I want to run a program from startup by a batch file in startup folder, the file says this:
runas.exe /savecred /"user:pedro burgos" "%cd%\test.bat"
But, the problem is that when I run this and enter my password, it says Error 5: Access denied
Can anyone help me pls?
Found this in another forum.
Feel like a dumbass now, but do use caution, and get more info.
The runas command depends on the Secondary Logon service.
On my system, it is by default set to manual, and it is not activated.
AFAIK, this is a legacy feature, so that is probably the reason why it is not running.
EDIT:
It's legacy, because this command predates UAC; MS would like you to use UAC instead of runas, which is safer; you can trigger a UAC prompt by calling scripts in PowerShell with -Verb RunAs argument
Had the same issue as you on Server 2019, secondary logon service on manual. Your initial answer seemed to be the solution but it wasn't. On server 2019 the secondary logon service is on manual by default and will start automatic if you are using a run as command.
The answer was as is upgraded the server 2019 edition that the local system account didn't have the correct rights to engage with the secondary logon service.
Resolved the issue with this MS article (article is for server 2012)
Start CMD as administrator;
sc sdset seclogon D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPDTLOCRRC;;;IU)(A;;CCLCSWDTLOCRRC;;;SU)(A;;CCLCSWRPDTLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
try this
runas.exe /savecred /user:"pedro burgos" "%cd%\test.bat"
Make sure user "pedro burgos" actually has access to that directory. For example, one user can't just access other user's directories. You can test this theory by moving the script to something like C:\temp
Related
I normally run an SSIS package using a Sql Agent Job and a proxy user as described here: https://www.sqlservercentral.com/articles/run-an-ssis-package-under-a-different-account
I now need to run the same package using the same proxy user using T-SQL. I've been trying to use the [catalog].[create_execution] and [catalog].[start_execution] procedures to do this but there doesn't seem to be a way to specify a user.
How do I execute a package as a different user?
Is my best recourse the use of T-SQL to execute a SQL Agent Job that is configured to use the proxy user instead?
I don't know how agent actually works to make proxy users work - especially with regard to SSIS packages.
In a "normal" sql session say in SSMS, if I wanted to run a query as another user
EXECUTE AS USER = 'TurgidWizard';
SELECT USER_NAME() AS WhoAmI;
REVERT;
That code would allow me to impersonate you until I hit the REVERT call.
But, if you swap out calls to create_execution/start_execution you'll run into the same issue as trying to use a local sql server user runs into with using the methods in the SSISDB - it doesn't work. The methods in the SSISDB all run checks before they begin to ensure users have the correct access level and there isn't impersonation going on. Because once those methods start running, they themselves do impersonation so I guess that doesn't work well.
How can I run a package using tsql under a different account? I would start SSMS/sqlcmd under the credentials using RUNAS For example, the following will open a new command window as you.
runas /netonly /user:corpdomain.com\turgiwizard "cmd"
From there, things I do will be under the aegis of your user so I could run sqlcmd calls like
sqlcmd -S TheServer -d SSISDB -Q "EXECUTE catalog.create_execution ...;"
Mouse click will be Ctrl+Shift+right click executable.
Your SSMS install location is version dependent but try various ten digit increments of 140 in the following path
C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio\Ssms.exe
The downside for me with regard to runas is that I could not automate getting my credentials passed into it. I've seen articles about use auto hot key and such but never had any luck with it.
Cleanest/easiest approach for something that needs to run regularly is to use sql agent with a proxy, or you could use Windows Task Scheduler and create it as the target user. One off executions, I'd likely use the runas approach.
I'm trying to execute a batch file(shutdown.bat and startup.bat of tomcat 7) on a remote machine(Windows server 2008) using PSTools but didn't got any luck till now.
Below are the steps I used
c:\>psexec \\129.12.3.1 -u Admin -p admin90 C:\>Hyp\tom7_50080\bin\shutdown.bat
and on my cmd i got
PsExec v2.0 - Execute processes remotely
Copyright (C) 2001-2013 Mark Russinovich
Sysinternals - www.sysinternals.com
PsExec could not start cmd on 129.12.3.1:
There are currently no logon servers available to service the logon request.
Can anyone help with the above output and with the batch file for executing the shutdown and startup batch file on remote machine.
Is PS Tools only option to execute any service/batch file on remote machine or we could use any other utility provided by MS.
In you example, #David Candy pointed out even you had the connection go thru, it would not work as you have 'c:>hyp\' instead of C:\hyp\tom7_*
You seem to be using IP, but the message you got seems to be name resolution related, so not sure what's happening there. Maybe you should upgrade to the latest PsExec version.
If you want to use PowerShell you would use Invoke-Command -ComputerName {NameOfPC} -ScriptBlock {C:\Hyp\tom7_50080\bin\shutdown.bat}
If you want to execute a program on another server, you can use a stored procedure on that server to invoke the command, and call that stored procedure from the local mcahine.
