General discussion

Locked

Including password in Su.exe or Runas

By public ·
Hiya folks.

As we all know, running legacy applications on windows 2000 is an absolute pain in the ***. I mean, if you dont have a problem giving people local ADMIN access, no problem right? Wrong. We went to windows 2000 to stop people from installing AOL (and a host of other crap) and we're not about to give people administrative access to the computers. We've spent to much money and man hours on support called because people were able to futz with their computers (win9.

Fine. But now the issue of running these legacy programs (****, how about the latest version of dragon dictate? they REQUIRE the user have administrative access to their computers. and thats not even a legacy program!!! crappy software....) on windows 2000is beginning to really harrass us.

I know about runas.exe and started researching su.exe. What i really wanted to do is this.

Create a LOCAL admin on the computer (named runner). Then take a .bat file and have the .bat file run

"runas.exe /user:runner c:\folder\legacy.exe"

Obviously you dont want a .bat file to have a local administrator password embedded in it. I had planned to hand that .bat file over to our VB programmer and have him make it into an .exe (so people cannot see the PASSWORD). (****, i was even going to just rename the .bat to a .exe, change the icon, and boom. No-one would know the difference) But the problem is, runas.exe (and as far as I know su.exe) will NOT allow you to imbed the password in the command line. DOH.

If I can pull this off somehow, this information would come in VERY VERY handy to every win2k admin i KNOW. But I'm stuck at this point.

Any ideas?

Thanks!
-Ginel Lipan
public@lipan.org
MIS Dept.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Including password in Su.exe or Runas

by Joseph Moore In reply to Including password in Su. ...

I am amazed at the things 3rd party tools can do with Windows! Yes, the answer you need is a 3rd party application. I will get to it in a moment.
First off, you are right in that there is no way to force the password to be sent to RUNAS. You can't force it into a variable that RUNAS will use; you can't trick it; nothing will work. RUNAS runs interactively, so that prevents the password from being forced in.
Even if you make a shortcut, and click the "Run As Different User" option, the user name and password you use can't be saved in the shortcut.
I assume you could take a shortcut that has the different user option checked, and uncompile it to see where and how it calls the RUNAS service, and maybe there you could figure something out. But, I am not a programmer, so I don't even know if hacking a shortcut will even work!
Ok, so onto web serarching. Nothing in Technet helped (big surprise!) and nothing at the usual Windows help sites worked either. I had never heard of a way to do this, so I was thinking it just couldn't be done.
THEN I found this link on the Novell site:
http://www.novell.com/coolsolutions/zenworks/features/trenches/tr_win2k_profiles_zw.html
(please remove any spaces)

They are talking about this same thing. The folks there found a dll you can register and call in some VB script that will do this. They have a downloadable ZIP file with everything you need. So, you can try that.
They also mention an application called TqcRunas, that will also do this.

Collapse -

Including password in Su.exe or Runas

by Joseph Moore In reply to Including password in Su. ...

Here is the command syntax for TQCRunas:

>TqcRunAs [/profile] [/env] [/netonly] [/w] [/dd] [/dom <Domain&gt /user <Username /pw <passwd> commandline

/profile to load the user profile.
/env to use the current environment variables.
/netonly use if the credentials will be used only for network access.
/w wait for the new process and return its exit code.
/dd use the default domain if exists, otherwise the local machine is used unless you specify other domain with /dom
/dom <Domain> use it if you want to specify a domain, by default the local machine is used
/user <Username>
/pw <Password>
program command line. See the examples

Examples:

>tqcrunas /profile /user administrator /pw passwd cmd
>tqcrunas /profile/env /user admin /pw passwd "mmc %windir%\system32\dsa.msc"
>tqcrunas /env /user user /pw passwd "notepad \"my file.txt\""

Collapse -

Including password in Su.exe or Runas

by Joseph Moore In reply to Including password in Su. ...

I just tried it in a BAT file, and what do you know, IT WORKS LIKE A CHARM!

Here is my 1-line BAT file (called it TEST.BAT) to call Notepad under my domain Administrator account:

tqcrunas /dom MYDOMAIN /user Administrator /pw %1 notepad.exe
I then from the command line ran TEST.BAT PASSWORD (where I put in my real Admin password), and Notepad started right up!

Finally!
Get this app NOW:
http://www.quimeras.com/TqcRunAs/tqcrunas.htm

I pulled down version 2.5, which is a single stand alone .EXE file.
It worked!

hope this helps

Collapse -

Including password in Su.exe or Runas

by Joseph Moore In reply to Including password in Su. ...

Forgot to add, so you can put the password for your RUNNER account in the BAT file, have your developer compile it, or do any of the other things you wanted to do. This app is what you need.

Collapse -

Including password in Su.exe or Runas

by public In reply to Including password in Su. ...

Hey you're right!! Here is a quick procedure i created for anyone who needs help.

1) Logon as the administrator account (local or domain)
2) Create a user LOCALLY named (whatever) password ******
3) Make (whatever) a LOCAL administrator
4) Go to the TQCrunas directory (where it was uncompressed)
5) Copy TQCrunas.exe into the c:\winnt directory of the computer you are working on.
6) Copy the TQCrunas.dll into the c:\winnt\system32 directory
7) Using dos, enter the system32 directory.
Type ?regsvr32 tqcrunas.dll?
You should see a confirmation
9) Now open MS DOS. Go to the root directory (cd \). Now use this command line to create your tqc file. Note, this command line will create an ENCRYPTED file that contains the command line.

TqcRunas -build (executablename).tqc -d (localcomputername) -user (whatever) -pw ????? -e C:\Location\of\executable.exe

10) Now there is a file named (executablename).tqc in your C Directory. Copy that file into C:\Documents and Settings\All Users\Startup Menu. This will allow all users that sit down at this computer to run that program as a LOCAL ADMIN.
11) Before you log out, double click the file and point it to C:\winnt\
12) Now log out as the Administrator, log in as theuser, and test the .tqc file. It should work.

Thanks you very very much Mr. Moore!!!

Collapse -

Including password in Su.exe or Runas

by ptchtech In reply to Including password in Su. ...

Ginel
I also do not allow domain users to be a local admin. I have found that I can get 90% of all programs that require a user to be a local admin to run under a normal user account if I give the user permissions in the programs associated key inHKEY_LOCAL_MACHINE. Just add the authenticated user group to the key and give it modify or full.
You may have to adjust permissions on the programs folder and ini files as well.
Many Broderbund products you have to give write permissions to the winnt directory because it needs to write a temp log file to run.
Once you edit the registry for all the legacy programs you need to get running, just ghost it and your set
Good luck

Collapse -

Including password in Su.exe or Runas

by public In reply to Including password in Su. ...

PTCtech,
By opening up HKEY_LOCAL_MACHINE that way, wont that give the users on that machine to install stuff, maybe even mess with the registry? And then I have to figure out premissions on the folders and INI files? DOH. Please read the above suggestion. Its works a AWFUL lot better!!

thanks for the advice

-ginel lipan

Collapse -

Including password in Su.exe or Runas

by public In reply to Including password in Su. ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums