Sign in to follow this  
Followers 0
Sundance

start remote process with desktop interaction

12 posts in this topic

Hi folks,

i am really down on my knees. And nearly giving up to find a solution to this problem:

I'am a system administrator and i sometimes just want to open a dos box on my pc, type a command like install_software.cmd and then on the target pc there should be installed any kind of software package with showing a gui on the currently logged on user.

I know i just can use psexec without special user credentials and the command line parameter /i and that's it. But for some reasons i dont' wan't to use psexec. Since Windows 2000 Microsoft don't wan't to do like i wish. Open a process with admin right on a user desktop with restricted rights works only till Windows NT4.0 without ServicePack (3).

But how does psexec do it? With remoteexecuteadvanced like found here on the forum and the compination with creating a remote service i can fire up a process with desktop interaction but only when i gave the function some user credentials. When i don't wan't to use my credentials i haven't figured out how to 'transfer' my right's to the target pc to start a process. I've tried many things but without success.

There could be a chance of redirecting the output of the started process to the currently logged on users desktop on the target machine?!

There must be some kind of 'native' windows solution. Things like, appending a process to an existing user process with injecting a dll or some memory write functions seems like 'hacking' the user profile...

Is there somebody who can give me a hint or tell me his thoughts about this? That would be pretty fine, just to give my neurons some more ways of solving the problem.

greetz and thx in advance

Sundance

Share this post


Link to post
Share on other sites



But for some reasons i dont' wan't to use psexec.

<clip>

With remoteexecuteadvanced like found here on the forum and the compination with creating a remote service i can fire up a process with desktop interaction but only when i gave the function some user credentials. When i don't wan't to use my credentials i haven't figured out how to 'transfer' my right's to the target pc to start a process. I've tried many things but without success.

You seem to be asking for a way to install software on a remote machine WITHOUT providing any admin credentials? While that may be convenient, it would also be a horrible security problem. Assuming your intention is not malicious, how do you intend to authenticate your perms on the remote machine? Is there a domain involved, for example?

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

You seem to be asking for a way to install software on a remote machine WITHOUT providing any admin credentials? While that may be convenient, it would also be a horrible security problem. Assuming your intention is not malicious, how do you intend to authenticate your perms on the remote machine? Is there a domain involved, for example?

:)

Hi,

thx for the reply. I'am a system administrator and this is only a quick way of installing software on a client pc. We are in a Windows 2003 Domain. So the authentification is no problem. My credentials will be enough for the client cause i have admin rights on all client pc's.

greetz

Sundance

Share this post


Link to post
Share on other sites

It's really a mess that MS didn't wan't anymore this kind of running a proggy. I see the prob that a process with admin rights is running on a client/user desktop. If there is an error when installing or for example a file open dialog, then the user could delete or move files within this dialog cause he has admin rights...

But for a quick help for the customer and without everytime adding my admin credentials on the command line, it would be a really nice thing. I searches the internet for a hint how psexec it does but there was only one page. On this page i see no hint for the credential thing.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

It's really a mess that MS didn't wan't anymore this kind of running a proggy. I see the prob that a process with admin rights is running on a client/user desktop. If there is an error when installing or for example a file open dialog, then the user could delete or move files within this dialog cause he has admin rights...

But for a quick help for the customer and without everytime adding my admin credentials on the command line, it would be a really nice thing. I searches the internet for a hint how psexec it does but there was only one page. On this page i see no hint for the credential thing.

You can schedule a task with SchTasks.exe on the remote machine to run anything you want from an admin share or a file you copy to the remote HDD. There is only a problem if you must have access to the currently logged on user's desktop. If you have a silent installer (and you should if at all possible) then there is no problem.

:)

P.S. Microsoft's solution for a remote admin to access the currently logged on user's desktop is "Remote Desktop", but even an admin has to get the user to allow that access. Are you trying to get access to the currently logged on user's desktop without requesting it?

:party:

Edited by PsaltyDS

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

We use UltraVNC to support the user when he/she has a problem. There is also a single click function an also an auto connect option. When the user calls me and he gives me an okay to watch his desktop, i klick on our little AutoIt GUI and two seconds later i see the users desktop without any user interaction..

Say i want to install a software package in silent mode. There could be the problem that the users shuts down his pc while the installer is still running. Wooops. So we wan't to show a little splash screen to the users dekstop to give him the information, that a software installation is running.

But by the way: When a user is logged on a pc and i use RDP, then i will kick the users session. There is no way to really see the users desktop with RDP.

