-1

Let me start by admitting I have zero knowledge on how to interact with windows security/account services.

TL;DR: Have an .exe always run as a specified (non-admin) user on windows, no matter what user initializes it, without being prompted for login.

I have a python script that accesses files stored in a secured folder on the network. The script works perfectly for any user who has been granted access to said folder. I want to be able to allow all users on the network to run the .exe without granting the users access to the folder. To get around this, a user has been created whose only function is to have access to this folder. The goal is to have the .exe always run as that "special" user without a login prompt.

I have tried the following Run program as different user on Windows (not admin) within a Python script by copying and pasting the code provided as the answer. (It errors out on line 40 (1722, 'LookupAccountName', 'The RPC server is unavailable.') I can't find a good article to explain how to trouble shoot that error. I have also tried Request UAC elevation from within a Python script?, but I don't understand the syntax to have it run as a specific user. (if possible)

I have also tested doing something like the below. If I type the runas arguments directly into the command prompt it does run the notepad.exe as that user. (provided I input the password). I can't seem to get the python .exe to key the arguments into the command prompt on it's own. (notepad was used just to test that the user account was working properly and not the issue)

import os os.system("start /wait cmd runas /user:(domain)\(user) ""C:\\Windows\\system32\\notepad.exe""")

I have even tried to find some C++ code that I can use to have it run the python .exe, since I assume C++ is better for this task. I can't seem to find any opensource code for this however, and having zero C++ knowledge can't even begin to make something myself. Or, maybe I am going about this all wrong and there is a better method for this I could be directed to. Any guidance would be appreciated.

Rand0mdude
  • 17
  • 6
  • [`CreateProcessWithLogonW`](https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithlogonw)? – Eljay May 27 '22 at 20:48
  • If this wasn't tagged C++, I'd suggest to use [PsExec](https://docs.microsoft.com/en-us/sysinternals/downloads/psexec). – rustyx May 27 '22 at 20:49
  • Sounds like what you're trying to do is to turn a secured folder into a folder that isn't secured. If that is the goal, then ask your IT department to make that happen. – IInspectable May 28 '22 at 06:49
  • Thanks for the feedback. I will read up on both of those options and see if they solve my problem. I only tagged C++ incase C++ was the way to go rather than python and get feedback from C++users as well. @IInspectable I need the files the script calls to remain secured in the folder so that they can't be used by anything other than an authorized user to the folder, or the .exe mentioned. They are ENG seals and don't want someone to have the ability to place them on anything they want by allowing free access to them. – Rand0mdude Jun 02 '22 at 15:58
  • Seems like you don't understand how access control works in Windows. Access is granted (or denied) based on the user account that's executing any given executable. If you want to grant access to an executable irrespective of who is executing it then you have essentially granted access to the protected resource to anyone. See [Access Control](https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/access-control) for an introduction. – IInspectable Jun 02 '22 at 16:04
  • @IInspectable you are correct in your assumption. I don't have an IT background. I will read that article you mention. Thanks. I assumed having the .exe run as an admin would create a security risk. I thought creating that special user, granting it access to the folder, and then having the .exe run as that user when initialized would avoid issues. The plan was to have the credential hard coded into the .exe, with any tokens/keys deleted when the .exe is terminated. The user would not even be aware of this special account or that they were running anything as a different user. – Rand0mdude Jun 02 '22 at 16:37
  • Extracting credentials hardcoded into an executable image is a matter of minutes. With that you not only handed out access to a secured resource to virtually everyone, you've also managed to compromise this entire user account. Any attacker can now use this user account for whatever. – IInspectable Jun 02 '22 at 19:15
  • @IInspectable thanks for all the helpful feedback. I appreciate you taking the time to "school" someone who was admittingly hoping there was a "package" solution. I was hoping to avoid learning the ends and outs as this is the only time I will need to interact with credentials. I now see that I can't begin to develop a solution without first educating myself on the topic. I now know my approach has issues, and that I have some reading ahead of me before I can come up with an adequate solution for my goal. Thanks. – Rand0mdude Jun 03 '22 at 14:42

0 Answers0