0

I'm trying to call PsExec from a WScript.Shell Object in the form posted below (but am definitely open to alternatives).

Set oShell = CreateObject("WScript.Shell")
oShell.Run "cmd.exe /C C:\Users\NOT_Administrator\Desktop\PsExec.exe \\192.168.10.5  -u Administrator -p PASSWORD cmd /c ""C:\Windows\Launch_Bat.exe"""

Please note that for PsExec to ever succeed a PASSWORD is required.

The thing about this is that because the initial cmd.exe from oShell.Run is being launched from a non-administrative user, PsExec inherits those lack of privileges and ultimately fails to connect giving the error "Access is Denied." I concluded this after reading and testing PsExec between a non-administrative command prompt (no VBScript involved) in which it failed, and from an administrative Command Prompt from where it succeeded.

So my question is, is it possible to make VBScript launch either cmd.exe as an Administrator (preferably in the form posted above) natively within the script, or force the PsExec portion to use the priviliges passed in as administrative account credentials?

Additionally, I tried 2 methods posted below (both are in a different form from the one I desire):

  1. https://gallery.technet.microsoft.com/scriptcenter/9bda53d7-ec2e-4bc2-8e97-4487233bc55b

    set WshShell = WScript.CreateObject("WScript.Shell")
PASSW = "PASSWORD"
WshShell.run "runas /user:Administrator %comspec%"
WScript.Sleep 1000
WshShell.SendKeys PASSW
WScript.Sleep 1000
WshShell.SendKeys "{ENTER}"

    But this closed then opened up an administrative Command Prompt, but I couldn't make the script pass anything into the new prompt.

  2. https://www.itsupportguides.com/knowledge-base/windows-7/windows-7-run-vbs-script-as-elevated-user-uac/

    If WScript.Arguments.Length = 0 Then
    Set objShell = CreateObject("Shell.Application")
    objShell.ShellExecute "wscript.exe", Chr(34) & _
        WScript.ScriptFullName & Chr(34) & " uac", "", "runas", 1
Else
    WScript.Echo "This code is ran as an elevated user, ie. 'Administrator'"
End If

    But this opens up an echo dialog box, but when I put it at the head of my script, it simply made it loop infinitely. It also requires me to input the password which I do not mind. I prefer not to, but if I must I will. I know that runas doesn't have an explicit flag to pass in the password unfortunately although you can use set_credentials.

Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328
FailSafe
  • 482
  • 4
  • 12
  • `WshShell.run "runas /user:Administrator %comspec% any other parameters you want"` – ACatInLove Dec 15 '17 at 22:20
  • Yea, I mentioned this above. For some reason this method wouldn't allow the script to pass anything into the newly opened command prompt. Thanks for the pointer though. – FailSafe Dec 15 '17 at 22:23
  • Type `cmd /?` to see why. Your command is misformed. You have to use /k or /c. You could use WMIC (or WMI from any COM language like VBScript). `wmic /node:127.0.0.1 /user:user /password:password process call create "c:\\windows\\system32\\cmd.exe /c c:\\mybat.bat"`. Windows Scripting Host has remote script execution as well. Windows Shell Objeects can run a command elevated using RunAs verb from right click menu. – ACatInLove Dec 15 '17 at 22:36
  • PS WMIC due to the fact it initialises on first run, requires an ADMIN to run it at least once before limited users can run it. – ACatInLove Dec 15 '17 at 22:37
  • Plus if you say what your batch file is doing there is likely a way to do it from 1 machine using WMIC. – ACatInLove Dec 15 '17 at 22:45
  • Honestly, I've been trying to avoid WMIC because it's very finicky. With regards to the command being malformed, which one are you referring to? The one whose form is my preference, or the first alternate method, or the second alternate method? When I changed the first alternate to the following ...WshShell.run "runas /user:Administrator cmd.exe /c ""C:\Windows\Launch_Bat.exe"""... That failed. Additionally, when I did ...WshShell.run "runas /user:Administrator cmd.exe" then tried to use SendKeys to push this into the new prompt that failed. – FailSafe Dec 15 '17 at 23:03
  • Following up, if you did mean that the initial one which is my preference is misformed, it isn't, but in retrospect I should have been more clear. PSEXEC launches, but I get an "Access is Denied" message because it is not launched from an Administrative prompt. Additionally, the batch file is really just for show. It could have been a text file, but the administrative PSEXEC launch has to be done from the native VBS script. – FailSafe Dec 15 '17 at 23:04
  • *Be aware that runas does not provide the ability to launch an application with an elevated access token, regardless of whether it is a standard user with privileges like a Backup Operator or an administrator. The runas command grants the user the ability to launch an application with different credentials. ... If your program programmatically uses the runas command, ensure that it is not intended to launch an elevated process.* https://msdn.microsoft.com/en-us/library/bb756922.aspx?f=255&MSPPError=-2147217396 – ACatInLove Dec 16 '17 at 02:00
  • The last sample is what you should use for re-running a VBScript with elevated privileges. However, you cannot simply prepend your code with that, because whoever wrote that snippet put the code to run with elevated privileges in the `Else` branch instead of [exiting from the (original) script](https://stackoverflow.com/a/17467283/1630171) after re-running it. – Ansgar Wiechers Dec 16 '17 at 18:51
  • Sorry guys. A string of bad luck (computer crash and having to get my car fixed twice in 3 days held me up). Ansgar, I will try your suggestion, but I think the most appropriate one may be changing the Registry. – FailSafe Dec 18 '17 at 12:20

0 Answers0