AutoHotkey Community
It is currently May 27th, 2012, 12:54 pm

View unanswered posts | View active topics


Board index » AutoHotkey » Scripts

All times are UTC [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 
  Print view | E-mail friend Previous topic | Next topic 
Author Message
toralf
PostPosted: January 24th, 2006, 5:46 pm 
Offline

Joined: January 31st, 2005, 9:50 am
Posts: 3910
Location: Bremen, Germany
The magazine c't had published an article in 23/05 about making life easier when you use a restricted user instead of an admin user on your PC. They introduced a script named "MachMichAdmin" which in turn is an advanced version of "MakeMeAdmin". This original script was published by Aaron Margosis in his blog (Overview and Script)

I tried to translate it into AHK. This is the first example. I haven't tested it. Please use it very carefully. You have to know what you are doing. E.g. you have to create the extra admin accounts, and other stuff, see blog.

Do you think there are any security concerns using this AHK code instead of the original scripts?

Edit:
060126: fixed some typos. Still not tested.
Code:
/*
A remake of MachMichAdmin v.2
(c) 2005 c't und Johannes Endres <je@ct.heise.de>

which is an improved script by Aaron Margosis
http://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx
*/

StringRight, Lng, A_Language, 2
If Lng = 07  ; = german
  {
    _Admin_ = Verwalter
    _Group_ = Administratoren
    withGroupRights = mit %_Group_%-Rechten
    starts  = startet
  }
Else        ; = other languages
  {
    _Admin_ = Caretaker
    _Group_ = Administrators
    withGroupRights = with %_Group_%-rights
    starts  = starts
  }

_Default_Prog_ = %comspec% /T:4F /k Title *** %USERNAME% %withGroupRights% ***

CommandLinePara =
Loop, %0%
    CommandLinePara = %CommandLinePara% %A_Index%
If CommandLinePara is space
    _Program_to_Run_ = %_Default_Prog_%
Else
  {
    _Program_to_Run_ = %TEMP%\%A_ScriptName%_temp.cmd
    IfExist, %_Program_to_Run_%
      {
        FileDelete, %_Program_to_Run_%
        If ErrorLevel
          {
            If Lng = 07  ; = german
                MsgBox, 4112, Fehler, Konnte die temporäre Datei "%_Program_to_Run_%" nicht löschen.
            Else
                MsgBox, 4112, Error, Couldn't remove the temporary file "%_Program_to_Run_%".
            ExitApp
          }
      }
    FileAppend,
      (
        title %USERDOMAIN%\%USERNAME% %withGroupRights% %starts% %A_ScriptName%
          color 4f
          start "%_Group_%-Shell" %CommandLinePara%
      ), %_Program_to_Run_%
    _Program_to_Run_ = %comspec% /c %TEMP%\%A_ScriptName%_temp.cmd
  }

If A_IsAdmin
    GoSub, already_admin

if A_OSVersion not in WIN_2003,WIN_XP,WIN_2000
    GoSub, usage

If 1 in /?,-?,/h,-h,-help,--help
    GoSub, usage

If 1 = _Second_Run_
    GoSub, SecondRun   

StoreCurrentWorkDir = %A_WorkingDir%
SetWorkingDir, %A_ScriptDir%

If Lng = 07
    InputBox, AdminPassword, %_Admin_% Passwort, Bitte das Passwort für %_Admin_% eingeben, HIDE
Else
    InputBox, AdminPassword, %_Admin_% Password, Please input password for %_Admin_%, HIDE
RunAs, %_Admin_%, %AdminPassword%, %COMPUTERNAME%
If A_IsCompiled
  Run, %A_ScriptName% _Second_Run_ %USERNAME% %USERDOMAIN% "%_Program_to_Run_%"
Else
  Run, autohotkey.exe %A_ScriptName% _Second_Run_ %USERNAME% %USERDOMAIN% "%_Program_to_Run_%"
RunAs

SetWorkingDir, %StoreCurrentWorkDir%

ExitApp
Return

secondrun:   ;the script has now admin rights
   _User_Name_ = %2%
   _User_Domain_ = %3%
   _Program_to_Run_ = %4%
   
