User MsgBox visibility under System Authority

[Tim H.]

I'm using a software distribution system that allows me to run installation executables, MSIs, etc. with System Authority. When I attempt to display a message box running an AutoIt script under System Authority, the current user can't see the message box. Is there an AutoIt setting that enables the System account GUI and current user account GUI to interact with each other?

Or, am I thinking about this all wrong? Any help would be appreciated.

[Tripredacus]

What flag are you using? Try using 4096.

[Tim H.]

What flag are you using? Try using 4096.

I had already tried adding 4096. No joy.

[Tripredacus]

What about 262144. I'm not sure that the description means exactly... You could write a test app that opens every kind of MsgBox that AutoIT can do. Otherwise, if none of them work, you could open an HTA or something instead.

[Tim H.]

My exact syntax is:

$RebootStatus = MsgBox( 262144+4+4096, $CMDline[1] & " has been installed.", _
"You must reboot for " & $CMDline[1] & " to function properly." _
& @CRLF & @CRLF _
& "Do you want to reboot your computer now?", $MsgTimeOut )

I'm thinking I may have to use SysInternals' PSExec

[Tripredacus]

I'm wondering if NT Authority\System (I presume this is what you meant) has the ability to open a Modal messagebox. An idea I had would be to RunWait another AutoIT app that only has

RunAs

MsgBox

And set some other account to use with RunAs.

EDIT: I wanted to add that I couldn't exactly find whether or not that account can display a MsgBox, since Google kept showing me results about SQL.

Edited July 21, 2011 by Tripredacus

[Tim H.]

"System" can indeed display message boxes. If I open a command session with psexec and the -i parameter:

psexec.exe -i -s %SystemRoot%\system32\cmd.exe

Launching the script from the command prompt, results in display of the message box.

I can run the installation I'm trying to run using my distribution application's "current user" mode instead of "system" and then use RunAs referencing an account that's a member of the local administrators group; but, doing so increases complexity and generates other issues. Oddly, using RunAs() under the "System" account doesn't seem to work.

Any other thoughts?

[Tripredacus]

Its looking like you are running into a security feature with the System account. It is by design that it does not have the ability to interact with a user. You haven't posted the client OS either, so any info I can find may not be specifically related to your problem.

There seems to be two ways for the System account to interact with a user:

1. Using psexec.

2. Using an interactive service.

Services running in an elevated security context, such as the LocalSystem account, should not create a window on the interactive desktop because any other application that is running on the interactive desktop can interact with this window. This exposes the service to any application that a logged-on user executes. Also, services that are running as LocalSystem should not access the interactive desktop by calling the OpenWindowStation or GetThreadDesktop function.

You can read about Interactive Services here, however I wouldn't know how you could change your AutoIT app into one of those.

[Tim H.]

It's probably simpler and makes more sense to just use psexec. I was hoping for a set option like: AutoItSetOption("SystemGUIInteract", 1)

Thanks for trying. I appreciate your time.