Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Run application as administrator 2

Status
Not open for further replies.
Anesthaesia

Anesthaesia

Technical User
Aug 30, 2001
126
GB
Does anyone know if this is possible ?

I have an app I need to run on some workstations, which updates the registry and performs other functions - the problem is it needs admin rights to do some of this. I don't want to have to log into each machine as administrator before I run it. Is there any way to run the program as administrator (I have the administrator password) while logged in as a user ?
 
Sort by date Sort by votes
Naturally I have some code that allows you to modify the necessary privilege...
 
Upvote 0 Downvote
i didnt doubt for one second you had the code knockin around.... but still, a bit of light reading will do me good!!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
File Formats Galore @
 
Upvote 0 Downvote
one question though...

should i be looking into setting SE_TCB_NAME privilages (which MSDN has just informed isnt a great idea) or should i be concentrating my efforts in the createprocessasuser with tokens?

im quite prepared to read up on both, but a pointer wouldnt go unappreciated!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
File Formats Galore @
 
Upvote 0 Downvote
hmmmm...

If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD
Click to expand...

is that true?? if so then i dont think logonuser is failing for that reason (the SE_TCB_NAME privilages bit)...

my GetLastError result is 0 (ERROR_SUCCESS)...

and so... confusion descends

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
File Formats Galore @
 
Upvote 0 Downvote
Oh dear, I afraid that I've got bad news for you: GetLastError is not a reliable or particularly useful API call in VB, since there's no guarantee that calling GetLastError will result in that set by the API call you made (VB makes loads of successful API calls itself, so you generally end up with a GetLastError of 0)

 
Upvote 0 Downvote
hmmm... while i admit ive not spent to much time on the matter (been learning asp/css and a few other web page things), either my system is [insert word] or im still missing the point!!!

even if i set the SE_TCB_NAME privilages (which im not sure that im actually doing) it still returns false from logonuser and if i try a different approach using the createprocessasuser api... well to be blunt it doesnt work full stop!!!

unfortunately my limited knowledge of API has got me beat on this one (and mr applemans book will have to wait cos im a little snowed under).

basically i gracefully retire from this thread until a later date!

on a sidenote [aimed at site admin] would it be possible to break up VB5s link so this thread views properly.

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
File Formats Galore @
 
Upvote 0 Downvote
ok... strongm... this is where i beg!!!!

please show me how this is done... ive had many a sleepless night!!!!

any the bleeder still evades me!!!

PLEASE!!!!!!!!!!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @
 
Upvote 0 Downvote
>strongm (MIS) May 19, 2003
Naturally I have some code that allows you to modify the necessary privilege...

i really really would like to see this code!!!

ive tried many many approaches all that result in failure!!

i really am getting desperate!!!

i can do it on 98 and 98 SE but above that it fails!!!!

PPPPPPPPPPPPPPLLLLLLLLLLLLLLLEEEEEEEEEEEAAAAAAAAAAAASSSSSSSSSSSEEEEEEEEEEEEEE [lol]

thnx in advance!!



If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or
 
Upvote 0 Downvote
Ooh - I missed this final request. Sorry. My code for this is at work - and I'm on the road for a few days. I'm guessing, since you've already waited a week or so for this, that you won't mind (too much) hanging on until next week for this...
 
Upvote 0 Downvote
Actually, I've just discovered that I was smart enough to email the code to myself...

The following example includes the original impersonation technique, a function for setting the token and a (basic) illustration on how to get more meaningful DLL errors in VB. A form with two command buttons is required:
[tt]
Option Explicit
'Private Declare Function PrivilegeCheck Lib "advapi32.dll" (ByVal ClientToken As Long, RequiredPrivileges As PRIVILEGE_SET, ByVal pfResult As Long) As Long
Private Const SE_TCB_NAME = "SeTcbPrivilege"
Private Const SE_PRIVILEGE_ENABLED = &H2
Private Const TOKEN_ADJUST_PRIVILEGES = &H20
Private Const TOKEN_QUERY = &H8

Private Const ANYSIZE_ARRAY = 1

Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LARGE_INTEGER) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long

Private Type LARGE_INTEGER
lowpart As Long
highpart As Long
End Type

Private Type Luid
lowpart As Long
highpart As Long
End Type

Private Type LUID_AND_ATTRIBUTES
pLuid As LARGE_INTEGER
Attributes As Long
End Type

Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type


Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function ImpersonateLoggedOnUser Lib "advapi32" (ByVal hToken As Long) As Long
Private Const LOGON32_LOGON_NETWORK = 3
Private Const LOGON32_LOGON_INTERACTIVE = 2

Private Const LOGON32_PROVIDER_DEFAULT = 0


Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Private Const FORMAT_MESSAGE_FROM_SYSTEM As Long = &H1000


