My Scenario looks like:
There is a Appache Tomcat 8 Server where a Schedular-application runs on. Via a browser i can start tasks there and configure the parameters for these tasks.
The tasks itself containing jobs which are like a single command line execution with needed parameters. Therefore i usually call bat files in there.
The problem in a special case the job-process need to have administrator rights.
I know how to use runas and i know how to run processes as administrator. But i dont know how to automate the authentication via a bat.
What could be a way to do this?
p.s.: all articles i found need at least one click to go ahead with authentication however thats not possible in the given scenario.
I found a solution that works for me. I just create link to the batch file by doing these i can set the default run as administrator. In addition to lower the uac of level in windows the execution works with no interupts.
Related
I have a case where my users runs a script (bat) file that I wrote on win7 as admin. Im looking for a simple way (without installing any tools) to make a different script that I wrote run on windows start up through this batch file.
I tried using startup folder but that will run my script without admin rights. I also read about a solution with runas command but it didnt work and also its problematic to know the user details in advanced. I looked online but couldnt find anything to help me to do this automatically through the command line
UPDATE
By looking at the answers im thinking maybe the situation is not clear enough.
Im writing this script on my pc. I give this script (batch file) to my clients, who lack any knowledge of how to do anything but simple stuffs, such as openning cmd as admin and running my batch file that I write in advance. To sum up, I need this batch to be able to set a process (a different batch or vbs file) to run with admin privelleges on startup of the pc (again, without requiring my clients to do any complicated actions, im hoping to get my script to do everything for them)
If you do not have the credentials for the administrator account, you will not be able to run the script with elevated privilege. If you do have those credentials, then you can set up a scheduled task (described at this SevenForums post), running it under the administrator account.
Check the script carefully, and ensure that it's not incorporating anything that may cause problems, like an unavoidable GUI presentation - this question on ServerFault discusses that pitfall.
Make a shortcut to your batch, set its properties>advanced to run as administrator and then move the shortcut to the startup directory.
I was going to ask this in superuser but it is related to C/C++ and Win32 programming so I'll ask it here. I'm looking to add a step between user login and the Windows shell for Windows 7+. These are the things I've researched and tried with limited success:
MSGINA Stub, which seems like it would work perfectly but was discontinued as of Windows Vista so I can't use this.
I've looked at custom Windows Credential Providers but I'm not entirely sure this will do what I want (launch an application after login and before the windows shell).
A (semi) custom shell which would do what I need then launch the normal Windows shell (explorer.exe).
Option 3 has gotten me the closest but my problem is that I can't start explorer.exe as a shell if I've created the HKLM\...\Winlogon:Shell registry value pointing to my program. I could create the Shell value in HKCU then change it to explorer.exe before quitting and launching explorer then restoring the value to my program. This would work but is not as secure as using HKLM. In this case, I can't even use HKLM as my program is being executed in the current user's context and the user does not have write permissions to that key.
Are there any creative ways that I can do this or any other possibilities that I'm missing? Option 2 above didn't seem to be viable but please correct me if I'm wrong.
I like RbMm's answer, but for completeness, another option is a Credential Manager.
(Note: a Credential Manager is not the same thing as a Credential Provider.)
Using a Credential Manager might be preferable to using userinit in any of the following scenarios:
You want to run code with elevated privileges.
Your code needs to run at a very early stage in logon, e.g., before roaming profiles are loaded.
You need the user's password.
Some reasons you might not want to use a Credential Manager:
It runs as a DLL inside winlogon so you need to be particularly careful that your code is correct.
Depending on what you're doing, it might be too early in the logon sequence. :-)
It doesn't run in the user's context. (There is a way around this, but it's pretty hacky.)
I think that best way for insert a program between login and explorer shell in Windows is register own application under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon : Userinit
default userinit.exe run exactly between login and shell and can be customized:
For example, to have a program run before the Windows Explorer user
interface starts, substitute the name of that program for Userinit.exe
in the value of this entry, then include instructions in that program
to start Userinit.exe.
