Creating a script to gather PC information - to assist those asking for help

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Message
Author
foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Creating a script to gather PC information - to assist those asking for help

#136 Post by foxidrive » 20 Sep 2016 07:17

Adding an info.bat version number to the output will help: as a person may use an earler version.

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Creating a script to gather PC information - to assist those asking for help

#137 Post by aGerman » 20 Sep 2016 09:07

foxidrive wrote:Is this expected?

Hmm. There are two tests
1) Does NET SESSION output an error message ?
2) Are you able to access HKU\S-1-5-19 ?
If you switched the UAC off then both may happen to work. Not sure though. Do you have elevated rights on Win8.1 even if the script reports that you don't have?

foxidrive wrote:Adding an info.bat version number to the output will help: as a person may use an earler version.

Good point. Changed the script accordingly.

Steffen

foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Creating a script to gather PC information - to assist those asking for help

#138 Post by foxidrive » 20 Sep 2016 20:55

aGerman wrote:1) Does NET SESSION output an error message ?

Yep.

Code: Select all

z:\>net session
System error 5 has occurred.

Access is denied.

2) Are you able to access HKU\S-1-5-19 ?

I searched for that line and see it uses wmic, but it's too complicated in that format for me to nut out how to test it. Chonic sleep deprivation does that to me.

I opened regedit and I can open the HKU\S-1-5-19 tree.

Edit: I saw your PM too late and it does return an error.

Code: Select all

z:\>REG QUERY HKU\S-1-5-19
ERROR: Access is denied.


Do you have elevated rights on Win8.1 even if the script reports that you don't have?

What is an easy test to show that?

douglas.swehla
Posts: 75
Joined: 01 Jun 2016 09:25

Re: Creating a script to gather PC information - to assist those asking for help

#139 Post by douglas.swehla » 20 Sep 2016 22:06

foxidrive wrote:
aGerman wrote:Do you have elevated rights on Win8.1 even if the script reports that you don't have?

What is an easy test to show that?


If the question is "Am I elevated right now," then fsutil /? is a good quick check - - it requires elevated status even to view the help. If the question is "Can I be elevated at all," then (as I expect you know) opening a new instance of CMD with "Run as admin" should be enough.

elzooilogico
Posts: 128
Joined: 23 May 2016 15:39
Location: Spain

Re: Creating a script to gather PC information - to assist those asking for help

#140 Post by elzooilogico » 21 Sep 2016 03:30

foxidrive wrote:Is this expected?

I have three machines shown here that use an admin account and with UAC disabled.

The Windows 8.1 at the bottom has Elevated Admin=No, Admin group=Yes
while the other two have Elevated Admin=Yes, Admin group=Yes

I have consumed too many bottles of vodka to figure it out for myself. ;)


Code: Select all

--------------------------------------------------------------------------------
Windows version        :  Microsoft Windows [Version 6.1.7601]
Product name           :  Windows 7 Professional, 64 bit
Performance indicators :  Processor Cores: 4      Visible RAM: 4072496 kilobytes

Date/Time format       :  (dd/mm/yy)  Tue 20/09/2016  22:18:34.75
__APPDIR__             :  C:\Windows\system32\
ComSpec                :  C:\Windows\system32\cmd.exe
PathExt                :  .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions             :  system: Enabled   user: Enabled
Delayed expansion      :  system: Disabled  user: Disabled
Locale name            :  en-AU       Code Pages: OEM  850    ANSI 1252
DIR  format            :  18/09/2016  01:14 AM     4,170,235,904 pagefile.sys
Permissions            :  Elevated Admin=Yes, Admin group=Yes

                          Missing from the tool collection:  debug


Code: Select all

--------------------------------------------------------------------------------
Windows version        :  Microsoft Windows [Version 6.1.7601]
Product name           :  Windows 7 Ultimate, 32 bit
Performance indicators :  Processor Cores: 4      Visible RAM: 3530224 kilobytes

Date/Time format       :  (dd/mm/yy)  Tue 20/09/2016  22:25:24.01
__APPDIR__             :  C:\Windows\system32\
ComSpec                :  C:\Windows\system32\cmd.exe
PathExt                :  .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions             :  system: Enabled   user: Enabled
Delayed expansion      :  system: Disabled  user: Disabled
Locale name            :  en-AU       Code Pages: OEM  850    ANSI 1252
DIR  format            :  13/09/2016  02:41 PM     3,614,949,376 pagefile.sys
Permissions            :  Elevated Admin=Yes, Admin group=Yes



Code: Select all

--------------------------------------------------------------------------------
Windows version        :  Microsoft Windows [Version 6.3.9600]
Product name           :  Windows 8.1 Pro with Media Center, 32 bit
Performance indicators :  Processor Cores: 8      Visible RAM: 3390680 kilobytes

