.exe"
args = "C:\Windows\System32\drivers\etc /e /p everyone:f"
Set app = CreateObject("Shell.Application")
app.ShellExecute cmd, args, "", "runas", 0
However, I'd recommend using icacls rather than cacls. Also, granting everyone full control to the etc directory is a BAD IDEA. Don't actually do this.

Related

Is is possible to have RUN AS prompt for vbscript?

I have this vbscript which changes the registry values and i want it to be able to run as another account(with admin rights) in a standard windows user account. Is it possible to code it such that when u double click on the vbscript, it will ask for yr windows account name and password then u be able to run the script with that account rights?
Thanks!
In the old days you could add a runas key to the respective file type in the registry:
reg add "HKCR\VBSFile\Shell\runas\Command" /ve /t REG_EXPAND_SZ ^
/d "\"%"SystemRoot"%\system32\wscript.exe\" \"%1\" %*" /f
which would add a Run as… entry to the context menu that would prompt you for credentials.
Unfortunately, Microsoft changed the "runas" behavior when they introduced UAC. Now the registry key adds a Run as Administrator entry to the context menu, that will work only with UAC enabled.
Sysinternals to the rescue (as always): you can re-enable the context menu entry for running as a different user with ShellRunas. Download the archive, unzip the executable to a directory in your %PATH% and run ShellRunas.exe /reg to register the program. That will add a Run as different user… context menu entry for executables only, though. To add this entry for VBScript files as well you need to add the relevant registry keys/values yourself, e.g. like this:
reg add "HKCR\VBSFile\Shell\runasuser" /ve /t REG_SZ /d "#shell32.dll,-50944" /f
reg add "HKCR\VBSFile\Shell\runasuser\command" /v DelegateExecute /t REG_SZ ^
/d "{ea72d00e-4960-42fa-ba92-7792a7944c1d}" /f
or by merging a .reg file like this:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\VBSFile\Shell\runasuser]
#="#shell32.dll,-50944"
[HKEY_CLASSES_ROOT\VBSFile\Shell\runasuser\command]
"DelegateExecute"="{ea72d00e-4960-42fa-ba92-7792a7944c1d}"
There is no elegant way for incorporating this in a VBScript, though. If your system has UAC enabled, you could check if your user already has admin privileges (verification method adopted from here) and otherwise re-launch the script using the ShellExecute method with the "runas" verb:
Set reg = GetObject("winmgmts://./root/default:StdRegProv")
rc = reg.GetStringValue(&h80000003, "S-1-5-19\Environment", "TEMP", val)
If rc = 5 Then
'return code 5 == access denied
're-launch script only when it was run without arguments, so we don't go
'in circles when admin privileges can't be acquired
If WScript.Arguments.Count = 0 Then
're-launch as administrator; the additional argument is a guard to make
'sure the script is re-launched only once
CreateObject("Shell.Application").ShellExecute "wscript.exe" _
, Chr(34) & WScript.ScriptFullName & Chr(34) & " relaunch", "", "runas", 1
WScript.Quit 0
Else
WScript.Echo "Cannot acquire admin privileges."
WScript.Quit 1
End If
Else
'your code here
End If
With UAC disabled, you'd need to prompt for credentials via InputBox (bad) or with a custom password dialog (better). Either way, you'd need to re-launch the script via runas.exe
Set sh = CreateObject("WScript.Shell")
sh.Run "runas /user:" & username & " cscript """ & WScript.ScriptFullName & """"
and type in the password via SendKeys (which is a bad idea in its own right).

Run a bat hidden and as admin the same time

I have a bat file that can run for more than an hour due to the things it does. Can I make it somehow run hidden and in admin mode?
I have found a way to make it run hidden with vbs:
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run chr(34) & "C:\Users\Ab\Desktop\vi\nove.bat" & Chr(34), 0
Set WshShell = Nothing
I would prefer to find a way to put them inside the batch file but I think it's not possible so a vbs file would be ok as well.
I believe the runas verb of the Shell.Application object's ShellExecute method will run with elevated permissions. You can run it hidden by the same way you've done so in your current script, by setting the window handle to 0.
set shell=CreateObject("Shell.Application")
' shell.ShellExecute "application", "arguments", "path", "verb", window
shell.ShellExecute "move.bat",,"C:\Users\Ab\Desktop\vi\", "runas", 0
set shell=nothing

How to write to the same command prompt with vbs in windows?

