Jump to content
Sign in to follow this  
timsky

RunAs / RunAsWait problem

Recommended Posts

timsky

Hello.

First I would like to thank AutoIt coders. Wonderful thing! :(

I have small problem with RunAs / RunAsWait functions. All my scripts work compiled (exe).

There is a server based on Windows Server 2003 Enterprise SP2 En x32. One of it's services in some conditions start my 1st script:

While WinExists(@ScriptName)
    WinWaitClose(@ScriptName)
    Sleep(1000)
WEnd

AutoItWinSetTitle(@ScriptName)

$login = IniRead(@ScriptDir & '\config.ini', 'Main', 'Login', '')
If $login = '' Then $login = 'Administrator'

$pass = IniRead(@ScriptDir & '\config.ini', 'Main', 'Pass', '')
If $pass = '' Then $pass = 'password'

$logonType = IniRead(@ScriptDir & '\config.ini', 'Main', 'LogonType', '')
If $logonType = '' Then $logonType = 0

$type = @ScriptName

Select
    Case $type = 'Login.exe'
        $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Login.exe ' & $CmdLineRaw, @ScriptDir)
        While @error
            MsgBox(16, 'Error #' & @error, 'Error starting Login.exe. Trying again...', 3)
            $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Login.exe ' & $CmdLineRaw, @ScriptDir)
        WEnd
        
    Case $type = 'Confirm.exe'
        $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Confirm.exe ' & $CmdLineRaw, @ScriptDir)
        While @error
            MsgBox(16, 'Error #' & @error, 'Error starting Confirm.exe. Trying again...', 3)
            $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Confirm.exe ' & $CmdLineRaw, @ScriptDir)
        WEnd
        
    Case $type = 'err.exe'
        $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Error.exe ' & $CmdLineRaw, @ScriptDir)
        While @error
            MsgBox(16, 'Error #' & @error, 'Error starting Error.exe. Trying again...', 3)
            $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Error.exe ' & $CmdLineRaw, @ScriptDir)
        WEnd
        
    Case Else
        
        MsgBox(16, 'Error', 'Incorrect EXE name')
EndSelect

So it is working under SYSTEM account (privileges). It's main and only function is to start my another script under Administrator's account (this account is always logged in locally). Code of 2nd script is not needed because it is not part of problem.

The Problem:

After 32 successful starts of my 2nd program something stucks and it is not possible for the process running under SYSTEM account to start another program under any other account like Administrator or other user's account.

I even wrote a script that starts 1st program under SYSTEM account every minute and writes a log file until it stucks:

#Include <Process.au3>

$i = 0
While 1
    $i = $i + 1
    $hour = @HOUR
    $min = @MIN + 1
    $command = 'at ' & $hour & ':' & $min & ' /interactive C:\test\Login.exe 123'
    _RunDOS ($command)
    $file = FileOpen('log.txt', 1)
    FileWriteLine($file, $i & ' - ' & @HOUR &':'& @MIN)
    Sleep(60000)
    If ProcessExists ('Login.exe') Then Exit
Wend

Task scheduler service must be enabled to make it work.

I tried using RunAs and RunAsWait both, 1 and 2 logon flags with no positive result :mellow:

@error equals to 1 when 1st script stucks and I see a MsgBox of 1st script.

What is the problem/limitation?

Edited by timsky

Share this post


Link to post
Share on other sites
timsky

Sorry... here is the fixed code of 1st script:

While WinExists(@ScriptName)
    WinWaitClose(@ScriptName)
    Sleep(1000)
WEnd

AutoItWinSetTitle(@ScriptName)

$login = IniRead(@ScriptDir & '\config.ini', 'Main', 'Login', '')
If $login = '' Then $login = 'Administrator'

$pass = IniRead(@ScriptDir & '\config.ini', 'Main', 'Pass', '')
If $pass = '' Then $pass = 'password'

$logonType = IniRead(@ScriptDir & '\config.ini', 'Main', 'LogonType', '')
If $logonType = '' Then $logonType = 0

$type = @ScriptName

Select
    Case $type = 'Login.exe'
        $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Log.exe ' & $CmdLineRaw, @ScriptDir)
        While @error
            MsgBox(16, 'Error #' & @error, 'Error starting Login.exe. Trying again...', 3)
            $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Log.exe ' & $CmdLineRaw, @ScriptDir)
        WEnd
        
