Creating a script to gather PC information - to assist those asking for help
Moderator: DosItHelp
Re: Creating a script to gather PC information - to assist those asking for help
Adding an info.bat version number to the output will help: as a person may use an earler version.
Re: Creating a script to gather PC information - to assist those asking for help
foxidrive wrote:Is this expected?
Hmm. There are two tests
1) Does NET SESSION output an error message ?
2) Are you able to access HKU\S-1-5-19 ?
If you switched the UAC off then both may happen to work. Not sure though. Do you have elevated rights on Win8.1 even if the script reports that you don't have?
foxidrive wrote:Adding an info.bat version number to the output will help: as a person may use an earler version.
Good point. Changed the script accordingly.
Steffen
Re: Creating a script to gather PC information - to assist those asking for help
aGerman wrote:1) Does NET SESSION output an error message ?
Yep.
Code: Select all
z:\>net session
System error 5 has occurred.
Access is denied.
2) Are you able to access HKU\S-1-5-19 ?
I searched for that line and see it uses wmic, but it's too complicated in that format for me to nut out how to test it. Chonic sleep deprivation does that to me.
I opened regedit and I can open the HKU\S-1-5-19 tree.
Edit: I saw your PM too late and it does return an error.
Code: Select all
z:\>REG QUERY HKU\S-1-5-19
ERROR: Access is denied.
Do you have elevated rights on Win8.1 even if the script reports that you don't have?
What is an easy test to show that?
-
- Posts: 75
- Joined: 01 Jun 2016 09:25
Re: Creating a script to gather PC information - to assist those asking for help
foxidrive wrote:aGerman wrote:Do you have elevated rights on Win8.1 even if the script reports that you don't have?
What is an easy test to show that?
If the question is "Am I elevated right now," then fsutil /? is a good quick check - - it requires elevated status even to view the help. If the question is "Can I be elevated at all," then (as I expect you know) opening a new instance of CMD with "Run as admin" should be enough.
-
- Posts: 128
- Joined: 23 May 2016 15:39
- Location: Spain
Re: Creating a script to gather PC information - to assist those asking for help
foxidrive wrote:Is this expected?
I have three machines shown here that use an admin account and with UAC disabled.
The Windows 8.1 at the bottom has Elevated Admin=No, Admin group=Yes
while the other two have Elevated Admin=Yes, Admin group=Yes
I have consumed too many bottles of vodka to figure it out for myself.Code: Select all
--------------------------------------------------------------------------------
Windows version : Microsoft Windows [Version 6.1.7601]
Product name : Windows 7 Professional, 64 bit
Performance indicators : Processor Cores: 4 Visible RAM: 4072496 kilobytes
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:18:34.75
__APPDIR__ : C:\Windows\system32\
ComSpec : C:\Windows\system32\cmd.exe
PathExt : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions : system: Enabled user: Enabled
Delayed expansion : system: Disabled user: Disabled
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 18/09/2016 01:14 AM 4,170,235,904 pagefile.sys
Permissions : Elevated Admin=Yes, Admin group=Yes
Missing from the tool collection: debugCode: Select all
--------------------------------------------------------------------------------
Windows version : Microsoft Windows [Version 6.1.7601]
Product name : Windows 7 Ultimate, 32 bit
Performance indicators : Processor Cores: 4 Visible RAM: 3530224 kilobytes
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:25:24.01
__APPDIR__ : C:\Windows\system32\
ComSpec : C:\Windows\system32\cmd.exe
PathExt : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions : system: Enabled user: Enabled
Delayed expansion : system: Disabled user: Disabled
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 13/09/2016 02:41 PM 3,614,949,376 pagefile.sys
Permissions : Elevated Admin=Yes, Admin group=YesCode: Select all
--------------------------------------------------------------------------------
Windows version : Microsoft Windows [Version 6.3.9600]
Product name : Windows 8.1 Pro with Media Center, 32 bit
Performance indicators : Processor Cores: 8 Visible RAM: 3390680 kilobytes
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:17:04.09
__APPDIR__ : C:\WINDOWS\system32\
ComSpec : C:\WINDOWS\system32\cmd.exe
PathExt : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions : system: Enabled user: Enabled
Delayed expansion : system: Disabled user: Disabled
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 12/09/2016 18:40 3,484,418,048 pagefile.sys
Permissions : Elevated Admin=No, Admin group=Yes
I,ve reached this point too running win 8. Users of S-1-5-32-544 group execpt the built-in Administrator account have the Elevated admin=No as, by default, the User Account Control: Run all administrators in Admin Approval Mode directive is enabled.
