Re: Creating a script to gather PC information - to assist those asking for help
Posted: 20 Sep 2016 07:17
Adding an info.bat version number to the output will help: as a person may use an earler version.
A Forum all about DOS Batch
https://www.dostips.com/forum/
foxidrive wrote:Is this expected?
foxidrive wrote:Adding an info.bat version number to the output will help: as a person may use an earler version.
aGerman wrote:1) Does NET SESSION output an error message ?
Code: Select all
z:\>net session
System error 5 has occurred.
Access is denied.
2) Are you able to access HKU\S-1-5-19 ?
Code: Select all
z:\>REG QUERY HKU\S-1-5-19
ERROR: Access is denied.
Do you have elevated rights on Win8.1 even if the script reports that you don't have?
foxidrive wrote:aGerman wrote:Do you have elevated rights on Win8.1 even if the script reports that you don't have?
What is an easy test to show that?
foxidrive wrote:Is this expected?
I have three machines shown here that use an admin account and with UAC disabled.
The Windows 8.1 at the bottom has Elevated Admin=No, Admin group=Yes
while the other two have Elevated Admin=Yes, Admin group=Yes
I have consumed too many bottles of vodka to figure it out for myself.Code: Select all
--------------------------------------------------------------------------------
Windows version : Microsoft Windows [Version 6.1.7601]
Product name : Windows 7 Professional, 64 bit
Performance indicators : Processor Cores: 4 Visible RAM: 4072496 kilobytes
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:18:34.75
__APPDIR__ : C:\Windows\system32\
ComSpec : C:\Windows\system32\cmd.exe
PathExt : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions : system: Enabled user: Enabled
Delayed expansion : system: Disabled user: Disabled
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 18/09/2016 01:14 AM 4,170,235,904 pagefile.sys
Permissions : Elevated Admin=Yes, Admin group=Yes
Missing from the tool collection: debugCode: Select all
--------------------------------------------------------------------------------
Windows version : Microsoft Windows [Version 6.1.7601]
Product name : Windows 7 Ultimate, 32 bit
Performance indicators : Processor Cores: 4 Visible RAM: 3530224 kilobytes
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:25:24.01
__APPDIR__ : C:\Windows\system32\
ComSpec : C:\Windows\system32\cmd.exe
PathExt : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions : system: Enabled user: Enabled
Delayed expansion : system: Disabled user: Disabled
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 13/09/2016 02:41 PM 3,614,949,376 pagefile.sys
Permissions : Elevated Admin=Yes, Admin group=YesCode: Select all
--------------------------------------------------------------------------------
Windows version : Microsoft Windows [Version 6.3.9600]
Product name : Windows 8.1 Pro with Media Center, 32 bit
Performance indicators : Processor Cores: 8 Visible RAM: 3390680 kilobytes
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:17:04.09
__APPDIR__ : C:\WINDOWS\system32\
ComSpec : C:\WINDOWS\system32\cmd.exe
PathExt : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions : system: Enabled user: Enabled
Delayed expansion : system: Disabled user: Disabled
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 12/09/2016 18:40 3,484,418,048 pagefile.sys
Permissions : Elevated Admin=No, Admin group=Yes
secpol.msc underlocal security policy
local policies
security options
User Account Control: Run all administrators in Admin Approval Mode=disable
registry underHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA=0
The computer must be restarted for this to take effect... and vodka should better be very cold!
elzooilogico wrote:Code: Select all
Product name : Windows 7 Professional, 64 bit
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:18:34.75
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 18/09/2016 01:14 AM 4,170,235,904 pagefile.sysCode: Select all
Product name : Windows 7 Ultimate, 32 bit
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:25:24.01
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 13/09/2016 02:41 PM 3,614,949,376 pagefile.sysCode: Select all
Product name : Windows 8.1 Pro with Media Center, 32 bit
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:17:04.09
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 12/09/2016 18:40 3,484,418,048 pagefile.sys
Code: Select all
@echo off &setlocal
net session
echo *** NET ERRORLEVEL %errorlevel%&echo(
reg query HKU\S-1-5-19
echo *** REG ERRORLEVEL %errorlevel%&echo(
wmic /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H80000003" sSubKeyName="S-1-5-19" uRequired="&H1"
pause
douglas.swehla wrote:If the question is "Am I elevated right now," then fsutil /? is a good quick check - - it requires elevated status even to view the help.
Compo wrote:I notice that you also have a different DIR format on that last PC too
aGerman wrote:douglas.swehla wrote:If the question is "Am I elevated right now," then fsutil /? is a good quick check - - it requires elevated status even to view the help.
This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.
I don't know, possibly DISKPART?douglas.swehla wrote:Are there any utilities that consistently require elevated privileges to run, across all [modern] versions? Or are you limited to checking registry/policy settings?
elzooilogico wrote:registry underHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA=0
The computer must be restarted for this to take effect... and vodka should better be very cold!
