(imported topic written by SystemAdmin)
Can anyone post for me the action script code (if it can be done) to force a binary to do a “run as administrator” on windows 7?
(imported topic written by SystemAdmin)
Can anyone post for me the action script code (if it can be done) to force a binary to do a “run as administrator” on windows 7?
(imported comment written by kevin_friedheim)
Hi TonyK, I found using the “AT” and “RUNAS” commands useful for these types of situations.
Here’s an external thread to give you some ideas: http://www.techimo.com/forum/applications-operating-systems/85658-using-command-run-batch-file.html
So something like:
runhidden cmd.exe /C at {( match ( regex “\d\d:\d\d:\d\d” ) of ((now + 2 * minute) as string)) as string} /interactive foo.exe
will run foo.exe in interactive mode 2 minutes after the action is done.
(imported comment written by BenKus)
If you run a binary from the agent, it will run natively as the SYSTEM account, which is an administrator (and more).
Are you seeing a problem with this?
Ben
(imported comment written by kevin_friedheim)
Ben, my guess is that he’s attempting to run a binary that requires interaction with the UI - which at /interactive solves - and which SYSTEM sometimes does not have access to…
(imported comment written by BenKus)
I think the “at /interactive” command doesn’t work on Windows 7 (try it and it will warn you)… The reason this is disabled is the same reason that you can’t display interface from executables run from the SYSTEM account: it was specifically disabled in Windows 7 to prevent the “shatter attack” and other similar vulnerabilities.
Ben
(imported comment written by SystemAdmin)
The “interactive” issue continues to persist. We had a good dialog in thread http://forum.bigfix.com/viewtopic.php?id=7043 about it. Some deployment issues are only resolved by re-enabling BESclient to interact. Before you start, yes I know about the Shatter attack and its dangers. What Tony K in this thread and many others in the previous thread need is a creative solution that will enable us to successfully deploy interactive things without setting the BESclient to interactive. Somehow M$ does it with SCCM. Surely the creative genuises at Bigfix can do as well or better.