I have a Windows Server 2019 container that I would like to start using as a non-admin user.
I created a Windows user successfully and would like to start the container with that user.
Some blog posts say that it is impossible but that sounds very unlikely to me, I tried all kinds of variations but non of the commands is working successfully if anyone managed to do this successfully please let me know.
Related
I have successfully captured an image using sysprep and can provision new machines from it, however all the custom user settings are missing (desktop shortcuts, chrome bookmarks etc...).
A more serious issue is that one of the applications I had installed fails on the provisioned machine unless run as administrator (due to the way it writes some files when being installed originally).
How can I ensure this profile information is preserved and I don't hit the permissions issue for the application?
I have been pointed at the following link (http://theitbros.com/sysprep-xp-sp3-copy-administrator-profile/) but it seems to be Win XP specific.
Profile information can be migrated to a new deployment using the User State Migration Tool (USMT). USMT is a free tool designed to help IT Professionals migrate files and settings to Windows 7 or Windows 8. USMT captures user accounts, user files, operating system settings, and applications settings and then migrates them to the new Windows installation. The TechNet articles ‘Step-by-Step: Basic Windows Migration using USMT for IT Professionals’ and ‘User State Migration Tool 4.0 User’s Guide’ are good places to start learning how to use USMT.
For your application issue, I would recommend using the Microsoft Deployment Toolkit (MDT) for your deployments. MDT can deploy your image and then install device drivers and applications to the machine automatically. These two video walkthroughs are specific to migrating from Windows XP to Windows 7 with MDT, and using USMT to migrate the user files and settings:
Part 1: Building the Deployment Environment
Part 2: Initiating the Install and Migrating the PC
There is also a Microsoft Virtual Academy 7 part course titled ‘Migrating from Windows XP to Windows 7’ that has two parts dedicated to using USMT to transfer user data and one part for MDT.
MDT can be downloaded here, and USMT is a part of the ADK which is a component of MDT.
Hope this helps,
The answer here wasn't very elegant (in my mind at least) but here is what I did to achieve the desired result:
Create the VM as usual (specifying the admin user during setup)
Create a new (non-admin) user and give them RDP access
Log in as the non-admin user
Install all the necessary software
Log in as the admin user, change the permissions for any files that were causing an issue to be readable by the non-admin user
Run sysprep as the admin and complete the process as detailed elsewhere
This gave me an image that I was able to provision VMs from. When creating the VM I specified the admin user to be created (but then never needed to login as the admin, as I would just login as my non-admin user that was created before). All profile settings for the non-admin user are preserved.
Hope this helps anyone else facing the same issue.
Before I start, another post for something similar to this request for help is located at Running a process at the Windows 7 Welcome Screen, but the responses were not quite what I believe I am looking for, and the post is over a year old so I thought it best to start a new thread for my needs.
In Windows 7 Ultimate, I am trying to create a script or task scheduler event that will run a Windows "rundll32.exe" process with arguments at the logon, lock, and switch user screens (basically any screen that is waiting for user to log into the machine).
I have tried using the startup script controls in group policy editor as well as creating a task scheduler event, but so far I am unable to get the process to display on the logon screens.
The command line I am using does work while logged into any account at any user level via the "Run.." dialog as well as via CMD prompt, and is only creating a popup that already exists in the Windows OEM Environment.
The hardest part is this: My friend just bought a new laptop. The new laptop came with this specific feature already enabled, but I have no idea what is making it happen and do not have access to the computer to check out gpedit.msc and task scheduler for possible solutions.
There are two reasons why I need this info: 1) I want the feature to work on my own laptop, and 2) my friend would like help disabling it on his as he doesn't like it.
I have been all over Google, posted at Microsoft Answers, and also posted on the laptop manufacturer's user forums. I have found very few pages that refer to the same question as I have, but none have answers that work, and since I have seen and know that this is possible, I am compelled to continue looking.
The laptop that this is currently working on was purchased with a fresh install of Win 7 Ultimate and no manufacturer bloatware/additional software added, so we know that the feature was made to happen by whomever it was that installed the OS and configured it for sale. Therefore I am certain it is just a matter of the right task or script in Windows itself before I see the results I need and then know how to direct my friend to disable his via phone.
The specific call is "rundll32.exe van.dll,RunVAN". In task scheduler I have set this to run as "SYSTEM" and set the triggers for startup, workstation lock, and local disconnect. I have tried using full path to rundll32.exe as well as the bare command. In gpedit startup scripts I have tried full path and bare command. Neither of which for either case is making this popup show on the logon screens.