To answer your last question: Yes :-)

Edited by Sundance

Share this post


Link to post
Share on other sites

yea i use the same (nearly) TightVNC for remote desktop over the network , VNC grouped progs are about the best iv found.

Yepp and you can modify them the best to fit your own needs

Share this post


Link to post
Share on other sites

But by the way: When a user is logged on a pc and i use RDP, then i will kick the users session. There is no way to really see the users desktop with RDP.

There are two ways.

RDP when no User is logged on or with RemoteDesktopHelper (sorry dont know the english name *g*)

You can start this over Help&Support -> Tools -> Send "RemoteDesktopHelper"

Try this:

Run(@WindowsDir & "\PCHealth\HelpCtr\Binaries\helpctr -fromhcp -url hcp://CN=Microsoft%20Corporation,L=Redmond,S=Washington,C=US/Remote%20Assistance/Escalation/Unsolicited/unsolicitedrcui.htm")

Enter the Computername. Then you see the User and you can start Remote Desktop interactiv with the user. But the User must give you the access.

But this is not your problem i think.

There are two ways too run remote Process.

Create Method of the Win32_Process Class

http://msdn.microsoft.com/en-us/library/aa389388(VS.85).aspx

This is not interactive.

or

Create Method of the Win32_ScheduledJob

http://msdn.microsoft.com/en-us/library/aa389389(VS.85).aspx

This is interactive.

I can give you two vbs Excample. You need too Convert it.

Execute program on remote computer with Win32_Process сlass

strComputer = "."
strCommand = "notepad.exe"

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objProcess = objWMIService.Get("Win32_Process")

errReturn = objProcess.Create(strCommand, null, null, intProcessID)

If errReturn = 0 Then
Wscript.Echo "notepad.exe was started with a process ID: " & intProcessID
Else
Wscript.Echo "notepad.exe could not be started due to error: " & errReturn
End If

Execute program on remote computer with Win32_ScheduledJob

strComputer = "."
strCommand = "notepad.exe"

Const INTERVAL = "n"
Const MINUTES = 1

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objScheduledJob = objWMIService.Get("Win32_ScheduledJob")
Set objSWbemDateTime = CreateObject("WbemScripting.SWbemDateTime")

objSWbemDateTime.SetVarDate(DateAdd(INTERVAL, MINUTES, Now()))
errReturn = objScheduledJob.Create(strCommand, objSWbemDateTime.Value, False, 0, 0, True, intJobID)

If errReturn = 0 Then
Wscript.Echo "notepad.exe was started with a process ID: " & intJobID
Else
Wscript.Echo "notepad.exe could not be started due to error: " & errReturn
End If

Summary:

If you have to run batch tasks, I think first method (Win32_Process Class) is simpler.

If you have to run interactive programs, use Win32_ScheduledJob Class.

There is a second way too run ScheduledJob.

Open a cmd and take a look at SCHTASKS /create

The /RU /RP Option there can be use as Runas

Hope this help you.

Share this post


Link to post
Share on other sites

Hi Tec,

thx for the detailed explanations.

The first script creates the process with my credentials but without desktop interactivity.

The second script creates a scheduled job but with local SYSTEM credentials and not with my own.

When using SCHTASKS i need to enter my credentials ...

Mmmmhhhh.

There must be a way with using the following functions:

OpenSamUser -> GetUserAuthData -> ConvertAuthDataToToken . So i would have (my) a access token. With this token i should create a remote process with CreateProcessWithLogonW or CreateProcessAsUser or at least CreateProcessWithTokenW.

Someone thinks that this could be a way to go ?

greetz

Sundance

Share this post


Link to post
Share on other sites

Oh, i should mention that this functions are from the Advapi32.dll . My knowledge on using this functions with using dllcall is my problem...

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Oh, i should mention that this functions are from the Advapi32.dll . My knowledge on using this functions with using dllcall is my problem...

AFAIK there is no other way to run remote process to be interactive with the currently logged user's desktop then using the first schedule method via that VBS or more easily by using the AT command. I use it a lot - run an installer script via psexec (with admin credentials) and schedule a messagescript via AT command to either display one messagebox and quit or to run continuously and make traytip using lines found in a file (which is being filled by the installscript). This way I can install anything and make user know what's happening all the time :) The big advantage of the main install script not being directly able to interact with user desktop is that user will not see any possible errors ;-)

The more smart way of doing interactive installers would be to have also two processes - one installing and the other scheduled with AT for interaction - but communicating via UDP with each other, so the interactive process could even display some choices or inputs for user and pass the information back to the installer!

Edited by LoWang

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0