Thursday, May 29, 2014

Adding 'Run as administrator' right-click menu items for VBScript and PowerShell files

One of my post TechEd 2014 resolutions is to finally cast off my Batch script crutches and start running with with PowerShell and/or VBScript. To that end I assigned myself the task of converting a few of my Batch scripts over to these new languages last week. Right away I found myself annoyed. See, the great thing about Batch is you have this nifty "Run as administrator" context menu item that appears when you right-click on any .BAT or .CMD file. If I run a Batch script once with a simple double-click and it fails then I have the right-click option to provide me with a quick and easy way for me to run the script with elevated credentials. This allows me to quickly determine if some aspect of my code requires administrative permissions. I found out real quick that this menu item appears to be missing for .PS1 and .VBS files.

Now I get why Microsoft did this. It’s probably a security measure to prevent you from accidentally hosing your system by running a bunch of scripts in the Administrator context. It’s certainly not a feature I’d want “Joe User” to have access to. Still us more “advanced” users might want to have this menu item present purely to speed up our script testing process. So to solve this little dilemma for myself I put together two Batch scripts (HA, Ha, yes I’m using Batch to ultimately eliminate Batch) to add the right-click options back in for .PS1 and .VBS files. The scripts I wrote are posted below. Note that with the .VBS script you have two options! One uses CSCRIPT.EXE and the other uses WSCRIPT.EXE. If you don’t know the difference then don’t use the scripts. They also come with no warranties! Use at your own risk!


Add Right-click “Run as administrator” for .PS1 files (PowerShell):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Enable right-click 'Run as Admin' for PowerShell for Windows 7 or Later :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Add Windows context menu item. :: Version: 2.1 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO. ECHO Enabling right-click 'Run as Admin' for PowerShell for Windows 7 or Later... ECHO. :: Add value for UAC shield icon: REG ADD "HKCR\Microsoft.PowerShellScript.1\Shell\runas" /v HasLUAShield /t REG_SZ /d "" /f :: Add value to create context menu item: REG ADD "HKCR\Microsoft.PowerShellScript.1\Shell\runas\command" /ve /t REG_EXPAND_SZ /d "\"%%SYSTEMROOT%%\System32\WindowsPowerShell\v1.0\powershell.exe\" -executionpolicy bypass -nologo -file \"%%1\"" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Remove Right-click “Run as administrator” for .PS1 files (PowerShell):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Disable right-click 'Run as Admin' for PowerShell for Windows 7 or Later :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Remove Windows context menu item. :: Version: 2.1 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO. ECHO Disabling right-click 'Run as Admin' for PowerShell for Windows 7 or Later... ECHO. :: Remove custom 'runas' registry entry: REG DELETE "HKCR\Microsoft.PowerShellScript.1\Shell\runas" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Add Right-click “Run as administrator” for .VBS files (VBScript - WSCRIPT.EXE):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Enable right-click 'Run as Admin' for VBS for Windows 7 or Later (WSCRIPT) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Add Windows context menu item. :: Version: 2.0 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO Enabling right-click 'Run as Admin' for VBS for Windows 7 or Later (WSCRIPT)... ECHO. :: Add value for UAC shield icon: REG ADD "HKCR\VBSFile\Shell\runas" /v HasLUAShield /t REG_SZ /d "" /f :: Add value to create context menu item: REG ADD "HKCR\VBSFile\Shell\runas\Command" /ve /t REG_EXPAND_SZ /d "\"%%SYSTEMROOT%%\System32\wscript.exe\" \"%%1\" %%*" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Add Right-click “Run as administrator” for .VBS files (VBScript - CSCRIPT.EXE):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Enable right-click 'Run as Admin' for VBS for Windows 7 or Later (CSCRIPT) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Add Windows context menu item. :: Version: 2.1 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO. ECHO Enabling right-click 'Run as Admin' for VBS for Windows 7 or Later (CSCRIPT)... ECHO. :: Add value for UAC shield icon: REG ADD "HKCR\VBSFile\Shell\runas" /v HasLUAShield /t REG_SZ /d "" /f :: Add value to create context menu item: REG ADD "HKCR\VBSFile\Shell\runas\Command" /ve /t REG_EXPAND_SZ /d "\"%%SYSTEMROOT%%\System32\cscript.exe\" \"%%1\" %%*" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Remove Right-click “Run as administrator” for .VBS files (VBScript):


@ECHO OFF & CLS :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Disable right-click 'Run as Admin' for VBS for Windows 7 or Later :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Remove Windows context menu item. :: Version: 2.1 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Display status message: ECHO. ECHO Disabling right-click 'Run as Administrator' for VBS for Windows 7 or Later... ECHO. :: Remove custom 'runas' registry entry: REG DELETE "HKCR\VBSFile\Shell\runas" /f :: Display completion notice: ECHO. ECHO Done! :: Delay for processing: PING 127.0.0.1 -n 3 > NUL :: Pause to view results: :: ECHO. :: PAUSE EXIT

Monday, May 19, 2014

SCCM WQL Query: Dealing with X86 and X64 Systems

This one actually comes by request in the comments section of a previous post. I haven't bothered to post on this subject because I was of the opinion that plenty of other blogs had already covered this scenario. However, you asked so I suppose it doesn't hurt to go over how I address OS Architecture in my WQL queries. As with my WQL queries for Windows 8-2012 I just create a series of basic core queries that I then just "tweak" to fit my needs. Here they are:

Basic "OS Architecture" Queries (returns All Systems for specified architecture):

select distinct SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceID where SMS_G_System_COMPUTER_SYSTEM.SystemType = "x86-based PC"

select distinct SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceID where SMS_G_System_COMPUTER_SYSTEM.SystemType = "X64-based PC"

OS Architecture Queries filtered by OS Type (Client/Server):
Note how we look for any systems that are NOT servers to get our list of clients.

select distinct SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceID inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceID where SMS_G_System_COMPUTER_SYSTEM.SystemType = "x86-based PC" and SMS_G_System_OPERATING_SYSTEM.Caption not like "%Server%"

select distinct SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceID inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceID where SMS_G_System_COMPUTER_SYSTEM.SystemType = "x64-based PC" and SMS_G_System_OPERATING_SYSTEM.Caption like "%Server%"

OS Architecture Queries filtered by OS Version:

select distinct SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceID inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceID where SMS_G_System_COMPUTER_SYSTEM.SystemType = "x86-based PC" and SMS_G_System_OPERATING_SYSTEM.Caption like "%Windows 7%"

In the above code just specify desired OS Architecture for "SMS_G_System_COMPUTER_SYSTEM.SystemType" and substitute desired OS version for "SMS_G_System_OPERATING_SYSTEM.Caption". For example:

  • Use "%2000%" for Windows 2000
  • Use "%Windows XP%" for Windows XP
  • Use "%Server 2003%" for Windows 2003
  • Use "%Vista%" for Windows Vista
  • Use "%Serverr 2008%" for Windows 2008 Non-R2 (No, the extra "r" is not a typo)
  • Use "%Windows 7%" for Windows 7
  • Use "%Server 2008 R2%" for Windows Server 2008 R2
  • Use "%Windows 8%" for Windows 8
  • Use "%Server 2012%" for Windows 2012

Hope you guys find this useful, and if anyone knows a better method feedback is always welcome.