timsky Posted November 5, 2008 Posted November 5, 2008 (edited) Hello.First I would like to thank AutoIt coders. Wonderful thing! I have small problem with RunAs / RunAsWait functions. All my scripts work compiled (exe).There is a server based on Windows Server 2003 Enterprise SP2 En x32. One of it's services in some conditions start my 1st script:expandcollapse popupWhile WinExists(@ScriptName) WinWaitClose(@ScriptName) Sleep(1000) WEnd AutoItWinSetTitle(@ScriptName) $login = IniRead(@ScriptDir & '\config.ini', 'Main', 'Login', '') If $login = '' Then $login = 'Administrator' $pass = IniRead(@ScriptDir & '\config.ini', 'Main', 'Pass', '') If $pass = '' Then $pass = 'password' $logonType = IniRead(@ScriptDir & '\config.ini', 'Main', 'LogonType', '') If $logonType = '' Then $logonType = 0 $type = @ScriptName Select Case $type = 'Login.exe' $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Login.exe ' & $CmdLineRaw, @ScriptDir) While @error MsgBox(16, 'Error #' & @error, 'Error starting Login.exe. Trying again...', 3) $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Login.exe ' & $CmdLineRaw, @ScriptDir) WEnd Case $type = 'Confirm.exe' $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Confirm.exe ' & $CmdLineRaw, @ScriptDir) While @error MsgBox(16, 'Error #' & @error, 'Error starting Confirm.exe. Trying again...', 3) $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Confirm.exe ' & $CmdLineRaw, @ScriptDir) WEnd Case $type = 'err.exe' $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Error.exe ' & $CmdLineRaw, @ScriptDir) While @error MsgBox(16, 'Error #' & @error, 'Error starting Error.exe. Trying again...', 3) $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Error.exe ' & $CmdLineRaw, @ScriptDir) WEnd Case Else MsgBox(16, 'Error', 'Incorrect EXE name') EndSelectSo it is working under SYSTEM account (privileges). It's main and only function is to start my another script under Administrator's account (this account is always logged in locally). Code of 2nd script is not needed because it is not part of problem.The Problem:After 32 successful starts of my 2nd program something stucks and it is not possible for the process running under SYSTEM account to start another program under any other account like Administrator or other user's account.I even wrote a script that starts 1st program under SYSTEM account every minute and writes a log file until it stucks:#Include <Process.au3> $i = 0 While 1 $i = $i + 1 $hour = @HOUR $min = @MIN + 1 $command = 'at ' & $hour & ':' & $min & ' /interactive C:\test\Login.exe 123' _RunDOS ($command) $file = FileOpen('log.txt', 1) FileWriteLine($file, $i & ' - ' & @HOUR &':'& @MIN) Sleep(60000) If ProcessExists ('Login.exe') Then Exit WendTask scheduler service must be enabled to make it work.I tried using RunAs and RunAsWait both, 1 and 2 logon flags with no positive result @error equals to 1 when 1st script stucks and I see a MsgBox of 1st script.What is the problem/limitation? Edited November 5, 2008 by timsky
timsky Posted November 5, 2008 Author Posted November 5, 2008 (edited) Sorry... here is the fixed code of 1st script:expandcollapse popupWhile WinExists(@ScriptName) WinWaitClose(@ScriptName) Sleep(1000) WEnd AutoItWinSetTitle(@ScriptName) $login = IniRead(@ScriptDir & '\config.ini', 'Main', 'Login', '') If $login = '' Then $login = 'Administrator' $pass = IniRead(@ScriptDir & '\config.ini', 'Main', 'Pass', '') If $pass = '' Then $pass = 'password' $logonType = IniRead(@ScriptDir & '\config.ini', 'Main', 'LogonType', '') If $logonType = '' Then $logonType = 0 $type = @ScriptName Select Case $type = 'Login.exe' $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Log.exe ' & $CmdLineRaw, @ScriptDir) While @error MsgBox(16, 'Error #' & @error, 'Error starting Login.exe. Trying again...', 3) $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Log.exe ' & $CmdLineRaw, @ScriptDir) WEnd Case $type = 'Confirm.exe' $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Confirm.exe ' & $CmdLineRaw, @ScriptDir) While @error MsgBox(16, 'Error #' & @error, 'Error starting Confirm.exe. Trying again...', 3) $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Confirm.exe ' & $CmdLineRaw, @ScriptDir) WEnd Case $type = 'err.exe' $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Error.exe ' & $CmdLineRaw, @ScriptDir) While @error MsgBox(16, 'Error #' & @error, 'Error starting Error.exe. Trying again...', 3) $run = RunAsWait($login, @ComputerName, $pass, $logonType, @ScriptDir & '\Error.exe ' & $CmdLineRaw, @ScriptDir) WEnd Case Else MsgBox(16, 'Error', 'Incorrect EXE name') EndSelectReplaced Login.exe with Log.exe in lines 21 and 24Also here is changed testing script:#Include <Process.au3> $i = 0 While 1 $i = $i + 1 $hour = @HOUR $min = @MIN + 1 $command = 'at ' & $hour & ':' & $min & ' /interactive C:\test\Login.exe 123' _RunDOS ($command) $file = FileOpen('log.txt', 1) FileWriteLine($file, $i & ' - ' & @HOUR &':'& @MIN) Sleep(60000) If ProcessExists ('Log.exe') Then Exit WendSame changes as above but in 13th line.Can anybody help me? Edited November 5, 2008 by timsky
timsky Posted November 5, 2008 Author Posted November 5, 2008 Just tried to start it manually using OS's runas.exe with command: runas /noprofile /user:server\administrator "c:\test\Log.exe 123" and got this error: RUNAS ERROR: Unable to run - c:\test\Log.exe 123 5: Access is denied.
timsky Posted November 6, 2008 Author Posted November 6, 2008 Do I ask for advice in wrong way? Or nobody knows what the bug is that?
Bert Posted November 6, 2008 Posted November 6, 2008 What does the error log on the server say? The Vollatran project  My blog: http://www.vollysinterestingshit.com/
timsky Posted November 6, 2008 Author Posted November 6, 2008 Do you mean Event Viewer? I found records about this in Security only. Security Audit records about logon/logoff but they are same as on succesful attempts. I'll add more audit options now to test.
timsky Posted November 6, 2008 Author Posted November 6, 2008 (edited) My audit settings:Here are 5 events of logon/logoff audit when my program was successfully started last ime (32th start):No need to read whole code because I added my comments of differencies below...expandcollapse popupType: Audit Success Date: 11/6/2008 Time: 1:10:00 PM Event: 680 Source: Security Category: Account Logon User: SERVER\Administrator Computer: SERVER Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: Administrator Source Workstation: SERVER Error Code: 0x0 Type: Audit Success Date: 11/6/2008 Time: 1:10:00 PM Event: 552 Source: Security Category: Logon/Logoff User: \SYSTEM Computer: SERVER Description: Logon attempt using explicit credentials: Logged on user: User Name: SERVER$ Domain: WORKGROUP Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: SERVER Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 2140 Source Network Address: - Source Port: - Type: Audit Success Date: 11/6/2008 Time: 1:10:00 PM Event: 528 Source: Security Category: Logon/Logoff User: SERVER\Administrator Computer: SERVER Description: Successful Logon: User Name: Administrator Domain: SERVER Logon ID: (0x0,0xA6597) Logon Type: 2 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: SERVER Logon GUID: - Caller User Name: SERVER$ Caller Domain: WORKGROUP Caller Logon ID: (0x0,0x3E7) Caller Process ID: 2140 Transited