  If Lng = 07
      InputBox, UserPassword, %_User_Name_% Passwort, Bitte das Passwort für %_User_Name_% eingeben, HIDE
  Else
      InputBox, UserPassword, %_User_Name_% Password, Please input password for %_User_Name_%, HIDE
   Run, %systemroot%\system32\net.exe localgroup %_Group_% "%_User_Domain_%\%_User_Name_%" /ADD
  RunAs, %_User_Name_%, %UserPassword%, %_User_Domain_%
  Run, %_Program_to_Run_%
  RunAs
   Run, %systemroot%\system32\net.exe localgroup %_Group_% "%_User_Domain_%\%_User_Name_%" /DELETE

  ExitApp
Return
   
already_admin:
  If Lng = 07
      MsgBox, 4160, Sie sind Admin, Sie sind bereits Mitglied der Gruppe %_Group_%.`nDaher wird das Programm nun direkt gestartet.
  Else
      MsgBox, 4160, You are admin, You are already a member of the %_Group_% group.`nHence, the program will be execuated directly.
  Run, %_Program_to_Run_%
  ExitApp
Return

usage:
  If Lng = 07
    MsgBox, 64, Benutzung von %A_ScriptName%,
      (LTrim
        Führt ein Programm unter dem aktuellen Benutzeraccount jedoch mit Administrator-Rechten aus.
        Dieses Skript funktioniert nur unter Windows 2000, XP und Server 2003.
       
        %A_ScriptName% [Programm [Optionen]]
       
        Programm - Das Programm, das mit Administrator-Rechten laufen soll.
        Wenn dieserParameter fehlt, startet
        %_Default_Prog_%
      )
  Else
    MsgBox, 64, Usage of %A_ScriptName%,
      (LTrim
        Executes a program with the current user account but with administrator rights.
        This Script is working only under Windows 2000, XP and Server 2003.
       
        %A_ScriptName% [Program [Options]]
       
        Program - The program, which will be executed with administrator-rights.
        If this program is left blank, this will be executed:
        %_Default_Prog_%
      )
  ExitApp
Return

_________________
Ciao
toralf Image


Last edited by toralf on January 26th, 2006, 12:35 pm, edited 1 time in total.

Report this post
Top
 Profile  
Reply with quote  
AGU
 Post subject:
PostPosted: January 24th, 2006, 7:31 pm 
Attention: German language ahead :mrgreen:

Ausnahmsweise mal auf deutsch. ;)

Hinsichtlich Sicherheitsaspekten kann ich leider nichts sagen, aber du musst echt Gedankenlesen. Ich hatte auch mal irgendwann vor, dieses machmichadmin Skript in AHK umzusetzen. Setze es nämlich auch schon ein.

Hätte nur eventuelle Vorschläge zu machen. Ich geh mal davon aus, das du auch den dazugehörigen c't Artikel gelesen hast.

Hatte mir überlegt, statt des Kommdozeilenfensters mit dem roten Hintergrund eine GUI zu machen, auf den man die gewünschten Datei mit GuiDropFiles ziehen kann.
Und da man, wenn man das Skript benutzt, bei störrischen Programmen auch die im Artikel erwähnten Tools "FileMon" und "RegMon" häufig braucht, war eine meiner Überlegungen, die irgendwie mit in den GUI aufzunehmen.
Vielleicht ein Knopf, damit man die Tools starten kann.
Zusätzlich braucht man in dem Zusammenhang auch öfters sowohl "Regedit" als auch "RegEdt32". Letzteres, um die Lese- und Schreibberechtigungen auf die Registrierungsschlüssel zu vergeben.

Hatte mir also überlegt, das alles mittels eines GUIs in eine kleine (aber feine) Suite zusammenzubacken, damit man auf einen Streich alles hat, was man braucht.
Was hälst du von der Idee?

Man könnte natürlich bestimmt noch viel mehr in den GUI packen. Das sind aber im Moment die einzigen Sachen, die mir eingefallen sind.

