I want to write two scripts, they can be vbs or ms-dos commands.
First is to setting a user permission for a folder (the equivalent to: right click on a folder, properties, security, edit, add, NT AUTHORITY\NETWORK SERVICE).
Second is to set a permision to run as a service, the equivalent click click is: Control Panel / Administrative Tools / Local Security Policy; left side: Local Policies / User Rights Assignment; right side: Log on as a service -> add Network Service as a user that has rights.
Would somebody help me to do that please?
ms dos commands:
Folder permission:
CACLS path_of_folder /E /T /C /G "userName":F
cacls command details
Log on as a service permission:
ntrights -u "userName" +r SeServiceLogonRight
ntrights command details
This is so frustrating that we don't have ntrights tool for windows server 2008 and above. I have put up a vbscript that works.
Username = <domain\username>
Dim oShell
Set oShell = CreateObject ("WScript.Shell")
oShell.Run "secedit /export /cfg config.inf", 0, true
oShell.Run "secedit /import /cfg config.inf /db database.sdb", 0, true
FileName = "config.inf"
OrgStr = "SeServiceLogonRight ="
RepStr = "SeServiceLogonRight = " & Username & ","
Set inputFile = CreateObject("Scripting.FileSystemObject").OpenTextFile("config.inf", 1,1,-1)
strInputFile = inputFile.ReadAll
inputFile.Close
Set inputFile = Nothing
Set outputFile = CreateObject("Scripting.FileSystemObject").OpenTextFile("config.inf",2,1,-1)
outputFile.Write (Replace(strInputFile,OrgStr,RepStr))
outputFile.Close
Set outputFile = Nothing
oShell.Run "secedit /configure /db database.sdb /cfg config.inf",0,true
set oShell= Nothing
Set obj = CreateObject("Scripting.FileSystemObject")
obj.DeleteFile("config.inf")
obj.DeleteFile("database.sdb")
Related
Our network team uses a .VBS script file that runs every time a user logs into the network. They asked me to edit their script so that it will modify the windows hosts file.
The problem is the script needs admin privileges on the user's computer. From the script, how do I open the hosts file with elevated privileges, make some changes, and then save the file?
Something like that :
If Not WScript.Arguments.Named.Exists("elevate") Then
CreateObject("Shell.Application").ShellExecute WScript.FullName _
, WScript.ScriptFullName & " /elevate", "", "runas", 1
WScript.Quit
End If
Hosts = "%windir%\system32\drivers\etc\hosts"
Command = "cmd /c attrib "& Hosts &" -r"
Set Ws = WScript.CreateObject("WScript.Shell")
Result = Ws.run(Command,0,True)
EditHostsFile = Ws.run("cmd /c Notepad "& Hosts,0,True)
HostsReadOnly = Ws.run("cmd /c attrib "& Hosts &" +r",0,True)
I created a VBS script and put it on a shared drive IT uses in my office, what I want is to be able to use it with another computer via command line WITHOUT writing the entire path because it's very long, and defeats the purpose of the script.
The script is this:
Set oShell = WScript.CreateObject("WScript.Shell")
oShell.run "cmd.exe /c net stop AeXAgentSrvHost", 1, true
oShell.run "cmd.exe /c net stop ""Altiris Deployment Agent""", 1, true
oShell.run "cmd.exe /c net start AeXAgentSrvHost", 1, true
oShell.run "cmd.exe /c net start ""Altiris Deployment Agent""", 1, true
Set oShell = Nothing'
Here's an example of using the Win32_Service class within a VBScript to stop a service on a remote computer. There's no need to spawn a script on the remote PC (unless you really want to).
Const COMPUTER_NAME = "johndoe1"
Const SERVICE_NAME = "AeXAgentSrvHost"
Dim objWMI
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & COMPUTER_NAME & "\root\cimv2")
With objWMI.Get("Win32_Service.Name='" & SERVICE_NAME & "'")
If .Started Then .StopService
End With
See the link above for a complete list of properties and methods for the Win32_Service class.
If you need to run this for many computers, you have a number of options:
Use a hard-coded array of computer names
Read a list from a text file, database, or other form of storage
Prompt for computer names using an InputBox() or read from StdIn
Pass one or more names as command-line parameters
Etc.
There should be plenty of examples for each method on this site.
I want to change the permissions of etc/host file.
i am running this vbs script
Dim objShell
Set objShell = WScript.CreateObject ("WScript.shell")
objShell.run "cmd cacls C:\Windows\System32\drivers\etc /e /p everyone:f "
Set objShell = Nothing
now the problem is that whenever i run this i get access denied. Yes, i am administrator.
but when i manually click the file and go to security settings and change permission, it prompt for domain admin name and password and when i enter it it works.
but with command line , how can i enable domain user name and password so that access is not denied. I want to integrate this in vbs script.
