Sign in to follow this  
Followers 0
SadBunny

Commanding a service that runs under LSA in Win Vista (Business)

2 posts in this topic

Hi people!

I have been using a script for ages that turns off all my Norman Virus Control services and processes (I use it before I start 3D gaming, because it hogs RAM like all AV software, and ofcourse slows down HDD access a bit because the NTFS hook needs to have files scanned by the background scan service). But it only works under XP, not under Vista (Business ed. but I don't expect the Vista subversion to be the issue here.)

What it does is giving a command directly to a Norman service, for instance:

run($serviceToStop&" /unload") (for every service or process that I want to stop)

This is well documented by Norman, and has always performed perfectly under 98 to XP. In Windows Vista however, I can only get this command to run from a compiled script for services that run under the user account of the logged-in user. Not for services that are set to use the LSA. (Doing that just makes Run() return @error=1 and the service keeps running.)

The weird thing though, is that it works just fine when I issue that command to a service manually, from for instance the Run dialog or a CMD prompt. And I use the exact same Windows local admin user account for both tests.

Since when I script the commands the difference seems to be in the account the service is run from, I suspect I should use something like RunAsSet before issueing these commands, but I don't know if or how I can use RunAsSet to run a command with LSA privileges.

Does anyone happen to know anything to help me with this?

(And if you were wondering, it is not the User Account Control because I already turned that off to make my system less secure! :P)

P.S. This might not really be AutoIt related, but I like AutoIt and want to keep using my script! :whistle:


Roses are FF0000, violets are 0000FF... All my base are belong to you.

Share this post


Link to post
Share on other sites



Hi again people! Since no-one had an answer for me, I called M$ to try and speak to someone who actually had any connection to the M$ development, but there was NO way I could receive this kind of "sensitive information" from a 1st line helpdesk person! (Even though my company is a M$ partner and develops professional AV software for many many years now!)

So I spoke to another non-M$ developer who happened to know the fact that Vista's security, in opposition to every lower version's security, only allows process elevation for processes that are started through the ShellExecute and ShellExecuteEx. And lo and behold, when I used ShellExecute() instead of Run(), it worked like a charm!

Ok, seemingly no-one was interested enough to participate in this problem, but still, maybe someone else be interested in this later! :whistle:


Roses are FF0000, violets are 0000FF... All my base are belong to you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0