I am trying to schedule a vbs script to run with regular user rights. The script runs fine when logged in as the user, but when I try to run the script from the task scheduler as "Run whether user is logged on or not", it gets stuck on the following line:
Set IE = CreateObject("InternetExplorer.Application")
I have tried running it with "Run with highest privileges" checked and unchecked. I am running the program from task scheduler as:
program/script: "c:\windows\system32\cscript.exe"
arguments: "test.vbs"
start in: c:\
Here is the full code:
Set fso = WScript.CreateObject("Scripting.Filesystemobject")
set tfo = fso.createTextFile("c:\123.txt")
tfo.writeline("1")
Set IE = CreateObject("InternetExplorer.Application")
tfo.writeline("2")
tfo.close
output when ran as "Run only when user is logged on":
1
2
output when ran as "Run whether user is logged on or not":
1
additionally, the task will run correctly as "Run whether user is logged on or not" when using an admin account, but I cannot use an admin account as a solution.
You need to grant the user the "Log on as a batch job" privilege. This can be done either via GUI:
start gpedit.msc
navigate to Computer Configuration → Windows Settings → Security Settings → Local Policies → User Righst Assignment
double-click "Log on as a batch job" privilege
add the user account
click "OK" and close gpedit.msc
or on the commandline:
ntrights +r SeBatchLogonRight -u domain\username
ntrights.exe is part of the Windows Server 2003 Resource Kit Tools, but works on Windows 7 too. You don't have to install the whole package. Instead you can use e.g. 7-zip to open/unpack the rktools.msi inside the rktools.exe.
Edit: Since you already did that, the issue is probably that the script can't spawn a GUI application, because you don't have an interactive desktop when the user isn't logged on. Try adding some debugging code to your script:
...
On Error Resume Next
Set IE = CreateObject("InternetExplorer.Application")
If Err Then tfo.writeline Err.Number & vbTab & Err.Description
On Error Goto 0
...
A test-run of this code snippet gave me a "permission denied" error. Apparently limited users cannot create an IE instance in a scheduled task.
That said, what are you trying to achieve with the Internet Explorer object? Using an XMLHttpRequest might be a better approach for background tasks.
Related
I was trying to test a simple powershell script with task scheduler, the status showed running but the powershell console never showed up.
My ps1 script just contains two simple commands:
dir
pause
Here is my setup:
General
Run whether user is logged on or not (check)
Run with highest privileges (check)
Actions
Action: Start a program
Program/Script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments (optional): -file E:\iQ_Schedule\Untitled1.ps1
This setup works on other computer (Windows 10) but just won't on this one (Windows Server 2012 R2). I am not sure why.
Welcome to Session 0 isolation mode.
When you run your task with "Run whether user logged in or not", it runs in so called session 0. You can check this with your task manager.
Tasks running is Session 0 has restrictions on showing the user interface
This could be due to the user account which is running the script. When the script is running with the SYSTEM account, the script will run in the background.
Try to change the option 'When running the task, use the following user account' to the account you are currently logged on with. Then the PowerShell console should pop up.
It sounds like the Windows Server 2012 R2 could have PSversion 2. The Pause function doesn't exist until PSversion 3.
Could you give the value of this command to us?
$PSVersionTable.PSVersion
Run whether user is logged on or not, will still give you the prompt. If the Hidden option is checked, you will not see the prompt.
I have also seen that the user that is trying to run the PowerShell script inside Task Scheduler doesn't have access to the folder strucutre. Make sure the user that is running the Task Scheduler has access to E:\iQ_Schedule\.
Make sure the user that is running the task scheduler has read access to the file structure you are trying to look up.
You can run as SYSTEM user, but then use the executionpolicy bypass argument
Powershell -ep Bypass 'e:\myPSFile.ps1' -myArg1 'arg1' -myArg2 'arg2'
The short and skinny is that I am trying to create a script for a self serve password reset script that can be delivered via our remote application program (in this case, 2X).
The current iteration of my script is as follows:
#ECHO OFF
SET passchange=%username%
ECHO Changing password for %passchange%
runas /profile /user:administrator "net user %passchange% * /domain"
PAUSE
I arrived at the current iteration because net user on its own returned "System Error 5 has occurred. Access Denied." As a result I am attempting to elevate the command using runas.
That elevation is also why I'm attempting to map a custom variable to a system variable, as when using runas, %username% maps to administrator instead of the logged in user. So what I'd like to do is find some way to lock that %passchange% variable.
Or maybe there's a better way to accomplish this so that it can be run as the user without the runas method of elevation? We do not plan to give users admin rights. Unless this is another permission issue?
I want to launch an exe file of my product (C:\ClassConnect\class_server.cmd) on user login.
I tried 2 solutions ( but nothing seems to work)
Solution 1 : ( Added Startup Shortcut )
It asks the user for UAC dialog, which obviously my users will not accept as its a spy app.
