0

I'm installing a remote control application on about 100+ machines The current logged in users can not "Run As Administrator" I'm using the runas command to run as the local admin but it prompts for the password still. Here is my batch command.

@Echo Off

runas /user:localadmin "c:\users\localuser\desktop\control.exe"


Timeout /t 10 >nul


Del "c:\users\localuser\desktop\Install.bat","c:\users\localuser\desktop\control.exe"


Exit

What I get when I run this is "Enter the password for localadmin:"

I always have to enter the password. Then it continues correctly.

How can I automate the input?

james etenburn
  • 1

2 Answers2

1

Is it possible to automate the password entering?

Yes, but every method you want to use will somehow store the password, such that a clever user may be able to retrieve it.

One way to do it, is by storing the password in a textfile along with an enter (new line) and then use the command as follows:

runas /user:localadmin "c:\users\localuser\desktop\control.exe" < password.txt

What this does is use password.txt as input as if these are entered in console by a user. Every keypress you make that produces a character will be transmitted to your command.

The downside is that you store the password in a textfile that can be opened. You could generate the password.txt (or whatever you name the file) in your script, but then your script has the password in plain text stored which is not ideal either.

If your computers are domain joined, it would be far more interesting to distribute the installer through group policy. This makes it so you only have to make the computer reboot to get the software installed.

LPChip
  • 66,193
0

This is not exactly answering the question since, as far as I know, it is not easily possible, however, this is the closest workarounds I could find.

One solution is to put the password in the clipboard just before, so it is easy to paste with Ctrl+V or Shift+Ins:

echo mypassword | clip
runas ...

The other one is to use the savecred option so the password is asked the first time and saved to Windows vault, then automatically fetched from the vault for subsequent calls.

runas /savecred ...

Note that I tried to add a password first in the vault with this kind of command before executing runas, but this trick did not worked.

vaultcmd "/addcreds:Windows Credentials" "/credtype:{xxx-xxx-xxx-xxx-xxx}" "/identity:localhost\UserMe" "/resource:Domain:interactive=localhost\UserMe" "/authenticator:mypassword"
calandoa
  • 219