#154102 - 2006-07-18 03:15 PM
Re: RUNNAS - Tokenized Runas Utility
|
imjin
Lurker
Registered: 2006-03-17
Posts: 4
|
I'm testing on XP SP2, but we've got 2000 SP4 out there as well. The 98 machines I just ignore, hoping they'll fall into a pit somewhere. Most of our user base are set as Power Users, so everything we'd need to use runnas would almost always require local admin to execute.
Here's the line I'm currently using that executes great, but in this sample I'm not trying to pipe the stdout anywhere, but because I have to do a "net localgroup" for every entry in the local administrators group, I've got 4 lines, each of which pops a dos window up, although it closes quickly. I put the Runnas.exe command in it's own function called RunAs($TargetApp) so I could shorten main line that calls it. Forgive the chr() commands... old VB habit and I have a few helpdesk techs that could be editing these scripts down the road and the multiple quote characters would probably throw them, and they'd leave out a triple-quote somewhere.
Code:
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\domain admins" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\integrators" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\schoolsmca" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\trfcmca" + Chr(34) + " /add")
;
Function RunAs($TargetApp)
Shell "%COMSPEC% /c runnas.exe /user:adminuserid " + Chr(34) + $TargetApp + Chr(34) + " /password:adminpassword"
EndFunction
Normally, in ScriptLogic's app launcher we'd call a batch file that sits in the netlogon folder that has several things in it pertaining to these "net localgroup" commands and a few other cacls folder permission setting entries, so if I could call the batch file on one line, all the better. This was actually the way I first started trying to do it, by executing the teacher.bat file using Runnas.exe, but because the results dos window would appear every time displaying the "net localgroup" errors, I switched to the method above since it as least hide the failed "net localgroup" messages. I've tried adding a " > NUL" to each line in the batch file, which does hide successful commmand results, but any failed commands that error out show up in the popup dos window.
I just played around with Howard Bullock's GrpMaint tool which I'm thinking may be easier to use by passing a member file to it. Then it just logs failed group membership additions and doesn't fly em across the screen like the command prompt method does.
|
|
Top
|
|
|
|
#154103 - 2006-07-18 03:46 PM
Re: RUNNAS - Tokenized Runas Utility
|
bizcuts
Fresh Scripter
Registered: 2006-07-04
Posts: 10
|
sorry for posting in here, but i cant seem to see the make new thread/post button...and i have a few things i need to ask?
"n00b!!!!" yes i know... green as green can be
any help would good
|
|
Top
|
|
|
|
|
#154104 - 2006-07-18 04:22 PM
Re: RUNNAS - Tokenized Runas Utility
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Quote:
Tried adding " > NUL" to each line in the batch file, which does hide successful commmand results, but any failed commands that error out show up in the popup dos window.
To hide failed commands, add 2>NUL
|
|
Top
|
|
|
|
|
#154105 - 2006-07-18 04:48 PM
Re: RUNNAS - Tokenized Runas Utility
|
imjin
Lurker
Registered: 2006-03-17
Posts: 4
|
 Always the last thing I seem to find... a typo.
If you're using Runnas.exe to fire off a batch file, is there a way to hide the DOS window the batch file spawns?
Edited by imjin (2006-07-18 07:12 PM)
|
|
Top
|
|
|
|
|
#154106 - 2006-11-09 04:26 PM
Re: RUNNAS - Tokenized Runas Utility
|
rickscott
Lurker
Registered: 2004-01-28
Posts: 3
Loc: x
|
Hi.. great utility..
I have a Q.
Is it possible to run the runnas.exe from network-drive like L:\folder\runnas.exe setup.tok??
Because when trying I get the following the error:
"RUNNAS: The system cannot find the path specified"
Thx..
Ejner
|
|
Top
|
|
|
|
|
#154109 - 2006-11-09 05:20 PM
Re: RUNNAS - Tokenized Runas Utility
|
Richard H.
Administrator
Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
|
Quote:
Is it possible to run the runnas.exe from network-drive like L:\folder\runnas.exe setup.tok??
Tricky.
When you run in the context of another user you normally create a new environment, and that environment does not have the mapped drives of the session that you started the command in.
This means that the process is effectively orphaned from the drive on which it started, so of course cannot find the file to open it.
