Runas command
Is there a way to include the password in the command string or turn off the prompt for password? I am trying to run a command that our users are not allowed to run but I get prompted for a password during the execution of the bat file.
0 Comments
[ + ] Show comments
Answers (5)
Please log in to answer
Posted by:
cdupuis
19 years ago
Use AutoIT, that way you can script the password into it, you can even compile it exe with a password for decopmpile so your password stays safe. AutoIT has a PasWait command, that is what you need.
Posted by:
jbonbright
19 years ago
There's a great utility out there that does this - cpau.exe. It's available at http://weblogs.asp.net/bhouse/articles/27986.aspx. You basically run this from a command line, just like runas, so it works great in scripts.
Here's how you would use cpau.exe to run regedit as local administrator on a local machine named \\computer with the password "password":
cpau –u computer\administrator –p password –ex regedit.exe –profile
I'd recommend reading the documentation before using. Oh, and you may want to send the guy a small donation as gratitude, if you like it.
Here's how you would use cpau.exe to run regedit as local administrator on a local machine named \\computer with the password "password":
cpau –u computer\administrator –p password –ex regedit.exe –profile
I'd recommend reading the documentation before using. Oh, and you may want to send the guy a small donation as gratitude, if you like it.
Posted by:
jbonbright
19 years ago
One thing else I should mention: cpau.exe will only work on systems that support runas - i.e. Windows 2000, XP, and 2003. It will NOT work on NT.
Here's a better link to the download page for cpau: http://www.joeware.net/win/free/tools/cpau.htm
Here's a better link to the download page for cpau: http://www.joeware.net/win/free/tools/cpau.htm
Posted by:
bkelly
19 years ago
Another solution is to use the Script Packager feature of the Admin Script Editor: http://www.adminscripteditor.com/editor/scriptpackager/
This provides "RunAs" functionality (but does not actually use the RunAs utility itself). What you can do is create an encrypted executable out of your script (with any resource files you may need) and what you can do is specify the credentials under which the executable should run. Not only that, but the source files are protected by EFS and NTFS security during execution. If you wanted to put a password in the script, it would be pretty safe- but you don't even need to because you can specify the account the executable is to use at the time you create it in the editor.
Also has a really cool WMI wizard worth checking out: http://www.adminscripteditor.com/editor/wmiwizard/
This provides "RunAs" functionality (but does not actually use the RunAs utility itself). What you can do is create an encrypted executable out of your script (with any resource files you may need) and what you can do is specify the credentials under which the executable should run. Not only that, but the source files are protected by EFS and NTFS security during execution. If you wanted to put a password in the script, it would be pretty safe- but you don't even need to because you can specify the account the executable is to use at the time you create it in the editor.
Also has a really cool WMI wizard worth checking out: http://www.adminscripteditor.com/editor/wmiwizard/
Posted by:
aogilmor
19 years ago
I've done this before:
A further security by obscurity technique would be to pass the ASC{} character as a number.
I guess no method of providing a password from a file is truly secure, but you can make it harder [;)]
Also, you have to consider maintainability - if the admin password changes your script breaks.
A further security by obscurity technique would be to pass the ASC{} character as a number.
I guess no method of providing a password from a file is truly secure, but you can make it harder [;)]
Also, you have to consider maintainability - if the admin password changes your script breaks.
ORIGINAL: cdupuis
Use AutoIT, that way you can script the password into it, you can even compile it exe with a password for decopmpile so your password stays safe. AutoIT has a PasWait command, that is what you need.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.