Date/Time format       :  (dd/mm/yy)  Tue 20/09/2016  22:17:04.09
__APPDIR__             :  C:\WINDOWS\system32\
ComSpec                :  C:\WINDOWS\system32\cmd.exe
PathExt                :  .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions             :  system: Enabled   user: Enabled
Delayed expansion      :  system: Disabled  user: Disabled
Locale name            :  en-AU       Code Pages: OEM  850    ANSI 1252
DIR  format            :  12/09/2016  18:40     3,484,418,048 pagefile.sys
Permissions            :  Elevated Admin=No, Admin group=Yes



I,ve reached this point too running win 8. Users of S-1-5-32-544 group execpt the built-in Administrator account have the Elevated admin=No as, by default, the User Account Control: Run all administrators in Admin Approval Mode directive is enabled.

It may be changed either with secpol.msc or setting EnableLUA=0 in the registry.

secpol.msc under
    local security policy
      local policies
        security options
          User Account Control: Run all administrators in Admin Approval Mode=disable

registry under
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
      EnableLUA=0


The computer must be restarted for this to take effect... and vodka should better be very cold!

Compo
Posts: 600
Joined: 21 Mar 2014 08:50

Re: Creating a script to gather PC information - to assist those asking for help

#141 Post by Compo » 21 Sep 2016 04:09

elzooilogico wrote:

Code: Select all

Product name           :  Windows 7 Professional, 64 bit
Date/Time format       :  (dd/mm/yy)  Tue 20/09/2016  22:18:34.75
Locale name            :  en-AU       Code Pages: OEM  850    ANSI 1252
DIR  format            :  18/09/2016  01:14 AM     4,170,235,904 pagefile.sys

Code: Select all

Product name           :  Windows 7 Ultimate, 32 bit
Date/Time format       :  (dd/mm/yy)  Tue 20/09/2016  22:25:24.01
Locale name            :  en-AU       Code Pages: OEM  850    ANSI 1252
DIR  format            :  13/09/2016  02:41 PM     3,614,949,376 pagefile.sys

Code: Select all

Product name           :  Windows 8.1 Pro with Media Center, 32 bit
Date/Time format       :  (dd/mm/yy)  Tue 20/09/2016  22:17:04.09
Locale name            :  en-AU       Code Pages: OEM  850    ANSI 1252
DIR  format            :  12/09/2016  18:40     3,484,418,048 pagefile.sys

Unrelated but I notice that you also have a different DIR format on that last PC too, so have another drink!

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Creating a script to gather PC information - to assist those asking for help

#142 Post by aGerman » 21 Sep 2016 10:18

@foxidrive
Two things that could have happened
- I don't check the error message but the errorlevel that NET SESSION returns.
- As you already mentioned I used WMIC rather than REG. Maybe there is a different output.
Give that a go:

Code: Select all

@echo off &setlocal
net session
echo *** NET ERRORLEVEL %errorlevel%&echo(
reg query HKU\S-1-5-19
echo *** REG ERRORLEVEL %errorlevel%&echo(
wmic /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H80000003" sSubKeyName="S-1-5-19" uRequired="&H1"
pause

Also it's worth to have a look at the settings that elzooilogico mentioned.

douglas.swehla wrote:If the question is "Am I elevated right now," then fsutil /? is a good quick check - - it requires elevated status even to view the help.

This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.


Compo wrote:I notice that you also have a different DIR format on that last PC too

Why not? After all it's another machine with another Windows version and most likely different settings.

Steffen

douglas.swehla
Posts: 75
Joined: 01 Jun 2016 09:25

Re: Creating a script to gather PC information - to assist those asking for help

#143 Post by douglas.swehla » 21 Sep 2016 10:34

aGerman wrote:
douglas.swehla wrote:If the question is "Am I elevated right now," then fsutil /? is a good quick check - - it requires elevated status even to view the help.

This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.


TIL, thanks! Are there any utilities that consistently require elevated privileges to run, across all [modern] versions? Or are you limited to checking registry/policy settings?

Compo
Posts: 600
Joined: 21 Mar 2014 08:50

Re: Creating a script to gather PC information - to assist those asking for help

#144 Post by Compo » 21 Sep 2016 10:46

douglas.swehla wrote:Are there any utilities that consistently require elevated privileges to run, across all [modern] versions? Or are you limited to checking registry/policy settings?
I don't know, possibly DISKPART?

foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Creating a script to gather PC information - to assist those asking for help

#145 Post by foxidrive » 21 Sep 2016 10:47

elzooilogico wrote:registry under
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
      EnableLUA=0


The computer must be restarted for this to take effect... and vodka should better be very cold!


