I'd like to run a windows application in the context of another user. I have an administrator and several user accounts in one machine and I would like to have the administrator start certain applications for each user account (preferably using shell commands).
I tried the runas command but that appears to run in the administrator session as the specified user. I want to run the application as the user session in the user context (hope that makes sense).
For example, using user administrator I would like to start notepad.exe so that user1 (logged in) can see it appear onscreen. Is that possible?
You can use PsExec for this : http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
use with argument : -i Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
ex. This will start IE on other computer
psexec \client -i "c:\program files\internet explorer\iexplore.exe"
/René
Related
I have a script which has to run from an administrator level powershell/cmd prompt
Why? Because it has to use logman to get windows counters
Problem: The software for which I want to log the windows counters for has to be started with regular user level rights.
I've seen that there are lots of examples on how to run as Administrator
I don't see any on running as Regular User
Launch exe file
Start Logman (Admin level)
Run Bat File to Open Program
Bat File should run with regular user level priv's
I had a look at using RUNAS but that requires password entry, which I don't want.
Is there some other way on windows to delevate?
you could use psexec
psexec -l powershell.exe -executionpolicy unrestricted -noexit -file c:\temp\checkelevated.ps1
-l : Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity.
I have a program set to launch automatically via a runas savecred command and would like to make it so that it doesn't prompt me for the password for each login
On Windows 10, I have a command shortcut in startup to launch a program as a different user than I am logging into the computer with. With the runas savecred switch, it still prompts for the password at each login in the commmand prompt
C:\Windows\System32\runas.exe /savecred /user:DOMAIN\USERNAME "mmc %windir%\system32\dsa.msc"
I would like for it to simply launch the application every time I log into windows. It currently prompts me for the password when the command runs. Does the savecred credentials get deleted when you log out of Windows?
This is old, but try adding /persistent:yes
I was trying to test a simple powershell script with task scheduler, the status showed running but the powershell console never showed up.
My ps1 script just contains two simple commands:
dir
pause
Here is my setup:
General
Run whether user is logged on or not (check)
Run with highest privileges (check)
Actions
Action: Start a program
Program/Script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments (optional): -file E:\iQ_Schedule\Untitled1.ps1
This setup works on other computer (Windows 10) but just won't on this one (Windows Server 2012 R2). I am not sure why.
Welcome to Session 0 isolation mode.
When you run your task with "Run whether user logged in or not", it runs in so called session 0. You can check this with your task manager.
Tasks running is Session 0 has restrictions on showing the user interface
This could be due to the user account which is running the script. When the script is running with the SYSTEM account, the script will run in the background.
Try to change the option 'When running the task, use the following user account' to the account you are currently logged on with. Then the PowerShell console should pop up.
It sounds like the Windows Server 2012 R2 could have PSversion 2. The Pause function doesn't exist until PSversion 3.
Could you give the value of this command to us?
$PSVersionTable.PSVersion
Run whether user is logged on or not, will still give you the prompt. If the Hidden option is checked, you will not see the prompt.
I have also seen that the user that is trying to run the PowerShell script inside Task Scheduler doesn't have access to the folder strucutre. Make sure the user that is running the Task Scheduler has access to E:\iQ_Schedule\.
Make sure the user that is running the task scheduler has read access to the file structure you are trying to look up.
You can run as SYSTEM user, but then use the executionpolicy bypass argument
Powershell -ep Bypass 'e:\myPSFile.ps1' -myArg1 'arg1' -myArg2 'arg2'
The short and skinny is that I am trying to create a script for a self serve password reset script that can be delivered via our remote application program (in this case, 2X).
The current iteration of my script is as follows:
#ECHO OFF
SET passchange=%username%
ECHO Changing password for %passchange%
runas /profile /user:administrator "net user %passchange% * /domain"
PAUSE
I arrived at the current iteration because net user on its own returned "System Error 5 has occurred. Access Denied." As a result I am attempting to elevate the command using runas.
That elevation is also why I'm attempting to map a custom variable to a system variable, as when using runas, %username% maps to administrator instead of the logged in user. So what I'd like to do is find some way to lock that %passchange% variable.
Or maybe there's a better way to accomplish this so that it can be run as the user without the runas method of elevation? We do not plan to give users admin rights. Unless this is another permission issue?
I have 2 displays attached to my PC (one is my TV) running Windows 7 and I want to switch between them using a script. I know about the "displayswitch.exe" and its parameters (like /clone, /internal, etc). However, I need the script to work while the PC is locked.
Pressing Windows+P works fine, while the system is locked, which also invokes displayswitch. However running a batch script with "displayswitch.exe /clone" does not work while the PC is locked.
To execute the script, I want to use the Remote Launcher Application on my phone. The Remote Launcher works just fine with a script to shutdown my PC while it is locked, so it is in general able to execute scripts on the locked machine.
Is there any other way, to switch between my displays while the system is locked?
That's not a trivial task.
What displayswitch internally does is to call SetDisplayConfig function. this function must be invoked from a process which lives in a interactive console, otherwise it will return ERROR_ACCESS_DENIED
One may think that he can then invoke displayswitch from psexec using the -i option and indicating the currently active user session; usually powershell
(ps winlogon).si
returns all the interactive user sessions
but launched from psexec, displayswitch.exe doesn't works anyway.
I suppose it is because in any case a command line application doesn't need the "graphical" infrastructure to run, and maybe some internal optimization happens in psexec to save to create a proper graphical environment (at least it doesn't work on my machine, i had no luck with the -x option either)
What you can do it is to write a very simple windows form program, it doesn't even need to create the actual form, it could simply invoke SetDisplayConfig and die. But being a windows form application magically do the trick.
This way you can create a script that find the currently active interactive console id, and then use psexec like this (assuming 1 is the id of the interactive session)
psexec -accepteula -nobanner -i 1 C:\path-to-your-exe\your-exe.exe
i had a powershell module loaded in my profile which i can call it from ssh or any remote connection and it switch my display even if my session is locked, or even if there is no user session logged at all.
obviously the user who runs the script must have the required grant to run psexec -i (mine is machine administrator, so it works, but i don't know which exact grant is required, you can create a functional machine administrator and invoke psexec passing these credential with -u -p parameters)
Try this:
create a job in your windows scheduler executing the desired command (linke "displayswitch.exe /clone")
set a user that has the permission to perform this command and save the password inside your new job
don't set a trigger for the job but enable the option to start it manually
use schtasks /Run /S system /U username /P password /TN taskname to trigger the job
This should execute the desired command no matter in which state your windows is as long as it is running and has network connection.