I am trying to execute a batch file using the Process class. This code is in the middle of a larger section of code where I am using LogonUser() and WindowsIdentity.Impersonate() to impersonate the local PC admin account.
I was attempting to run a batch file within a Process, without adding credentials in ProcessStartInfo, but doing it that way caused the batch file to fail silently - no errors were raised, and expected output from the batch file never was returned (I am reading stderr and stdout asynchronously, fwiw).
I then added the credentials to ProcessStartInfo, but now I get an "Access is denied" error if I do not first call WindowsImpersonationContext.Undo(), and an "Logon failure: unknown username or bad password" error if I do call .Undo() before Process.Start(). I have triple-checked that the username/password/domain is correct, for multiple accounts.
If my code has no LogonUser() or WindowsIdentity.Impersonate() calls (and no credentials in ProcessStartInfo), then I don't have a problem with the batch file executing and output from batch file being captured.
I am able to run the batch file from the desktop successfully, either as the local admin or an arbitrary local user account. I can see its permissions show that it should be readable/executable from the accounts I am trying to run it. This is really quite the stumper; any help is appreciated.
The problem was that I needed to redirect all 3 streams; I was only redirecting 2 (out, err, not in). That basically fixed things.
Are you looking for something like this?
Process proc = new Process();
proc.StartInfo.FileName = #"C:\WINNT\notepad.exe";
proc.StartInfo.UseShellExecute = false;
proc.StartInfo.CreateNoWindow = true;
proc.StartInfo.Domain = "mydomain.com"; // Domain of IIS Computer
proc.StartInfo.UserName = "kaung"; //Administrator for that computer
System.Security.SecureString password = new System.Security.SecureString();
password.AppendChar('m'); //Password
password.AppendChar('y');
password.AppendChar('p');
password.AppendChar('a');
password.AppendChar('s');
password.AppendChar('s');
password.AppendChar('w');
password.AppendChar('o');
proc.StartInfo.Password = password;
proc.Start();
Related
I have an application's shortcut on the desktop; the application works different according to the user permissions. What I want is to call the shortcut from the less privilegiated user and automatically access to the admin account hidding the admin's password to the current user. In this way, the normal user will have access to more options in the application without knowing another user's account data.
I have tried creating bat files, but the password can be seen easily. I am looking the way to do it with VB but I'm not sure if this is the best option. This software does what I want, the thing is that isn't free.
https://4sysops.com/archives/run-a-program-with-administrator-rights-runasspc-cpau-and-steel-run-as-compared/
http://www.robotronic.de/runasspcEn.html
Thanks for the help.
#Create a Desktop Shortcut with Windows PowerShell
If(!$ShortcutFileName)
{
$ShortcutFileName = (Get-Item $TargetFile).Basename
}
$ShortcutFile = "$env:Public\Desktop\$ShortcutFileName.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
#Run as different user, saves the password
$a="runas.exe /savecred /user:$RunAsUser ""$TargetFile"""
$Shortcut.TargetPath = "runas.exe"
$Shortcut.Arguments = "/savecred /user:$RunAsUser ""$TargetFile"""
$Shortcut.IconLocation = $TargetFile
$Shortcut.Save()
You can download detail SQL script from how to create a shortcut to run an application as a different user(PowerShell)
I have an application developed in vb.net which needs administrator privileges. I have set level = "requireAdministrator" in the application manifest. My client wants this application to be run by a local user due to some restrictions in their organization. So I created another ‘Launcher’ application which will actually save an administrator credentials in an encrypted format and will use the saved credentials to run the ‘Original’ application.
Everything works fine if I’m using the ‘Administrator’ account (Built-in account). But if I’m using the credentials of the manually created administrator account – the process.start () line is throwing an error “The requested operation requires elevation”
I really couldn’t identify the difference between the built-in administrator and manually created administrator account. I confirmed that both the users (built-in and manually created) are members of Administrators and HomeUsers. I tried all possibilities by creating different users with different user groups and even with different OS (windows 7 and Windows 10 – both 32 and 64 bit versions) – but, all are working in the same manner as explained above. Is there anything that I have to change in my code?
Dim psi As New System.Diagnostics.ProcessStartInfo()
psi.FileName = (AppToStart)
psi.RedirectStandardError = True
psi.RedirectStandardOutput = True
psi.CreateNoWindow = True
psi.UseShellExecute = False
psi.UserName = TbUser.Text
psi.Password = ConvertToSecureString(TbPass.Text)
psi.Domain = ""
Dim p As Process = Process.Start(psi)
Additional Info: Here I'm running this 'Launcher' application as a standard user (not administrator) and the application works well and it really elevates the privileges if
TbUser.Text = “Administrator” and
TbPass.Text = 123 (Administrator password).
But this is not elevating privileges if
TbUser.Text = “Adminuser” (which is also an administrator belongs to the same ‘Administrators’ group) and
TbPass.Text = 321 (password for Adminuser).
Unfortunately you can't do this and here is why...
Basically verb isn't recognized when psi.UseShellExecute = False, this would need to be psi.UseShellExecute = True. You are doing this while trying to use runas as an elevated permission.
In your situation, you would not use the verb = runas, make sure the application has already been started with the correct permissions.
