I have this vbscript which changes the registry values and i want it to be able to run as another account(with admin rights) in a standard windows user account. Is it possible to code it such that when u double click on the vbscript, it will ask for yr windows account name and password then u be able to run the script with that account rights?
Thanks!
In the old days you could add a runas key to the respective file type in the registry:
reg add "HKCR\VBSFile\Shell\runas\Command" /ve /t REG_EXPAND_SZ ^
/d "\"%"SystemRoot"%\system32\wscript.exe\" \"%1\" %*" /f
which would add a Run as… entry to the context menu that would prompt you for credentials.
Unfortunately, Microsoft changed the "runas" behavior when they introduced UAC. Now the registry key adds a Run as Administrator entry to the context menu, that will work only with UAC enabled.
Sysinternals to the rescue (as always): you can re-enable the context menu entry for running as a different user with ShellRunas. Download the archive, unzip the executable to a directory in your %PATH% and run ShellRunas.exe /reg to register the program. That will add a Run as different user… context menu entry for executables only, though. To add this entry for VBScript files as well you need to add the relevant registry keys/values yourself, e.g. like this:
reg add "HKCR\VBSFile\Shell\runasuser" /ve /t REG_SZ /d "#shell32.dll,-50944" /f
reg add "HKCR\VBSFile\Shell\runasuser\command" /v DelegateExecute /t REG_SZ ^
/d "{ea72d00e-4960-42fa-ba92-7792a7944c1d}" /f
or by merging a .reg file like this:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\VBSFile\Shell\runasuser]
#="#shell32.dll,-50944"
[HKEY_CLASSES_ROOT\VBSFile\Shell\runasuser\command]
"DelegateExecute"="{ea72d00e-4960-42fa-ba92-7792a7944c1d}"
There is no elegant way for incorporating this in a VBScript, though. If your system has UAC enabled, you could check if your user already has admin privileges (verification method adopted from here) and otherwise re-launch the script using the ShellExecute method with the "runas" verb:
Set reg = GetObject("winmgmts://./root/default:StdRegProv")
rc = reg.GetStringValue(&h80000003, "S-1-5-19\Environment", "TEMP", val)
If rc = 5 Then
'return code 5 == access denied
're-launch script only when it was run without arguments, so we don't go
'in circles when admin privileges can't be acquired
If WScript.Arguments.Count = 0 Then
're-launch as administrator; the additional argument is a guard to make
'sure the script is re-launched only once
CreateObject("Shell.Application").ShellExecute "wscript.exe" _
, Chr(34) & WScript.ScriptFullName & Chr(34) & " relaunch", "", "runas", 1
WScript.Quit 0
Else
WScript.Echo "Cannot acquire admin privileges."
WScript.Quit 1
End If
Else
'your code here
End If
With UAC disabled, you'd need to prompt for credentials via InputBox (bad) or with a custom password dialog (better). Either way, you'd need to re-launch the script via runas.exe
Set sh = CreateObject("WScript.Shell")
sh.Run "runas /user:" & username & " cscript """ & WScript.ScriptFullName & """"
and type in the password via SendKeys (which is a bad idea in its own right).
Related
Set WSHShell = WScript.CreateObject("WScript.Shell")
WSHShell.Run "calc" ,,true
msgbox "Calc finished"
WSHShell.Run "userinit.exe"
I need Taskmanager disabled from the beginning of the script until userinit.exe gets executed. I'm using Win 7 and i don't know how to do it. (I searched a lot but nothing worked)
You can set a registry value, using the registry editor cmdline equivalent: reg.exe. Here's an example:
WSHShell.Run("Reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f", 0, 1)
In order to enable it, reset the same registry value: /d 0.
Details can be found in [TweakAndTrick]: Enable Task Manager disabled by Administrator or Virus in Windows.
Note that depending on your user, some registry key permissions adjustments might be necessary.