Services: - Source Network Address: - Source Port: - Type: Audit Success Date: 11/6/2008 Time: 1:10:00 PM Event: 576 Source: Security Category: Logon/Logoff User: SERVER\Administrator Computer: SERVER Description: Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0xA6597) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege Type: Audit Success Date: 11/6/2008 Time: 1:10:10 PM Event: 538 Source: Security Category: Logon/Logoff User: SERVER\Administrator Computer: SERVER Description: User Logoff: User Name: Administrator Domain: SERVER Logon ID: (0x0,0xA6597) Logon Type: 2Here are 5 events of next logon attempt (33th start):expandcollapse popupType: Audit Success Date: 11/6/2008 Time: 1:11:00 PM Event: 680 Source: Security Category: Account Logon User: SERVER\Administrator Computer: SERVER Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: Administrator Source Workstation: SERVER Error Code: 0x0 Type: Audit Success Date: 11/6/2008 Time: 1:11:00 PM Event: 552 Source: Security Category: Logon/Logoff User: \SYSTEM Computer: SERVER Description: Logon attempt using explicit credentials: Logged on user: User Name: SERVER$ Domain: WORKGROUP Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: SERVER Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 3596 Source Network Address: - Source Port: - Type: Audit Success Date: 11/6/2008 Time: 1:11:00 PM Event: 528 Source: Security Category: Logon/Logoff User: SERVER\Administrator Computer: SERVER Description: Successful Logon: User Name: Administrator Domain: SERVER Logon ID: (0x0,0xA7404) Logon Type: 2 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: SERVER Logon GUID: - Caller User Name: SERVER$ Caller Domain: WORKGROUP Caller Logon ID: (0x0,0x3E7) Caller Process ID: 3596 Transited Services: - Source Network Address: - Source Port: - Type: Audit Success Date: 11/6/2008 Time: 1:11:00 PM Event: 576 Source: Security Category: Logon/Logoff User: SERVER\Administrator Computer: SERVER Description: Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0xA7404) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege Type: Audit Success Date: 11/6/2008 Time: 1:11:00 PM Event: 538 Source: Security Category: Logon/Logoff User: SERVER\Administrator Computer: SERVER Description: User Logoff: User Name: Administrator Domain: SERVER Logon ID: (0x0,0xA7404) Logon Type: 2As u can see my program usually works for 10 seconds and then logs off.On last succesful run (1st code) 4 records have timestamp: 1:10:00 PM but last record has timestamp 1:10:10 PM and indicates that my app. executed and finished work normally.If you take a look at 2nd code then you will see that my app wasn't started because it worked 0 seconds.It was logged off at 1:11:00 PM... right after successful logon. Edited November 6, 2008 by timsky
Bert Posted November 6, 2008 Posted November 6, 2008 I need to know what the event viewer says, not the local security settings. When you see a error, you need to review all the information on the error and to see if the error provides a link to microsoft providing more information. The Vollatran project  My blog: http://www.vollysinterestingshit.com/
timsky Posted November 6, 2008 Author Posted November 6, 2008 (edited) I was looking for error already few times. Last time I was testing problem from 12:38 till 13:10.There is no records in Event log in Application or System category.Just Security audit records that do not give any useful information. Edited November 6, 2008 by timsky
