ADMIN install using Runas like SU... Scripted without console!!! - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » ADMIN install using Runas like SU... Scripted without console!!!

Page 1 of 2

Topic Options

#76648 - 2003-09-12 09:25 AM

ADMIN install using Runas like SU... Scripted without console!!!

MightyR1 Offline

MM club member

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands

SECURE INSTALLING STUFF USING RUNAS WITHOUT CONSOLE

The following shows an imho secure way of installing stuff on W2k and up using the RUNAS command, without the console prompting for a password.

PROCEDURE

1. Copy/Paste the codes and make the four files
2. Make sure the requirements are met (place all files in one folder)
3. Start the MAKEEXE_SANUR.cmd command file
4. Run the KASAI_SANUR_STARTER.kix script to see a messagebox displaying the admin-user and it's privileges

REQUIREMENTS

- Wkix32.exe ( http://www.kixtart.org/downloads/ )
- Wkixcrpt.exe ( http://www.sgbit.demon.co.uk/kix/files/ )
- Sanur.exe ( http://www.commandline.co.uk/sanur )
- User 'Deployer' with local admin rights and password '1234567890'
(change code if other user/password is desired)
- KASAI_SANUR.kix
- MAKEEXE_SANUR.cmd
- KASAI_SANUR_STARTER.kix
- KASAI_SANUR_SCR2RUN.kix

KASAI_SANUR.kix


SetL 'SPWD='+$SANUR_password

If Exist('%WINDIR%\system32\runas.exe')
    Sleep 1
    Shell '%COMSPEC% /c runas.exe /env /user:%%SUSER%% "%%SCMD%%" | '+@SCRIPTDIR+'\sanur.exe %%SPWD%%'
     If @ERROR
        $rc=WriteProfileString(@SCRIPTDIR+'\KASAI_SANUR.log',@DATE+' '+@TIME,'Cmd-result','-E- (EC=@ERROR) While executing --> %SCMD%.')
    EndIf
    Sleep 1
EndIf
Exit 0

MAKEEXE_SANUR.cmd


wkixcrpt -f ".\WKIX32.EXE" -f ".\SANUR.EXE" -m "" -e """"%%KIXCRYPTDIR%%\wkix32.exe""" """%%KIXCRYPTFILE%%""" $SANUR_PASSWORD=1234567890" ".\KASAI_SANUR.kix"

KASAI_SANUR_STARTER.kix


Break on
$cmd=@scriptdir+'\wkix32.exe '+@scriptdir+'\kasai_sanur_scr2run.kix'
SetL 'SUSER=Deployer'
SetL 'SCMD='+$cmd
Shell @scriptdir+"\KASAI_SANUR"
Exit 0

KASAI_SANUR_SCR2RUN.kix


$rc=MessageBox("@userid (@priv)","")
Exit 0

Example for rolling out the MSO03-039 patch:


;****************************************************************************
;SCRIPT/FUNCTION : HotFix.kix
;
;ACTION          : Installs hotfixes
;
;AUTHOR          : Patrick Rutten (MightyR1@hotmail.com)
;
;CONTRIBUTORS    : 
;                  
;
;SCRIPT VERSION  :
;                  1.0.0.0 - 2003-09-12
;                    Initial Release
;
;SYNTAX          : -
;
;PARAMETERS      : -
;
;RETURNS         : -
;
;REMARKS         : -
;
;DEPENDENCIES    : KASAI_SANUR.exe
;
;EXAMPLE(S)      : -
;
;KNOWN ISSUES    : -
;
;KIXTART VERSION : -
; 
;KIXTART BBS     : -
;
;****************************************************************************
;
;

;Enable Break to allow killing the script without logoff
Break on

;Set some global options
$rc=SetOption('NoVarsInStrings','ON')
$rc=SetOption('Explicit','ON')

;Declare variables
Dim $SecSrc,$Hotfix,$HotfixExe,$HotfixChk,$Parms

;Assign Variables
$SecSrc='\\HOTFIXSERVER\Security$'