You could also create a web service on the remote server that invoked the command you want to execute.
In either case, be very careful that you don't open a security hole by either allowing more users to execute commands through the mechanism you implement, or by some user to execute commands other than the one you intend.
I'm writing a perl script in which I've to shutdown my mssql server ,do some operation and then I've to restart it.I know 1 way is to use netstat to stopt the service but I cann't use that. So I tried installing DBI and DBD::ODBC module.
More info here :Shutdown MSSQL server from perl script DBI
But when I trying to shutdown my server using this command
$dbh->prepare("SHUTDOWN WITH NOWAIT ");
It's not working for me :
I got this response from the community
SHUTDOWN permissions are assigned to members of the sysadmin and serveradmin fixed server roles, and they are not transferable. I'd consider it unlike(hopefully) that perl is run with this rights.
So please tell me is there a way to run the above command as these users ? or what can I do other than this . Note that I have a constraint tha tI cann't simply stop it as windows service.
If the scripts are executed through a web browser then the user executing the scripts will be defined by the web server. It will probably not be a good idea to fiddle with this user. Just leave things as they are.
What you can do is to create a Perl script that is being run by a privileged user on a consistent basis with CRON.
This script being run by CRON can check for specific content like a file which has been written by a script where the user executing the script has lesser privileges.
So the way it could work is as follows:
You execute browser.cgi through a browser to do a specific task.
browser.cgi writes instructions to a file.
Every 1 minute priveleged.cgi executes via CRON. (The root user could execute priveleged.cgi)
priveleged.cgi reads the file browser.cgi has written for instructions and starts and stops services according to the instructions.
I am trying to run a CakePHP Shell script through the Scheduled Task of Windows 2003 server and I'm finding that the task Could not start.
When I run it manually from the Command Prompt it works well:
C:\Inetpub\wwwroot\CakePHP\lib\Cake\Console\cake mail read
The Scheduled task Run field is exactly the same and the Start in is set to:
C:\Inetpub\wwwroot\tickets\app
The Run as field is set as the computer admin which has all permissions (not the ISS user)
Scheduled Task log shows this message when trying to execute it:
"Ticket Mail System.job" (cake) 13/12/2012 07:15:00 ** ERROR **
Unable to start task.
The specific error is:
0x80070005: Access is denied.
It seems it is a permissions problem.
I have tried to give over the lib/Cake/Consol/cake.bat file all permissions for both users, the IIS 6 user and the Internet Guest Account user, but still doesn't work.
Any idea which could be the cause?
It worked well over Windows 7 but it didn't on Window 2003 Server.
Finally, I tried it adding .bat after calling the Shell and it works.
I had to put this in the Run field:
C:\Inetpub\wwwroot\CakePHP\lib\Cake\Console\cake.bat mail read
It seems Windows 2003 needs the .bat at the end...
I found it at: http://www.geekyboy.com/archives/376
Thanks guys, this got my issue solved.
found that my ".bat" file instead had the extension ".CMD" which seemed to work fine up until now.
fixed it by renaming the file extension and changing the directory in the task scheduler.(because it still had the ".CMD" extension.
I'm trying to impersonate a domain user over vpn. I am able to run management studio from the command prompt using the RUNAS command. However, I can't do the same with my vb application (.net 4.5, winforms, using VS 2012 Express) in either debug mode or published app. Here is what I tried:
runas command of my application (from the location of the shortcut in Start Menu Programs, as well as the executable); in these cases, after I input the password in the command prompt, I get 'unknown user or bad password' error.
I've tried the impersonate user within the code as indicated on several websites such as [http://williamfaulkner.co.uk/2009/04/vbnet-run-as-administrator-impersonate-a-user-2008/][1], which seems like a variation of that listed on MSDN that uses calls advapi.dll (I'm not really sure how it works). In this case, I also get 'unknown user or bad password' error when the code tries to query the SQL server.
Does anyone have any explanation for these errors and/or how I might solve this. I'm assuming that if I can impersonate and run ssms, I should be able to do it within my vb app.
Thanks in advance!
This is a bit of a leap but - particular parts of Windows can only run once and are not allowed to have multiple instances from different users. I wonder if this is the issue here.
I'm thinking particularly of explorer.exe.
If this sounds like it might be what's tripping up the RUNAS method, try:
start a new cmd window as the user by running: runas /noprofile
/user:domain\user cmd
open taskmanager and kill the explorer.exe process (you'll loose your start bar when you do this)
in the cmd window type: explorer.exe
The start bar and windows will come back and be running as the other user
Now try your application.
When you're done be sure to switch back by:
open taskmanager (this will be running as the other user)
Kill the explorer.exe process
press ctrl alt del and then click task manager (this should make it run as you)
in taskmanger, click file - new task
type: explorer.exe
Everything should now be back to normal.