psgetsid will reveal the SID of the current user, or, alternatively, it will reveal the SID of an explicitly entered userid.
That could be used to plumb the depths of the registry to find the relevant set of keys. Kurt On Mon, Sep 16, 2013 at 2:05 AM, James Rankin <[email protected]> wrote: > This worked a treat.....exactly what I wanted! > > What I am trying to do with this is allow a support person to remotely > connect to a user's session, and perform remedial work without having to log > the user out (client requirement). So the idea was the support person > launches an executable that will reverse GPO settings in the user's session > that restrict the support person from doing the work (e.g. things like the > blocked access to c: drive). Obviously we didn't want the users to be able > to run this themselves, hence the need to pop up a UAC prompt, which we've > managed to achieve. Once the support person is finished, then they will do a > gpupdate which will put all of the user's GPO settings back to normal, and > then disconnect. > > The next challenge is to get this executable we've launched to identify the > user who's session they're connected to, in order to remove the GPO settings > for (as we're launching the executable in the context of an administrative > user, obviously HKEY_CURRENT_USER would be no use). This seems a bit tricky > - how can we identify the Registry hive of the user hosting the session from > the context of another user? There are XenApp users in the mix so there may > be multiple active sessions on the same machine (Server 2008 R2 systems). > Anyone have any pointers around this? I've got a couple of ideas but I > usually prefer to put tricky things like this out to the list, as often I go > down a particular path and overlook something simpler :-) > > Cheers, > > > > > JR > > > On 12 September 2013 12:01, Harry Mavromatidis <[email protected]> > wrote: >> >> You don’t want to touch the shortcut… after making the change look for >> "RUNASADMIN" at the hive listing at: >> >> HKEY_CURRENT_USER\Software\Microsoft\Windows >> NT\CurrentVersion\AppCompatFlags\Layers >> >> >> >> You can make REG file (export that key) and deploy that using your own >> preferred method. The example above is for Windows 7 – note that in Win8 >> it’s called “~ RUNASADMIN” so check the key for the OS type and filter how >> you send it using WMI, etc. to target the correct REG file with the OS >> version. >> >> >> >> - Harry >> >> >> >> >> >> From: [email protected] >> [mailto:[email protected]] On Behalf Of James Rankin >> Sent: Thursday, September 12, 2013 5:16 AM >> To: [email protected] >> Subject: Re: [NTSysADM] Re: Make a program run with UAC >> >> >> >> Cool! That's neat....much easier than the manifest approach. >> >> >> >> Now to find if I can deploy a shortcut with that tick box pre-enabled - >> thanks Harry, saved me some pain there ;-) >> >> >> >> Cheers, >> >> >> >> >> >> >> >> JR >> >> >> >> On 12 September 2013 10:07, Harry Mavromatidis <[email protected]> >> wrote: >> >> If UAC settings have not been changed, set the compatibility mode to "run >> as an administrator." >> >> >> >> >> >> - Sent from a mobile keyboard. Please pardon typos and auto correct >> irregularities. >> >> >> >> James Rankin <[email protected]> wrote: >> >> >> >> Looks like this does the trick (although it seems very complicated to me) >> >> >> >> http://msdn.microsoft.com/en-us/library/bb756929.aspx >> >> >> >> The usual "post query, then find answer" process :-) >> >> >> >> On 12 September 2013 09:35, James Rankin <[email protected]> wrote: >> >> How do you make a program pop up the UAC prompt whenever it is run? >> >> >> >> I have a process that I want to put a shortcut to on the user's desktop, >> which is intended to be run by support staff to do various things if the >> user has issues. However, obviously I don't want the user to be able to run >> it themselves, so I was thinking if you could somehow make a program require >> admin credentials (i.e. by popping up the UAC prompt), I would have an easy >> solution to this issue. >> >> >> >> However, as I have found, it's not easy to find info on this....what >> criteria does a program have to fill so that UAC fires up every time you >> launch it? >> >> >> >> Cheers, >> >> >> >> >> >> >> >> -- >> James Rankin >> Technical Consultant (ACA, CCA, MCTS) >> http://appsensebigot.blogspot.co.uk >> >> >> >> >> -- >> James Rankin >> Technical Consultant (ACA, CCA, MCTS) >> http://appsensebigot.blogspot.co.uk >> >> >> >> >> -- >> James Rankin >> Technical Consultant (ACA, CCA, MCTS) >> http://appsensebigot.blogspot.co.uk > > > > > -- > James Rankin > Technical Consultant (ACA, CCA, MCTS) > http://appsensebigot.blogspot.co.uk
