I'm trying to impersonate a domain user over vpn. I am able to run management studio from the command prompt using the RUNAS command. However, I can't do the same with my vb application (.net 4.5, winforms, using VS 2012 Express) in either debug mode or published app. Here is what I tried:
runas command of my application (from the location of the shortcut in Start Menu Programs, as well as the executable); in these cases, after I input the password in the command prompt, I get 'unknown user or bad password' error.
I've tried the impersonate user within the code as indicated on several websites such as [http://williamfaulkner.co.uk/2009/04/vbnet-run-as-administrator-impersonate-a-user-2008/][1], which seems like a variation of that listed on MSDN that uses calls advapi.dll (I'm not really sure how it works). In this case, I also get 'unknown user or bad password' error when the code tries to query the SQL server.
Does anyone have any explanation for these errors and/or how I might solve this. I'm assuming that if I can impersonate and run ssms, I should be able to do it within my vb app.
Thanks in advance!
This is a bit of a leap but - particular parts of Windows can only run once and are not allowed to have multiple instances from different users. I wonder if this is the issue here.
I'm thinking particularly of explorer.exe.
If this sounds like it might be what's tripping up the RUNAS method, try:
start a new cmd window as the user by running: runas /noprofile
/user:domain\user cmd
open taskmanager and kill the explorer.exe process (you'll loose your start bar when you do this)
in the cmd window type: explorer.exe
The start bar and windows will come back and be running as the other user
Now try your application.
When you're done be sure to switch back by:
open taskmanager (this will be running as the other user)
Kill the explorer.exe process
press ctrl alt del and then click task manager (this should make it run as you)
in taskmanger, click file - new task
type: explorer.exe
Everything should now be back to normal.
Related
Afternoon everyone,
I've tried to research this topic in depth and I cannot come to a conclusion for my problem. I'm trying to automate a batch file in Task Scheduler to execute two SSIS packages. Currently when I attempt to execute the scheduled task (either waiting for its set schedule or running on demand), task scheduler will show that the task has completed successfully, the "Status" will continue to say "Running" but the destination files are never created/re-created. This is the script:
dtexec /f "D:\SSIS\Folder\Folder\Folder\Package.dtsx"
dtexec /f "D:\SSIS\Folder\Folder\Folder\Package.dtsx"
The SSIS is supposed to pull information from SQL and export it to a CSV which it does wonderfully... If I execute this script in CMD, Powershell, or run my batch file directly.
About my environment:
My script resides on a SQL Server. (Windows Server 2016 Standard)
I have a domain admin account used for scripting permissions (all parent folders including the batch file itself have that domain admin added with full permissions, including the csv destination).
The scheduled task is set to: "Run whether user is logged on or not", "Run with highest privileges", Configured for Windows Vista and Windows Server 2008. I know my credentials are correct for my domain admin account.
In "Actions", "Program/script:" is currently set to "C:\Scripts\file.bat", there is nothing in "Add Arguments (optional):" currently, "Start in (optional):" is set to "C:\Scripts".
So here is what I've tried:
I've set "Program/script:" to "cmd.exe" and added an argument of "file.bat" with a start in as "C:\Scripts", no dice.
I've set "Program/script:" to "Powershell.exe" and set an argument of "-ExecutionPolicy Bypass C:\Scripts\file.bat" with a start in as "C:\Scripts", no luck again.
I added my domain admin account to the local administrators group on the server as well.
I've changed the user/group from my domain admin account to my domain admin account (the one I'm logged into the server with) and set it to "Run only when user is logged on", if this is set and I attempt to run the scheduled task, CMD flashes on screen and disappears before I can read anything (it's still too fast for the script to actually run, it takes ~20 seconds) and the destination file isn't altered.
(This one really stumps me) I've tried to add the script to another scheduled task on the server, that scheduled task will run on schedule and complete every script in the batch file except for these 2 lines. The other scheduled task it was added to uses the same domain admin account, same settings across the board, it even has other similar SSIS packages being run using "dtexec", I don't get it.
Thanks for any input anybody can give me, it's greatly appreciated.
I know this is a super old post, but I just had the same issue and wasn't successful with any other popular solutions around StackOverflow, so I want to put out an alternative solution for anyone still struggling!
When in doubt, double check the user account in the Security Options under Properties (right-click on Task > Properties > first page under "Security Options").
Even though the user that it had selected by default should have permission to execute the script, I had to change the user account to a user with a higher privilege (I'm on a work computer). For me, this meant I had to select the Administrator group on my particular desktop environment.
I want to run a program from startup by a batch file in startup folder, the file says this:
runas.exe /savecred /"user:pedro burgos" "%cd%\test.bat"
But, the problem is that when I run this and enter my password, it says Error 5: Access denied
Can anyone help me pls?
Found this in another forum.
Feel like a dumbass now, but do use caution, and get more info.
The runas command depends on the Secondary Logon service.
On my system, it is by default set to manual, and it is not activated.
AFAIK, this is a legacy feature, so that is probably the reason why it is not running.
EDIT:
It's legacy, because this command predates UAC; MS would like you to use UAC instead of runas, which is safer; you can trigger a UAC prompt by calling scripts in PowerShell with -Verb RunAs argument
Had the same issue as you on Server 2019, secondary logon service on manual. Your initial answer seemed to be the solution but it wasn't. On server 2019 the secondary logon service is on manual by default and will start automatic if you are using a run as command.