In Microsoft Release Management 2013, in the Powershell Executor step we have configured a step to trigger a Windows batch file. This batch file will be executed on a different server, which also happens be our App Server. As an experiment, we have a simple test case to open IE, access the Google homepage URL and close the browser, a screenshot will also be captured. When we run the job from RM, the Selenium logs say that the browser is launched and the test was successful. But when we check the screenshot it is just a black screen. All this runs as the Windows service account user which is the same user that is running RM. This user has no log on privilege.
If I log into the App server with my own ID and execute the batch file manually, the screen shot is captured correctly.
I have read several online posts regarding the black screen. People have said that the screenshot is black because the screen is locked. Does this mean the RM Powershell executor step must be executed with some other credentials instead of service account? If yes, how do we do this? In some suggestions it was mentioned to install VNC. Is that relevant in this situation?
I'm fairly new to Windows. I've mostly been working in Linux systems and I've been requested to debug this issue here. Any pointers/guidance will be appreciated. Thank you!
The deployment agent does not run as an interactive service. You're going to have a lot of trouble getting it to directly invoke Selenium tests. I wrote a blog post a few years ago showing how I accomplished it. Basically, you use Selenium hub to execute the tests interactively from agent machines.
We finally got this to work.
We were invoking the testNG selenium tests within a batch script. This script was specified in RM within the Powershell Executor task. The main point to note is that, in the Powershell executor task, we must first have a cd (change directory) command to change into the directory where the Selenium scripts are. Then specify the complete path to the batch script to be executed in the same Powershell executor task. This cd command is very important. Without this, the batch script would be executed but the selenium step within that wouldn't work. You would just get a vague "configuration errors:1" in the final output.
We took care of website authentication using AutoIT for IE browser.
Is there a possibility to run AppleScripts from a server or from a cloud service?
I want to have some scripts that can run if my computer is sleeping/off.
I looked around a bit on Google, but haven't found anything promising.
If this doesn't exist I basically need to remove the password from my computer and wake up the computer whenever the script needs to run.
It largely depends on what you want to do with the script. There are a few options.
You can use 'stay open' script bundles that, for example, check a certain folder and run when you interact with this folder
You can launch certain scripts when the server boots.
You need to have a server that is always on for this to work. I have this running myself and it works just fine. However, as I said before, it largely depends on what you want to do with your scripts.
I've a PS script which I use to keep track of my VMWare ESX servers. I need to run it as a service so that I'm not permanently logged on. Unfortunately, the script runs more slowly if I use a runspace inside a service rather than just running the script through the powershell console. It's taking 2-5 minutes to make calls to the VMWare web service instead of a second or so.
Is there some sort of magic I should be using when I invoke the runspace?
You can run the script as a scheduled task.
Without seeing what you're doing, I can't think of many things that would make that big of a difference:
Do you have profile customization that might be helping it out when it runs in PowerShell (test with PowerShell -noprofile)
Are you counting the time it takes to initially import a module or snapin in your service, but not in PowerShell.
Are you re-creating the whole runspace each time in your service?
Have you tried using the 2.0 API of PowerShell with PowerShell.Create() to run it?
Finally, you could also take a look at some of the open source PowerShell hosts like PoshConsole or bgHost on CodePlex ... if they don't run it slowly, then you could follow the process they use for creating their runspace.
Does the service authenticate as a user with the same rights you do? I suspect something is timing out when it runs as the service, which you don't see when you run the script yourself.
The script in question runs equally slowly whether it runs in a service using its
usual service account, or if I run as myself in a very basic console app (create
runspace, add script, execute).
Apart from the usual suspects (account rights, Set-ExecutionPolicy RemoteSigned, and firewall configuration) I can't think of a good reason why PowerShell shouldn't work exactly the same in a Windows Services as it does in a console application, which makes me think it might be something environmental. It's not something silly like poor DNS resolution, is it? Assuming you're running this on a server, does it also perform slowly on your development machine too?
PS: I wonder if this question might be more appropriate for ServerFault?