I wanted to ask you if it is possible to open a program (maybe editor.exe) with "start" or "call" command in windows-commandprompt, which is started via an administrator account, which then does not run managed via the administrator account.
That was the short question; here is something more comprehensible:
I started a command prompt ("script.bat") with right mouse button "as admin", here i type admin user and password (user account: admin01).
In the task manager, I see that the program "cmd.exe" is associated with the "admin01". So far so good.
Now I want to start another app (maybe editor.exe) with "start" or "call" command in this active command prompt ("script.bat"); however, in the task manager i should not have "admin01" as user next to the program that has just been started.I want the corresponding user to be "theLocalActiveRegisteredUser".
Do you know how I can do this?
Regards
There is no way to unelevate a program. Elevation is a one way street. Programs started by an elevated program are elevated.
The main indirect way to start an unelevated program is to use task scheduler and demand run the TS task (this is what explorer does to always start unelevated).
EG
schtasks /run /I /tn "\MyTaskThatStartsAProgram"
Related
I'm trying to run a .vbs file as a scheduled task through Windows Task Scheduler. Under the 'General' tab, when I select "Run only when user is logged on", the script executes as expected.
However, when I select "Run whether user is logged on or not", and enter the appropriate credentials, the task runs at the scheduled time, but the script does not actually run. I've already tried running the script under wscript.exe as well as cscript.exe, but no luck with either.
EDIT: Even if I am logged in when the task begins, the script will still not run under the "logged in or out" setting.
Additional info: The purpose of this scheduled task is to run before I arrive at work. I've already configured my BIOS to startup at a predetermined time (06:00), and set the Task Scheduler to run at 06:27. I've successfully tested the BIOS startup, as well as the script itself (including using the Task Scheduler to run it). Therefore, the only weak link I can find is the option to "Run whether the user is logged on or not".
I'm running Windows 7 Enterprise.
Any help would be appreciated!
This is because normally it would run the script using the shell handler, which by default is wscript.exe. When there's no desktop environment (because no-one is logged-in) it would fail and abort script execution (or rather, not run the script in the first place).
To fix this, instead of running the .vbs file directly, change it to run cscript.exe (the command-line script runtime program) with the script's filename passed as the first argument. Also be sure to ensure you don't have any InputBox or MessageBox calls (instead use WScript.Echo to return messages to the user: wscript displays message-boxes, but cscript will write it to the console.
My query is basically to bypass the "Admin Command Prompt" UAC.
What i am trying to do is to open a "Admin Command Prompt" but every time when i open it pop up UAC, which i want to ignore, i want when i run the "Admin Command Prompt" it will automatically open as Admin without any UAC Pop-up
Is there any way i can do that?
I am thinking to create a batch file which runs and open cmd.exe and pass the UAC pop-up, but i am not sure how to create the same
Tag: "Admin Command Prompt" : It is basically when we right click on cmd.exe and use "Run As Administrator"
You can't bypass. If the user is a standard user, you have no way to arbitrarily decide to just become an administrator.
Windows is a secure operating system, and has the notion of standard users and administrators. The fact that you're a standard user is your own choice.
You're perfectly free to ask the computer administrator to make you an administrator - but it's a really, really, terrible idea.
My EXE is executing perfectly fine when I am executing it by double click on it, but it is not executing when I am trying to run it via Schedule Task.
I am running schedule task on a local machine as administrator. I have already set the following settings into the "Security Options" of the Schedule Task.
Run only when user is logged in (I am logged in when schedule task is running)
Run with highest privileges check box is checked
In my case, it didn't worked because of the start in location of the program.
Set the [Start in] (optional) properties of the scheduled task with the path where the exe file is exist.
The default [Start in] value is C:/Windows/System32
Depending on which Windows OS you're running this on, your EXE may have in fact started and is running in the background, with the user interface completely hidden. Depending on the EXE you are trying to run, it may be sitting there, hidden, waiting for user input that it will never get. If your EXE doesn't require any user input (something that just runs and then closes when it completes), then you might just check to see if the job is actually done.
