Windows 2000 professional question

Factual Questions
1

I need a little help with a situation at my company and I was wondering if you guys could help.

I’m on an IT helpdesk and I need to run a virus removal tool on a remote machine.
It shouldn’t be difficult to do this with all the remote admin tools availble these days but:
[ul]
[li]The user’s account does not have the neccessary privileges for the tool to run successfully. [/li][li]I can’t use remote control software to log in with my admin account. The software I have to work with will not allow such a connection over the 56kbps dial-up line at their end.[/li][li]There’s no way I can tell the user my or any other admin account password, so using the RunAs function is out too.[/li][li]I don’t have the neccesary access to push it out as a policy or script.[/li][/ul]
Does anyone know of the existence of a “wrapper program” that I could use to create a new executable that would run under a username and password of my choice?

Any help gratefully received.

2

Gee, I use Windows 2000 Professional on one of my development machines but sadly for you, I’ve always had physical access to my various machines so that I can load a program like VNC or NetMeeting in Admin mode. After that, the remote PC can run under a lesser account and you can still log on via NetMeeting or VNC or stuff like that. You can even logout of the initial account and login as an Admin, but without the destination PC’s Admin username and password, I’m afraid you might have reached a dead end for now.

3

I’m not an IT but I know a way around this;

One thing that you can do through their account is setup a scheduled task. (start > programs > accessories > system tools > schedule tasks)

This will give you the option to run the program as a different user. At this point enter your login admin information.

Problem solved! =)

4

After rereading what you wrote a couple times I decided that I dont completely understand your problem, and that this may or may not work 0.o

GL!

5

Thanks Boo Boo: We use a remote admin program called Dameware which is very good but in this case it won’t work over dialup. Naturally, I’m prohibitted from using other remote admin programs, and I couldn’t install the client s/ware on the end user’s PC anyway. thanks anyway though.

alterego: I hadn’t thought of the task scheduler, thanks. The problem with your solution is that I can’t use any kind of remote admin to set up the task schedule. Plus, I would still have to give the user a username and password with admin rights which is a no-no.

The ideal solution would enable me to email the user a program that I have somehow pre-set to run with a specified username and password. That way, it’s transparent to the user and they can run it again later if they get reinfected.

6

Off the top of my head, I’m wondering if you could put the runas line in a .bat file, and run bat2com to hide the username and password. Of course, it wouldn’t hide it completely, but it might work in theory?

7

Erm, bat2exe is the program I’m thinking of.

8

dylan_73: Interesting, very interesting.

The only problem is the RunAs syntax is as follows:

runas /env /user:name@subdomain.domain.com program_name

You get a screen prompt afterwards where you insert the password. Could anextra line be inserted into the batch file to supply the password?

Will give it a go anyway. Thanks.

9

I’ve found a VBSCript called vbrunas that sort of does the job. I’ve constructed a batch file that works too, the file is this:

@echo off
vbrunas Domain\User Password program

Unfortuately, I still have to put the password for an admin account into a plain text file. Now, granted the user is unlikely to look into the file but it’s an risk I want to avoid.

Not being any good with VB Scripting, I don’t know how to edit the script to supply the password directly.

Here’s the complete script, that I got from this article on experts-exchange.com:

'Start of Script
'VBRUNAS.VBS
'v1.2 March 2001
'Jeffery Hicks
'jhicks@quilogy.com http://www.quilogy.com
'USAGE: cscript|wscript VBRUNAS.VBS Username Password Command
'DESC: A RUNAS replacement to take password at a command prompt.
'NOTES: This is meant to be used for local access. If you want to run a command
'across the network as another user, you must add the /NETONLY switch to the RUNAS
'command.