Gruß
AGU


Report this post
Top
  
Reply with quote  
toralf
 Post subject:
PostPosted: January 24th, 2006, 10:50 pm 
Offline

Joined: January 31st, 2005, 9:50 am
Posts: 3910
Location: Bremen, Germany
Hi AGU,

I agree with you, that such a GUI would be great. And that would be the next thing I would do. But first I only wanted to build an "exact" copy of the MakeMeAdmin. I set the exact into "", since I wanted to use the Power of AHK, sot that it wouldn't be a 1:1 copy.

But I wouldn't build the GUI into this script. I would create a new script with a GUI you described and drag that script onto the MakeMeAdmin Script. But either way, there will be a AdminControlCenter for
- RegEdit
- RegMon
- FileMon
- Defrag
- Firewall Admin
- Schtasks
- AutoStarts
- Explorer
- Shell
- Updates: Software, Anti-Virus, etc.

Lets put our efforts together.

_________________
Ciao
toralf Image


Report this post
Top
 Profile  
Reply with quote  
skrommel
 Post subject: RunAsTools
PostPosted: January 25th, 2006, 12:42 am 
Offline

Joined: July 30th, 2004, 8:50 pm
Posts: 192
On a similar note, try RunAsTools on my homepage http://www.donationcoders.com/skrommel

Skrommel


Report this post
Top
 Profile  
Reply with quote  
toralf as guest
 Post subject:
PostPosted: January 25th, 2006, 7:50 am 
Thank you for the link. Very well done GUI. This is saving me a lot of time.

Ciao
toralf


Report this post
Top
  
Reply with quote  
toralf
 Post subject:
PostPosted: January 26th, 2006, 12:42 pm 
Offline

Joined: January 31st, 2005, 9:50 am
Posts: 3910
Location: Bremen, Germany
Fixed some typos in the code of the first post. But still didn't test the code.

@skrommel: There is a major difference between your code and the one described in the MakeMeAdmin (MMA) . The MMA, execute a app with your own user but with Admin previliges. AFAIU your code executes a app as a different user (which may have admin previliges). In that case the program will have a different path to MyDocuments and the user tree in the registry.
The beauty of MMA is that these paths are the same since tha app is run under your current user, but just with admin previliges.

If it is ok for you, I would like to use your code as a starting point to create the GUI I was thinking of.

_________________
Ciao
toralf Image


Report this post
Top
 Profile  
Reply with quote  
MIchael
 Post subject:
PostPosted: July 26th, 2006, 11:26 am 
Offline

Joined: March 2nd, 2005, 10:59 am
Posts: 59
Hello toralf
I tested the script.
run in line 71 fails because it has no information about the _User_Name_
and even no INformation about
USERNAME
and
_Admin_
if I insert the variables manually its ok

further
the script cant read the prog that should run from the commandline

hope that helps
Thanks for the script!
(But it does not run vshadow => other topic)
ciao
MIChael


Report this post
Top
 Profile  
Reply with quote  
toralf
 Post subject:
PostPosted: July 26th, 2006, 11:56 am 
Offline

Joined: January 31st, 2005, 9:50 am
Posts: 3910
Location: Bremen, Germany
Thanks Michael,
This is something I still haven't found the time to to test. I always want to reinstall my PC but didn't find the time. During this process I wanted to restrict my user and have a special admin account. But as said before didn't made it ywet, thus no need for me currently for such a script and problems to test it. And I do not see me doing it the next months, sorry. Good luck with vshadow

_________________
Ciao
toralf Image


Report this post
Top
 Profile  
Reply with quote  
toralf
 Post subject:
PostPosted: July 26th, 2006, 3:20 pm 
Offline

Joined: January 31st, 2005, 9:50 am
Posts: 3910
Location: Bremen, Germany
Hi Michael,
I thought about the bug and it might be in this line
Code:
Loop, %0%
    CommandLinePara = %CommandLinePara% %A_Index%
I think it might be
Code:
Loop, %0%
    CommandLinePara := CommandLinePara %A_Index%
But i didn't test. Maybe you can (now that you got vshadow running)?!?

_________________
Ciao
toralf Image


Report this post
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 

Board index » AutoHotkey » Scripts

All times are UTC [ DST ]

Who is online

Users browsing this forum: bowen666 and 20 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Group