# Run As script for non-priveleged users that can't know password



## wisdum (Dec 1, 2005)

I have a domain environment where users on client computers need to run video games (I know it sounds stupid) in a non-privileged mode. 

Here is the problem: Any modern game requires admin privileges to run. Or, at least modify permissions to the game folder in Program Files. Of course i tried that first but that did not fix the issue. 

I need for limited, and i mean VERY limited users to be able to run these games without having to type in a password or be able to mess with the computers. This is an isolated lab inside of a Juvenile detention center where they are using video games as a reward system. So obviously these kids can't have full admin rights on their machines. In fact, they are tightened down all the way with a GPO that won't even let them turn off the computer.

I need a simple script that will use Run As to launch the game on an administrative account and without them typing in the password. Usually their is a security risk here but these computers are so tight you can't even right click anything. I see no way for them to be able to even browse to the script to open it up to see the password; i don't feel it is a security risk.

But how can i get a script t save the password and enter it for the user?

thanks!


----------



## Frank4d (Sep 10, 2006)

wisdum said:


> This is an isolated lab inside of a Juvenile detention center where they are using video games as a reward system.


I have a nephew who was in one of those places for a while. He called once from a payphone and asked me how to break the Administrator password (I didn't tell him). Some kids in Juvie Hall have way too much free time.


----------



## wisdum (Dec 1, 2005)

Oh yeah, and you have to physically lock up the machines too, or they destroy them...

Ok, i found another forum that had a thread that uses run as how i want to use it:

you can see it here

Here is the code im using:

set WshShell = CreateObject("WScript.Shell")
WshShell.Run "runas /user:domain\user app.exe"
WScript.Sleep 100
WshShell.Sendkeys "Password!"

I dont know enough about vb script to get it to work. It isn't properly inputting the password for me. It does work if i type it in though.


----------



## StumpedTechy (Jul 7, 2004)

Here you go -


```
Set WshShell=WScript.CreateObject("WScript.Shell")
strCmd="C:\windows\system32\mspaint.exe"
strUser="Domain\User"
strPass="Password"
set WshShell=CreateObject("WScript.Shell")
WshShell.Run "runas.exe" & " /u:" & strUser & " " & strCmd
WScript.Sleep 1000
WshShell.Sendkeys strPass & "~"
```
Change the following for your environment -
Everything within the "'s of strCMd = To the path of YOUR executible.
Everything within the "'s of strUser = To the Username with Admin rights.
Everything within the "'s of strPass = To the password of the username in strUser.

All the rest of the script you shouldn't need to modify and this should be able to be used for any program you want. I added a little time to the sleep command... 100 is rather short with this being miliseconds and since your using sendkeys the main thing to make sure is the users don't "click" off the command prompt box.


----------



## Squashman (Apr 4, 2003)

Plenty of Encrypted RunAs utilities out there. Some are free, some are very inexpensive.


----------



## wisdum (Dec 1, 2005)

Interestingly enough, i didn't need the script. I tried the 'right-click Run As' option and it worked. I figured it was a one time thing, but it seems to cache the authentication. 

Because this network is under heavy restriction via GPO, the 'user' can't even right click. So i cleared the gpo and did a right click run as and provided the username and password and of course it runs. I then reapplied the GPO (restricting the user) and it just works. I have done several reboots in an attempt to 'break' it. However, to my knowledge it seems to have permanently cached the credentials allowing the limited user to run these games as an adiministrator. 

Does that sound right? should it even do that?


----------

