I wanted to ask you if it is possible to open a program (maybe editor.exe) with "start" or "call" command in windows-commandprompt, which is started via an administrator account, which then does not run managed via the administrator account.
That was the short question; here is something more comprehensible:
I started a command prompt ("script.bat") with right mouse button "as admin", here i type admin user and password (user account: admin01).
In the task manager, I see that the program "cmd.exe" is associated with the "admin01". So far so good.
Now I want to start another app (maybe editor.exe) with "start" or "call" command in this active command prompt ("script.bat"); however, in the task manager i should not have "admin01" as user next to the program that has just been started.I want the corresponding user to be "theLocalActiveRegisteredUser".
Do you know how I can do this?
Regards
There is no way to unelevate a program. Elevation is a one way street. Programs started by an elevated program are elevated.
The main indirect way to start an unelevated program is to use task scheduler and demand run the TS task (this is what explorer does to always start unelevated).
EG
schtasks /run /I /tn "\MyTaskThatStartsAProgram"
I really need help on running a .bat file from the Task Scheduler.
It runs when ran from location or when Run is clicked from Task Scheduler.
It doesnt run on a schedule when Run only when user is logged on / Run when user is logged on or not
The user is my local account is also the admin
.bat file is stored in C:\Users\user1\eclipse-workspace\abc\, and this is what iI have filled in for the Program/Script under Settings in Actions tab.
I have unchecked all options under Conditions tab, (tried checking the power options, still didnt work).
I would prefer to have this option set :: Run when user is logged on or not.
I would like to know what I'm missing or where I'm going wrong with this.
.bat file code is :
cd C:\Users\user1\eclipse-workspace\abc
set ProjectPath=C:\Users\user1\eclipse-workspace\abc
echo %ProjectPath%
set classpath=%ProjectPath%\bin;%ProjectPath%\Lib\*
echo %classpath%
java org.testng.TestNG %ProjectPath%\testng.xml
pause
This one saved me:
Make sure "Run with highest privileges" is turned off in your task scheduler settings
In your bat file, use pushd \\network_drive_name as the first line of code
At the end of your bat file, use popd \\network_drive_name
I am trying to make a batch file that calls an executable named idlelogoff after a certain amount of idle time. I can see the process in task manager however the computer doesn't sign out.
However when I run the process as an administrator manually it works. I thought the system account was supposed to have all privileges. Very confused as to why this isn't working. Any help would be appreciated.
Below is my batch file contents.
start "IdleLogOff" /d C:\ /b idlelogoff.exe 10 logoff
I found an answer to this by using local group policy instead of domain policy . I used user configuration->windows settings-> and then logon scripts and had it run on an user logon. The script works from here but did not work from domain group policy for whatever reason
look into taskmanager- i suppose that the process runs under system-account when using domain-gpo- no matter if activated/linked in user or workstation context.
So the exe would check if the system-account is idle.
A solution could be putting the exe into autostart-folder or create a run-key into registry or with an scheduled task -> all can be done with a gpo
I am extremely noobish when it comes to this as I literally just started doing it, but today I just decided I was going to explore a bit, I was going to try to make a simple batch file so I could make Cortana run it to close certain tasks, by just saying "Run ," so I tried this, and I have so far
SCHtasks /end /s Titan /u vetri /tn chrome
I get a prompt to enter my password, and I do and I get returned back:
ERROR: User credentials are not allowed on the local machine.
OS: Windows Server 2008 R2 Enterprise
I am unable to get the Task Scheduler to run .bat files while I am logged off. I have a a production .bat file I want to use, but for my troubleshooting purposes I am using C:\Users\Administrator\Desktop\test.bat
test.bat is very simple. All it contains is:
taskkill /im notepad.exe
It runs successfully on its own. If I have Notepad open and I double-click test.bat then the cmd window flashes and Notepad dies. The .bat file is not the problem.
The task I created in Task Scheduler is "Test taskkill" (without the quotes). I can see its location in Windows Explorer: C:\Windows\System32\Tasks\Test taskkill
If the task is set to run only when the user is logged on then the task works. With this setting, I can right-click on it > run and I get the same behavior as if I double-click the .bat file. That means the task is configured correctly.
If I set it to run whether or not the user is logged on then when I right-click > run nothing obvious happens. The job is reported as having been run successfully in the history, but Notepad survives. I know that I am using the proper credentials for the account that I am configuring to run the task. That account is the local administrator.
