rport

rport copied to clipboard

Rport is running all scripts/commands as LocalSystem (nt authority\system) on Windows, but there are times when we want to run scripts as the current logged on user. It would be great if this would be an option similarly as the "sudo" checkbox on Linux. (And implemented in the API as well)

On windows there is runas (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771525(v=ws.11) which can be used.

On windows there is runas (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771525(v=ws.11) which can be used.

But runas can only be used if you know the user's password, the point is to run one script on multiple different machines as multiple different user (the currently logged on user on the machine) without writing in the passwords in the script.

For example, we use powershell scripts to automatically install/update programs for our users, there are some programs that have to be installed by the actual user because the program is installs in the user's AppData directory and can only be accessed by the user who installed it.

RPort cannot make something happen, that's not supported by the underlying operating system.

Instead of trying to execute a software installer as a different user, you can just place the installer in the user's home dir. The user will fire the installer when he/she wants to use the software for the first time. The scripting effort is the same. RPort can distribute the installer script to all our just certain users on a system.

RPort cannot make something happen, that's not supported by the underlying operating system.

Instead of trying to execute a software installer as a different user, you can just place the installer in the user's home dir. The user will fire the installer when he/she wants to use the software for the first time. The scripting effort is the same. RPort can distribute the installer script to all our just certain users on a system.

I have no idea about Go language's capabilities, but this can be done with C# Justin Murray's "CreateProcessAsUser" project Other RMM solutions (for example Ninja RMM) have this capability.

If you guys can't or don't want to implement this feature, that's fine.

Also this installation thing was just a simple example. (I don't know if you ever had to support users' daily IT activities, most of them just call you to do these things for them, as they "don't know how")

@Peter-Csatlos You are right about runas. I am using linux with sudo way to much i guess.

Also i can also feel your pain in terms of users ;-)

Having this as capability in rport would be a great help.

Would psexec work? As someone who has had a long experience using the pstools environment, this may be what you need, and it would then allow you to interact without having to reinvent the wheel for rPort. It could be added to the documentation as a recommended toolkit if it’s suitable. I think the -i flag runs as the interactive user.

If you’re not using them it’s well worth investigating pstools as a complimentary part of the rPort setup, they’re developed and approved by a part of Microsoft, kept up to date, have extensive documentation and have been in use by sysadmins for decades. They can be deployed by package managers like chocolatey too.

here’s a quick rundown on the tool, there’s a section exactly specifying what you want: https://adamtheautomator.com/psexec/