What user are you mapped to on the target?
Will runas work w/o a password if you are already the administrator?
mapped to the local admin account. right, no password required, just always have to "runas" to do anything remotely useful.
So can you use the ‘runas’ in every depot software install command ?
Not that I know of. There is no (easy) way to do it in a batch file. The only solutions I've seen are either fairly complex powershell scripts or 3rd party add-ons that elevate priviliges. When I'm logged in to the server interactively, I can right-click on on a batch file or a shortcut to cmd.exe and choose runas Administrator and it will run with elevated priviliges. But once cmd is already launched elevating privs is very difficult.
I haven't tried that. I'm not sure that is even still supported in Windows 2008. I was assuming it was far more complicated than that based on all the stuff I've read on various forums about writing powershell scripts to do it or downloading freeware utilitities to do it.
My understanding is that once a process is started with the standard access token, getting it to use the admin access token without manual user interaction is intentionally very difficult. Ideally, BladeLogic would always start script actions with the elevated token.
Try running the following command. It should allow you to run as Administrator. You'll have to tinker with the syntax a bit or even leverage /trustlevel option. Being that your machines have specific GPOs applied, hard to tell you which variation of syntax would solve your issue. Doesn't solve your problem directly, but gives you an indirect way to gain the right trust level.
runas /user:Administrator /trustlevel:<TrustLevel> <command you are trying to execute>
doing a "runas /showtrustlevels" will tell you what's available.
runas /showtrustlevel shows "basic user" as the only trust level, even when I'm already running with an elevated trust level. Trying to pass it something else like "administrator" just causes an error. I suspect the GPO does not allow runas to change trust level.
Do all of BMCs BladeLogic customers have UAC disabled on their Windows 2008 servers? It seems crazy that we're the first to try to solve this. What about Marimba? I would assume it has the same problems with Win2K8 and Windows 7.
1 of 1 people found this helpful
Matt, at the entity that you and I both interface with, they disabled UAC. BBSA was only one of many things that UAC could not accommodate.