Client Management Suite

 View Only

Running a Process as a Different User in WiseScript (RUNAS & Sanur) 

Sep 13, 2007 02:24 PM

Here's the scenerio: You have a system file that needs to be installed to the System32 folder. And, you have several HKEY_CURRENT_USER registry keys containing configuration information.

This causes problems since the installation writes a file to the System32 folder, which is locked down for non-administrator users. Read on for the solution.

Here are your options:

  • Require an administrator to install the application. While this places the file in the System32 folder, the registry keys install with the administrator's profile rather than the end users.
  • Split the install into a per-machine and per-user installation. This creates two installations to track and requires the administrator to run each per-machine installation and each user to run the per-user installation.
  • Create one installation that runs in a rights-elevated state. The installation accesses the System32 folder by running part of the installation as a different user.

To implement the third option, elevate security rights of the installation by using either:

RUNAS (Windows 2000 and later) SU (Windows NT 4)

This simple command line utility lets an external process execute with the rights of the username passed on the command line. This places the per-machine portions of the installation in a silent WiseScript that executes as part of the main installation. Running this command results in a single-user .EXE that modifies both per-machine and per-user sections of the registry correctly.

To use the command line utility:

  1. Open Wise Installation System or WiseScript Editor in Wise Package Studio.
  2. In Setup Editor, select the beginning of the per-machine portion of the script.
  3. Double-click Execute Program in the Actions list. The Execute Program Setting dialog appears.
  4. Enter the information as follows:
    .EXE Path. %SYS32%\runas.exe 
    Command Line. /user:domain:userid .
    
    
    Userid is the user who runs the application and domain is the domain or computer name where the user resides.
  5. Click OK.

Because the RUNAS command does not pass a password on the command line, do not select Hidden from Window Size if a password is needed to execute the installation. Sanur, a free utility, lets you pipe a password to RUNAS so the installing user does not have to enter in an administrator password at runtime.

By using a command line utility, you can create clean, easy-to-run installations for all users.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Apr 17, 2009 10:54 AM

please explain how to use sunar with this. so you create the first execute command but then where do you add sunar and its command lines needed to send the password?

Nov 14, 2007 10:38 PM

Nice Catch; Simple & Powerful WiseScript Tip

Sep 17, 2007 01:03 PM

Runas is a very common way to get software installed on a usersaccount to give them elevated privileges.
But the biggest problem is that the pasword goes unencrypted over the network.
There is a way to prevent it, but that will stop PXE from working correctly.
You still have to choose from two bad way's.
Regards
Erik
www.svs4u.nl

Sep 17, 2007 09:03 AM

Runas command can be used to install the MSI. This will be kind of simulation for GP installation.
As installation can be performed through on user account on user machine with Administartor credentials.

Sep 14, 2007 07:53 AM

An alternative way to use Sanur , could be the SteelRunAs tool. I wrote a post about how to assign admin right to an exe file using this utility.
Hope that it helps.
Regards
Link: Giving Installation Executables Administrator Rights

Related Entries and Links

No Related Resource entered.