Solution 2 : ( Added batch to windows scheduler so that it runs for any user)
It runs fine with the administrator account but fails for other users.
Moreover I am not able to view scheduled tasks on other users
Please help. ( I want the batch to run on startup for all users on my machine)
I would recommend you to put your class_server.cmd file in the alluser start-up folder:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Or call your .cmd file via shortcut and runas in the start-up folder to solve the UAC problem. Follow this documentation: http://www.howtogeek.com/124087/how-to-create-a-shortcut-that-lets-a-standard-user-run-an-application-as-administrator/
After struggling my head for so many days, I finally found the answer for running the program as admin
I wrote the following batch file to run one of my system program in admin mode without UAC Popup( it auto Enters the admin password )
I wrote a batch file run.bat with following content => it then executes a vb script which waits for 5 second and keys in the password.
================run.bat Start========================
set USER_NAME="administrator"
set PASSWORD="test"
set PROGRAM_NAME="C:\\ClassConnect\\class_student.bat"
set "cm=cscript /B /nologo runas4.vbs %PASSWORD%"
%cm%
runas /profile /env /user:%USER_NAME% "%PROGRAM_NAME%"
================run.bat End========================
================runas4.vbs Start========================
Set objArgs = Wscript.Arguments
password=objArgs(0)
set WshShell = WScript.CreateObject("Wscript.Shell")
WScript.Sleep 5000
bWindowFound = WshShell.AppActivate("ClassConnect_Teacher")
WScript.Sleep 500
WshShell.SendKeys password
WshShell.SendKeys "{ENTER}"
set WshShell = nothing
================runas4.vbs End========================
The above script waits for 5 second and then enters the password for runas command thus I am able to run the script in admin mode.
If you are not sure about your access rights, download the isadmin.exe from internet.
if you do not have admin access on the system , activate the default disabled Administrator account. You can activate the account by using
net user administrator /active:yes
For resetting the default administrator password use:
net user administrator *
I have to create a script which updates a system environment variable (based on a command line parameter) before launching a program.
In Windows 7, updating the system environment variable is denied. I would like to perform a privilege elevation for just the setting of the env. var. But run the program as a normal user.
How to do it?
Note:
I've tried the following solution:
Using 2 scripts:
1 master which get all information from command line, which call the slave script to change the system env. var., and which finally launch the program
1 slave script that update the system env. var.
the master script tries to call the slave script using privilege elevation, but that does not work
I've try 2 solutions for the privilage elevation:
Using the "runas /User:Administrator ..." command but it ask for the Administrator password: Fail
Using the "ShellExecute ...., "runas"" command but it tells me that my script is not an application: Fail
I found a way that is working at least on Windows 7 (don't know if it will work on the few Windows XP hat we still have around).
I did the following from the main script:
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
Set UAC = WScript.CreateObject("Shell.Application")
UAC.ShellExecute "wscript.exe", currentDirectory + "my-script.vbs /Param1:Value1 ...", "", "runas", 0
And the my-script is doing the sys var env update.
Note: My fist experience with ShellExecute failed because I was trying to execute the script. Instead of "wscript.exe" I had "my-script.vbs" for the executable name.
IMHO, disable UAC, it's just a pain in the *
But if you can't (like me 8<), you can use
psexec.exe -d -u userid -p password CMD /c program_with_path
You (or the user where the sript runs) will have to confirm the prompt though.
I am logging into the server as Administrator to winserver2008.
I created a script called: vbscript.vbs
The purpose of this script is to auto login to linux via putty, then perform command line task.
Dim Shell
Set Shell = CreateObject("WScript.Shell")
output = Shell.Run("C:\putty.exe 1.2.3.4 9321")
wscript.sleep(500)
Shell.Sendkeys "root" & VBCrLf
wscript.sleep(30)
Shell.Sendkeys "password" & VBCrLf
wscript.sleep(30)
When I manually click on vbscript.vbs to execute it, vbscript will fill in root and password to putty.
When I use windows scheduler call to vbscript.vbs to execute it, vbscript won't fill in root and password to putty.
I suspect some permission issue.
I already set putty.exe to run as administrator, allow administrator, administrators group permission for it, but still fail to work when call via windows scheduler.
=====
I just tried with the second scenario, send 2 to the windows calculator, fail too..
testcalc.vbs
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run "Calc.exe"
objShell.AppActivate "Calculator"
objShell.SendKeys "2"
Give up on trying to get SendKeys to work from a scheduled task, it's not going to happen. Instead simply pass the login and password on the command line:
output = Shell.Run("C:\putty.exe -l root -pw password 1.2.3.4 9321")
Alternatively do it with a session file and use -load.
If you are then going to execute commands over this connection then I believe you actually want plink rather than putty.