Any and all help and/or advice on this would be greatly appreciated by both myself and my friend.
dynamic display of images for the credential provider
i kind a newbie on windows service programing, my idea is that i want to create a windows service that will take a screen shoot of the desktop client,i mean i want to attach this to a aspx page, the screen shoot code is working 100% but problem is when i trigger windows service after install it, nothing happened.
I debugged it and there was not prp, after that i made a small screenCapture.exe file to do the job and try calling it from the service, all i got was a black screen, tried everything with it and no luck.
Then i read about desktops and stuff like that, but honestly i don't understand any of that, i goggled a lot but no luck so far, problem is that i saw a website that implement this function so it can be done. BUT HOW ??? please help me out cause i am stuck here, and if u do explain good, cause as i told u i am kinda new to this
A service does not have access to the desktop. You might want to create a program that runs when the user is logged in interactively.
Not sure which Windows you are using...but starting with Vista, the ability to interact with desktop from a service has been disabled.
A service will not have access to the desktop. This is done intentionally by Microsoft for better security. The other option you can try is, goto the service properties and give it option to interact with the desktop. This can be done using local user permissions.
I'm having a lot of problems trying to start an application as administrator on an application I'm writing when running it on XP Embedded.
The application runs as the shell for a limited user account and is touch-screen and keyboard-less with one user command being to run the touch screen vendor's calibration tool. This must be run as administrator.
No problem I thought, add user and password information to the ProcessStartInfo and all should be fine. No. The error I get is:
System.ComponentMode.Win32Exception: The specified service does not exist as an installed service.
From some investigation, I've found that:
My Process starting code is correct:
any application can be started successfully on XP Embedded when run as the limited user
any application can be run as Administrator on my own laptop
on XP Embedded, any application is regarded as being a service in the same way, including notepad
if I attempt to start a program from within process explorer, I simply get "Unable to execute process: Access is Denied"
I'm not an XP Embedded expert in anyways so I'd very much appreciate some help. I suspect that there's a configuration setting that has been set when building the XP image that specifically denies access to process creation and that the errors I'm being reported are actually mis-reports from software that's not assuming XP Embedded error codes.
Unfortunately, the people who make the base image aren't around right now so I can't get the current settings.
Thanks in advance if anyone's ever seen this before!
Kev
For the record, it turned out that the "Secondary Logon" service wasn't installed in the image.
The code I had reached down eventually into either CreateProcessWithLogonW or CreateProcessAsUser which ultimately depend on this service running. The "specified service" error was spot on, but not about what I thought it was about. No idea why I got that particular error from Process Explorer.
I'm writing a server running as a Windows service that by request invokes Firefox to generate a pdf snapshot of a webpage.
I know it is a bad idea to run a GUI program in service mode, but the server nature of my program restricts from running it in the user mode. Running a user-level 'proxy' also is not an option, since there might be no interactive user logged-in on the machine with the server running.
In my experiments Firefox successfully produced pdf when the service was running under a user account that was already logged-in. Obviously it didn't work in other cases: for Local System and user accounts that weren't logged-in. Under LocalSystem with 'Allow service to interact with desktop' option enabled I could see the Firefox started that reports that it's unable to find a printer.
Since it wouldn't be practical to require an opened user session for the pdf server to run, is there any workaround for this except running the whole thing from a virtual machine?
UPDATE: I figured that the problem wasn't really with account permissions, but with an invisible modal dialog that FF was waiting on while running in the service mode.
However it's still unable to create a pdf when FF is running under the LocalSystem account. FF says it can't find a printer and I'm wondering if this is a permission that could be somehow enabled?
You might want to try a different approach where you'd include some .NET PDF library (PDFsharp is a good, open source, choice) in your project and than use that in conjuction with WebBrowser control you'd also include in your project to render the PDF.
Don't forget to use STAThread attribute if you try this.
I've been through a similar conundrum with the MS Word running unattended. What you need to do is to login as the user you set up to be used to run firefox process and go through the process of setting up printers.
It is possible that just logging in as that user will be enough - there is some stuff performed during the first logon.
I apologize I was not clear enough - I mean you have to logon interactively using that account, configure the default printer, logout, and then run your service
Can you run the program as a Scheduled Task instead? The task can be assigned to a given user account which should work around the service limitations.
A couple of year ago I had a related issue: Shared Network Printer on pseudo-device starting up Ghostscript for PS->PCL translation and printing to real printer. The print-spooler service ran as Local System and the pseudo-device driver hat troubles executing Ghostscript from the service-mode. I was able to solve the problem by copying a couple of registry keys from the HKCU-hive to HKLM.