timsky Posted November 7, 2008 Author Posted November 7, 2008 (edited) This problem exists on Windows XP SP 3 EN x86 too! I created a new script to test the problem fast: #Include <Process.au3> If WinExists(@ScriptName) Then Exit AutoItWinSetTitle(@ScriptName) $login = IniRead(@ScriptDir & '\config.ini', 'Main', 'Login', '') If $login = '' Then $login = 'Administrator' $pass = IniRead(@ScriptDir & '\config.ini', 'Main', 'Pass', '') If $pass = '' Then $pass = '' $logonType = IniRead(@ScriptDir & '\config.ini', 'Main', 'LogonType', '') If $logonType = '' Then $logonType = 0 If $CmdLineRaw = 'schedule' Then $hour = @HOUR $min = @MIN + 1 $command = 'at ' & $hour & ':' & $min & ' /interactive ' & @ScriptDir & '\' & @ScriptName _RunDOS ($command) Exit Else $i = 0 While 1 $i = $i + 1 $run = RunAs($login, @ComputerName, $pass, $logonType, 'c:\WINDOWS\system32\calc.exe', @ScriptDir) If @error Then Exit $file = FileOpen(@ScriptDir & '\log.txt', 1) FileWriteLine($file, $i & ' - ' & @HOUR &':'& @MIN &':'& @SEC) ProcessClose($run) Sleep(1000) Wend EndIf All is need to do to test is to compile it to exe and start it with command line Test.exe schedule Also it is useful to use a config.ini: [Main] Login=Administrator Pass=passsssssword LogonType=0 PS: Also foud that if I schedule CMD.exe after logoff/logon or reboot manual start of program (runas /noprofile /user:server\administrator "c:\WINDOWS\system32\calc.exe") do not work at all and I get this error: RUNAS ERROR: Unable to run - c:\WINDOWS\system32\calc.exe 5: Access is denied. Edited November 7, 2008 by timsky
PsaltyDS Posted November 7, 2008 Posted November 7, 2008 Does it have to be a scheduled task running it to fail for you? I ran this to over 100 cycles without a hitch: #include <File.au3> HotKeySet("{ESC}", "_Quit") Global $sLogFile = @ScriptDir & "\RunAsTest.log" Global $iCnt = 0, $PID While 1 $iCnt += 1 TrayTip("RunAs Test", "$iCnt = " & $iCnt, 5) $PID = RunAs("UserName", @ComputerName, "PassWord", 0, @SystemDir & "\calc.exe", @TempDir) If $PID Then _FileWriteLog($sLogFile, $iCnt & ": Started, $PID = " & $PID) Else _FileWriteLog($sLogFile, $iCnt & ": Failed to start.") ExitLoop EndIf WinWait("Calculator") Sleep(1000) WinClose("Calculator") WinWaitClose("Calculator") _FileWriteLog($sLogFile, $iCnt & ": Closed.") Sleep(1000) WEnd _Quit() Func _Quit() Run("notepad.exe " & $sLogFile) Exit EndFunc Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
timsky Posted November 7, 2008 Author Posted November 7, 2008 (edited) It have to be scheduled in order to make it run under SYSTEM account (privileges).If any Service starts my (or any other) program then it runs with SYSTEM privileges too and in this condition my program can start another process with Administrator (or other user except SYSTEM) not more than 32 times.Your script works not more than 32 times too if it is started by a Service or Task Scheduler using command line: at {HOUR}:{MIN} /interactive {Path to executable}\Test.exe. This Task Scheduler command line makes a program start with SYSTEM privileges, just like it was started by a Service.Here is the log of your scrtipt:2008-11-07 17:38:00 : 1: Started, $PID = 14922008-11-07 17:38:02 : 1: Closed.2008-11-07 17:38:03 : 2: Started, $PID = 33682008-11-07 17:38:04 : 2: Closed.2008-11-07 17:38:05 : 3: Started, $PID = 20562008-11-07 17:38:07 : 3: Closed.2008-11-07 17:38:08 : 4: Started, $PID = 14362008-11-07 17:38:10 : 4: Closed.2008-11-07 17:38:11 : 5: Started, $PID = 15002008-11-07 17:38:13 : 5: Closed.2008-11-07 17:38:14 : 6: Started, $PID = 38442008-11-07 17:38:16 : 6: Closed.2008-11-07 17:38:17 : 7: Started, $PID = 26242008-11-07 17:38:19 : 7: Closed.2008-11-07 17:38:20 : 8: Started, $PID = 21882008-11-07 17:38:22 : 8: Closed.2008-11-07 17:38:23 : 9: Started, $PID = 32202008-11-07 17:38:25 : 9: Closed.2008-11-07 17:38:26 : 10: Started, $PID = 