It may be changed either with secpol.msc or setting EnableLUA=0 in the registry.
secpol.msc underlocal security policy
local policies
security options
User Account Control: Run all administrators in Admin Approval Mode=disable
registry underHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA=0
The computer must be restarted for this to take effect... and vodka should better be very cold!
Re: Creating a script to gather PC information - to assist those asking for help
elzooilogico wrote:Code: Select all
Product name : Windows 7 Professional, 64 bit
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:18:34.75
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 18/09/2016 01:14 AM 4,170,235,904 pagefile.sysCode: Select all
Product name : Windows 7 Ultimate, 32 bit
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:25:24.01
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 13/09/2016 02:41 PM 3,614,949,376 pagefile.sysCode: Select all
Product name : Windows 8.1 Pro with Media Center, 32 bit
Date/Time format : (dd/mm/yy) Tue 20/09/2016 22:17:04.09
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 12/09/2016 18:40 3,484,418,048 pagefile.sys
Unrelated but I notice that you also have a different DIR format on that last PC too, so have another drink!
Re: Creating a script to gather PC information - to assist those asking for help
@foxidrive
Two things that could have happened
- I don't check the error message but the errorlevel that NET SESSION returns.
- As you already mentioned I used WMIC rather than REG. Maybe there is a different output.
Give that a go:
Also it's worth to have a look at the settings that elzooilogico mentioned.
This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.
Why not? After all it's another machine with another Windows version and most likely different settings.
Steffen
Two things that could have happened
- I don't check the error message but the errorlevel that NET SESSION returns.
- As you already mentioned I used WMIC rather than REG. Maybe there is a different output.
Give that a go:
Code: Select all
@echo off &setlocal
net session
echo *** NET ERRORLEVEL %errorlevel%&echo(
reg query HKU\S-1-5-19
echo *** REG ERRORLEVEL %errorlevel%&echo(
wmic /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H80000003" sSubKeyName="S-1-5-19" uRequired="&H1"
pause
Also it's worth to have a look at the settings that elzooilogico mentioned.
douglas.swehla wrote:If the question is "Am I elevated right now," then fsutil /? is a good quick check - - it requires elevated status even to view the help.
This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.
Compo wrote:I notice that you also have a different DIR format on that last PC too
Why not? After all it's another machine with another Windows version and most likely different settings.
Steffen
-
- Posts: 75
- Joined: 01 Jun 2016 09:25
Re: Creating a script to gather PC information - to assist those asking for help
aGerman wrote:douglas.swehla wrote:If the question is "Am I elevated right now," then fsutil /? is a good quick check - - it requires elevated status even to view the help.
This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.
TIL, thanks! Are there any utilities that consistently require elevated privileges to run, across all [modern] versions? Or are you limited to checking registry/policy settings?
Re: Creating a script to gather PC information - to assist those asking for help
I don't know, possibly DISKPART?douglas.swehla wrote:Are there any utilities that consistently require elevated privileges to run, across all [modern] versions? Or are you limited to checking registry/policy settings?
Re: Creating a script to gather PC information - to assist those asking for help
elzooilogico wrote:registry underHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA=0
The computer must be restarted for this to take effect... and vodka should better be very cold!
Bewdy! Thanks. Done and dusted.
Code: Select all
--------------------------------------------------------------------------------
Windows version : Microsoft Windows [Version 6.3.9600]
Product name : Windows 8.1 Pro with Media Center, 32 bit
Performance indicators : Processor Cores: 8 Visible RAM: 3390680 kilobytes
Date/Time format : (dd/mm/yy) Thu 22/09/2016 2:36:53.70
__APPDIR__ : C:\WINDOWS\system32\
ComSpec : C:\WINDOWS\system32\cmd.exe
PathExt : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions : system: Enabled user: Enabled
Delayed expansion : system: Disabled user: Disabled
Locale name : en-AU Code Pages: OEM 850 ANSI 1252
DIR format : 22/09/2016 02:32 3,484,418,048 pagefile.sys
Permissions : Elevated Admin=Yes, Admin group=Yes
aGerman wrote:@foxidrive
Two things that could have happened
- I don't check the error message but the errorlevel that NET SESSION returns.