;MS03-039: A Buffer Overrun in RPCSS May Allow Code Execution
;http://support.microsoft.com/?kbid=824146
$Hotfix='Q824146'

$HotfixExe=HfExe($Hotfix)
$HotfixExe=$SecSrc+'\'+$Hotfix+'\'+$HotfixExe
$Parms=' /q /u /z'

$HotfixChk=GetFileVersion('%windir%\system32\Rpcrt4.dll','Productversion')

Select
    ;W2k
    Case InStr(@PRODUCTTYPE,'Windows 2000') AND $HotfixChk<>'5.0.2195.6802'
        $rc=ApplyHotfix($HotfixExe,$Parms)
    ;Wxp
    Case InStr(@PRODUCTTYPE,'Windows XP') AND ($HotfixChk<>'5.1.2600.109' OR $HotfixChk<>'5.1.2600.1254')
        $rc=ApplyHotfix($HotfixExe,$Parms)
EndSelect

;Exit the script
Exit 0

;****************************************************************************
;
;ADDITIONAL FUNCTIONS
;
;
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Function HfExe($Hf)
    Select
        Case InStr(@PRODUCTTYPE,'Windows 2000')
            $HfExe=$Hf+'-W2K-'
        Case InStr(@PRODUCTTYPE,'Windows XP')
            $HfExe=$Hf+'-WXP-'
        Case 1
            $HfExe=0
    EndSelect
    Select
        Case @SYSLANG = '0413DUTCH'
            $HfExe=$HfExe+'NLD.exe'
        Case @SYSLANG = '0409ENGLISH'
            $HfExe=$HfExe+'ENU.exe'
        Case 1
            $HfExe=0
    EndSelect
EndFunction

Function ApplyHotfix($Exe,$Par)
    Dim $KASAI_SANUR
    
    $KASAI_SANUR='\\HOTFIXSERVER\Security$\KASAI_SANUR\KASAI_SANUR.exe'
    
    If Exist($Exe)
        SetL 'SUSER=Deployer'
        SetL 'SCMD='+$Exe+$Par
        Shell $KASAI_SANUR
    EndIf
EndFunction

[ 29. September 2003, 21:04: Message edited by: MightyR1 ]

_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top

#76649 - 2003-09-12 04:34 PM

Re: ADMIN install using Runas like SU... Scripted without console!!!

Anonymous
Unregistered

MightyR1, I checked it out.....geez its so long. I'm looking to have the lines of code remain in the script to ensure that machines get the update, I have a lot of laptops that are out in the field for weeks at a time. See what I have below so far....was able to get TQCRunAs to work. Just need to be able to register a .dll on a users PC. The key exists parts are for testing, will be removed. The XP part works great, am working on the 2K now...

code:

Select
		Case	@PRODUCTTYPE = "Windows XP Professional"
		$ReturnCode = ExistKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP2\KB824146")
			If $ReturnCode = 0
				? "Win XP Key exists...."
			Else
				? "Win XP Not Installed...."
				Run "%COMSPEC% /c \\gtb1\os\KB824146\WindowsXP-KB824146.tqc"
				MessageBox("A Windows Critical Update is being installed to your PC.  Once finished, a restart may be required.","Windows Critical Update KB824146",64,30)
			EndIf
		Case	@PRODUCTTYPE = "Windows 2000 Professional"
		$ReturnCode = ExistKey("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB824146")
			If $ReturnCode = 0
				? "Key exists...."
			Else
				? "Not Installed...."
				MessageBox("A Windows Critical Update is being installed to your PC.  Once finished, a restart may be required.","Windows Critical Update KB824146",64,30)

			EndIf
EndSelect
	
Exit

Top

#76650 - 2003-09-12 08:14 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
ShaneEP ShaneEP MM club member Registered: 2002-11-29 Posts: 2125 Loc: Tulsa, OK	Nice script Patrick...Now if it weren't for those blasted NT4 workstations...
Top

