Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

MakeMeAdmin as a AHK script


  • Please log in to reply
8 replies to this topic
toralf
  • Moderators
  • 4035 posts
  • Last active: Aug 20 2014 04:23 PM
  • Joined: 31 Jan 2005
The magazine c't had published an article in 23/05 about making life easier when you use a restricted user instead of an admin user on your PC. They introduced a script named "MachMichAdmin" which in turn is an advanced version of "MakeMeAdmin". This original script was published by Aaron Margosis in his blog (Overview and Script)

I tried to translate it into AHK. This is the first example. I haven't tested it. Please use it very carefully. You have to know what you are doing. E.g. you have to create the extra admin accounts, and other stuff, see blog.

Do you think there are any security concerns using this AHK code instead of the original scripts?

Edit:
060126: fixed some typos. Still not tested.
/*
A remake of MachMichAdmin v.2
(c) 2005 c't und Johannes Endres <[email protected]>

which is an improved script by Aaron Margosis
http://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx
*/

StringRight, Lng, A_Language, 2
If Lng = 07  ; = german
  {
    _Admin_ = Verwalter
    _Group_ = Administratoren
    withGroupRights = mit %_Group_%-Rechten
    starts  = startet
  }
Else        ; = other languages
  {
    _Admin_ = Caretaker
    _Group_ = Administrators
    withGroupRights = with %_Group_%-rights
    starts  = starts
  }

_Default_Prog_ = %comspec% /T:4F /k Title *** %USERNAME% %withGroupRights% ***

CommandLinePara =
Loop, %0%
    CommandLinePara = %CommandLinePara% %A_Index%
If CommandLinePara is space
    _Program_to_Run_ = %_Default_Prog_%
Else
  {
    _Program_to_Run_ = %TEMP%\%A_ScriptName%_temp.cmd
    IfExist, %_Program_to_Run_%
      {
        FileDelete, %_Program_to_Run_%
        If ErrorLevel
          {
            If Lng = 07  ; = german
                MsgBox, 4112, Fehler, Konnte die temporäre Datei "%_Program_to_Run_%" nicht löschen.
            Else
                MsgBox, 4112, Error, Couldn't remove the temporary file "%_Program_to_Run_%".
            ExitApp
          }
      }
    FileAppend, 
      (
        title %USERDOMAIN%\%USERNAME% %withGroupRights% %starts% %A_ScriptName%
    		color 4f 
    		start "%_Group_%-Shell" %CommandLinePara%
      ), %_Program_to_Run_%
    _Program_to_Run_ = %comspec% /c %TEMP%\%A_ScriptName%_temp.cmd
  }

If A_IsAdmin
    GoSub, already_admin

if A_OSVersion not in WIN_2003,WIN_XP,WIN_2000
    GoSub, usage

If 1 in /?,-?,/h,-h,-help,--help
    GoSub, usage

If 1 = _Second_Run_
    GoSub, SecondRun    

StoreCurrentWorkDir = %A_WorkingDir%
SetWorkingDir, %A_ScriptDir%

If Lng = 07
    InputBox, AdminPassword, %_Admin_% Passwort, Bitte das Passwort für %_Admin_% eingeben, HIDE
Else
    InputBox, AdminPassword, %_Admin_% Password, Please input password for %_Admin_%, HIDE
RunAs, %_Admin_%, %AdminPassword%, %COMPUTERNAME%
If A_IsCompiled
  Run, %A_ScriptName% _Second_Run_ %USERNAME% %USERDOMAIN% "%_Program_to_Run_%"
Else
  Run, autohotkey.exe %A_ScriptName% _Second_Run_ %USERNAME% %USERDOMAIN% "%_Program_to_Run_%"
RunAs

SetWorkingDir, %StoreCurrentWorkDir%

ExitApp
Return

secondrun:   ;the script has now admin rights
	_User_Name_ = %2%
	_User_Domain_ = %3%
	_Program_to_Run_ = %4%
	