A trick I have used to verify this is to create a small batch program like this:
#echo off
echo myEXE Scheduled Task Started %DATE% %TIME% >>c:\myEXE.log
myEXE.exe
echo myEXE Scheduled Task Completed %DATE% %TIME% >>c:\myEXE.log
Have your scheduled task call this batch script instead of myEXE directly. This will generate a text file (myEXE.log) that you can check to verify when the scheduled task kicked off, and then when (and whether) the EXE finished.
Just for kicks (and to test what I'm talking about) you can add these lines at the end of the batch script.
pause
echo Batch Script Finished %DATE% %TIME% >>c:\myEXE.log
If you never see the cmd window waiting for you to Press any key to continue... then you'll also never see the last line in your log file (myEXE.log)
Windows Task Scheduler is a strange beast of a program. It's not really a CRON like task scheduler and it's not a Quartz based program, other than relying on internal clock system.datetime, which has been known to have "issues" of its own.
Nevertheless, it can sometimes trip over itself (unproven, but from personal observations), when it comes to permissions of a task and who created it vs what account is used to run it.
I found the following steps gives me a "clean" task schedule every time, and the task runs every time:
Always run Task Scheduler as Administrator. If you don't have admin rights to do this, then you should even be here!
Don't create a Basic Task. Go straight to Create Task, and under your own admin account (doesn't have to be God Admin!).
When filling in the task wizard, don't provide a trigger UNTIL you've tested the task first. Also, make sure you've allowed the task to run whether you're logged in or not! That catches me sometimes.
Don't worry about Settings, for now. Accept the default
Save/OK
Close Task Scheduler
Restart it again, and again as Admin
Run the task you've created.
If all goes well, it ran! Do a CMD run of the EXE using #Wes's suggestion to be sure.
Now, place a Trigger of your choice
Change the Account to your proper task admin account, or a generic account with admin rights specifically created to run tasks. We call ours admin.tasks
Save everything and you should be ok from here.
OS: Windows Server 2008 R2 Enterprise
I am unable to get the Task Scheduler to run .bat files while I am logged off. I have a a production .bat file I want to use, but for my troubleshooting purposes I am using C:\Users\Administrator\Desktop\test.bat
test.bat is very simple. All it contains is:
taskkill /im notepad.exe
It runs successfully on its own. If I have Notepad open and I double-click test.bat then the cmd window flashes and Notepad dies. The .bat file is not the problem.
The task I created in Task Scheduler is "Test taskkill" (without the quotes). I can see its location in Windows Explorer: C:\Windows\System32\Tasks\Test taskkill
If the task is set to run only when the user is logged on then the task works. With this setting, I can right-click on it > run and I get the same behavior as if I double-click the .bat file. That means the task is configured correctly.
If I set it to run whether or not the user is logged on then when I right-click > run nothing obvious happens. The job is reported as having been run successfully in the history, but Notepad survives. I know that I am using the proper credentials for the account that I am configuring to run the task. That account is the local administrator.
This issue appears similar to issues other have had in the past:
Running a .bat file in Scheduled Task
http://social.technet.microsoft.com/Forums/windowsserver/en-US/d47d116e-10b9-44f0-9a30-7406c86c2fbe/scheduled-task-wont-run-bat-file?forum=winservermanager
The thread in the second link seemed to resolve an identical issue for many people with the suggestion that the account used to run the task requires explicit permission to the .bat file and all files that the .bat file modifies. This was very promising (if an annoying requirement). However, I have confirmed or assigned explicit permissions for the local administrator to the following areas, and I am still not successful:
C:\Users\Administrator\Desktop\
C:\Users\Administrator\Desktop\test.bat
C:\Windows\System32\Tasks\
C:\Windows\System32\Tasks\Test taskkill
Additionally, I have confirmed that the local administrator account is in the local administrators group.
Am I missing some other permissions that needs to be set? Is there something else I should be looking at? Thanks!
I have resolved this problem with help from a contractor who was doing some other work for my institution.