36282008-11-07 17:38:27 : 10: Closed.2008-11-07 17:38:28 : 11: Started, $PID = 16002008-11-07 17:38:30 : 11: Closed.2008-11-07 17:38:31 : 12: Started, $PID = 21962008-11-07 17:38:33 : 12: Closed.2008-11-07 17:38:34 : 13: Started, $PID = 13642008-11-07 17:38:36 : 13: Closed.2008-11-07 17:38:37 : 14: Started, $PID = 40082008-11-07 17:38:39 : 14: Closed.2008-11-07 17:38:40 : 15: Started, $PID = 38842008-11-07 17:38:42 : 15: Closed.2008-11-07 17:38:43 : 16: Started, $PID = 37722008-11-07 17:38:45 : 16: Closed.2008-11-07 17:38:46 : 17: Started, $PID = 26082008-11-07 17:38:48 : 17: Closed.2008-11-07 17:38:49 : 18: Started, $PID = 32162008-11-07 17:38:51 : 18: Closed.2008-11-07 17:38:52 : 19: Started, $PID = 21442008-11-07 17:38:54 : 19: Closed.2008-11-07 17:38:55 : 20: Started, $PID = 32082008-11-07 17:38:56 : 20: Closed.2008-11-07 17:38:58 : 21: Started, $PID = 36362008-11-07 17:38:59 : 21: Closed.2008-11-07 17:39:00 : 22: Started, $PID = 27322008-11-07 17:39:02 : 22: Closed.2008-11-07 17:39:03 : 23: Started, $PID = 37442008-11-07 17:39:05 : 23: Closed.2008-11-07 17:39:06 : 24: Started, $PID = 24202008-11-07 17:39:08 : 24: Closed.2008-11-07 17:39:09 : 25: Started, $PID = 31842008-11-07 17:39:11 : 25: Closed.2008-11-07 17:39:12 : 26: Started, $PID = 11642008-11-07 17:39:14 : 26: Closed.2008-11-07 17:39:15 : 27: Started, $PID = 39682008-11-07 17:39:16 : 27: Closed.2008-11-07 17:39:17 : 28: Started, $PID = 38002008-11-07 17:39:19 : 28: Closed.2008-11-07 17:39:20 : 29: Started, $PID = 34162008-11-07 17:39:22 : 29: Closed.2008-11-07 17:39:23 : 30: Started, $PID = 33362008-11-07 17:39:25 : 30: Closed.2008-11-07 17:39:26 : 31: Started, $PID = 20522008-11-07 17:39:28 : 31: Closed.2008-11-07 17:39:29 : 32: Started, $PID = 7882008-11-07 17:39:31 : 32: Closed.2008-11-07 17:39:32 : 33: Failed to start. Edited November 7, 2008 by timsky
timsky Posted November 7, 2008 Author Posted November 7, 2008 How is RunAs/RunAsWait working if Windows's native CMD.exe that was started with SYSTEM privileges can't start another app under Administrator at all?
PsaltyDS Posted November 7, 2008 Posted November 7, 2008 It have to be scheduled in order to make it run under SYSTEM account (privileges).If any Service starts my (or any other) program then it runs with SYSTEM privileges too and in this condition my program can start another process with Administrator (or other user except SYSTEM) not more than 32 times.Your script works not more than 32 times too if it is started by a Service or Task Scheduler using command line: at {HOUR}:{MIN} /interactive {Path to executable}\Test.exe. This Task Scheduler command line makes a program start with SYSTEM privileges, just like it was started by a Service.Here is the log of your scrtipt:Hmm... makes me wonder if there is a built-in restriction on how many times that is allowed by Windows. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
timsky Posted November 7, 2008 Author Posted November 7, 2008 Worst thing for me is that my app is started by Service and I can't find a way out except relogon
timsky Posted November 10, 2008 Author Posted November 10, 2008 Do anyboady have an idea how to avoid that isuue? PS: How is RunAs/RunAsWait working if Windows's native CMD.exe that was started with SYSTEM privileges can't start another app under Administrator at all?
EdwardTFN Posted July 11, 2009 Posted July 11, 2009 I have the same problem and also need help to solve it. I did a service that calls an external .net application with RunAs (using a non admin user), but after some times (32?) I can't run it anymore until restart my server... Any suggestion?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now