  If Lng = 07
      InputBox, UserPassword, %_User_Name_% Passwort, Bitte das Passwort für %_User_Name_% eingeben, HIDE
  Else
      InputBox, UserPassword, %_User_Name_% Password, Please input password for %_User_Name_%, HIDE
	Run, %systemroot%\system32\net.exe localgroup %_Group_% "%_User_Domain_%\%_User_Name_%" /ADD
  RunAs, %_User_Name_%, %UserPassword%, %_User_Domain_%
  Run, %_Program_to_Run_%
  RunAs
	Run, %systemroot%\system32\net.exe localgroup %_Group_% "%_User_Domain_%\%_User_Name_%" /DELETE

  ExitApp
Return
	
already_admin:
  If Lng = 07
      MsgBox, 4160, Sie sind Admin, Sie sind bereits Mitglied der Gruppe %_Group_%.`nDaher wird das Programm nun direkt gestartet.
  Else
      MsgBox, 4160, You are admin, You are already a member of the %_Group_% group.`nHence, the program will be execuated directly.
  Run, %_Program_to_Run_%
  ExitApp
Return

usage:
  If Lng = 07
    MsgBox, 64, Benutzung von %A_ScriptName%,
      (LTrim
        Führt ein Programm unter dem aktuellen Benutzeraccount jedoch mit Administrator-Rechten aus.
        Dieses Skript funktioniert nur unter Windows 2000, XP und Server 2003.
        
        %A_ScriptName% [Programm [Optionen]]
        
        Programm - Das Programm, das mit Administrator-Rechten laufen soll.
        Wenn dieserParameter fehlt, startet
        %_Default_Prog_%
      )
  Else
    MsgBox, 64, Usage of %A_ScriptName%,
      (LTrim
        Executes a program with the current user account but with administrator rights.
        This Script is working only under Windows 2000, XP and Server 2003.
        
        %A_ScriptName% [Program [Options]]
        
        Program - The program, which will be executed with administrator-rights.
        If this program is left blank, this will be executed:
        %_Default_Prog_%
      )
  ExitApp
Return

Ciao
toralf
 
I use the latest AHK version (1.1.15+)
Please ask questions in forum on ahkscript.org. Why?
For online reference please use these Docs.

AGU
  • Guests
  • Last active:
  • Joined: --
Attention: German language ahead :mrgreen:

Ausnahmsweise mal auf deutsch. ;)

Hinsichtlich Sicherheitsaspekten kann ich leider nichts sagen, aber du musst echt Gedankenlesen. Ich hatte auch mal irgendwann vor, dieses machmichadmin Skript in AHK umzusetzen. Setze es nämlich auch schon ein.

Hätte nur eventuelle Vorschläge zu machen. Ich geh mal davon aus, das du auch den dazugehörigen c't Artikel gelesen hast.

Hatte mir überlegt, statt des Kommdozeilenfensters mit dem roten Hintergrund eine GUI zu machen, auf den man die gewünschten Datei mit GuiDropFiles ziehen kann.
Und da man, wenn man das Skript benutzt, bei störrischen Programmen auch die im Artikel erwähnten Tools "FileMon" und "RegMon" häufig braucht, war eine meiner Überlegungen, die irgendwie mit in den GUI aufzunehmen.
Vielleicht ein Knopf, damit man die Tools starten kann.
Zusätzlich braucht man in dem Zusammenhang auch öfters sowohl "Regedit" als auch "RegEdt32". Letzteres, um die Lese- und Schreibberechtigungen auf die Registrierungsschlüssel zu vergeben.

Hatte mir also überlegt, das alles mittels eines GUIs in eine kleine (aber feine) Suite zusammenzubacken, damit man auf einen Streich alles hat, was man braucht.
Was hälst du von der Idee?

Man könnte natürlich bestimmt noch viel mehr in den GUI packen. Das sind aber im Moment die einzigen Sachen, die mir eingefallen sind.