#76651 - 2003-09-13 07:57 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 MightyR1 MM club member Registered: 1999-09-09 Posts: 1264 Loc: The Netherlands	Shane, how about: if @inwin=1 and instr(@producttype,'NT') $rc=Messagebox('You have an outdated computer.'+' Ask your boss for a new one.'+ @crlf+@crlf+'Until you have got one, go home...') endif Should work... _________________________ Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top

#76652 - 2003-09-13 08:14 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 MightyR1 MM club member Registered: 1999-09-09 Posts: 1264 Loc: The Netherlands	MODS, May this info be an addon to the Installing an Application as an Admin FAQ??? [ 13. September 2003, 20:15: Message edited by: MightyR1 ] _________________________ Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top

#76653 - 2003-09-14 02:40 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 MightyR1 MM club member Registered: 1999-09-09 Posts: 1264 Loc: The Netherlands	bump MODS ??? _________________________ Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top

#76654 - 2003-09-16 03:05 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Johan van Huyssteen_dup1 Johan van Huyssteen_dup1 Fresh Scripter Registered: 2003-08-28 Posts: 22 Loc: RSA	Can you use domain admins in the user portion
Top

#76655 - 2003-09-16 11:40 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 MightyR1 MM club member Registered: 1999-09-09 Posts: 1264 Loc: The Netherlands	Johan, In my example the 'deployer' user is a normal domain user placed in a domain group localadm, which is a member of the local admininistrators group. Since domain admins are members of the local admins by default, my guess is it will work. Try it out and let us know... _________________________ Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top

#76656 - 2003-09-17 06:27 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
mig21 mig21 Fresh Scripter Registered: 2000-07-13 Posts: 21 Loc: Lisbon, Portugal	Hi there! While running "makeexe_sanur.cmd" nothing happens! I've downloaded the requested files and putted in the same directory. Then I changed user/passwd on requested scripts. I noticed one space before $SANUR_PASSWORD=1234567890 is it so? Or is a typo? The Kix version is 4.20. Any thoughts will be appreciated! Thx, Mig21
Top

#76657 - 2003-09-17 08:55 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11164 Loc: Boston, MA, USA	Hmm, I still don't see a reason to not use the Task Scheduler for these things. _________________________ There are two types of vessels, submarines and targets.
Top

#76658 - 2003-09-17 09:31 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 MightyR1 MM club member Registered: 1999-09-09 Posts: 1264 Loc: The Netherlands	Mig, checked and no type errors... These codes work for me. Jens, challenge was to install stuff from within logon proces. Scheduletask is not allowed by normal users... This method is also a good start of installing applics on demand! [ 17. September 2003, 21:32: Message edited by: MightyR1 ] _________________________ Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top

#76659 - 2003-09-17 11:25 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11164 Loc: Boston, MA, USA	Login script sends install request to KiXtart script running on admin server, which checks for requests on a regular basis. If request is detected it sends back a scheduled task to install and removed the request from the queue (.e.g .INI file). BTW, whenever I install something I reboot the system right after as a precaution. That's why my installs normally happen during nighttime hours. KSMS, BTW, demonstrates this behavior. I don't have any application that is so important that it must be installed during the login process. _________________________ There are two types of vessels, submarines and targets.
Top

#76660 - 2003-09-19 12:26 AM Re: ADMIN install using Runas like SU... Scripted without console!!!
mig21 mig21 Fresh Scripter Registered: 2000-07-13 Posts: 21 Loc: Lisbon, Portugal	Patrick, I've run MAKEEXE_SANUR.cmd after replacing Wkixcrpt.exe from a version downloaded from "http://home.wanadoo.nl/scripting". The file you've mentioned taken from "http://www.sgbit.demon.co.uk/kix/files" couldn't run. ...now the problem seems to be while running KASAI_SANUR_STARTER.kix nothing happens. For what I've understood I should see a messagebox displaying the admin-user and privileges. If I run directly KASAI_SANUR_SCR2RUN.kix, which is mentioned on previous script, I've no problem. But when called fron within KASAI_SANUR_STARTER.kix, the console returns nothing Regards, Mig21
Top