Please see more here about elevating privileges, Hans Passant say's it best...
I am having an issue trying to query the ScriptDb of a resource file in Google Apps Script. I create a script file (file1), add it as a resource to another script file (file2). I call file1 from file2 to return a handle to its ScriptDb. This works fine. I then try to query the ScriptDb but have a permissions error returned.
Both files owned by same user and in same google environment
See code below:
file 1:
function getMyDb() {
return ScriptDb.getMyDb;
}
file 2 (references file1):
function getDataFromFile1() {
var db = file1.getMyDb(); // This works
var result = db.query({..............}); // This results in a permissions error!
}
I am at a loss to understand why I can access file1 and get back a handle on the ScriptDb, but then am not able to query it, due to an permissions issue.
I have tried to force file1 to require re-authorization, but have not yet been successful. I tried adding a new function and running it, so any suggestions there would be gratefully received.
Thanks in advance
Chris
There appears to be an error in file1/line2. It says "return ScriptDb.getMyDb;" but it should say "return ScriptDb.getMyDb();"
If you leave out the ()s then when you call file1 as a library, file1.getMyDb() will return a function which you store in var db. Then the line var result = db.query({..............}) results in an error because there is no method "query" in the function.
Is that what's causing your error?
I have figured out what the problem was, a misunderstanding on my part regarding authorisation. I was thinking of it in terms of file permissions, when in fact that problem was that my code was not authorised to run the DbScript service. As my code calls a different file and receives back a pointer to a ScriptDb database it is not using the ScriptDb service, so then when it calls the db.query() it invokes the ScriptDb service, for which it is not authorised.
To resolve this I just had to create a dummy function and make a ScriptDb.getMyDb() call, which triggered authorisation for the service. The code then worked fine.
Thanks for the input though.
Chris
This code executes "handbrakecli" (a command line application) and places the output into a string:
Dim p As Process = New Process
p.StartInfo.FileName = "handbrakecli"
p.StartInfo.Arguments = "-i [source] -o [destination]"
p.StartInfo.UseShellExecute = False
p.StartInfo.RedirectStandardOutput = True
p.Start
Dim output As String = p.StandardOutput.ReadToEnd
p.WaitForExit
The problem is that this can take up to 20 minutes to complete during which nothing will be reported back to the user. Once it's completed, they'll see all the output from the application which includes progress details. Not very useful.
Therefore I'm trying to find a sample that shows the best way to:
Start an external application (hidden)
Monitor its output periodically as it displays information about it's progress (so I can extract this and present a nice percentage bar to the user)
Determine when the external application has finished (so I can't continue with my own applications execution)
Kill the external application if necessary and detect when this has happened (so that if the user hits "cancel", I get take the appropriate steps)
Does anyone have any recommended code snippets?
The StandardOutput property is of type StreamReader, which has methods other than ReadToEnd.
It would be more code, but if you used the Read method, you could do other things like provide the user with the opportunity to cancel or report some type of progress.
Link to Read Method with code sample:
http://msdn.microsoft.com/en-us/library/ath1fht8(v=VS.90).aspx
Edit:
The Process class also has a BeginOutputReadLine method which is an asynchronous method call with callback.
http://msdn.microsoft.com/en-us/library/system.diagnostics.process.beginoutputreadline(v=VS.90).aspx
I am writing a launcher program, and when I go to start the process I get the "The directory name is invalid" error. Here is the code that is launching the process:
Const DEBUG_ROOT = _
"Z:\Kiosk_JC\KioskSignIn.root\KioskSignIn\KioskSignIn\KioskSignIn\bin\Debug"
Dim oKiosk As New System.Diagnostics.Process
oKiosk.StartInfo.UserName = oEnc.Decrypt(Username)
oKiosk.StartInfo.Password = oEnc.DecryptSecure(Password)
oKiosk.StartInfo.Domain = oEnc.Decrypt(Domain)
''// The AddBS function appends a '\' to the passed string if it is not present
oKiosk.StartInfo.WorkingDirectory = AddBS(DEBUG_ROOT)
oKiosk.StartInfo.FileName = "KioskSignIn.exe"
oKiosk.StartInfo.UseShellExecute = False
Dim proc As Process = Nothing
proc = System.Diagnostics.Process.Start(oKiosk.StartInfo)
I saw on another question here that I needed to set the WorkingDirectory (before I started searching I was getting the error). Even though I have this property set, I am still getting the error. Any thoughts?
More info
I should also note that my Z:\ is a on my network. I have a function that resolves a path to UNC. When I ran this function on DEBUG_ROOT, I get the same error.
I tried moving the application to c:\kiosk. Same result. I am logged in as the user I am impersonating, so I have access to all shares and files.
Here is the link, for some reason the URL formating wants to consume all the text after the link is designated:
Referred Post
Mapped drives are per-user. You are likely starting the process with a different user.
Sounds like the process can't see the Z: drive or doesn't have security access. What user context does the app run under? Perhaps the Z: drive is not available in that context.
I got the same error as you do. most likely the user you use to run the process does not have access to specified resource (exe file)
try to move your exe to some other location and/or give your user access rights to the file.