Gruß
AGU

toralf
  • Moderators
  • 4035 posts
  • Last active: Aug 20 2014 04:23 PM
  • Joined: 31 Jan 2005
Hi AGU,

I agree with you, that such a GUI would be great. And that would be the next thing I would do. But first I only wanted to build an "exact" copy of the MakeMeAdmin. I set the exact into "", since I wanted to use the Power of AHK, sot that it wouldn't be a 1:1 copy.

But I wouldn't build the GUI into this script. I would create a new script with a GUI you described and drag that script onto the MakeMeAdmin Script. But either way, there will be a AdminControlCenter for
- RegEdit
- RegMon
- FileMon
- Defrag
- Firewall Admin
- Schtasks
- AutoStarts
- Explorer
- Shell
- Updates: Software, Anti-Virus, etc.

Lets put our efforts together.
Ciao
toralf
 
I use the latest AHK version (1.1.15+)
Please ask questions in forum on ahkscript.org. Why?
For online reference please use these Docs.

skrommel
  • Members
  • 193 posts
  • Last active: Jun 07 2010 08:30 AM
  • Joined: 30 Jul 2004
On a similar note, try RunAsTools on my homepage http://www.donationcoders.com/skrommel

Skrommel

toralf as guest
  • Guests
  • Last active:
  • Joined: --
Thank you for the link. Very well done GUI. This is saving me a lot of time.

Ciao
toralf

toralf
  • Moderators
  • 4035 posts
  • Last active: Aug 20 2014 04:23 PM
  • Joined: 31 Jan 2005
Fixed some typos in the code of the first post. But still didn't test the code.

@skrommel: There is a major difference between your code and the one described in the MakeMeAdmin (MMA) . The MMA, execute a app with your own user but with Admin previliges. AFAIU your code executes a app as a different user (which may have admin previliges). In that case the program will have a different path to MyDocuments and the user tree in the registry.
The beauty of MMA is that these paths are the same since tha app is run under your current user, but just with admin previliges.

If it is ok for you, I would like to use your code as a starting point to create the GUI I was thinking of.
Ciao
toralf
 
I use the latest AHK version (1.1.15+)
Please ask questions in forum on ahkscript.org. Why?
For online reference please use these Docs.

MIchael
  • Members
  • 59 posts
  • Last active: Dec 15 2006 01:05 PM
  • Joined: 02 Mar 2005
Hello toralf
I tested the script.
run in line 71 fails because it has no information about the _User_Name_
and even no INformation about
USERNAME
and
_Admin_
if I insert the variables manually its ok

further
the script cant read the prog that should run from the commandline

hope that helps
Thanks for the script!
(But it does not run vshadow => other topic)
ciao
MIChael

toralf
  • Moderators
  • 4035 posts
  • Last active: Aug 20 2014 04:23 PM
  • Joined: 31 Jan 2005
Thanks Michael,
This is something I still haven't found the time to to test. I always want to reinstall my PC but didn't find the time. During this process I wanted to restrict my user and have a special admin account. But as said before didn't made it ywet, thus no need for me currently for such a script and problems to test it. And I do not see me doing it the next months, sorry. Good luck with vshadow
Ciao
toralf
 
I use the latest AHK version (1.1.15+)
Please ask questions in forum on ahkscript.org. Why?
For online reference please use these Docs.

toralf
  • Moderators
  • 4035 posts
  • Last active: Aug 20 2014 04:23 PM
  • Joined: 31 Jan 2005
Hi Michael,
I thought about the bug and it might be in this line
Loop, %0% 
    CommandLinePara = %CommandLinePara% %A_Index% 
I think it might be
Loop, %0% 
    CommandLinePara := CommandLinePara %A_Index% 
But i didn't test. Maybe you can (now that you got vshadow running)?!?
Ciao
toralf
 
I use the latest AHK version (1.1.15+)
Please ask questions in forum on ahkscript.org. Why?
For online reference please use these Docs.