Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

Elevated Permissions in AutoHotkey and the Run command


  • Please log in to reply
8 replies to this topic
tinaa
  • Members
  • 59 posts
  • Last active: Jan 30 2014 04:41 PM
  • Joined: 25 Nov 2004
I've got an Autohotkey script setup to run at login on a Windows Vista machine (now actually running Windows 7 beta). Initially I just put it in the startup folder but found that various hotkeys won't work when the active window has elevated permission (eg. devicemanager, task scheduler, other control panel windows that require UAC elevation).

So I used the trick of launching the script from the task scheduler, set to launch at login using the elevated permission option.

This does allow the script to run regardless of the permission level of the active window, presumably because the script itself is now running with elevated permission.

However, the script also has several hotkeys that launch other applications using the run command (either applications, or opening folders with "explorer path").

Does this mean that when launched from the hotkey, those applications will inherit the scripts elevated permissions or will they launch with normal user permissions? If the former, is there any way to specify for the run command to use a lower permissions setting? Or should I be splitting this up into 2 scripts, one just for those that require elevated permissions to work within all windows, and putting everything else in a second script run from the startup folder?

Thanks.

  • Guests
  • Last active:
  • Joined: --
disable UAC
google for how to do it

alternatively, you can decide the permission level while compiling scripts
for that use this compiler

tinaa
  • Members
  • 59 posts
  • Last active: Jan 30 2014 04:41 PM
  • Joined: 25 Nov 2004

disable UAC
google for how to do it

alternatively, you can decide the permission level while compiling scripts
for that use this compiler


I have no interest in disabling UAC as I feel it's a useful security feature and I can load scripts without prompts using the task scheduler. I'm just trying to understand how permission inheritance works when launching apps from within a script.

thanks.

tank
  • Administrators
  • 4345 posts
  • AutoHotkey Foundation
  • Last active: May 02 2019 09:16 PM
  • Joined: 21 Dec 2007
while UAC is nice you can set certain programs to run with elevated rights
<!-- m -->http://www.autohotke... ... highlight=<!-- m -->
Never lose.
WIN or LEARN.

Maniaxx
  • Members
  • 7 posts
  • Last active: May 13 2010 04:48 AM
  • Joined: 18 Aug 2009
How did you manage to start your scripts properly by scheduler? Whenever i start it (in scheduler) it just sits in the taskmanager and doesn't work. There's also no systray icon. What's the trick? Can you give some details? That would really help a lot.

I'm using the gui version of the win7 scheduler. My script is just a simple one:
MButton::WinClose A
It closes the active window with 3rd mouse button but it doesn't work on high privileged windows so i want to try the scheduler method as well.

Posted Image

Edit: I have to check 'only start if user is logged on'. Now it starts properly but there are still immune windows i can't close. Currently i'm testing it with 'firewall control'. Any ideas?

engunneer
  • Moderators
  • 9162 posts
  • Last active: Sep 12 2014 10:36 PM
  • Joined: 30 Aug 2005
I suspect it does inherit the permissions from the script that started it. Easy way to test: have it call a script that writes a file in the windows or program files folders. Then run that same script as a normal user.

The runAs option (or command, i can't check which) should let you run another script with lower permissions. For security, you might want to make a user specially for this.

Maniaxx
  • Members
  • 7 posts
  • Last active: May 13 2010 04:48 AM
  • Joined: 18 Aug 2009

I suspect it does inherit the permissions from the script that started it.

I can't follow... there is now previous script invoking this one.

AHK is started in admin user context and this extra flag (in scheduler) 'start with highest privileges'. Trying to start it as LOCAL SERVICE or SYSTEM doesn't work. Not sure if this would be the solution. Its not possible this way.

Edit: Never mind...

  • Guests
  • Last active:
  • Joined: --
What is nice about UAC?

engunneer
  • Moderators
  • 9162 posts
  • Last active: Sep 12 2014 10:36 PM
  • Joined: 30 Aug 2005
I was refering to

However, the script also has several hotkeys that launch other applications using the run command (either applications, or opening folders with "explorer path").


I suspect that the applications started by your script inherit the script's permissions.