2

I have a Vbscript that runs on user log off that is suppose to turn off a service, however i't can't turn off the service since it's being blocked by UAC. I was wondering if there is a way to bypass UAC in my vbscript instead of having to turn off UAC on every machine in my domain. thanks!

Kaustix
  • 57
  • 1
  • 1
  • 5
  • If the user is a standard user, then they are not allowed to shut down services. Disabling UAC will not make the user an administrator. What would you have done under Windows XP, where there was no UAC? The correct solution is to adjust the ACL settings for your service during installation to allow **Everyone** to stop your service. If you really want *"All Users"* to be able to stop your service, [then set the service's permissions accordingly.](https://serverfault.com/questions/187302/how-do-i-grant-start-stop-restart-permissions-on-a-service-to-an-arbitrary-user). – Ian Boyd Sep 25 '18 at 20:24

2 Answers2

9

What would be the point of UAC if you could bypass it by saying "it shouldn't apply to me"? You cannot bypass it from vbscript.

You can do this administratively though, by running the script using elevated credentials in the first place.

For example by having an "on logon" scheduled task, running as Administrator or SYSTEM. I believe this works in Windows 7, and vista.

To create such a task on a remote machine:

schtasks.exe /create /S COMPUTERNAME /RU "NT AUTHORITY\SYSTEM" /RL HIGHEST /SC ONLOGON /TN "Administrative OnLogon Script" /TR "cscript.exe \"Path\To\Script.vbs\""

Tasks can also be created using script.

Note: If this is the only thing the script does, you can simply use a command like SC or NET STOP to stop the service directly.

Ben
  • 34,935
  • 6
  • 74
  • 113
  • 2
    Thanks for the response, I used your idea of just using a batch file and then i simply created a shortcut to the file and under properties set the shortcut to run as administrator, very bad hack but it works. Thanks for the help! – Kaustix Mar 19 '11 at 00:31
0

It's quite true you cannot bypass it from vbscript (in any way that I know). But vbscript is part of the solution.

Another slightly more flexible solution (ugly but flexible) uses the following 2 lines of vbscript:

Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.LogEvent 4, "C536132C2CB6ABB85554670D2F97E23C"

The solution also requires the following custom xml event filter for your scheduling trigger:

<QueryList>
<Query Id="0" Path="Application">
<Select Path="Application">
  *[System[Provider[@Name='WSH'] and (Level=4 or Level=0) and (EventID=4)]] 
  and 
  *[EventData[Data='C536132C2CB6ABB85554670D2F97E23C']]
</Select>
</Query>
</QueryList>

The following xml is an export from my task scheduler (with hostname and userid modified). It runs an admin level powershell console

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2013-07-24T15:00:52.6087783</Date>
<Author>MyRealHostName\my_real_login_name</Author>
<Description>Hack to run powershell as admin without confirmation</Description>
</RegistrationInfo>
<Triggers>
<EventTrigger>
<Enabled>true</Enabled>
<Subscription>
&lt;QueryList&gt;&lt;Query Id="0" Path="Application"&gt;&lt;Select Path="Application"&gt;
*[System[Provider[@Name='WSH'] and (Level=4 or Level=0) and (EventID=4)]] 
and 
*[EventData[Data='C536132C2CB6ABB85554670D2F97E23C']]
&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;
</Subscription>
</EventTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>MyRealHostName\my_real_login_name</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>false</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>false</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
<UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe</Command>
<Arguments>-NoLogo -NoExit</Arguments>
<WorkingDirectory>c:\users\my_real_login_name</WorkingDirectory>
</Exec>
</Actions>
</Task>

Note that you can be as selective as necessary with the data string:

C536132C2CB6ABB85554670D2F97E23C

Is any sufficiently unique string that you arbitrarily tie to the app you want to run with elevated privileges. So, you can be admin on any app without constantly reminding windows 7 that it's ok. It really should never be this hard:-(

namrokretep
  • 99
  • 5