    Case $type = 'Confirm.exe'
        $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Confirm.exe ' & $CmdLineRaw, @ScriptDir)
        While @error
            MsgBox(16, 'Error #' & @error, 'Error starting Confirm.exe. Trying again...', 3)
            $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Confirm.exe ' & $CmdLineRaw, @ScriptDir)
        WEnd
        
    Case $type = 'err.exe'
        $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Error.exe ' & $CmdLineRaw, @ScriptDir)
        While @error
            MsgBox(16, 'Error #' & @error, 'Error starting Error.exe. Trying again...', 3)
            $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Error.exe ' & $CmdLineRaw, @ScriptDir)
        WEnd
        
    Case Else
        
        MsgBox(16, 'Error', 'Incorrect EXE name')
EndSelect

Replaced Login.exe with Log.exe in lines 21 and 24

Also here is changed testing script:

#Include <Process.au3>

$i = 0
While 1
    $i = $i + 1
    $hour = @HOUR
    $min = @MIN + 1
    $command = 'at ' & $hour & ':' & $min & ' /interactive C:\test\Login.exe 123'
    _RunDOS ($command)
    $file = FileOpen('log.txt', 1)
    FileWriteLine($file, $i & ' - ' & @HOUR &':'& @MIN)
    Sleep(60000)
    If ProcessExists ('Log.exe') Then Exit
Wend

Same changes as above but in 13th line.

Can anybody help me?

Edited by timsky

Share this post


Link to post
Share on other sites
timsky

Just tried to start it manually using OS's runas.exe with command:

runas /noprofile /user:server\administrator "c:\test\Log.exe 123"

and got this error:

RUNAS ERROR: Unable to run - c:\test\Log.exe 123
5: Access is denied.

Share this post


Link to post
Share on other sites
timsky

Do I ask for advice in wrong way? Or nobody knows what the bug is that?

Share this post


Link to post
Share on other sites
timsky

Do you mean Event Viewer?

I found records about this in Security only. Security Audit records about logon/logoff but they are same as on succesful attempts.

I'll add more audit options now to test.

Share this post


Link to post
Share on other sites
timsky

My audit settings:

Posted Image

Here are 5 events of logon/logoff audit when my program was successfully started last ime (32th start):

No need to read whole code because I added my comments of differencies below...

Type:       Audit Success
Date:       11/6/2008
Time:       1:10:00 PM
Event:      680
Source:     Security
Category:   Account Logon
User:       SERVER\Administrator
Computer:   SERVER
Description:
Logon attempt by:   MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account:  Administrator
Source Workstation: SERVER
Error Code: 0x0


Type:       Audit Success
Date:       11/6/2008
Time:       1:10:00 PM
Event:      552
Source:     Security
Category:   Logon/Logoff
User:       \SYSTEM
Computer:   SERVER
Description:
Logon attempt using explicit credentials:
Logged on user:
    User Name:  SERVER$
    Domain:     WORKGROUP
    Logon ID:       (0x0,0x3E7)
    Logon GUID: -
User whose credentials were used:
    Target User Name:   Administrator
    Target Domain:  SERVER
    Target Logon GUID: -

Target Server Name: localhost
Target Server Info: localhost
Caller Process ID:  2140
Source Network Address: -
Source Port:    -


Type:       Audit Success
Date:       11/6/2008
Time:       1:10:00 PM
Event:      528
Source:     Security
Category:   Logon/Logoff
User:       SERVER\Administrator
Computer:   SERVER
Description:
Successful Logon:
    User Name:  Administrator
    Domain:     SERVER
    Logon ID:       (0x0,0xA6597)
    Logon Type: 2
    Logon Process:  Advapi  
    Authentication Package: Negotiate
    Workstation Name:   SERVER
    Logon GUID: -
    Caller User Name:   SERVER$
    Caller Domain:  WORKGROUP
    Caller Logon ID:    (0x0,0x3E7)
    Caller Process ID: 2140
    Transited Services: -
    Source Network Address: -
    Source Port:    -


Type:       Audit Success
Date:       11/6/2008
Time:       1:10:00 PM
Event:      576
Source:     Security
Category:   Logon/Logoff
User:       SERVER\Administrator
Computer:   SERVER
Description:
Special privileges assigned to new logon:
    User Name:  
    Domain:     
    Logon ID:       (0x0,0xA6597)
    Privileges: SeSecurityPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeTakeOwnershipPrivilege
            SeDebugPrivilege
            SeSystemEnvironmentPrivilege
            SeLoadDriverPrivilege
            SeImpersonatePrivilege

