Run a Script with administrative privileges via GPO

I have place the batch script on my Desktop and it still worked maybe something wrong with your batch script.

Are you using program named Runas?

FreeBooter said:

I have place the batch script on my Desktop and it still worked maybe something wrong with your batch script.

FreeBooter said:

Are you using program named Runas?

yes I am using RunAs program. This is very useful because when i install some program where they need admin right to run I can update the program by batch file.
For example in my case I have to add on this program wireshark (it works only with admin right). Once i have exported a backup file where workshark is included I can deploy it to all pcs. The script basically start the runAs pass the credentials (user/password) and import the file exported .

The script doesn't work when I use it with the normal user even i click run as administrator (appear the admin error).
If i log as local admin it works fine.....so I don think the problem is the script for itself.

I am thinking maybe the issue could be the exported file location. I store it in \\labs.local\NETLOGON\run_as\wire_shark.rnt

This folder is visible from the client machine

I'm thinking its the Runas program causing the issue have you tried running your script without Runas program.

I have a batch script which backs up registry hives can you please try this batch script without any changes to it and let me know if the script worked or not.

See if the registry hives are backed up to C:\Registry_Backups folder.

FreeBooter said:

I'm thinking its the Runas program causing the issue

runas isn't a program really. It is a standard part of windows command shell.

FreeBooter said:

I have a batch script which backs up registry hives can you please try this batch script without any changes to it and let me know if the script worked or not.

It works if run as a local administrator, otherwise it fails - it doesn't stop as there is no error handling - it just makes zero byte output files.

The script suppresses messages but if you remove this running as standard user gives

Code:

<snip>
C:\Users\Hali\Downloads>REG SAVE HKU\.DEFAULT C:\Registry_Backups\DEFAULT
ERROR: A required privilege is not held by the client.

C:\Users\Hali\Downloads>REG SAVE HKLM\SAM C:\Registry_Backups\SAM
ERROR: A required privilege is not held by the client.

C:\Users\Hali\Downloads>REG SAVE HKLM\SECURITY C:\Registry_Backups\SECURITY
ERROR: Access is denied.

C:\Users\Hali\Downloads>REG SAVE HKLM\SOFTWARE C:\Registry_Backups\SOFTWARE
ERROR: A required privilege is not held by the client.
<snip>

I don't know of any way to run programs at startup for non local-admins unless you specify a (not disabled) user/password of an account that does have local admin rights.

Thank you Freebooter for your help and consideration . I Really appreciate.

Unfortunately It didn't work.

I forced on the server the GPO and restarted the client.... no luck ...

lx07 said:

runas isn't a program really. It is a standard part of windows command shell.

Sorry for the misunderstanding, I am using this program:

RunAsTool v1.3

For a remote update I am using this batch file:

RunAsTool.exe “/U=Admin” “/P=PassWord” “/I= location of Import.rnt”

epulone said:

Sorry for the misunderstanding, I am using this program:

RunAsTool v1.3

Sorry - I assumed the built in tool function.

Looking at their website though would it not mean that would have to have local admin user "Admin" set up and enabled with the same password on all 100 PCs? It doesn't work with domain accounts according to the comments on their website.

In any case while privilege escalation is easy for local admins (or if you enter a local user/password), no program can circumvent Windows security for standard user accounts (that I know of).

Looks like its the program causing the issue.