- As you already mentioned I used WMIC rather than REG. Maybe there is a different output.
Give that a go:Code: Select all
@echo off &setlocal
net session
echo *** NET ERRORLEVEL %errorlevel%&echo(
reg query HKU\S-1-5-19
echo *** REG ERRORLEVEL %errorlevel%&echo(
wmic /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H80000003" sSubKeyName="S-1-5-19" uRequired="&H1"
pause
Thanks aGerman.
For reference sake with anyone else with Windows 8.1
Before the registry edit it showed this:
Code: Select all
System error 5 has occurred.
Access is denied.
*** NET ERRORLEVEL 2
ERROR: Access is denied.
*** REG ERRORLEVEL 1
Executing (StdRegProv)->CheckAccess()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
bGranted = FALSE;
ReturnValue = 5;
};
Press any key to continue . . .
and afterward:
Code: Select all
There are no entries in the list.
*** NET ERRORLEVEL 0
HKEY_USERS\S-1-5-19\AppEvents
HKEY_USERS\S-1-5-19\Console
HKEY_USERS\S-1-5-19\Control Panel
HKEY_USERS\S-1-5-19\Environment
HKEY_USERS\S-1-5-19\EUDC
HKEY_USERS\S-1-5-19\Keyboard Layout
HKEY_USERS\S-1-5-19\Network
HKEY_USERS\S-1-5-19\Printers
HKEY_USERS\S-1-5-19\Software
HKEY_USERS\S-1-5-19\System
*** REG ERRORLEVEL 0
Executing (StdRegProv)->CheckAccess()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
bGranted = TRUE;
ReturnValue = 0;
};
re fsutil
This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.
Win 8.1 was the same as Win10 and worked fine without elevation - before my regedit.
Compo wrote:I notice that you also have a different DIR format on that last PC too
Good eyes you have there. Yeah, the last one is the main banger and where it matters.
Re: Creating a script to gather PC information - to assist those asking for help
That are the relevant lines
- As you can see if any of the used commands couldn't have been found we would have seen it in the output. So we can assume that %net%, %find%, and %wmic% contain the right pathes.
- NET SESSION returns errorlevel 2. Thus, RunAs keeps being undefined.
- The output of the WMIC command line doesn't contain TRUE. Thus RunAs keeps being undefined again.
- RunAs will be set to No if it was undefined.
What am I missing?
@Douglas
As you can see I use NET SESSION here. Although I don't know since when NET is available.
Another possibility would be OPENFILES /LOCAL but I remember that OPENFILES wasn't available on some XP versions.
@Compo
DISKPART isn't suitable because it requests elevated rights via UAC prompt.
Steffen
Code: Select all
:: ...
set /a "HKCU=80000001, HKLM=80000002, HKU=80000003"
if exist "%__APPDIR__%find.exe" (set "find=%__APPDIR__%find.exe") else (set "find=echo" &>>"%temp%\info.txt" echo find.exe not found.)
if exist "%__APPDIR__%net.exe" (set "net=%__APPDIR__%net.exe") else (set "net=echo" &>>"%temp%\info.txt" echo net.exe not found.)
if exist "%__APPDIR__%wbem\WMIC.exe" (set "wmic=%__APPDIR__%wbem\WMIC.exe") else (set "wmic=" &>>"%temp%\info.txt" echo wmic.exe not found.)
if defined wmic >nul 2>nul %wmic% /? || (set "wmic=" &>>"%temp%\info.txt" echo wmic.exe not accessible.)
:: ...
set "RunAs="
%net% session >nul 2>&1 && (set "RunAs=Yes")
if not defined RunAs if defined wmic (
2>nul %wmic% /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H%HCU%" sSubKeyName="S-1-5-19" uRequired="&H1" |>nul %find% "TRUE" && set "RunAs=Yes"
)
if not defined RunAs set "RunAs=No"
:: ...