Code: Select all
--------------------------------------------------------------------------------
Windows version : Microsoft Windows [Version 6.3.9600]
Product name : Windows 8.1 Pro with Media Center, 32 bit
Performance indicators : Processor Cores: 8 Visible RAM: 3390680 kilobytes
Date/Time format : (dd/mm/yy) Thu 22/09/2016 2:36:53.70
__APPDIR__ : C:\WINDOWS\system32\
ComSpec : C:\WINDOWS\system32\cmd.exe
PathExt : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions : system: Enabled user: Enabled
Delayed expansion : system: Disabled user: Disabled
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 22/09/2016 02:32 3,484,418,048 pagefile.sys
Permissions : Elevated Admin=Yes, Admin group=Yes
aGerman wrote:@foxidrive
Two things that could have happened
- I don't check the error message but the errorlevel that NET SESSION returns.
- As you already mentioned I used WMIC rather than REG. Maybe there is a different output.
Give that a go:Code: Select all
@echo off &setlocal
net session
echo *** NET ERRORLEVEL %errorlevel%&echo(
reg query HKU\S-1-5-19
echo *** REG ERRORLEVEL %errorlevel%&echo(
wmic /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H80000003" sSubKeyName="S-1-5-19" uRequired="&H1"
pause
Code: Select all
System error 5 has occurred.
Access is denied.
*** NET ERRORLEVEL 2
ERROR: Access is denied.
*** REG ERRORLEVEL 1
Executing (StdRegProv)->CheckAccess()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
bGranted = FALSE;
ReturnValue = 5;
};
Press any key to continue . . .
Code: Select all
There are no entries in the list.
*** NET ERRORLEVEL 0
HKEY_USERS\S-1-5-19\AppEvents
HKEY_USERS\S-1-5-19\Console
HKEY_USERS\S-1-5-19\Control Panel
HKEY_USERS\S-1-5-19\Environment
HKEY_USERS\S-1-5-19\EUDC
HKEY_USERS\S-1-5-19\Keyboard Layout
HKEY_USERS\S-1-5-19\Network
HKEY_USERS\S-1-5-19\Printers
HKEY_USERS\S-1-5-19\Software
HKEY_USERS\S-1-5-19\System
*** REG ERRORLEVEL 0
Executing (StdRegProv)->CheckAccess()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
bGranted = TRUE;
ReturnValue = 0;
};
This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.
Compo wrote:I notice that you also have a different DIR format on that last PC too
Code: Select all
:: ...
set /a "HKCU=80000001, HKLM=80000002, HKU=80000003"
if exist "%__APPDIR__%find.exe" (set "find=%__APPDIR__%find.exe") else (set "find=echo" &>>"%temp%\info.txt" echo find.exe not found.)
if exist "%__APPDIR__%net.exe" (set "net=%__APPDIR__%net.exe") else (set "net=echo" &>>"%temp%\info.txt" echo net.exe not found.)
if exist "%__APPDIR__%wbem\WMIC.exe" (set "wmic=%__APPDIR__%wbem\WMIC.exe") else (set "wmic=" &>>"%temp%\info.txt" echo wmic.exe not found.)
if defined wmic >nul 2>nul %wmic% /? || (set "wmic=" &>>"%temp%\info.txt" echo wmic.exe not accessible.)
:: ...
set "RunAs="
%net% session >nul 2>&1 && (set "RunAs=Yes")
if not defined RunAs if defined wmic (
2>nul %wmic% /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H%HCU%" sSubKeyName="S-1-5-19" uRequired="&H1" |>nul %find% "TRUE" && set "RunAs=Yes"
)
if not defined RunAs set "RunAs=No"
:: ...
aGerman wrote:@Douglas
As you can see I use NET SESSION here. Although I don't know since when NET is available.
douglas.swehla wrote:If anyone can test on a pre-XP machine, I'd be interested in knowing whether SESSION was available then.
foxidrive wrote:douglas.swehla wrote:If anyone can test on a pre-XP machine, I'd be interested in knowing whether SESSION was available then.
I booted up my VirtualBox Windows 98 and it doesn't support NET SESSION
aGerman wrote:Code: Select all
set "RunAs="
%net% session >nul 2>&1 && (set "RunAs=Yes")
if not defined RunAs if defined wmic (
2>nul %wmic% /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H%HCU%" sSubKeyName="S-1-5-19" uRequired="&H1" |>nul %find% "TRUE" && set "RunAs=Yes"
)
if not defined RunAs set "RunAs=No"
Code: Select all
set "psCmd=powershell -Command "write-host ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent(^)^).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator^); ""
for /F "usebackq delims=" %%# in (`%psCmd%`) do echo %%# | find /I "true">NUL 2>&1 && set "RunAs=Yes" || set "RunAs=No"This is related toUser Account Control: Run all administrators in Admin Approval Mode or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
as any user of the administrators group S-1-5-32-544when EnableLUA=0 PS code returns True
and
when EnableLUA=1 PS code returns False
regardless the setting of
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdminI really think the value of the ConsentPromptBehaviorAdmin key has no meaning when running console commands
According to https://technet.microsoft.com/en-us/library/jj852217(v=ws.11).aspx
The User Account Control: Run all administrators in Admin Approval ModeandCode: Select all
Applies To: Windows Server 2003, Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8
butCode: Select all
Operating system version differences
There are no differences in this security policy between operating systems beginning with Windows Vista.Code: Select all
Group Policy
This policy has no impact in Windows operating systems earlier than Windows Vista.
Tested in win 7, win 8, and win server 2008R2.
Returns Yes when user is the built-in Administrator account, or user is part of S-1-5-32-544 group with elevated privileges.
Returns No when other users, or user of S-1-5-32-544 group has limited privileges.