Type:       Audit Success
Date:       11/6/2008
Time:       1:10:10 PM
Event:      538
Source:     Security
Category:   Logon/Logoff
User:       SERVER\Administrator
Computer:   SERVER
Description:
User Logoff:
    User Name:  Administrator
    Domain:     SERVER
    Logon ID:       (0x0,0xA6597)
    Logon Type: 2

Here are 5 events of next logon attempt (33th start):

Type:       Audit Success
Date:       11/6/2008
Time:       1:11:00 PM
Event:      680
Source:     Security
Category:   Account Logon
User:       SERVER\Administrator
Computer:   SERVER
Description:
Logon attempt by:   MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account:  Administrator
Source Workstation: SERVER
Error Code: 0x0


Type:       Audit Success
Date:       11/6/2008
Time:       1:11:00 PM
Event:      552
Source:     Security
Category:   Logon/Logoff
User:       \SYSTEM
Computer:   SERVER
Description:
Logon attempt using explicit credentials:
Logged on user:
    User Name:  SERVER$
    Domain:     WORKGROUP
    Logon ID:       (0x0,0x3E7)
    Logon GUID: -
User whose credentials were used:
    Target User Name:   Administrator
    Target Domain:  SERVER
    Target Logon GUID: -

Target Server Name: localhost
Target Server Info: localhost
Caller Process ID:  3596
Source Network Address: -
Source Port:    -


Type:       Audit Success
Date:       11/6/2008
Time:       1:11:00 PM
Event:      528
Source:     Security
Category:   Logon/Logoff
User:       SERVER\Administrator
Computer:   SERVER
Description:
Successful Logon:
    User Name:  Administrator
    Domain:     SERVER
    Logon ID:       (0x0,0xA7404)
    Logon Type: 2
    Logon Process:  Advapi  
    Authentication Package: Negotiate
    Workstation Name:   SERVER
    Logon GUID: -
    Caller User Name:   SERVER$
    Caller Domain:  WORKGROUP
    Caller Logon ID:    (0x0,0x3E7)
    Caller Process ID: 3596
    Transited Services: -
    Source Network Address: -
    Source Port:    -


Type:       Audit Success
Date:       11/6/2008
Time:       1:11:00 PM
Event:      576
Source:     Security
Category:   Logon/Logoff
User:       SERVER\Administrator
Computer:   SERVER
Description:
Special privileges assigned to new logon:
    User Name:  
    Domain:     
    Logon ID:       (0x0,0xA7404)
    Privileges: SeSecurityPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeTakeOwnershipPrivilege
            SeDebugPrivilege
            SeSystemEnvironmentPrivilege
            SeLoadDriverPrivilege
            SeImpersonatePrivilege

Type:       Audit Success
Date:       11/6/2008
Time:       1:11:00 PM
Event:      538
Source:     Security
Category:   Logon/Logoff
User:       SERVER\Administrator
Computer:   SERVER
Description:
User Logoff:
    User Name:  Administrator
    Domain:     SERVER
    Logon ID:       (0x0,0xA7404)
    Logon Type: 2

As u can see my program usually works for 10 seconds and then logs off.

On last succesful run (1st code) 4 records have timestamp: 1:10:00 PM but last record has timestamp 1:10:10 PM and indicates that my app. executed and finished work normally.

If you take a look at 2nd code then you will see that my app wasn't started because it worked 0 seconds.

It was logged off at 1:11:00 PM... right after successful logon.

Edited by timsky

Share this post


Link to post
Share on other sites
timsky

I was looking for error already few times. Last time I was testing problem from 12:38 till 13:10.

There is no records in Event log in Application or System category.