- As you can see if any of the used commands couldn't have been found we would have seen it in the output. So we can assume that %net%, %find%, and %wmic% contain the right pathes.
- NET SESSION returns errorlevel 2. Thus, RunAs keeps being undefined.
- The output of the WMIC command line doesn't contain TRUE. Thus RunAs keeps being undefined again.
- RunAs will be set to No if it was undefined.
What am I missing?
@Douglas
As you can see I use NET SESSION here. Although I don't know since when NET is available.
Another possibility would be OPENFILES /LOCAL but I remember that OPENFILES wasn't available on some XP versions.
@Compo
DISKPART isn't suitable because it requests elevated rights via UAC prompt.
Steffen
-
- Posts: 75
- Joined: 01 Jun 2016 09:25
Re: Creating a script to gather PC information - to assist those asking for help
aGerman wrote:@Douglas
As you can see I use NET SESSION here. Although I don't know since when NET is available.
ComputerHope says the NET command has been available since Windows 95. The different syntax listings (<--2000, XP, Vista-->) imply that the SESSION subcommand was introduced with XP, and that its usage did not change with Vista. However, this NET reference from Windows IT Pro lists the SESSION subcommand, and it was written in 1999, while XP was released in 2001. The page doesn't indicate whether or not it was updated for XP.
Neither source addresses whether/when elevated privileges are required.
If anyone can test on a pre-XP machine, I'd be interested in knowing whether SESSION was available then. I think we're not overly concerned with supporting pre-XP Windows, so the script works as-is. It would just be nice to know.
Re: Creating a script to gather PC information - to assist those asking for help
douglas.swehla wrote:If anyone can test on a pre-XP machine, I'd be interested in knowing whether SESSION was available then.
I booted up my VirtualBox Windows 98 and it doesn't support NET SESSION
-
- Posts: 75
- Joined: 01 Jun 2016 09:25
Re: Creating a script to gather PC information - to assist those asking for help
foxidrive wrote:douglas.swehla wrote:If anyone can test on a pre-XP machine, I'd be interested in knowing whether SESSION was available then.
I booted up my VirtualBox Windows 98 and it doesn't support NET SESSION
There you have it, folks. Thanks, foxi.
-
- Posts: 128
- Joined: 23 May 2016 15:39
- Location: Spain
Re: Creating a script to gather PC information - to assist those asking for help
This is related with viewtopic.php?f=3&t=7347&start=135#p49185
Not sure if this may give the same result
Hope it helps.
aGerman wrote:Code: Select all
set "RunAs="
%net% session >nul 2>&1 && (set "RunAs=Yes")
if not defined RunAs if defined wmic (
2>nul %wmic% /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H%HCU%" sSubKeyName="S-1-5-19" uRequired="&H1" |>nul %find% "TRUE" && set "RunAs=Yes"
)
if not defined RunAs set "RunAs=No"
Not sure if this may give the same result
Code: Select all
set "psCmd=powershell -Command "write-host ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent(^)^).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator^); ""
for /F "usebackq delims=" %%# in (`%psCmd%`) do echo %%# | find /I "true">NUL 2>&1 && set "RunAs=Yes" || set "RunAs=No"This is related toUser Account Control: Run all administrators in Admin Approval Mode or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
as any user of the administrators group S-1-5-32-544when EnableLUA=0 PS code returns True
and
when EnableLUA=1 PS code returns False
regardless the setting of
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdminI really think the value of the ConsentPromptBehaviorAdmin key has no meaning when running console commands
According to https://technet.microsoft.com/en-us/library/jj852217(v=ws.11).aspx
The User Account Control: Run all administrators in Admin Approval ModeandCode: Select all
Applies To: Windows Server 2003, Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8
butCode: Select all
Operating system version differences
There are no differences in this security policy between operating systems beginning with Windows Vista.Code: Select all
Group Policy
This policy has no impact in Windows operating systems earlier than Windows Vista.
Tested in win 7, win 8, and win server 2008R2.
Returns Yes when user is the built-in Administrator account, or user is part of S-1-5-32-544 group with elevated privileges.
Returns No when other users, or user of S-1-5-32-544 group has limited privileges.
Hope it helps.