I can't find a definite solution to this problem. In short, what I want to do is gather a list of applications installed on the computer, and write it to a file. Here was my first attempt:
Set objShell = WScript.CreateObject("Wscript.Shell")
randTrashVar = objShell.Run("cmd /c wmic product get Name,Version > " & strAppListPath, 0, true)
But it must be run as an admin to work in all my cases. So I tried wrapping it in runas, but don't know too much about it so I could be wrong there.
randTrashVar = objShell.Run("runas /user:Administrator ""cmd /c wmic product get Name,Version > " & strAppListPath & "", 0, true)
Or doing something with objShell.Exec too
Set getAppsProcess = objShell.Exec("runas /user:Administrator ""cmd /c wmic product get Name,Version > " & strAppListPath & "")
Do While getAppsProcess.Status = 0
WScript.Sleep 100
Loop
The first one gets me somewhere, and they all wait for the command to finish before moving on, but didn't run as admin/run at all (as far as I know).
This runs as Admin now, but no wait
CreateObject("Shell.Application").ShellExecute "cmd", "/c wmic product get Name,Version > " & strAppListPath, "", "runas", 1
What can I do to get the best of these?
One or the other. WMIC does not require admin necessarly - •
wmic
The first time you run Wmic after system installation, it must be run from an elevated command prompt. The elevated mode may not be required for subsequent executions of Wmic unless the WMI operations require administrator privilege. See http://msdn.microsoft.com/en-au/library/aa826699(v=vs.85).aspx
Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste). Type for table format
wmic /output:"%userprofile%\desktop\WindowsInstaller.html" product get /format:htable
or in a form format
wmic /output:"%userprofile%\desktop\WindowsInstaller.html" product get /format:hform
It will create a html file on the desktop.
Note
This is not a full list. This is only products installed with Windows Installer. There is no feature for everything.
However as I said in my previous post nearly everything is listed in the registry.
So to see it in a command prompt
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s
or in a file
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s>"%userprofile%\desktop\WindowsUninstall.txt"
To see it in notepad in a different format
Click Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type Regedit and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Right click the Uninstall key and choose Export. If you save as a reg file (there is also text file, they are slightly different text formats) you need to right click the file and choose Edit to view it.
To view Windows Updates
wmic /output:"%userprofile%\desktop\WindowsUpdate.html" qfe get /format:htable
.
Need help making this script true. i beleave the first part is done file, but registry needs to be reflected from information 4-8 thank you.
1 'this vbscript should be named DefualtWallpaper.vbs
2 'copy this file to a folder.
3 'cat.jpg image should be in same folder as vbscript.
dim filesys
set filesys=CreateObject("Scripting.FileSystemObject")
If filesys.FileExists("%cd%\cat.jpg%") Then
filesys.CopyFile "%cd%\cat.jpg%","%windir%\web\wallpaper\windows"
4.'change registry to new file
Set WShellObj=createobject("WScriptShell")
WShellObject.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\DesktopBackground","%WINDIR%\WINDOWS\Web\Wallpaper\Windows\cat.bmp","REG_EXPAND_SZ"
Set WShellObj=nothing
i get a error at line 18 char 54 error expected 'end' code 800A03f6 from microsft VBScript combilation error. on a win 7 home 64bit,
Key name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes
keytype: REG_EXPAND_SZ
key: DesktopBackground
Data: %WINDIR%\WINDOWS\Web\Wallpaper\Windows\cat.bmp
Try this one from spicework forum:
reg.exe load HKU\DefUser "C:\Documents and Settings\Default User\ntuser.dat"
reg.exe add "HKU\DefUser\Control Panel\Desktop" /v Wallpaper /d "c:\windows\wallpaper\desktop.bmp" /f
reg.exe unload HKU\DefUser
The link is here:
http://community.spiceworks.com/scripts/show/327-batch-file-to-set-the-default-wallpaper
This VBScript for:
1-Run script as administrator
2-Copy my image to the directory where the background image saved
3-Change the current desk background image to my image From registry
4-Force Log off the current user to apply the change
'run the script as Administrator
If WScript.Arguments.Length=0 Then
CreateObject("Shell.Application").ShellExecute "wscript.exe",Chr(34)&WScript.ScriptFullName&Chr(34)&" Admin",Null,"runas",1
WScript.Quit
End If
'copy the image from to
Dim WShellObj : Set WShellObj=createobject("WScript.Shell")
Dim filesys : set filesys=CreateObject("Scripting.FileSystemObject")
If filesys.FileExists(WShellObj.ExpandEnvironmentStrings("%cd%")&"\cat.jpg") Then
WShellObj.Run "cmd.exe /c copy ""%cd%\cat.jpg"" %windir%\web\wallpaper\windows",0,False
End If
'change desktop wallpaper through registry
WShellObj.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper","%WINDIR%\Web\Wallpaper\Windows\cat.jpg","REG_SZ"
'force log off to apply the change of wallpaper
Dim oSystem
For Each oSystem In GetObject ("winmgmts:{(Shutdown)}//./root/cimv2").ExecQuery("select * from Win32_OperatingSystem")
oSystem.Win32Shutdown 4
Next
When I use the GUI Task Scheduler, I can easily check the "Run with highest privileges" checkbox.