The answer was as is upgraded the server 2019 edition that the local system account didn't have the correct rights to engage with the secondary logon service.
Resolved the issue with this MS article (article is for server 2012)
Start CMD as administrator;
sc sdset seclogon D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPDTLOCRRC;;;IU)(A;;CCLCSWDTLOCRRC;;;SU)(A;;CCLCSWRPDTLOCRRC;;;AU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
try this
runas.exe /savecred /user:"pedro burgos" "%cd%\test.bat"
Make sure user "pedro burgos" actually has access to that directory. For example, one user can't just access other user's directories. You can test this theory by moving the script to something like C:\temp
I have a simple batch file which needs to be run weekly to upload some files via Core FTP.
I'm using the free version of Core FTP LE.
MySavedProfile is the Site Name of the saved profile I created using Core FTP's site Manager. The profile contains the URL / credentials / etc of the site to connect to.
Here are the contents of the batch file:
SET logf=confirm.log
echo test-start >> %logf%
"C:\Progra~1\CoreFTP\coreftp.exe" -B -s -pasv -O -site MySavedProfile -u "C:\Progra~2\PathToFiles\FileToUpload.txt"
echo test-finish >> %logf%
For the Windows Server 2012 r2 Task Scheduler, I have created a basic, weekly scheduled task on the Task Scheduler Library root which runs the batch file. For this scheduled task I have:
(Under the General tab)
"Run whether user is logged on or not" is selected
"Run with highest privileges" is checked
Configure for = Windows Server 2012 R2
(Under Actions)
Action = Start a program
Program / Script = "C:\Progra~2\PathToFiles\batch.bat"
Start in = C:\Progra~2\PathToFiles\
Here is the weird behavior I am getting:
If I double click on the batch file directly, it works fine and uploads the text file via Core FTP just fine.
However, if I try to let the Windows Task Scheduler run it, it runs everything except the Core FTP line. That is, I get the usual:
test-start
test-finish
in the confirm.log file, but the FileToUpload.txt has not been uploaded to the remote server, and there are no errors from CoreFTP that I can detect.
I have tried this with a service account that has permissions to run batch files, as well as my own account for this scheduled task. I get the same result: it doesn't seem to run that CoreFTP line. At least not via Task Scheduler. I need this upload to be automated.
I've searched Core FTP's documentation, Google, etc. No one seems to have run into this exact issue. I've applied recommendations from distantly related issues, but none of them have worked.
Any help would be greatly appreciated. Thank you.
The only way to do this is to use the full version of Core FTP (that is Core FTP Pro). If you use the LE version you have to check the "Run only when user is logged on" option.
This happens because of the splash screen at the beginning.
If you can't be logged on forever you could create a user that will always be logged on just for these tasks.
Remember to use the -Log option on CoreFTP to check if it is actually doing something.
I am trying to run a CakePHP Shell script through the Scheduled Task of Windows 2003 server and I'm finding that the task Could not start.
When I run it manually from the Command Prompt it works well:
C:\Inetpub\wwwroot\CakePHP\lib\Cake\Console\cake mail read
The Scheduled task Run field is exactly the same and the Start in is set to:
C:\Inetpub\wwwroot\tickets\app
The Run as field is set as the computer admin which has all permissions (not the ISS user)
Scheduled Task log shows this message when trying to execute it:
"Ticket Mail System.job" (cake) 13/12/2012 07:15:00 ** ERROR **
Unable to start task.
The specific error is:
0x80070005: Access is denied.
It seems it is a permissions problem.
I have tried to give over the lib/Cake/Consol/cake.bat file all permissions for both users, the IIS 6 user and the Internet Guest Account user, but still doesn't work.
Any idea which could be the cause?
It worked well over Windows 7 but it didn't on Window 2003 Server.
Finally, I tried it adding .bat after calling the Shell and it works.
I had to put this in the Run field:
C:\Inetpub\wwwroot\CakePHP\lib\Cake\Console\cake.bat mail read
It seems Windows 2003 needs the .bat at the end...
I found it at: http://www.geekyboy.com/archives/376
Thanks guys, this got my issue solved.
found that my ".bat" file instead had the extension ".CMD" which seemed to work fine up until now.
fixed it by renaming the file extension and changing the directory in the task scheduler.(because it still had the ".CMD" extension.
I need to copy my SQL Server DBs to a folder. The files are attached to SQL Server, which I have detached using my code. When I try to copy these files using
My.Computer.FileSystem.CopyFile(filePathToCopyFrom1, targetFilePath1)
It returns error:
"Access to the folder D:\MyDbs is denied"
When I manually coped these files, it asked "You need Administror permission to copy these files" I clicked continue and it worked but how to fix this using my vb.net code?
I have given Full Control to administrator from Windows but still it did not work.
Thanks
Seems that the detaching process went well. You can copy through windows explorer, but not from you application. The key difference here is that the files are protected to be accessed by the administrator user only.
Then, you need to run your application using an administrator windows account so that the application inherits the permissions of the user to be able to perform this operation.
Remember, if you are using Windows Vista+ (which I assume you do) the root folder is almost off limits. You can run the App as Administrator, or copy it to a folder in the root. The other point is that where you copy from. If the DB is currently in Program files, it is very possible that you will get this problem as well, and then you will have to run the application as Administrator.
Right click on the application, and select Run as Administrator, or select properties and in Compatibility check the box that the program should be running as Administrator. If you use the latter, then a box will pop up every time you run it, unless you change the User Account Control settings.