In the properties window for the task, on the Action tab, when creating or editing the action that opens the batch file (in my case test.bat), there is the "Program/script:" field and there is also a "Start in (optional):" field. I previously had the "Program/script:" field containing the full path to the file, ending with the file name, and I had the "Start in (optional):" field null. This configuration appears to work without issue when the task is set to "Run only when user is logged on" in the General tab of the task's properties window. However, this configuration does not work when the task is set to "Run whether user is logged on or not".
In order to resolve the problem, I changed the action so that the "Program/script:" field contained only the file name, not the file path. I put the file path in the "Start in (optional):" field. This configuration works when the task is set to "Run only when user is logged on"! I have tested with the task running on a trigger and also with running it manually.
Not sure if this helps. My issue was using a interactive program (in particular Excel) as well.
Creating the 2 empty folders (Desktop) solved it. Create both even if you are running on x64.
C:\Windows\System32\config\systemprofile\Desktop
C:\Windows\SysWOW64\config\systemprofile\Desktop
I debugged my code and realised the code exited at this line
ExcelFile excelFile = new ExcelFile(directory, filename);
I read this solution somewhere and I cannot find the URL now.
Try this as well..
Resolved the "Run whether user is logged on or not" by setting the “Log on as Batch Job” security policy.
Here is details on the setting… https://danblee.com/log-on-as-batch-job-rights-for-task-scheduler/
You may take another approach, but here is the steps…
1) I updated the default domain group policy by adding my admin account (that I fire the task with) to the “Log on as Batch Job” security policy. (Even though ADMIN group is listed, and I am using an admin account)
2) I forced GPUPDATE on the client
3) Rebooted the client
4) Looked at the policy on the client to make sure it made it over from the DC
5) Set the task "Run whether user is logged on or not"
6) Ran the task on demand and it worked creating a PDF file.
7) Logged out and ran the task at scheduled time and it worked creating a PDF file.
I had similar problem, but it was related to the fact that there was a space in the path of my executable batch file. I have removed the space and now it works fine.
What work for me was make sure that the path is available.
i used net use Z: \computername\folder /persistent:yes
then the xxcopy /s /c /d /e /i /y D:*.* z:\BackupBat
I notice all my other .bat work fine only the one with the reference to a map folder was the one no running, so that need to be the problem. with these change the bat file runs good.
Verifying the following has worked for me:
1) 'Run if user is not logged in' option in Task Scheduler does not work for programs that is interactive mode. Example notepad, clock. Tasks will not run interactively. Make sure your program does not requires any interactive actions.
2)Check the “Start in (optional) “ If your program path is not one of the system paths. You have better to add you program path in it. On the "Program/Script" enter only the name of the program, and enter the path of your script in "Start in".
3)The user account you setup for your program must have permission not only to run your program itself and but also to run all other program that related to your program.
Here is a sample program:
On C:\myprogram\folderOne\test.cmd
date /t >> c:\Temp\testAuto.log
date /t >> c:\temp\testAuto.log
echo ----->> c:\temp\testAuto.log
cls
exit
-Create a Tasks, selecting on General>SecurityOptions "Run whether user is logged on or not"
-Enter on Action>Program/script: test.cmd
on "Start in" C:\myprogram\folderOne
-Run, you might see the cmd windows open and closes very quickly. The testAuto.log file should be in c:\tmp folder.
It might be because you don't have permission. I was facing the same problem and i found the solution like this -
Open Task Scheduler right click on your task and than select properties option.
In properties click on General tab and then click on 'User Group or User' and select the appropriate user.
My question is how do I get the installation of VLC media player in a batch script done without having to accept the UAC prompt during the installation.
What I have till now is this - working for a silent installation but still wanting me to press the UAC button.
vlc-2.1.1-win64.exe /S
It is possible to circumvent UAC only using the technique to create a scheduled task that has administrator privileges to run and then create a shortcut to run this scheduled task, this shortcut when it runs, it runs automatically without asking permission, without the button Yes or No to appear, look at the tutorial link below to better understand.
Run UAC restricted programs without the UAC prompt