I have vbs script and that creates folder, make archive and copy to that folder, upload to ftp and so on. I want it to write status to cmd after each step of execution( after creating folder, zip...)
The following opens cmd.exe and writes there "creates folder". That's exactly what I want.
Dim objShell, strCmd
strCmd = "%comspec% /k echo creates folder"
Set objShell = CreateObject("Wscript.Shell")
objShell.Run strCmd, 1, True
But, how I can write to the same cmd window that just opened? If I use this
strCmd = "%comspec% /k echo starting zip"
objShell.Run strCmd, 1, True
it opens new cmd window, but I want to write "starting zip" to previously opened cmd.
How I achieve this?
To print to the command prompt use wscript.echo.
I want to point out that the behavior of .echo is effected by how the script is loaded. For instance, if I run it from command prompt, like this: test.vbs, then the echo lines show up as pop-ups due to running wscript by default. However, if instead I load the file like this: cscript text.vbs all output goes to console as expected.

VBScript- Single line as administrator

Is it possible to use the shell.run command to run the specified program as an administrator?
for instance:
shell.run(cmd.exe) <---Run this as admin
shell.run(Notepad) <---Run this as normal
I know i can execute the script to run as admin but that means everything inside that script is executed as an administrator.
My other option was to seperate the scripts and run one as admin and include what needs to be ran as admin in that script, then call another script to run and run that one as normal.
Set oShell = CreateObject("Shell.Application")
oShell.ShellExecute "cmd.exe", , , "runas", 1
oShell.Run "nodepad.exe"
(Source: http://social.technet.microsoft.com/Forums/eu/ITCG/thread/310e57f9-2367-4293-9f97-53d0e077aacc)
(More Info: http://ss64.com/vb/shellexecute.html)
Windows (from XP through to Win7 at least) has a runas command which does what you need. See here for details.
So, instead of running cmd.exe, you would run runas.exe, giving cmd.exe as the program to run.
Try this:
Dim ObjShell
Set ObjShell = CreateObject ("WScript.Shell")
ObjShell.Run "runas /K (command goes here) "
ObjShell.Run "notepad.exe"

Scripts for security permissions

I want to write two scripts, they can be vbs or ms-dos commands.
First is to setting a user permission for a folder (the equivalent to: right click on a folder, properties, security, edit, add, NT AUTHORITY\NETWORK SERVICE).
Second is to set a permision to run as a service, the equivalent click click is: Control Panel / Administrative Tools / Local Security Policy; left side: Local Policies / User Rights Assignment; right side: Log on as a service -> add Network Service as a user that has rights.
Would somebody help me to do that please?
ms dos commands:
Folder permission:
CACLS path_of_folder /E /T /C /G "userName":F
cacls command details
Log on as a service permission:
ntrights -u "userName" +r SeServiceLogonRight
ntrights command details
This is so frustrating that we don't have ntrights tool for windows server 2008 and above. I have put up a vbscript that works.
Username = <domain\username>
Dim oShell
Set oShell = CreateObject ("WScript.Shell")
oShell.Run "secedit /export /cfg config.inf", 0, true
oShell.Run "secedit /import /cfg config.inf /db database.sdb", 0, true
FileName = "config.inf"
OrgStr = "SeServiceLogonRight ="
RepStr = "SeServiceLogonRight = " & Username & ","
Set inputFile = CreateObject("Scripting.FileSystemObject").OpenTextFile("config.inf", 1,1,-1)
strInputFile = inputFile.ReadAll
inputFile.Close
Set inputFile = Nothing
Set outputFile = CreateObject("Scripting.FileSystemObject").OpenTextFile("config.inf",2,1,-1)
outputFile.Write (Replace(strInputFile,OrgStr,RepStr))
outputFile.Close
Set outputFile = Nothing
oShell.Run "secedit /configure /db database.sdb /cfg config.inf",0,true
set oShell= Nothing
Set obj = CreateObject("Scripting.FileSystemObject")
obj.DeleteFile("config.inf")
obj.DeleteFile("database.sdb")

Resources