pzg's blog

用AutoIt实现受限用户“运行方式”自动输入密码

随着NTFS权限安全设置被越来越多人认识。计算机用户为了机器的安全,日常使用电脑时不再以管理员账号登录电脑,而以受限用户账号登录电脑。当需要更改硬件或安装软件时,才以管理员账号登录。
 
这样可以使电脑更安全,以受限用户账号登录电脑,即使电脑使被病毒感染,病毒也不能破坏WINDOWS系统文件,只能感染当前用户文件。因为受限用户没有权限对系统文件做任何更改,只能对自己的文件做更改。

 

 

但有些程序在受限用户下无法正常使用,需要管理员权限。此时只能右键——“运行方式”,以管理员身份运行程序。显得不太方便。

 
1、每次运行程序都要输入管理员密码。

 
2、不想让受限用户知道密码。(自己又不能随时侍在电脑旁边,给使用者输入密码)

 

 

不过AutoIt这个程序能够帮助解决这个问题,它能够实现自动填充密码。

 
下载网址http://www.autoitscript.com/autoit3/index.shtml

 

 

安装后,打开编辑器SciTE Script Editor,新建文件,开始编辑程序运行脚本

 
RunAs(“用户名”,“电脑名”,“用户密码”,0,“程序路径及名称”,“程序开始工作目录”)

 
例如打开记事本:

 
RunAs(“用户名”,“电脑名”,“用户密码”,0,“C:\WINDOWS\notepad.exe”,“C:\WINDOWS\”)

 
保存成文件“打开记事本.au3”后,打开编译器Compile Script to .exe,把 “打开记事本.au3” 编译成 “打开记事本.exe”

 
这样以点击“打开记事本.exe”,就是以管理员身份执行notepad.exe,可以打开保存任意文档。

 

 

“打开记事本.exe”会自动以管理员身份运行notepad.exe,并且会自动填写管理员密码。只要管理员账号、密码不变动,就能一直使用。

 
当然可以用加密文本储存账号、密码、运行程序 等参数,程序根据加密文本执行程序。当有参数变更时,变更加密文本就行了。

 
这个可以根据个人需要,自己开发。

 

 

另一个要注意的是参数: 0 和 “程序开始工作目录”,一般用 0 和 程序所在目录
 
详细使用方法,可以看AutoIt自带的帮助说明中RunAs,内容如下:

 
RunAs

——————————————————————————–

Runs an external program under the context of a different user.
 
RunAs ( “username”, “domain”, “password”, logon_flag, “program” [, “workingdir” [, show_flag [, opt_flag ]]] )
 
 
 
Parameters
 

username
 
The username to log on with.

 

domain
 
The domain to authenticate against.

 

password
 
The password for the user.

 

logon_flag
 
0 – Interactive logon with no profile.
1 – Interactive logon with profile.
2 – Network credentials only.
4 – Inherit the calling processes environment instead of the user’s.

 

program
 
The full path of the program (EXE, BAT, COM, or PIF) to run (see remarks).

 

workingdir
 
[optional] The working directory. If not specified, then the value of @SystemDir will be used. This is not the path to the program.

 

show_flag
 
[optional] The “show” flag of the executed program:
  @SW_HIDE = Hidden window (or Default keyword)
  @SW_MINIMIZE = Minimized window
  @SW_MAXIMIZE = Maximized window

 

opt_flag
 
[optional] Controls various options related to how the parent and child process interact.
  0x1 ($STDIN_CHILD) = Provide a handle to the child’s STDIN stream
  0x2 ($STDOUT_CHILD) = Provide a handle to the child’s STDOUT stream
  0x4 ($STDERR_CHILD) = Provide a handle to the child’s STDERR stream
  0x8 ($STDERR_MERGED) = Provides the same handle for STDOUT and STDERR. Implies both $STDOUT_CHILD and $STDERR_CHILD.
  0x10 ($STDIO_INHERIT_PARENT) = Provide the child with the parent’s STDIO streams. This flag can not be combined with any other STDIO flag. This flag is only useful when the parent is compiled as a Console application.
  0x10000 ($RUN_CREATE_NEW_CONSOLE) = The child console process should be created with it’s own window instead of using the parent’s window. This flag is only useful when the parent is compiled as a Console application.

 
 
 
Return Value
 

Success:
 
The PID of the process that was launched.

 

Failure:
 
Returns 0 and sets @error to non-zero.

 
 
 
Remarks
Paths with spaces need to be enclosed in quotation marks.

It is important to specify a working directory the user you are running as has access to, otherwise the function will fail.

It is recommended that you only load the user’s profile is you are sure you need it. There is a small chance a profile can be stuck in memory under the right conditions. If a script using RunAs() happens to be running as the SYSTEM account (for example, if the script is running as a service) and the user’s profile is loaded, then you must take care that the script remains running until the child process closes.

When running as an administrator, the Secondary Logon (RunAs) service must be enabled or this function will fail. This does not apply when running as the SYSTEM account.

After running the requested program the script continues. To pause execution of the script until the spawned program has finished use the RunAsWait function instead.

Providing the Standard I/O parameter with the proper values permits interaction with the child process through the StderrRead, StdinWrite and StdoutRead functions. Combine the flag values (or use $STDERR_CHILD, $STDIN_CHILD & $STDOUT_CHILD, defined in Constants.au3) to manage more than one stream.

In order for the streams to close, the following conditions must be met: 1) The child process has closed it’s end of the stream (this happens when the child closes). 2) AutoIt must read any captured streams until there is no more data. 3) If STDIN is provided for the child, StdinWrite() must be called to close the stream. Once all streams are detected as no longer needed, all internal resources will automatically be freed.
StdioClose can be used to force the STDIO streams closed.

The “load profile” and “network credentials only” options are incompatible. Using both will produce undefined results.

There is an issue in the Windows XP generation of Windows which prevents STDIO redirection and the show flag from working. See Microsoft Knowledge Base article KB818858 for more information about which versions are affected as well as a hotfix for the issue. User’s running Windows 2000, Windows XP SP2 or later, or Windows Vista are not affected.

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注