Just Security audit records that do not give any useful information. :mellow:

Edited by timsky

Share this post


Link to post
Share on other sites
timsky

This problem exists on Windows XP SP 3 EN x86 too! :mellow:

I created a new script to test the problem fast:

#Include <Process.au3>

If WinExists(@ScriptName) Then Exit

AutoItWinSetTitle(@ScriptName)

$login = IniRead(@ScriptDir & '\config.ini', 'Main', 'Login', '')
If $login = '' Then $login = 'Administrator'

$pass = IniRead(@ScriptDir & '\config.ini', 'Main', 'Pass', '')
If $pass = '' Then $pass = ''

$logonType = IniRead(@ScriptDir & '\config.ini', 'Main', 'LogonType', '')
If $logonType = '' Then $logonType = 0

If $CmdLineRaw = 'schedule' Then
    $hour = @HOUR
    $min = @MIN + 1
    $command = 'at ' & $hour & ':' & $min & ' /interactive ' & @ScriptDir & '\' & @ScriptName
    _RunDOS ($command)
    Exit
Else

    $i = 0
    While 1
        $i = $i + 1
        $run = RunAs($login, @ComputerName, $pass, $logonType, 'c:\WINDOWS\system32\calc.exe', @ScriptDir)
        If @error Then Exit

        $file = FileOpen(@ScriptDir & '\log.txt', 1)
        FileWriteLine($file, $i & ' - ' & @HOUR &':'& @MIN &':'& @SEC)
        ProcessClose($run)
        Sleep(1000)
    Wend

EndIf

All is need to do to test is to compile it to exe and start it with command line Test.exe schedule

Also it is useful to use a config.ini:

[Main]

Login=Administrator

Pass=passsssssword

LogonType=0

PS:

Also foud that if I schedule CMD.exe after logoff/logon or reboot manual start of program (runas /noprofile /user:server\administrator "c:\WINDOWS\system32\calc.exe") do not work at all and I get this error:

RUNAS ERROR: Unable to run - c:\WINDOWS\system32\calc.exe
5: Access is denied.
Edited by timsky

Share this post


Link to post
Share on other sites
PsaltyDS

Does it have to be a scheduled task running it to fail for you? I ran this to over 100 cycles without a hitch:

#include <File.au3>

HotKeySet("{ESC}", "_Quit")

Global $sLogFile = @ScriptDir & "\RunAsTest.log"
Global $iCnt = 0, $PID

While 1
    $iCnt += 1
    TrayTip("RunAs Test", "$iCnt = " & $iCnt, 5)
    $PID = RunAs("UserName", @ComputerName, "PassWord", 0, @SystemDir & "\calc.exe", @TempDir)
    If $PID Then
        _FileWriteLog($sLogFile, $iCnt & ":  Started, $PID = " & $PID)
    Else
        _FileWriteLog($sLogFile, $iCnt & ":  Failed to start.")
        ExitLoop
    EndIf
    WinWait("Calculator")
    Sleep(1000)
    WinClose("Calculator")
    WinWaitClose("Calculator")
    _FileWriteLog($sLogFile, $iCnt & ":  Closed.")
    Sleep(1000)
WEnd
_Quit()

Func _Quit()
    Run("notepad.exe " & $sLogFile)
    Exit
EndFunc

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
timsky

It have to be scheduled in order to make it run under SYSTEM account (privileges).

If any Service starts my (or any other) program then it runs with SYSTEM privileges too and in this condition my program can start another process with Administrator (or other user except SYSTEM) not more than 32 times.

Your script works not more than 32 times too if it is started by a Service or Task Scheduler using command line: at {HOUR}:{MIN} /interactive {Path to executable}\Test.exe. This Task Scheduler command line makes a program start with SYSTEM privileges, just like it was started by a Service.

Here is the log of your scrtipt:

2008-11-07 17:38:00 : 1: Started, $PID = 1492

2008-11-07 17:38:02 : 1: Closed.

2008-11-07 17:38:03 : 2: Started, $PID = 3368

2008-11-07 17:38:04 : 2: Closed.

2008-11-07 17:38:05 : 3: Started, $PID = 2056

2008-11-07 17:38:07 : 3: Closed.

2008-11-07 17:38:08 : 4: Started, $PID = 1436

2008-11-07 17:38:10 : 4: Closed.

2008-11-07 17:38:11 : 5: Started, $PID = 1500

2008-11-07 17:38:13 : 5: Closed.

2008-11-07 17:38:14 : 6: Started, $PID = 3844

2008-11-07 17:38:16 : 6: Closed.

2008-11-07 17:38:17 : 7: Started, $PID = 2624

2008-11-07 17:38:19 : 7: Closed.

2008-11-07 17:38:20 : 8: Started, $PID = 2188

2008-11-07 17:38:22 : 8: Closed.

2008-11-07 17:38:23 : 9: Started, $PID = 3220

2008-11-07 17:38:25 : 9: Closed.

