KenE Posted January 23, 2008 Share Posted January 23, 2008 I'm not so sure if this is even possible, I've tried searching for solutions and come up with nothing I like. I'm looking for a way to interact with user's session with a compiled script that was executed under the System account. I'm not sure if I can post product names here, so let's just say I use a well known imaging utility that has its own management console. I can use this to remotely execute programs on any number of machines. The problem is that everything is run under the System user. I have no way of interacting with the current user's session, or writing to their registry settings. What I don't want is a solution that uses RunAsSet; keeping a list of usernames and passwords stored seems really insecure. Does anyone know of a way to get the SID of the current interactive login, then use this to execute files or write to that registry, without providing that user's credentials? Maybe I'm missing something obvious and this is simple, or maybe it can't be done. I'd appreciate any suggestions anyone may have. Thanks! Link to comment Share on other sites More sharing options...
blademonkey Posted January 23, 2008 Share Posted January 23, 2008 what is it you ultimately want to do? you want to import registry keys into an currently logged in user? you want to run apps in the user's session interactively? you want to remote control the PC? what "imaging app" are you talking about? ---"Educate the Mind, Make Savage the Body" -Mao Tse Tung Link to comment Share on other sites More sharing options...
ptrex Posted January 23, 2008 Share Posted January 23, 2008 @AllMaybe this can help you out.System Accountregards,ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
KenE Posted January 23, 2008 Author Share Posted January 23, 2008 Sorry, I thought I explained enough to get started...I use Symantec Ghost Enterprise (now Ghost Solution Suite).I can already run things under the System account, that's not what I need.I need to be able to write to the currently (interactive) logged in user's registry settings (HKCU).I need to be able to run applications (any .exe) interactively within the currently (interactive) logged in user's profile.All this needs to be done from a compiled script that is launched under the local System account.All this needs to be done without the help of RunAsSet and a username/password list.Thanks for your replies!I have tried automating the task scheduler (command line switches), but in XP SP2, you cannot (that I know of) add a task with the option to only run if a user is logged on. This was the closest I have come to getting this to work. If I borrow the task scheduler exe (schtasks.exe) from a W2k3 server, the option to run only if the user is logged on is available, but it doesn't work. I can schedule the task, but it always fails to start. The task really should be unaware of which account it was created under, and so long as the security permissions are correct, it should run, but it doesn't. There must be more to a scheduled task than you can see from the GUI. The goal here was to create a task that would run under the current user, 1 minute from now, and launch my application(s) under the current user's profile. When you check the run only if logged on checkbox, you don't need to enter user credentials, it runs under whomever is logged on. I assume that there's a good reason this doesn't work, or the schtasks.exe included with XP would probably have this option. I haven't explored the option of using another method of interfacing with the task scheduler, just the command line. Maybe some other method exists? I've been scripting since way back, so the command line is where I usually start. Link to comment Share on other sites More sharing options...
ptrex Posted January 23, 2008 Share Posted January 23, 2008 @KenEMaybe this can fit your need, but I am not sure.CMD.EXE under Lcoal System AccountNever encountered your situation, I had made a example to run a AU3 as a service.See my signature.This runs fine. But then again I don't check if the user is logged in or not,Anyhow I hope you find the solution.Regardsptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
blademonkey Posted January 23, 2008 Share Posted January 23, 2008 for applying registry entries to currently logged in users you can do that with Regedit already. you just have to apply any setting you want to the valid HKUSER\{SID} key. Now I'm curious, what applications would you want to run as a regular user that you couldn't run with a system account? Why would you want to do that? maybe if you gave more details we could provide an alternate solution to your overall goals (if your specific needs cannot be met). -B ---"Educate the Mind, Make Savage the Body" -Mao Tse Tung Link to comment Share on other sites More sharing options...
KenE Posted January 23, 2008 Author Share Posted January 23, 2008 @blademonkey Do you have a suggestion as to how to obtain the SID of the user that is interactively logged on to a system via a script running from the System account? I haven't really looked into this just yet. Something as simple as setting a user's default printer, or installing any other software that writes to the current user's registry and/or saves files within that user's profile. There's plenty of software out there that does this, and because I already have a management tool that I use, I'd like to be able to deploy these types of apps as well. It would at least be a start if I could write to the registry for that user. I could work on the rest later. I'm not trying to be secretive about the apps I'm running, there have been plenty of them that don't run well under the System account, and plenty that do. My immediate need is to identify the SID of the user to be able to modify their registry. Link to comment Share on other sites More sharing options...
blademonkey Posted January 23, 2008 Share Posted January 23, 2008 psloggedon and psgetsid should help you do that. ---"Educate the Mind, Make Savage the Body" -Mao Tse Tung Link to comment Share on other sites More sharing options...
Yorn Posted January 24, 2008 Share Posted January 24, 2008 Blademonkey is getting closer I think, but what he's looking for is a way to do this via AutoIT. I actually ran into this same problem. I'm noticing that tools like PSEXEC and such aren't as great as they used to be on Vista. I can't properly run things in the interactive user's session anymore using psexec. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now