I found no such option in the VBScript command line too, however.
Is there a way to do that from the VBScript?
How to add this script this two feature?
Example VBScript: http://msdn.microsoft.com/en-us/library/aa383665%28v%3DVS.85%29.aspx
Privileges: http://msdn.microsoft.com/en-us/library/windows/desktop/aa382076%28v=vs.85%29.aspx
This VBScript code automates the SchTasks.exe program and should demonstrate what you want to do. To get a list of the switches for creating tasks with SchTasks, you can run this:
schtasks.exe /create /?
You still have to run the below script from an administrative command-prompt to be able to create a task with "Highest" privileges. Also, if you wish to use an account other than the system account, you should use the /RP switch. If you're fully automating it, you may wish to use the /F switch as well to force overwriting an existing task. Otherwise it may hang while waiting for user input.
Option Explicit
Dim WshShell, strWinDir, strCmdLine, lngExitCode
Const OpenAsCurrentWindowIsOpened = 10, WaitForExit = True
Set WshShell = CreateObject("WScript.Shell")
strWinDir = WshShell.ExpandEnvironmentStrings("%WINDIR%")
strCmdLine = strWinDir & "\System32\SCHTASKS.exe /create /SC DAILY /TN ""My VBScript Task"" /TR """ & strWinDir & "\System32\calc.exe"" /RL HIGHEST /RU ""NT AUTHORITY\SYSTEM"""
lngExitCode = WshShell.Run(strCmdLine, OpenAsCurrentWindowIsOpened, WaitForExit)
If lngExitCode = 0 Then
WScript.Echo "Success"
Else
WScript.Echo "Failed with error code " & CStr(lngExitCode)
End If
If you're asking how to interactively run VBScripts in admin mode, you just have to run CSCRIPT from a command-line that is already running in "Admin mode". For example, click Start, type cmd, wait a few seconds..., right-click cmd.exe and choose "Run as Administrator". Then when you run CSCRIPT from that command-line it will run with highest privileges already. Note you have to be logged-in with an admin user account already.
Or are you asking how you automate creating new scheduled tasks in VBScript with those options set?
If you're referring to admin mode, try this:
Dim ObjShell
Set ObjShell = CreateObject("WScript.Shell")
ObjShell.Run "runas.exe"
Since CMD in Admin mode is just runas.exe, you can run it through WScript.Shell(ObjShell.Run).
This way is more effecient because if you want to run a command line you can simply do this:
ObjShell.Run "runas.exe /K (command goes here)"
I want to change the permissions of etc/host file.
i am running this vbs script
Dim objShell
Set objShell = WScript.CreateObject ("WScript.shell")
objShell.run "cmd cacls C:\Windows\System32\drivers\etc /e /p everyone:f "
Set objShell = Nothing
now the problem is that whenever i run this i get access denied. Yes, i am administrator.
but when i manually click the file and go to security settings and change permission, it prompt for domain admin name and password and when i enter it it works.
but with command line , how can i enable domain user name and password so that access is not denied. I want to integrate this in vbs script.
I hope i am clear and thank you
Looks like you have UAC enabled, so try running the command via ShellExecute with the "runas" verb set:
cmd = "cacls.exe"
args = "C:\Windows\System32\drivers\etc /e /p everyone:f"
Set app = CreateObject("Shell.Application")
app.ShellExecute cmd, args, "", "runas", 0
However, I'd recommend using icacls rather than cacls. Also, granting everyone full control to the etc directory is a BAD IDEA. Don't actually do this.