2008-11-07 17:38:26 : 10: Started, $PID = 3628

2008-11-07 17:38:27 : 10: Closed.

2008-11-07 17:38:28 : 11: Started, $PID = 1600

2008-11-07 17:38:30 : 11: Closed.

2008-11-07 17:38:31 : 12: Started, $PID = 2196

2008-11-07 17:38:33 : 12: Closed.

2008-11-07 17:38:34 : 13: Started, $PID = 1364

2008-11-07 17:38:36 : 13: Closed.

2008-11-07 17:38:37 : 14: Started, $PID = 4008

2008-11-07 17:38:39 : 14: Closed.

2008-11-07 17:38:40 : 15: Started, $PID = 3884

2008-11-07 17:38:42 : 15: Closed.

2008-11-07 17:38:43 : 16: Started, $PID = 3772

2008-11-07 17:38:45 : 16: Closed.

2008-11-07 17:38:46 : 17: Started, $PID = 2608

2008-11-07 17:38:48 : 17: Closed.

2008-11-07 17:38:49 : 18: Started, $PID = 3216

2008-11-07 17:38:51 : 18: Closed.

2008-11-07 17:38:52 : 19: Started, $PID = 2144

2008-11-07 17:38:54 : 19: Closed.

2008-11-07 17:38:55 : 20: Started, $PID = 3208

2008-11-07 17:38:56 : 20: Closed.

2008-11-07 17:38:58 : 21: Started, $PID = 3636

2008-11-07 17:38:59 : 21: Closed.

2008-11-07 17:39:00 : 22: Started, $PID = 2732

2008-11-07 17:39:02 : 22: Closed.

2008-11-07 17:39:03 : 23: Started, $PID = 3744

2008-11-07 17:39:05 : 23: Closed.

2008-11-07 17:39:06 : 24: Started, $PID = 2420

2008-11-07 17:39:08 : 24: Closed.

2008-11-07 17:39:09 : 25: Started, $PID = 3184

2008-11-07 17:39:11 : 25: Closed.

2008-11-07 17:39:12 : 26: Started, $PID = 1164

2008-11-07 17:39:14 : 26: Closed.

2008-11-07 17:39:15 : 27: Started, $PID = 3968

2008-11-07 17:39:16 : 27: Closed.

2008-11-07 17:39:17 : 28: Started, $PID = 3800

2008-11-07 17:39:19 : 28: Closed.

2008-11-07 17:39:20 : 29: Started, $PID = 3416

2008-11-07 17:39:22 : 29: Closed.

2008-11-07 17:39:23 : 30: Started, $PID = 3336

2008-11-07 17:39:25 : 30: Closed.

2008-11-07 17:39:26 : 31: Started, $PID = 2052

2008-11-07 17:39:28 : 31: Closed.

2008-11-07 17:39:29 : 32: Started, $PID = 788

2008-11-07 17:39:31 : 32: Closed.

2008-11-07 17:39:32 : 33: Failed to start.

Edited by timsky

Share this post


Link to post
Share on other sites
timsky

How is RunAs/RunAsWait working if Windows's native CMD.exe that was started with SYSTEM privileges can't start another app under Administrator at all?

Share this post


Link to post
Share on other sites
PsaltyDS

It have to be scheduled in order to make it run under SYSTEM account (privileges).

If any Service starts my (or any other) program then it runs with SYSTEM privileges too and in this condition my program can start another process with Administrator (or other user except SYSTEM) not more than 32 times.

Your script works not more than 32 times too if it is started by a Service or Task Scheduler using command line: at {HOUR}:{MIN} /interactive {Path to executable}\Test.exe. This Task Scheduler command line makes a program start with SYSTEM privileges, just like it was started by a Service.

Here is the log of your scrtipt:

Hmm... makes me wonder if there is a built-in restriction on how many times that is allowed by Windows.

:mellow:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
timsky

Worst thing for me is that my app is started by Service and I can't find a way out except relogon :mellow:

Share this post


Link to post
Share on other sites
timsky

Do anyboady have an idea how to avoid that isuue?

PS:

How is RunAs/RunAsWait working if Windows's native CMD.exe that was started with SYSTEM privileges can't start another app under Administrator at all?

Share this post


Link to post
Share on other sites
EdwardTFN

I have the same problem and also need help to solve it. I did a service that calls an external .net application with RunAs (using a non admin user), but after some times (32?) I can't run it anymore until restart my server...

Any suggestion?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×