’ *********************************************************************************
’ * THIS PROGRAM IS OFFERED AS IS AND MAY BE FREELY MODIFIED OR ALTERED AS *
’ * NECESSARY TO MEET YOUR NEEDS. THE AUTHOR MAKES NO GUARANTEES OR WARRANTIES, *
’ * EXPRESS, IMPLIED OR OF ANY OTHER KIND TO THIS CODE OR ANY USER MODIFICATIONS. *
’ * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED IN A SECURED LAB *
’ * ENVIRONMENT. USE AT YOUR OWN RISK. *
’ *********************************************************************************

On Error Resume Next
dim WshShell,oArgs,FSO

set oArgs=wscript.Arguments

if InStr(oArgs(0),"?")<>0 then
wscript.echo VBCRLF & “? HELP ?” & VBCRLF
Usage
end if

if oArgs.Count <3 then
wscript.echo VBCRLF & “! Usage Error !” & VBCRLF
Usage
end if

sUser=oArgs(0)
sPass=oArgs(1)&VBCRLF
sCmd=oArgs(2)

set WshShell = CreateObject(“WScript.Shell”)
set WshEnv = WshShell.Environment(“Process”)
WinPath = WshEnv(“SystemRoot”)&"\System32\runas.exe"
set FSO = CreateObject(“Scripting.FileSystemObject”)

if FSO.FileExists(winpath) then
'wscript.echo winpath & " " & “verified”
else
wscript.echo “!! ERROR !!” & VBCRLF & “Can’t find or verify " & winpath &”." & VBCRLF & “You must be running Windows 2000 for this script to work.”
set WshShell=Nothing
set WshEnv=Nothing
set oArgs=Nothing
set FSO=Nothing
wscript.quit
end if

rc=WshShell.Run(“runas /user:” & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)
Wscript.Sleep 30 'need to give time for window to open.
WshShell.AppActivate(WinPath) 'make sure we grab the right window to send password to
WshShell.SendKeys sPass 'send the password to the waiting window.

set WshShell=Nothing
set oArgs=Nothing
set WshEnv=Nothing
set FSO=Nothing

wscript.quit

'************************
'* Usage Subroutine *
'************************
Sub Usage()
On Error Resume Next
msg=“Usage: cscript|wscript vbrunas.vbs Username Password Command” & VBCRLF & VBCRLF & “You should use the full path where necessary and put long file names or commands” & VBCRLF & “with parameters in quotes” & VBCRLF & VBCRLF &“For example:” & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog e:\scripts\admin.vbs" & VBCRLF & VBCRLF &" cscript vbrunas.vbs quilogy\jhicks luckydog " & CHR(34) &“e:\program files\scripts\admin.vbs 1stParameter 2ndParameter” & CHR(34)& VBCRLF & VBCRLF & VBCLRF & “cscript vbrunas.vbs /?|-? will display this message.”

wscript.echo msg

wscript.quit

end sub
'End of Script
So. NAyone here good with VBScript and can tell me how to get the script to supply the password? I can then encode the script with a M$oft tool.

10

Can you create a new domain account with just enough privileges to run the virus tool and give them the details for that? Then deactivate the account afterwards.

You could create a WSF script file that issues the RunAs command using the WScript.Shell.Run method and encrypt the script itself using the Script Encoder tool. Be aware that the encryption is not strong and can be broken trivially by anyone with a little time and programming ability, so the admin password wouldn’t be that safe.

If you’re into some heavier stuff then get busy with CAPICOM and Scripting.Signer to create a script signed with a digital certificate containing a strongly encrypted copy of the admin password. This is a safer, but non-trivial solution.

11

Armilla:
Re: First option…No unfortunately that’s not an option.

How would I hard code the username and password into the VBScript above? I’ve tried myself but I know very little about VBScript.

MS Script Encoder would be sufficient I think. I would talk the user through deleting the file as soon as it had been used, and the people who would require this won’t have anything like the skill required to crack it.

12

The line “sPass=oArgs(1)&VBCRLF” is the password. Just put it in specifically.

13

Oops, and “sUser=oArgs(0)”, just above it is the user. vbs2exe will make an exe to make it less likely the person will snoop for admin rights.

14

Perhaps if I’d engage my brain a bit more, I could write just the one post instead of three! I don’t know if the sPass line needs to be:

sPass=“password”&VBCRLF
or just
sPass=“password”
(where password is obviously your password)

I guess test it on your own machine.

15

Thanks everyone I think I’ve got this working now.
dylan_73: It works when I use the line

sPass=“password”&VBCRLF

I had a go with VBS2EXE but I may have got a buggy version. When I ran it, I got a small winodw prompting for “EXE in” and “VBS out”. Only the “VBS out” allowed me to put in a file name.

Armilla: I had a go with the script encoder after coding in the password but that broke it so I’m going to leave it unencoded. I might try create a special Admin account that I can disable and/or password-reset after use.

Thanks for your help again everyone.