Private Sub Command1_Click()
MsgBox "Impersonation successful: " & MakeMeImpersonate("admin", "sl33pwalk", "cwb")
End Sub

' Attempts to make the current thread (i.e the VB program) impersonate Username, using a given Password
' The relevant Domain can also be named. If omitted, account will be verifiedagainst the local account
' database rather than that of a domain
' Function returns non-zero (TRUE) if impersonation is successful, FALSE if not
Private Function MakeMeImpersonate(Username As String, Password As String, Optional Domain As String = ".") As Boolean
Dim result As Long
Dim hToken As Long

If LogonUser(Username, Domain, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, hToken) Then
result = ImpersonateLoggedOnUser(hToken)
If Not result Then Err.Raise Err.LastDllError, "MakeMeImpersonate", "ImpersonateLoggedOnUser: " & ApiErrorText(Err.LastDllError)
Else
Err.Raise Err.LastDllError, "MakeMeImpersonate", "Logon User: " & ApiErrorText(Err.LastDllError)
End If
MakeMeImpersonate = result
End Function

Private Function AdjustAccessToken() As Long
Dim hProc As Long
Dim OldTokenStuff As TOKEN_PRIVILEGES
Dim OldTokenStuffLen As Long
Dim NewTokenStuff As TOKEN_PRIVILEGES
Dim NewTokenStuffLen As Long
Dim pSize As Long
Dim result As Long

If OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hProc) Then
If LookupPrivilegeValue(vbNullString, SE_TCB_NAME, OldTokenStuff.Privileges(0).pLuid) Then

NewTokenStuff = OldTokenStuff
NewTokenStuff.PrivilegeCount = 1
NewTokenStuff.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
NewTokenStuffLen = Len(NewTokenStuff)
pSize = Len(NewTokenStuff)

result = AdjustTokenPrivileges(hProc, False, NewTokenStuff, NewTokenStuffLen, OldTokenStuff, OldTokenStuffLen)
End If
End If
If Not result Then Err.Raise Err.LastDllError, "LogonUser", "AdjustToken: " & ApiErrorText(Err.LastDllError)
End Function

Private Sub Command2_Click()
AdjustAccessToken
End Sub


Private Function ApiErrorText(ByVal ErrNum As Long) As String
Dim msg As String
Dim nRet As Long

msg = Space$(1024)
nRet = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, ByVal 0&, ErrNum, 0&, msg, Len(msg), ByVal 0&)
If nRet Then
ApiErrorText = Left$(msg, nRet)
Else
ApiErrorText = "Error (" & ErrNum & ") not defined."
End If
End Function
 
Upvote 0 Downvote
cheers strongm... im not at a dev machine at the moment... so i cant give it a go... ill give you a star in the meantime though... lol!!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or
 
Upvote 0 Downvote
ah crap!!!

runtime 1300 ("Not all privileges referenced are assigned to the caller") and runtime 1314("A required privilege is not held by the client")!!

i guess its time to do some more reading [cry]



If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or
 
Upvote 0 Downvote
am i missing something?!?? does being logged onto a 2k pro machine as administrator mess things up?!?!

i cant see how or why this is failing!!!

ps the RT1300 is in the adjusttoken sub and RT1314 is in the logonuser sub!

enjoy your hols/road trip by the way!!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or
 
Upvote 0 Downvote
Shouldn't do - but I won't be in a position to check the code until Wednesday (maybe the version I emailed to myself - back in May - was an early, non-working prototype)
 
Upvote 0 Downvote
lol no worries... like i said have a good un!

its not a priority for me, just a curiosity!



If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or
 
Upvote 0 Downvote
[cry] why do i keep punishing myself!!!!

still RT 1300 and 1314!

theres got to be something obvious!!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or
 
Upvote 0 Downvote
in case anyone finds this thread... its advanced through several postings.

initially:-

thread222-601022

and then onto

thread711-649056

(just to keep it up to date [wink]

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
come on... get involved!
To get the best response to a question, please check out FAQ222-2244 first
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sal21
  • Locked
  • Question
.Bat tu run myapp.exe as amministrator 1
Replies
7
Views
883
klima
K
sal21
  • Locked
  • Question
CREATE msflexgrid as in xlsx file 2
Replies
8
Views
439
strongm
strongm
BigTG
  • Locked
  • Question
Converting an old XP VB6 program to run on Windows 7 & Windows 10
Replies
5
Views
549
vb5prgrmr
vb5prgrmr
marty1944
  • Locked
  • Question
error code 380 when trying to run the visual basic v6 deployment wizard
Replies
1
Views
790
marty1944
marty1944
Swi
  • Locked
  • Question
Open File as Unicode (UTF-16) and Save as UTF-8 1
Replies
12
Views
1K
strongm
strongm

Part and Inventory Search

Sponsor

Back
Top