#76661 - 2003-09-18 01:18 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
mig21 mig21 Fresh Scripter Registered: 2000-07-13 Posts: 21 Loc: Lisbon, Portugal	Sorry foxes! It was typo I had on "KASAI_SANUR_STARTER.kix"! Iarghhh! Sorry to post this stupid error! Thanks to all, Mig21
Top

#76662 - 2003-09-19 12:12 AM Re: ADMIN install using Runas like SU... Scripted without console!!!
MightyR1 MightyR1 MM club member Registered: 1999-09-09 Posts: 1264 Loc: The Netherlands	Jens, I've looked at KSMS and I'm sure it works great. Challenge is that in me env. not all 'client' software is installed on all machines. By doing an install on demand my way, the software gets installed the fastest way. The scheduletask is a nice option, but if you wanted to install the app immediately, there must be two things. 1 = really 'short' loop on server, 2 = exact time sync in env. The first needs no explaining I guess. The second does. What if your client runs a minute ahead of your server, and the server starts a now job at 11:59:45 (so execution time = 12:00:00)? The job will never start on the client since it's time has been 12:00:00 already!!! _________________________ Greetz, Patrick Rutten - We'll either find a way or make one... - Knowledge is power; knowing how to find it is more powerful... - Problems don't exist; they are challenges...
Top

#76663 - 2003-09-19 05:57 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11164 Loc: Boston, MA, USA	We have automatic time synchronization via Windows Time Service. _________________________ There are two types of vessels, submarines and targets.
Top

#76664 - 2003-09-24 02:42 AM Re: ADMIN install using Runas like SU... Scripted without console!!!
Paul_Berquam Paul_Berquam Hey THIS is FUN Registered: 2000-08-02 Posts: 310 Loc: Sacramento, CA USA	Nice demonstration for usage of Sanur Patrick. This will be much easier to use in the cases where I don't (or don't want to) have SU set up. Makes a lot more sense using the built-in Runas functionality anyway. One note, it does not like being tested in paths with spaces, and encapsulating didn't seem to help. _________________________ He was a good little monkey and always very curious...
Top

#76665 - 2003-09-24 04:54 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11164 Loc: Boston, MA, USA	See the FAQ Forum under Proper use of quotes and please do not hijack threads. _________________________ There are two types of vessels, submarines and targets.
Top

#76666 - 2003-09-24 05:10 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
jdogg jdogg Getting the hang of it Registered: 2003-09-11 Posts: 91 Loc: RTP, North Cakalaka, USA	Sorry Sealeopard. I have removed my post. Thanks.
Top

#76667 - 2003-09-26 10:28 PM Re: ADMIN install using Runas like SU... Scripted without console!!!
ulro ulro Fresh Scripter Registered: 2003-09-25 Posts: 9 Loc: Denmark	Hi I’ve tried to follow procedure as described here is what I’ve done: In KASAI_SANUR_STARTER.kix I changed SUSER Break on $cmd=@scriptdir+'\wkix32.exe '+@scriptdir+'\kasai_sanur_scr2run.kix' SetL 'SUSER=administrator' SetL 'SCMD='+$cmd Shell @scriptdir+"\KASAI_SANUR.exe" Exit 0 And in MAKEEXE_SANUR.cmd changed SANUR_PASSWORD wkixcrypt -f ".\WKIX32.EXE" -f ".\SANUR.EXE" -m "" -e """"%%KIXCRYPTDIR%%\wkix32.exe""" """%%KIXCRYPTFILE%%""" $SANUR_PASSWORD=hejmedig" ".\KASAI_SANUR.kix" KASAI_SANUR.kix KASAI_SANUR_SCR2RUN.kix I just copied... The KASAI_SANUR.exe is created alright - but when I run KASAI_SANUR_STARTER.kix with a .bat looking like this: @echo off REM echo run MM6_11_d.exe \CWTCPH06\multimark\KIX_install\Wkix32.exe \CWTCPH06\multimark\KIX_install\KASAI_SANUR_STARTER.kix I do not get window showing admin-user and privilege. What am I doing wrong??
Top

Page 1 of 2

Previous Topic View All Topics

Index Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org