Clear? 
|
|
Top
|
|
|
|
|
#170824 - 2006-11-29 12:57 PM
Re: RUNNAS - Tokenized Runas Utility
[Re: Richard H.]
|
darkblueturbo
Lurker
Registered: 2006-07-24
Posts: 3
|
On a similar vain I'm getting the error "unknown command [runnas]" when trying the simple example script of "runnas /user:admin mmc"
I've tried runnas.exe and the full path to runnas.exe, as mentioned above, but still get the same error.
I'm obviously being quite thick here - the runnas.exe file is in the same directory as kix32.exe - so just wondered if anyone could help.
This is before I start looking at tokenizing files and suchlike, which is liable to get my very basic knowledge of Kix very condfused...
Thanks for any help guys...
|
|
Top
|
|
|
|
#174270 - 2007-02-26 04:42 PM
Re: RUNNAS - Tokenized Runas Utility
[Re: Shawn]
|
Huron
Lurker
Registered: 2007-01-31
Posts: 1
|
I'm not usually active with posts on the board since I'm more of a silent reader, but in this case I wanted to make an exception to thank you personally Shawn.
I've been looking at 'the best way for me' to perform some actions with admin privs calling one loginscript from the other. And I've tested a whole bunch of tools/ways to do this.
But I'm impressed by the simplicity and quality of your RUNNAS.EXE tool.
I got it to work doing what I wanted in less than no time at all.
I was almost ready to start building my own runas tool, but I'm not going to reinvent the wheel since your tool has all I need.
I'm using this in a multi-site corporate environment with about 1000 workstations. And it's working like a charm.
Kudo's Shawn !
Greetz,
Huron.
|
|
Top
|
|
|
|
|
#180329 - 2007-09-10 04:57 AM
Re: RUNNAS - Tokenized Runas Utility
[Re: Huron]
|
babyjosef17
Lurker
Registered: 2007-09-10
Posts: 2
|
I need you help on this one pls.
I want to remotely install SAP on the network.
i wanted to make a bacth file, that later I can insert to the logon script.
I keep getting the error:
RUNNAS: Access is Denied.
here is my bat file for your review:
@Echo off
\\sgnas1\library\General\Install\SAP\runnas /user:username "sap.bat" /password:password
and here are the contents of that sap.bat:
@Echo off
L:\General\Install\SAP\SapFrontEnd640\Setup\SapSetup /install /checkdb /p:"Mhis"
I also tried not using the sap.bat ang typing the installation command directly like so:
\\sgnas1\library\General\Install\SAP\runnas /user:username "L:\General\Install\SAP\SapFrontEnd640\Setup\SapSetup /install /checkdb /p:"Mhis"" /password:password
but keep getting this error
Runnas: Cannot find the specified path
pls help is there anything wrong in the code or maybe some mo attributes to add. Thank you very much
|
|
Top
|
|
|
|
|
#180340 - 2007-09-10 06:20 AM
Re: RUNNAS - Tokenized Runas Utility
[Re: Les]
|
babyjosef17
Lurker
Registered: 2007-09-10
Posts: 2
|
tnx for the reply.
That's the thing. L:\ drive is standard in all our workstation so every pc has it. Really having trouble with this one. 
is there a way for runnas to lets say, use the instalation folder in the server machine? so i would not use a network drive folder anymore.
|
|
Top
|
|
|
|
|
#187026 - 2008-04-17 05:36 PM
Re: RUNNAS - Tokenized Runas Utility
[Re: Les]
|
Rixter
Fresh Scripter
Registered: 2005-03-15
Posts: 15
|
Shawn,
I'm trying to use your RUNNAS to perform the MXLOGIN.CMD command file for Vista users to login to our network. My MXLOGIN.KIX runs fine but the portion before that using XCOPY is where I get stuck.
I've created an XCOPY.TOK file using the syntax: (using a real acct and password)
runnas /user:domainadmin "xcopy.exe" /pass:acctpwd /tok:xcopy.tok /logononly
Now I'm not at all sure how to take the XCOPY.TOK (which by the way is the version that comes with Vista) and actually incorporate it into my logon script.
Can you please help me out? Thanks VERY much!
MXLOGON.CMD:
@echo off
if exist %systemdrive%\kix32.exe goto logon
xcopy %0\..\*.exe c:\ >nul
:logon
REM %0\..\Kix32.exe %0\..\MXlogin.kix
%systemdrive%\Kix32.exe %0\..\MXlogin.kix
if errorlevel 1 copy %0\..\*.exe %systemdrive%\ >nul
exit
|
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 366 anonymous users online.
|
|
|
