HCL Labs: Run as Local User without or Without Elevation (Interactive)
Log In or Register to download the BES file, and more.

0 Votes

Description

<enter a description of the task here>

Property Details

ID26941
StatusAlpha - Code that was just developed
TitleHCL Labs: Run as Local User without or Without Elevation (Interactive)
DomainBESC
SourceInternal
Source Release Date5/20/2019 12:00:00 AM
KeywordsUAC, User Account Control, Elevate, Interactive, RunAs
Is TaskTrue
Added by on 7/19/2022 1:06:52 PM
Last Modified by on 7/19/2022 1:06:52 PM
Counters 631 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 1172)
Used in 1157 fixlets and 540 analyses   * Results in a true/false
Show indented relevance
windows of operating system

Actions

Action 1 (default)

Action Link Click here to run script without elevation.
Script Type BigFix Action Script 
// Enter your action script here
delete __createfile
createfile until EOF_EOF_EOF
echo test > %systemroot%\test.out
EOF_EOF_EOF


parameter "user_name"="{(preceding text of first "|" of it | it) of concatenation "|" of names of logged on users}"
parameter "user_profile"="{(preceding text of first "|" of it | it) of concatenation "|" of profile folders of users of logged on users}"
// DOMAIN\ should be specified *only* for domain users.  Local users should have not prefix, not even COMPUTERNAME\user
parameter "user_domain_name"="{(preceding text of first "|" of it | it) of concatenation "|" of ((if exists domain whose (it as lowercase != computer name as lowercase) of it then domain of it & "\" else "") of user of it & name of it) of logged on users}"
if {exists logged on users}

folder create "{parameter "user_profile"}\BES_Action"
delete "{parameter "user_profile"}\BES_Action\test.cmd"
copy __createfile "{parameter "user_profile"}\BES_Action\test.cmd"

// Important - the check for elevation fails in 32-bit mode because \windows\syswow64\config does not exist
action uses wow64 redirection false

override wait
hidden=false
runas=localuser
user={parameter "user_domain_name"}
password=impersonate
wait cmd.exe /C "{parameter "user_profile"}\BES_Action\test.cmd"

else
 parameter "Skipped"="No logged on user"
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here to run script with elevation prompt.
Script Type BigFix Action Script 
// Enter your action script here
delete __createfile
createfile until EOF_EOF_EOF
@REM Check for elevated permissions
@"%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system" >nul 2>&1

@REM --> If error flag set, we do not have admin.
@if '%ERRORLEVEL%' NEQ '0' (
    @echo Requesting administrative privileges...
    @goto UACPrompt
) else ( @goto gotAdmin )

:UACPrompt
    @del /q "%temp%\getadmin.vbs" > NUL 2>&1
    @IF EXIST "%temp%\getadmin.vbs"  @echo Unable to clear previous getadmin.vbs, aborting... & exit /B 1
    @echo msgbox "A BigFix Action run in user context requires administrative elevation.  Please accept the following elevation prompt from User Access Control (UAC)",0,"BigFix Elevation Prompt" > "%temp%\getadmin.vbs"
    @echo Set UAC = CreateObject^("Shell.Application"^) >> "%temp%\getadmin.vbs"
    @echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"

    @wscript.exe "%temp%\getadmin.vbs"
    @exit /B

:gotAdmin
    @if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
    @pushd "%CD%"
   @REM CD /D "%~dp0"

@REM ############################################
@REM Now do the things that required elevation

echo test > %systemroot%\test.out
exit /B %ERRORLEVEL%

@REM ############ End of batch script ###########


EOF_EOF_EOF

//RunAs=currentuser
//asadmin=interactive
parameter "user_name"="{(preceding text of first "|" of it | it) of concatenation "|" of names of logged on users}"
parameter "user_profile"="{(preceding text of first "|" of it | it) of concatenation "|" of profile folders of users of logged on users}"
// DOMAIN\ should be specified *only* for domain users.  Local users should have not prefix, not even COMPUTERNAME\user
parameter "user_domain_name"="{(preceding text of first "|" of it | it) of concatenation "|" of ((if exists domain whose (it as lowercase != computer name as lowercase) of it then domain of it & "\" else "") of user of it & name of it) of logged on users}"
if {exists logged on users}

folder create "{parameter "user_profile"}\BES_Action"
delete "{parameter "user_profile"}\BES_Action\test.cmd"
copy __createfile "{parameter "user_profile"}\BES_Action\test.cmd"

// Important - the check for elevation fails in 32-bit mode because \windows\syswow64\config does not exist
action uses wow64 redirection false

override wait
hidden=false
runas=localuser
user={parameter "user_domain_name"}
password=impersonate
wait cmd.exe /C "{parameter "user_profile"}\BES_Action\test.cmd"

else
 parameter "Skipped"="No logged on user"
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as