Announcement

Collapse
No announcement yet.

Execute as Administrator

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Execute as Administrator

    Hi,

    How can I use PowerBasic to launch a program (any .exe or .bat) to run with Administrator rights.

    It should be like in Windows when you can run a program using the context menu of an executable file
    and a page comes up with the password query for an Administrator account before the program actually starts.

    It sounds simple. SHELL does probably not do the job?
    Has anyone got an idea?

    Gert Voland

  • #2
    I looked around a bit and had another attempt at it.
    It is not that difficult since we do not want to change privileges during run time - only a the start.

    Here are two solutions - tested with PBCC 6.04 under Win 10:

    (1) runas user: (a built in procedure)

    Code:
    ' Prog: Run_As_Admin1.bas
    '       Use runas --> Enter password in cmd window.
    '       Works for any user account name
    
    #COMPILE EXE
    #DIM ALL
    #IF %DEF( %PB_CC32 )
        #CONSOLE ON
        #BREAK ON
    #ENDIF
    
    FUNCTION PBMAIN () AS LONG
    
        LOCAL   xitcode AS LONG
    
        SHELL "runas /user:administrator " & "MyProg.exe", 1, EXIT TO xitcode
        IF xitcode <> 0 THEN
            CON.NEW
            PRINT " --- MyProg not run: runas exitcode:"; xitcode
            WAITKEY$
        END IF
    
    END FUNCTION

    (2) Create a link and flag it to run with admin rights.

    Code:
    ' Prog: Run_As_Admin2.bas
    '       Use a link --> Enter password in prompt window.
    '       A link has been created from MyProg.exe and is flagged to run as Administrator (Properties/Advanced)
    '       Note: I renamed the link to MyProg.link.lnk.
    '       Since the ".lnk" gets suppressed by my File Explorer I still recognized as a link.
    
    #COMPILE EXE
    #DIM ALL
    #IF %DEF( %PB_CC32 )
        #CONSOLE OFF
        #BREAK ON
    #ENDIF
    
    #INCLUDE "win32api.inc"                     ' Only needed for MeassageBox
    
    FUNCTION PBMAIN () AS LONG
    
        LOCAL   xitcode AS LONG
        LOCAL   hWnd    AS DWORD
    
        hWnd = GetForegroundWindow
    
        SHELL "cmd.exe /C" & "MyProg.link.lnk", 1, EXIT TO xitcode
        IF xitcode <> 0 THEN MessageBox( hWnd, " --- MyProg not run: Link exitcode:" & STR$(xitcode), "", %MB_OK)
    
    END FUNCTION
    Rgds, Gert
    Gert Voland

    Comment


    • #3
      Another way if this works for you... If your PB application is running under the Admin context it will shell to applications under the same context.

      As such, you can just include an appropriate manifest to prompt for admin rights.when your PB app starts.

      ADDED: If you are the person writing the "shelled to" programs then include the appropriate manifest in those apps. That way when you shell to them you will be prompted for admin elevation right there.
      Last edited by George Bleck; 12 Oct 2017, 07:35 AM.
      <b>George W. Bleck</b>
      <img src='http://www.blecktech.com/myemail.gif'>

      Comment


      • #4
        Thanks George, I'll give it a try.
        Gert Voland

        Comment


        • #5
          Originally posted by George Bleck View Post
          ADDED: If you are the person writing the "shelled to" programs then include the appropriate manifest in those apps. That way when you shell to them you will be prompted for admin elevation right there.
          With the use of MT.EXE (MS Manifest Tool), one can even do that after the fact, if I'm not mistaken. Create the appropriate manifest file, use MT.EXE to attach it to the executable.

          I use it to add manifests to VB6 executables.

          The Windows API CreateProcessWithLogonW or CreateProcessAsUser might be also alternatives.

          Comment


          • #6
            I will be using mt.exe. Found this link on someone that uses it with multiple languages. At the bottom is the command line they use.
            Thank you for bringing up mt.exe
            https://stackoverflow.com/questions/...into-a-vb6-exe

            Comment


            • #7
              Hi George, I would need some clarifications on the use of manifests

              According to George
              Another way if this works for you... If your PB application is running under the Admin context it will shell to applications under the same context.

              As such, you can just include an appropriate manifest to prompt for admin rights.when your PB app starts.

              ADDED: If you are the person writing the "shelled to" programs then include the appropriate manifest in those apps. That way when you shell to them you will be prompted for admin elevation right there.
              Some of my programs used a resource statement to include a manifest as shown below

              #RESOURCE MANIFEST, 1, "xptheme.xml"

              This means that a manifest is already embedded into the program

              Does this mean that these programs are able to have the admin rights to run ?

              And that I do not need any MT.exe to embed another manifest into them?










              Comment


              • #8
                You need to modify the manifest to enable the Administrative prompt.

                There are numerous references already on this site (here is one) but also here is the link directly to Microsoft which describes the Attributes.
                <b>George W. Bleck</b>
                <img src='http://www.blecktech.com/myemail.gif'>

                Comment


                • #9
                  Thanks so much George

                  The only difference from my manifest is that my manifest has

                  Code:
                   <requestedExecutionLevel level="asInvoker"
                  while theirs have
                  Code:
                  <requestedExecutionLevel level="requireAdministrator"
                  What's better to have "Administrator" rather than an ordinary user? Why do we need Administrator security level?


                  Comment


                  • #10
                    It all depends on what your applications is doing. If your app needs to write to restricted file system areas or registry hives then you may need to elevate to an administrative context.

                    Basically you will know when you need it because you will hit "that wall" for lack of any better explanation. Usually it is an error that says write permission is denied to whatever resource you are accessing.
                    <b>George W. Bleck</b>
                    <img src='http://www.blecktech.com/myemail.gif'>

                    Comment


                    • #11
                      Originally posted by George Bleck View Post
                      Basically you will know when you need it because you will hit "that wall" for lack of any better explanation. Usually it is an error that says write permission is denied to whatever resource you are accessing.
                      There are very few legitimate use cases for ordinary applications to require administrative rights after the initial installation. If Windows throws a UAC at you/your program, it almost certainly means your program design is flawed and that you didn't follow MS' design guidelines.

                      So the first action should be to reevaluate your program's design. The aim must be to never require administrative privileges.

                      Comment


                      • #12
                        Originally posted by Mike Doty View Post
                        I will be using mt.exe. Found this link on someone that uses it with multiple languages. At the bottom is the command line they use.
                        Thank you for bringing up mt.exe
                        https://stackoverflow.com/questions/...into-a-vb6-exe
                        Here's the batch (named AddManifest.cmd) that I use with mt.exe for attaching the .manifest file to the (VB6, PB has the #Resource Manifest statement) EXE:
                        Code:
                        mt.exe -nologo -manifest "%1" -outputresource:"%2";#1
                        Usage: AddManifest MyApp.exe.manifest MyApp.exe

                        Comment


                        • #13
                          I 100% agree with Knuth. You should always write your app to AVOID use of Admin rights, unless it is critical to it's function.
                          <b>George W. Bleck</b>
                          <img src='http://www.blecktech.com/myemail.gif'>

                          Comment


                          • #14
                            Thanks so much guys

                            Comment

                            Working...
                            X