Runas verb not elevating on specific Windows 10 machines - McMap

About

Runas verb not elevating on specific Windows 10 machines

Asked 22/10, 2018 at 11:1 Answered 22/10, 2018 at 11:1

c#permissions administrator runas

H

0

9

I have a really odd issue, where some code that we have been running for years has stopped working on certain machines. There is no obvious pattern to the machines (in terms of Win10 build number or patch level).

The code is designed to run an application as the local administrator, and is as follows:

string strPwd = "MySecretPassword";

SecureString securePassword = new SecureString();
foreach (char ch in strPwd)
{
    securePassword.AppendChar(ch);
}

ProcessStartInfo processInfo = new ProcessStartInfo();
processInfo.UserName = "Administrator";
processInfo.Password = securePassword;
processInfo.Verb = "runas";
processInfo.FileName = "cmd.exe";
processInfo.WorkingDirectory = @"c:\windows\system32";
processInfo.UseShellExecute = false;
Process.Start(processInfo);

If I run this on a "working" machine, I see the following (note, the echo test > c:\test.txt is how I am testing whether it can perform a restricted task):

Note the "Administrator" on the CMD window. Also, note that creating a file at the root of c: is allowed.

In comparison, if I run the same on another machine I get the following:

Note that in this case (running exactly the same code) the window is not running elevated. Oddly, if I look at the process in Task Manager, the owner is Administrator.

On both machines:

I am using the default Administrator account
The password is correct
The account is in the Administrators group
The account is not disabled

Furthermore, on the "bad" machine, if I right-click and choose RunAs and enter the Administrator credentials - it works perfectly. (Same result as in the first picture above.)

As an additional test I've tried using the DOS runas command and this doesn't work on the "bad" machines either. The result is slightly different though:

Note in this case the "Running as Administrator" in the title bar. (The same test on a "good" machine gives the same result as in the first picture above, i.e.: Administrator: C:\windows\system32\cmd.exe)

Herries answered 22/10, 2018 at 11:1 Comment(16)

Could you show us the users and their rights for c:\ or c:\windows\system32? In the working scenario you have one user using an admin cmd, but in not working scenario you have a different user (which is an administrator) running normal shell in my eyes. – Unfrequented 24/10, 2018 at 12:0

Yep - that’s the problem. Both users (both called administrator, the default local admin account) are being used. Both are in local admin group. However the behaviour is different on the two machines. – Herries 24/10, 2018 at 12:6

If you rename the administrator (the local admin account) into local_admin will it work? – Unfrequented 24/10, 2018 at 12:15

What’s the theory behind this? (I would be very surprised - it has always worked fine with administrator, which is the default.) – Herries 24/10, 2018 at 12:17

You don't have to actually rename the default account, you can create a new administrator account (with whatever name). The reasoning being, if a new administration account shows the same symptoms as the original one. Something had to change if it was always working. – Unfrequented 24/10, 2018 at 12:21

Ah - understood. Yes I have tested with another local admin account. Same issue. – Herries 24/10, 2018 at 12:28

I see :(. Well could you try it with small utility from Nirsoft - NirCmd elevate your_script (you can find it at - nirsoft.net/utils/nircmd.html) – Unfrequented 24/10, 2018 at 12:32

Thanks for that. Doesn’t help in this case, but useful to know. – Herries 24/10, 2018 at 13:6

Hmmm :(. If you run the local administrator account manually (on the bogus machine) and do a cmd and Run as Administrator does it work? – Unfrequented 24/10, 2018 at 13:24

@Herries Did you check Windows event log for any possible security/system errors/warning? – Schoolfellow 24/10, 2018 at 17:17

Nothing in the logs. :-( – Herries 25/10, 2018 at 9:26

@Herries Tell me the exact version numbers (With build) of the Windows 10 versions (Both "Good" machine and "Bad" machine) – Asteroid 26/10, 2018 at 9:35

Both are on version 1709 (Build 16299.726) – Herries 26/10, 2018 at 10:15

What happens if you disable UAC? Will it allow you to elevate a process with the runas verb? – Uprear 30/10, 2018 at 14:14

Did you ever resolve this? – Alfie 21/10, 2019 at 16:42

This is happening to me if I first launch a CMD with a token obtained from SaferComputeTokenFromLevel(SaferLevels.NormalUser) and then trigger uac from powershell -c Start-Process -FilePath cmd.exe -verb "RunAs". It the parent is a regular CMD, the UAC works and the elevated process is admin. So I think this is related to the token of the launching process. Try to compare priviledges between both machines whoami /priv /groups, I will check linked tokens are related. Also compare the Group Policy of both machines. – Yingyingkow 25/2, 2020 at 23:25

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.