Professional Documents
Culture Documents
community.spiceworks.com/topic/368007-runas-batch-including-password
Which of the following retains the information it's storing when the system power is turned
off?
ROM
CPU
RAM
GPU
Submit »
Get answers from your peers along with millions of IT pros who visit Spiceworks.
Join Now
My plan is to run this batch file one night with a temp domain account that I previously add
to local admin group of all PCs an hour before running this and then I disable that account in
the morning.
My issue is I keep getting prompted for a password which not gonna do what I need
runas /user:MYDOMAIN\USER
Best Answer
38 Replies
1/10
Thai Pepper
http://www.adminarsenal.com/pdq-deploy/main
Thai Pepper
it also give you a report on whether the command was successful, so if any machines are
offline or unresponsive.
Habanero
Best Answer
Datil
Lauren7060 wrote:
Yup. Used PsExec several times when I needed to pass credentials for a process/command.
Thai Pepper
2/10
SnifferSir wrote:
Yup.
+ expand
For live stuff I would use this, but I usually get mixed results when I run on large numbers of
pc's...
Chipotle
Otherwise when setting up the scheduled task there is a radio button for running regardless
of the user being currently logged in. You can toggle the saved credentials here as well. Of
course if you don't need that level of access check that box that does not save credentials
(only local resources will be available).
If this is a system with UAC (and at this point it really should be) you may need to check off
the "Run with Highest Privileges" checkbox.
Datil
OP
Matt9169 wrote:
PDQ Deploy, The pro version allows you to schedule tasks, and choose the user to run the
command as. This way you can run it as an existing domain admin, and not have to ever store
creds locally on users machines.
http://www.adminarsenal.com/pdq-deploy/main
I have PDQ Deploy Pro and use it everyday. I am trying to write a script from there so I can it
in the foreground.
http://community.spiceworks.com/topic/367973-pdq-deploy-launch-a-webpage-and-
download-software-automatically
Datil
OP
3/10
IRJ Aug 8, 2013 at 2:01 PM
Lauren7060 wrote:
Does computer name mean I have specify a computer name for this to run? because I cant do
that. This is going to be a mass deployment.
Spice
Reply
Datil
OP
Meganerd wrote:
/savecred is the flag you are looking for. You will need to run this once with that flag to save
credentials.
Otherwise when setting up the scheduled task there is a radio button for running regardless of
the user being currently logged in. You can toggle the saved credentials here as well. Of course
if you don't need that level of access check that box that does not save credentials (only local
resources will be available).
If this is a system with UAC (and at this point it really should be) you may need to check off the
"Run with Highest Privileges" checkbox.
I just need this thing to run once. Deploying it isnt the issue, its just getting it to run with the
password saved in it.
Spice
Reply
Tabasco
4/10
Powershell
$user = "username"
$pass = "password" | convertto-securestring -asplaintext -force
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist
$user, $pass
Then you could have the script remote in to each computer using the Credential $cred .
Doing this with several machines, you would want to use a foreach statement and pull the list
of computers from a text file.
foreach($item in $list){
Habanero
Does computer name mean I have specify a computer name for this to run? because I cant do
that. This is going to be a mass deployment.
+ expand
BASH
Make a file called Computers.txt and place all your computer name in there one per line.
Thai Pepper
5/10
Matt9169 Aug 8, 2013 at 2:11 PM
How I would do this.
assuming you have pdq 2.3 use the run as logged on user. (or is this what you tried after the
first post? and if so what was the result?)
Spice
Reply
Datil
OP
Matt9169 wrote:
assuming you have pdq 2.3 use the run as logged on user. (or is this what you tried after the
first post? and if so what was the result?)
I tried running it silently with no success. I think I have to run as the logged on user, but our
users arent admins and that is required to download the modules. So that is where I am
stuck
Spice
Reply
Thai Pepper
So we had a instance recently just like this. A program needed opened with admin, then the
user selected the updates, which were downloaded, and each of those had to be ran as admin,
from different scripts that changed with each download.
So we created "Domain admin for all" day. We told all staff that they would have to reboot
their computers at a certain time, run the update, and then we removed domain admin and
told them to reboot again.
6/10
Wasn't my idea, but it worked for all but a few users who failed to listen.
Spice
(2)
Reply
Habanero
Matt9169 wrote:
So we had a instance recently just like this. A program needed opened with admin, then the
user selected the updates, which were downloaded, and each of those had to be ran as admin,
from different scripts that changed with each download.
So we created "Domain admin for all day". We told all staff that they would have to reboot
their computers at a certain time, run the update, and then we removed domain admin and told
them to reboot again.
Wasn't my idea, but it worked for all but a few users who failed to listen.
Easy solution, but it looks like Joel works for a CU... and that just won't fly in terms of an
aduit. At least it wouldn't in banking.
Datil
OP
7/10
Matt9169 wrote:
So we had a instance recently just like this. A program needed opened with admin, then the
user selected the updates, which were downloaded, and each of those had to be ran as admin,
from different scripts that changed with each download.
So we created "Domain admin for all" day. We told all staff that they would have to reboot
their computers at a certain time, run the update, and then we removed domain admin and told
them to reboot again.
Wasn't my idea, but it worked for all but a few users who failed to listen.
My approach is to make a regular domain user, deny local logon and then with Group Policy
push that user out to the local admin group. Schedule the job at night, enable the account just
before I leave and then disable it in the morning. If for some reason there is a breach, the
attacker would only be able to run as and admin on local PCs. I will probably end up logging
in to check on the job and disable the account before the morning, though.
Datil
OP
Lauren7060 wrote:
Easy solution, but it looks like Joel works for a CU... and that just won't fly in terms of an
aduit. At least it wouldn't in banking.
+ expand
http://community.spiceworks.com/topic/367973-pdq-deploy-launch-a-webpage-and-
download-software-automatically?page=1#entry-2426964
Datil
OP
Datil
8/10
OP
Lauren and Waitsian from PDQ both recommended using PsExec.exe and thats what I ended
up using. However, there was much more to automating this than meets the eye. This is what
I had to do.
1- reboot
3- reboot
6- reboot
Datil
OP
Datil
Datil
OP
Krizz wrote:
I am not sure I understand your question. If you are asking what the application is, its a
banking application that requires different installs for a teller, loan person, member service
person, etc.
Datil
9/10
Krizz Aug 9, 2013 at 11:17 AM
I understand you're trying to install a software, which requires running with
admin privileges (for which psexec is a perfect tool), but why do you connect to
http:\\223.100.200.78 in Internet Explorer in order to do so? I mean, why don't
you put the software to a networked share and start it with pexec, or use GPO
deployment feature if it's msi installer?
This topic has been locked by an administrator and is no longer open for commenting.
10/10