I've got an Autohotkey script setup to run at login on a Windows Vista machine (now actually running Windows 7 beta). Initially I just put it in the startup folder but found that various hotkeys won't work when the active window has elevated permission (eg. devicemanager, task scheduler, other control panel windows that require UAC elevation).
So I used the trick of launching the script from the task scheduler, set to launch at login using the elevated permission option.
This does allow the script to run regardless of the permission level of the active window, presumably because the script itself is now running with elevated permission.
However, the script also has several hotkeys that launch other applications using the run command (either applications, or opening folders with "explorer path").
Does this mean that when launched from the hotkey, those applications will inherit the scripts elevated permissions or will they launch with normal user permissions? If the former, is there any way to specify for the run command to use a lower permissions setting? Or should I be splitting this up into 2 scripts, one just for those that require elevated permissions to work within all windows, and putting everything else in a second script run from the startup folder?
Thanks.
Elevated Permissions in AutoHotkey and the Run command
Started by
tinaa
, Mar 10 2009 04:33 AM
8 replies to this topic
#1
-
Posted 10 March 2009 - 04:33 AM
disable UAC
google for how to do it
alternatively, you can decide the permission level while compiling scripts
for that use this compiler
google for how to do it
alternatively, you can decide the permission level while compiling scripts
for that use this compiler
#2
-
Posted 10 March 2009 - 04:43 AM
disable UAC
google for how to do it
alternatively, you can decide the permission level while compiling scripts
for that use this compiler
I have no interest in disabling UAC as I feel it's a useful security feature and I can load scripts without prompts using the task scheduler. I'm just trying to understand how permission inheritance works when launching apps from within a script.
thanks.
#3
-
Posted 10 March 2009 - 10:57 AM
while UAC is nice you can set certain programs to run with elevated rights
<!-- m -->http://www.autohotke... ... highlight=<!-- m -->
<!-- m -->http://www.autohotke... ... highlight=<!-- m -->
#4
-
Posted 10 March 2009 - 08:18 PM
Never lose.
WIN or LEARN.
WIN or LEARN.
How did you manage to start your scripts properly by scheduler? Whenever i start it (in scheduler) it just sits in the taskmanager and doesn't work. There's also no systray icon. What's the trick? Can you give some details? That would really help a lot.
I'm using the gui version of the win7 scheduler. My script is just a simple one:
Edit: I have to check 'only start if user is logged on'. Now it starts properly but there are still immune windows i can't close. Currently i'm testing it with 'firewall control'. Any ideas?
I'm using the gui version of the win7 scheduler. My script is just a simple one:
MButton::WinClose AIt closes the active window with 3rd mouse button but it doesn't work on high privileged windows so i want to try the scheduler method as well.
Edit: I have to check 'only start if user is logged on'. Now it starts properly but there are still immune windows i can't close. Currently i'm testing it with 'firewall control'. Any ideas?
#5
-
Posted 19 August 2009 - 05:43 PM
I suspect it does inherit the permissions from the script that started it. Easy way to test: have it call a script that writes a file in the windows or program files folders. Then run that same script as a normal user.
The runAs option (or command, i can't check which) should let you run another script with lower permissions. For security, you might want to make a user specially for this.
The runAs option (or command, i can't check which) should let you run another script with lower permissions. For security, you might want to make a user specially for this.
#6
-
Posted 19 August 2009 - 09:21 PM
I can't follow... there is now previous script invoking this one.I suspect it does inherit the permissions from the script that started it.
AHK is started in admin user context and this extra flag (in scheduler) 'start with highest privileges'. Trying to start it as LOCAL SERVICE or SYSTEM doesn't work. Not sure if this would be the solution. Its not possible this way.
Edit: Never mind...
#7
-
Posted 19 August 2009 - 09:45 PM
I was refering to
I suspect that the applications started by your script inherit the script's permissions.
However, the script also has several hotkeys that launch other applications using the run command (either applications, or opening folders with "explorer path").
I suspect that the applications started by your script inherit the script's permissions.
#9
-
Posted 20 August 2009 - 06:37 AM