Bewdy! Thanks. Done and dusted.

Code: Select all

--------------------------------------------------------------------------------
Windows version        :  Microsoft Windows [Version 6.3.9600]
Product name           :  Windows 8.1 Pro with Media Center, 32 bit
Performance indicators :  Processor Cores: 8      Visible RAM: 3390680 kilobytes

Date/Time format       :  (dd/mm/yy)  Thu 22/09/2016   2:36:53.70
__APPDIR__             :  C:\WINDOWS\system32\
ComSpec                :  C:\WINDOWS\system32\cmd.exe
PathExt                :  .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Extensions             :  system: Enabled   user: Enabled
Delayed expansion      :  system: Disabled  user: Disabled
Locale name            :  en-AU       Code Pages: OEM  850    ANSI 1252
DIR  format            :  22/09/2016  02:32     3,484,418,048 pagefile.sys
Permissions            :  Elevated Admin=Yes, Admin group=Yes



aGerman wrote:@foxidrive
Two things that could have happened
- I don't check the error message but the errorlevel that NET SESSION returns.
- As you already mentioned I used WMIC rather than REG. Maybe there is a different output.
Give that a go:

Code: Select all

@echo off &setlocal
net session
echo *** NET ERRORLEVEL %errorlevel%&echo(
reg query HKU\S-1-5-19
echo *** REG ERRORLEVEL %errorlevel%&echo(
wmic /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H80000003" sSubKeyName="S-1-5-19" uRequired="&H1"
pause



Thanks aGerman.

For reference sake with anyone else with Windows 8.1
Before the registry edit it showed this:

Code: Select all

System error 5 has occurred.

Access is denied.

*** NET ERRORLEVEL 2

ERROR: Access is denied.
*** REG ERRORLEVEL 1

Executing (StdRegProv)->CheckAccess()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        bGranted = FALSE;
        ReturnValue = 5;
};

Press any key to continue . . .

and afterward:

Code: Select all

There are no entries in the list.

*** NET ERRORLEVEL 0


HKEY_USERS\S-1-5-19\AppEvents
HKEY_USERS\S-1-5-19\Console
HKEY_USERS\S-1-5-19\Control Panel
HKEY_USERS\S-1-5-19\Environment
HKEY_USERS\S-1-5-19\EUDC
HKEY_USERS\S-1-5-19\Keyboard Layout
HKEY_USERS\S-1-5-19\Network
HKEY_USERS\S-1-5-19\Printers
HKEY_USERS\S-1-5-19\Software
HKEY_USERS\S-1-5-19\System
*** REG ERRORLEVEL 0

Executing (StdRegProv)->CheckAccess()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        bGranted = TRUE;
        ReturnValue = 0;
};


re fsutil
This check is outdated. I know it requires elevation on Win7 but I also know it doesn't on Win10. I can't say anything about the behavior on Win8/8.1.

Win 8.1 was the same as Win10 and worked fine without elevation - before my regedit.
Compo wrote:I notice that you also have a different DIR format on that last PC too

Good eyes you have there. Yeah, the last one is the main banger and where it matters.

aGerman
Expert
Posts: 4678
Joined: 22 Jan 2010 18:01
Location: Germany

Re: Creating a script to gather PC information - to assist those asking for help

#146 Post by aGerman » 21 Sep 2016 12:42

That are the relevant lines

Code: Select all

:: ...
set /a "HKCU=80000001, HKLM=80000002, HKU=80000003"
if exist "%__APPDIR__%find.exe" (set "find=%__APPDIR__%find.exe") else (set "find=echo" &>>"%temp%\info.txt" echo find.exe not found.)
if exist "%__APPDIR__%net.exe" (set "net=%__APPDIR__%net.exe") else (set "net=echo" &>>"%temp%\info.txt" echo net.exe not found.)
if exist "%__APPDIR__%wbem\WMIC.exe" (set "wmic=%__APPDIR__%wbem\WMIC.exe") else (set "wmic=" &>>"%temp%\info.txt" echo wmic.exe not found.)
if defined wmic >nul 2>nul %wmic% /? || (set "wmic=" &>>"%temp%\info.txt" echo wmic.exe not accessible.)
:: ...
set "RunAs="
%net% session >nul 2>&1 && (set "RunAs=Yes")
if not defined RunAs if defined wmic (
  2>nul %wmic% /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H%HCU%" sSubKeyName="S-1-5-19" uRequired="&H1" |>nul %find% "TRUE" && set "RunAs=Yes"
)
if not defined RunAs set "RunAs=No"
:: ...