This issue appears similar to issues other have had in the past:
Running a .bat file in Scheduled Task
http://social.technet.microsoft.com/Forums/windowsserver/en-US/d47d116e-10b9-44f0-9a30-7406c86c2fbe/scheduled-task-wont-run-bat-file?forum=winservermanager
The thread in the second link seemed to resolve an identical issue for many people with the suggestion that the account used to run the task requires explicit permission to the .bat file and all files that the .bat file modifies. This was very promising (if an annoying requirement). However, I have confirmed or assigned explicit permissions for the local administrator to the following areas, and I am still not successful:
C:\Users\Administrator\Desktop\
C:\Users\Administrator\Desktop\test.bat
C:\Windows\System32\Tasks\
C:\Windows\System32\Tasks\Test taskkill
Additionally, I have confirmed that the local administrator account is in the local administrators group.
Am I missing some other permissions that needs to be set? Is there something else I should be looking at? Thanks!
I have resolved this problem with help from a contractor who was doing some other work for my institution.
In the properties window for the task, on the Action tab, when creating or editing the action that opens the batch file (in my case test.bat), there is the "Program/script:" field and there is also a "Start in (optional):" field. I previously had the "Program/script:" field containing the full path to the file, ending with the file name, and I had the "Start in (optional):" field null. This configuration appears to work without issue when the task is set to "Run only when user is logged on" in the General tab of the task's properties window. However, this configuration does not work when the task is set to "Run whether user is logged on or not".
In order to resolve the problem, I changed the action so that the "Program/script:" field contained only the file name, not the file path. I put the file path in the "Start in (optional):" field. This configuration works when the task is set to "Run only when user is logged on"! I have tested with the task running on a trigger and also with running it manually.
Not sure if this helps. My issue was using a interactive program (in particular Excel) as well.
Creating the 2 empty folders (Desktop) solved it. Create both even if you are running on x64.
C:\Windows\System32\config\systemprofile\Desktop
C:\Windows\SysWOW64\config\systemprofile\Desktop
I debugged my code and realised the code exited at this line
ExcelFile excelFile = new ExcelFile(directory, filename);
I read this solution somewhere and I cannot find the URL now.
Try this as well..
Resolved the "Run whether user is logged on or not" by setting the “Log on as Batch Job” security policy.
Here is details on the setting… https://danblee.com/log-on-as-batch-job-rights-for-task-scheduler/
You may take another approach, but here is the steps…
1) I updated the default domain group policy by adding my admin account (that I fire the task with) to the “Log on as Batch Job” security policy. (Even though ADMIN group is listed, and I am using an admin account)
2) I forced GPUPDATE on the client
3) Rebooted the client
4) Looked at the policy on the client to make sure it made it over from the DC
5) Set the task "Run whether user is logged on or not"
6) Ran the task on demand and it worked creating a PDF file.
7) Logged out and ran the task at scheduled time and it worked creating a PDF file.
I had similar problem, but it was related to the fact that there was a space in the path of my executable batch file. I have removed the space and now it works fine.
What work for me was make sure that the path is available.
i used net use Z: \computername\folder /persistent:yes
then the xxcopy /s /c /d /e /i /y D:*.* z:\BackupBat
I notice all my other .bat work fine only the one with the reference to a map folder was the one no running, so that need to be the problem. with these change the bat file runs good.
Verifying the following has worked for me:
1) 'Run if user is not logged in' option in Task Scheduler does not work for programs that is interactive mode. Example notepad, clock. Tasks will not run interactively. Make sure your program does not requires any interactive actions.
2)Check the “Start in (optional) “ If your program path is not one of the system paths. You have better to add you program path in it. On the "Program/Script" enter only the name of the program, and enter the path of your script in "Start in".
3)The user account you setup for your program must have permission not only to run your program itself and but also to run all other program that related to your program.
Here is a sample program:
On C:\myprogram\folderOne\test.cmd
date /t >> c:\Temp\testAuto.log
date /t >> c:\temp\testAuto.log
echo ----->> c:\temp\testAuto.log
cls
exit
-Create a Tasks, selecting on General>SecurityOptions "Run whether user is logged on or not"
-Enter on Action>Program/script: test.cmd
on "Start in" C:\myprogram\folderOne
-Run, you might see the cmd windows open and closes very quickly. The testAuto.log file should be in c:\tmp folder.
It might be because you don't have permission. I was facing the same problem and i found the solution like this -
Open Task Scheduler right click on your task and than select properties option.
In properties click on General tab and then click on 'User Group or User' and select the appropriate user.