Monday, November 5, 2012

VB Scripts and UAC elevation


With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script under elevated privileges/admin privileges

1. without using the Command Prompt? 
2. without user being admin on machine?

We can achieve the same by GPO which can deploy application etc. using system account but it doesn't solve the purpose where only selected users need to install applications with no admin rights on machine.

Scenario in my organization

We have intranet site in our organization with downloads page for installation of any software's for users.

Downloads page has a link to .vbs script which installs the software from local available repository when users click on the link
Problem is that users with no admin rights on local machine cannot install software especially in windows 7 as most of our users have been migrated to windows 7 with no administrator rights.

Solution: 

We created a script which can install the software on any machine with no admin privileges

We encoded the final script to protect from users

Below is the script:
******************************************************************
Option Explicit

Dim MyArr, i, IPaddress, tstr, Subnet2, Subnet3
Dim SCSserver,MapPath,oWshShell

Dim strArgs, strAdminUser, strAdminPass
Dim objFSO, wshNetwork, strComputer, objShell, strCommand

Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set wshNetwork = WScript.CreateObject("WScript.Network")
Set objShell = WScript.CreateObject("WScript.Shell")

'Enter your domain admin user id/password or account with admin privelliges on your organisation machines
strAdminUser = "domain\userid"
strAdminPass = "password"

Dim WSHShell
            Dim objNTInfo
            Dim GetComputerName

            Set objNTInfo = CreateObject("WinNTSystemInfo")
            GetComputerName = lcase(objNTInfo.ComputerName)

            Set WSHShell = WScript.CreateObject("WScript.Shell")
           
If WScript.Arguments.Count < 1 Then
      Call Normal_User_Commands
ElseIf WScript.Arguments(0) = "AsAdmin" Then
      Call Admin_User_Commands
Else
      MsgBox "Unknown Argument received"
End If

Sub Normal_User_Commands
      'MsgBox "Running as initiating user"
      strComputer = GetComputerName
      'Download psexec.exe and copy it on network as we are using psexec.exe
      strCommand = "cmd /c <Path for psexec.exe> \\" & strComputer & " -i -u " & strAdminUser & " -p " & strAdminPass & " wscript.exe <complete path for your script which installs application/software.vbs> ""AsAdmin"""
      objShell.Run strCommand, 0, True
End Sub



Sub Admin_User_Commands
      'Now running as Administrator on the target machine
      'MsgBox "Running as Admin"
      strCommand = "notepad.exe"
      objShell.Run strCommand, 0, True
End Sub
********************************************************************