- As you can see if any of the used commands couldn't have been found we would have seen it in the output. So we can assume that %net%, %find%, and %wmic% contain the right pathes.
- NET SESSION returns errorlevel 2. Thus, RunAs keeps being undefined.
- The output of the WMIC command line doesn't contain TRUE. Thus RunAs keeps being undefined again.
- RunAs will be set to No if it was undefined.

What am I missing?


@Douglas
As you can see I use NET SESSION here. Although I don't know since when NET is available.
Another possibility would be OPENFILES /LOCAL but I remember that OPENFILES wasn't available on some XP versions.

@Compo
DISKPART isn't suitable because it requests elevated rights via UAC prompt.

Steffen

douglas.swehla
Posts: 75
Joined: 01 Jun 2016 09:25

Re: Creating a script to gather PC information - to assist those asking for help

#147 Post by douglas.swehla » 21 Sep 2016 13:30

aGerman wrote:@Douglas
As you can see I use NET SESSION here. Although I don't know since when NET is available.


ComputerHope says the NET command has been available since Windows 95. The different syntax listings (<--2000, XP, Vista-->) imply that the SESSION subcommand was introduced with XP, and that its usage did not change with Vista. However, this NET reference from Windows IT Pro lists the SESSION subcommand, and it was written in 1999, while XP was released in 2001. The page doesn't indicate whether or not it was updated for XP.

Neither source addresses whether/when elevated privileges are required.

If anyone can test on a pre-XP machine, I'd be interested in knowing whether SESSION was available then. I think we're not overly concerned with supporting pre-XP Windows, so the script works as-is. It would just be nice to know.

foxidrive
Expert
Posts: 6031
Joined: 10 Feb 2012 02:20

Re: Creating a script to gather PC information - to assist those asking for help

#148 Post by foxidrive » 21 Sep 2016 19:05

douglas.swehla wrote:If anyone can test on a pre-XP machine, I'd be interested in knowing whether SESSION was available then.


I booted up my VirtualBox Windows 98 and it doesn't support NET SESSION

douglas.swehla
Posts: 75
Joined: 01 Jun 2016 09:25

Re: Creating a script to gather PC information - to assist those asking for help

#149 Post by douglas.swehla » 21 Sep 2016 21:03

foxidrive wrote:
douglas.swehla wrote:If anyone can test on a pre-XP machine, I'd be interested in knowing whether SESSION was available then.


I booted up my VirtualBox Windows 98 and it doesn't support NET SESSION


There you have it, folks. Thanks, foxi.

elzooilogico
Posts: 128
Joined: 23 May 2016 15:39
Location: Spain

Re: Creating a script to gather PC information - to assist those asking for help

#150 Post by elzooilogico » 22 Sep 2016 05:38

This is related with viewtopic.php?f=3&t=7347&start=135#p49185
aGerman wrote:

Code: Select all

set "RunAs="
%net% session >nul 2>&1 && (set "RunAs=Yes")
if not defined RunAs if defined wmic (
  2>nul %wmic% /NameSpace:\\root\default Class StdRegProv Call CheckAccess hDefKey="&H%HCU%" sSubKeyName="S-1-5-19" uRequired="&H1" |>nul %find% "TRUE" && set "RunAs=Yes"
)
if not defined RunAs set "RunAs=No"

Not sure if this may give the same result

Code: Select all

set "psCmd=powershell -Command "write-host ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent(^)^).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator^); ""
for /F "usebackq delims=" %%# in (`%psCmd%`) do echo %%# | find /I "true">NUL 2>&1 && set "RunAs=Yes" || set "RunAs=No"

This is related to
    User Account Control: Run all administrators in Admin Approval Mode or
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

as any user of the administrators group S-1-5-32-544
    when EnableLUA=0 PS code returns True
    and
    when EnableLUA=1 PS code returns False
      regardless the setting of
      User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode or
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
        I really think the value of the ConsentPromptBehaviorAdmin key has no meaning when running console commands

According to https://technet.microsoft.com/en-us/library/jj852217(v=ws.11).aspx

The User Account Control: Run all administrators in Admin Approval Mode

Code: Select all

Applies To: Windows Server 2003, Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8
and

Code: Select all

Operating system version differences
  There are no differences in this security policy between operating systems beginning with Windows Vista.
but :?:

Code: Select all

Group Policy
  This policy has no impact in Windows operating systems earlier than Windows Vista.



Tested in win 7, win 8, and win server 2008R2.

Returns Yes when user is the built-in Administrator account, or user is part of S-1-5-32-544 group with elevated privileges.
Returns No when other users, or user of S-1-5-32-544 group has limited privileges.


Hope it helps.

Post Reply