I hope i am clear and thank you
Looks like you have UAC enabled, so try running the command via ShellExecute with the "runas" verb set:
cmd = "cacls.exe"
args = "C:\Windows\System32\drivers\etc /e /p everyone:f"
Set app = CreateObject("Shell.Application")
app.ShellExecute cmd, args, "", "runas", 0
However, I'd recommend using icacls rather than cacls. Also, granting everyone full control to the etc directory is a BAD IDEA. Don't actually do this.
I have this vbscript which changes the registry values and i want it to be able to run as another account(with admin rights) in a standard windows user account. Is it possible to code it such that when u double click on the vbscript, it will ask for yr windows account name and password then u be able to run the script with that account rights?
Thanks!
In the old days you could add a runas key to the respective file type in the registry:
reg add "HKCR\VBSFile\Shell\runas\Command" /ve /t REG_EXPAND_SZ ^
/d "\"%"SystemRoot"%\system32\wscript.exe\" \"%1\" %*" /f
which would add a Run as… entry to the context menu that would prompt you for credentials.
Unfortunately, Microsoft changed the "runas" behavior when they introduced UAC. Now the registry key adds a Run as Administrator entry to the context menu, that will work only with UAC enabled.
Sysinternals to the rescue (as always): you can re-enable the context menu entry for running as a different user with ShellRunas. Download the archive, unzip the executable to a directory in your %PATH% and run ShellRunas.exe /reg to register the program. That will add a Run as different user… context menu entry for executables only, though. To add this entry for VBScript files as well you need to add the relevant registry keys/values yourself, e.g. like this:
reg add "HKCR\VBSFile\Shell\runasuser" /ve /t REG_SZ /d "#shell32.dll,-50944" /f
reg add "HKCR\VBSFile\Shell\runasuser\command" /v DelegateExecute /t REG_SZ ^
/d "{ea72d00e-4960-42fa-ba92-7792a7944c1d}" /f
or by merging a .reg file like this:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\VBSFile\Shell\runasuser]
#="#shell32.dll,-50944"
[HKEY_CLASSES_ROOT\VBSFile\Shell\runasuser\command]
"DelegateExecute"="{ea72d00e-4960-42fa-ba92-7792a7944c1d}"
There is no elegant way for incorporating this in a VBScript, though. If your system has UAC enabled, you could check if your user already has admin privileges (verification method adopted from here) and otherwise re-launch the script using the ShellExecute method with the "runas" verb:
Set reg = GetObject("winmgmts://./root/default:StdRegProv")
rc = reg.GetStringValue(&h80000003, "S-1-5-19\Environment", "TEMP", val)
If rc = 5 Then
'return code 5 == access denied
're-launch script only when it was run without arguments, so we don't go
'in circles when admin privileges can't be acquired
If WScript.Arguments.Count = 0 Then
're-launch as administrator; the additional argument is a guard to make
'sure the script is re-launched only once
CreateObject("Shell.Application").ShellExecute "wscript.exe" _
, Chr(34) & WScript.ScriptFullName & Chr(34) & " relaunch", "", "runas", 1
WScript.Quit 0
Else
WScript.Echo "Cannot acquire admin privileges."
WScript.Quit 1
End If
Else
'your code here
End If
With UAC disabled, you'd need to prompt for credentials via InputBox (bad) or with a custom password dialog (better). Either way, you'd need to re-launch the script via runas.exe
Set sh = CreateObject("WScript.Shell")
sh.Run "runas /user:" & username & " cscript """ & WScript.ScriptFullName & """"
and type in the password via SendKeys (which is a bad idea in its own right).
Trying to execute a simple dns flush remotely from a machine, but for one reason or the other - I need to run the cmd as admin. The cmd runs fine under the account physically in person, but you need to do the whole right click -> run as admin bit.
Right now, remotePC is set to local or '.'
Set shl = WScript.CreateObject("WScript.Shell")
'Input remote PC
remotePC = "."
'Command which will be executed
strCommand = "cmd.exe /C cd C:\WINDOWS\system32 & ipconfig.exe /flushdns & pause"
'Connect to the remote PC
'Impersonate with the default level?
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & remotePC & "\root\cimv2")
Set objProcess = objWMIService.Get("Win32_Process")
errReturn = objProcess.Create(strCommand, null, null, intProcessID)
Use PsExec for this purpose. Don't bother with VBScript.