Run your script in the System account

[supergg02]

Try this command to know what i mean:

PsExec -d -s C:\WINDOWS\SYSTEM32\notepad.exe

and you will see that notepad is launched in a system account (look at tasklist) that mean 2 thinks:

-No way for user to Kill this task (notepad.exe in my exemple here) (usefull to protect you script fror CTRL +ALT+DEL)

-Your exe is totally hidden (no GUI is shown !)

So my question: is ther a way to do same thing like PsExec ? ie run an exe in System account ?

Thinks for any help

[Somerset]

-No way for user to Kill this task (notepad.exe in my exemple here) (usefull to protect you script fror CTRL +ALT+DEL)

Like what a Virus, or something along those lines? stuff running that cannot be shut down can be very dangerous. You maybe barking up the wrong tree, becareful what you follow up with. because activity of non killable scripts is not taken happily because autoit already has problems with false positives with antivirus.

[supergg02]

Like what a Virus, or something along those lines? stuff running that cannot be shut down can be very dangerous. You maybe barking up the wrong tree, becareful what you follow up with. because activity of non killable scripts is not taken happily because autoit already has problems with false positives with antivirus.

Whay you say that ??? I'm asking about some thing like sysinternal tools (PSExec) !

never mine, Thinks for your replay, I'll ask my question in other developper's forums.

[supergg02]

Finally i find a solution. great thinks for this no parano forum

In other word, we can use AT command from XP

Here a full description

Schedules commands and programs to run on a computer at a specified time and date. You can use at only when the Schedule service is running. Used without parameters, at lists scheduled commands.

Syntax

Create an AT job:

AT [\\computername] hh:mm [/iNTERACTIVE] [ /EVERY:day(s) | /NEXT:day(s) ] "command"

Delete an AT job:

AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]]

Edited January 29, 2006 by supergg02

[masvil]

-No way for user to Kill this task

I can do it without any problem from Task Manager even if it run in System account.

Anyway this method works good, thanx for sharing.

[supergg02]

I can do it without any problem from Task Manager even if it run in System account.

Anyway this method works good, thanx for sharing.

Are you sure about possibility to kill process when it run in System account from Task Manager ???

would you please explain how (are you logged with admin account or did you use other methode ?....)

[masvil]

Are you sure about possibility to kill process when it run in System account from Task Manager ???

would you please explain how (are you logged with admin account or did you use other methode ?....)

Yes, I'm logged as admin. Now I understand you meant that a no-admin user can't kill a system process, right?

In any case, I'm testing a way for a AutoIT compiled to (re)run itself in system account, but I still can't found a good way. I can imagine 2 way:

1st. it checks if its own PID (@AutoItPID) is already running as system (how can I do it?); if not then it create an AT job (with a minimum 1 minute delay if you don't use "soon.exe" from MS) for itself (@ScriptFullPath) and exit;

2nd. it runs first time, drops something (a temporary text file or a registry key) as a sign that it has already runned normal, creates an AT job and exit. On next running as system it deletes sign and so on.

Any better idea?

Edited January 29, 2006 by masvil

[supergg02]

Yes, I'm logged as admin. Now I understand you meant that a no-admin user can't kill a system process, right?

right !

1st. it checks if its own PID (@AutoItPID) is already running as system (how can I do it?);

No idea but there is an acrobatic way to know if it is running as in system account (trying kill it self from non adm account ...killprocess(@AutoItPID) will return a failer result...I imagine...)

maybe there is an other clean way by running it as xp service (using registry or SC commande)

i'm thinking...

[LoWang]

Yes there is quite a system way

Make a service from your script by using instsrv.exe and srvany.exe. Look at this guide how to do it (it can be done all by commands if you want to know them, I will write)

And then simply start your script

net start mygreatservice and see how it runs as system

To make it able to interact with desktop you must yet check the "allow service to interact with desktop" checkbox in the service properties. This can by done by this command:

sc config mygreatservice type= own type= interact

"type= own" is necessary because of bug in the sc.exe utility

All those exe files are in resource kit, or maybe they can be downloaded from that guide

Note: when your script ends, the system will not know that the service itself has ended, so he will consider it still running until you type net stop mygreatservice

Edited February 9, 2006 by LoWang

[masvil]

Yes there is quite a system way

Nice find

Make a service from your script by using instsrv.exe and srvany.exe. Look at this guide how to do it (it can be done all by commands if you want to know them, I will write)

OK, write them, I can't do it even if I've read the guides.

[Geert]

Install Windows Service

[mikeytown2]

You could use command line switches to start the AutoIt Program up. I've done this in the past where i needed pseudo multi treading form one autoit exe.

so you have the autoit exe start its self with a command line switch. Look in the help for an example though if i remember right it the example in there kinda sucks.