[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.4

Execute Command as Logged On User

Asked by TechSinger in Microsoft Windows Operating Systems, Microsoft Visual Basic.Net

Tags: Windows, System Account, Logged On User, Credentials

Hello,

I have written a script to install some software onto thousands of computers in our environment.  We are using a software deployment tool to push the script to these computers.  Since most users in our environment do not have Admin right to their computers, we have the tool push the installation using the Local System account to allow Admin rights for the installation.

The problem I am having is that once the installation is complete, the script I am writing needs to launch the client that was just installed in the background.  I have added the code to launch the client after the installation to my script and it work just fine when I run it straight from the computer, but it doesn't when it is pushed by the deployment tool.

I have narrowed the problem down to the fact that the launching of the client needs to be done under the credential of the Logged On User and since the distribution tool pushes the script under the Local System Account, it doesn't work.  I have verified this by opening a Command Prompt under a different user and try to launch the client and it doesn't launch.

I would like to use a utility that is native to Windows or the Windows Resource Kit to be able to perform this Launce such as RunAs, but I haven't found a syntax that will work for me, and since the Logged On User is already logged on, I should not need the password to launch something under those credentials.

If there is not a utility native to Windows or Windows Resource Kit, I am not opposed to creating my own utility.   I have seen code on this site at:
http://www.experts-exchange.com/Programming/Languages/CPP/Q_20930458.html
which looks like it is in Visual C++.  I am not familiar enough with C++ to implement the code myself, but I am familiar with Visual Basic .NET and have created several other utilities in Visual Basic.

I have made my best attempt to rewrite the code mentioned above into Visual Basic .NET.  It seems to go through without any errors.  I have written it to execute the whole command line after the executable using the shell command.  It appears to launch any normal command I give it, but it is still not launching the client that I need it too if I am in a command line under a different user than the one logged on.

My first choice would be to have a utility as I talked about that could perform this action without needing a password.  But I would also like anyone to look at the code I have attached to see if there is anything I need to change with it.

Thanks in advance for any help.
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:

Private Declare Function ImpersonateLoggedOnUser Lib "advapi32.dll" (ByVal hToken As Long) As Long
    Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, _
    ByRef TokenHandle As Long) As Boolean
    Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal blnheritHandle As Boolean, ByVal dwAppProcessId As Long) As Long
    Private Const READ_CONTROL As Long = &H20000
    Private Const STANDARD_RIGHTS_ALL As Long = &H1F0000
    Private Const STANDARD_RIGHTS_EXECUTE As Long = (READ_CONTROL)
    Private Const STANDARD_RIGHTS_READ As Long = (READ_CONTROL)
    Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
    Private Const STANDARD_RIGHTS_WRITE As Long = (READ_CONTROL)
 
    Private Const TOKEN_ASSIGN_PRIMARY As Long = &H1
    Private Const TOKEN_DUPLICATE As Long = &H2
    Private Const TOKEN_IMPERSONATE As Long = &H4
    Private Const TOKEN_QUERY As Long = &H8
    Private Const TOKEN_QUERY_SOURCE As Long = &H10
    Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20
    Private Const TOKEN_ADJUST_GROUPS As Long = &H40
    Private Const TOKEN_ADJUST_DEFAULT As Long = &H80
    Private Const TOKEN_ALL_ACCESS As Long = TOKEN_ASSIGN_PRIMARY _
      + TOKEN_DUPLICATE + TOKEN_IMPERSONATE + TOKEN_QUERY _
      + TOKEN_QUERY_SOURCE + TOKEN_ADJUST_PRIVILEGES _
      + TOKEN_ADJUST_GROUPS + TOKEN_ADJUST_DEFAULT
    Private Const TOKEN_READ As Long = (STANDARD_RIGHTS_READ Or TOKEN_QUERY)
    Private Const TOKEN_WRITE As Long = (STANDARD_RIGHTS_WRITE Or TOKEN_ADJUST_PRIVILEGES Or _
                                 TOKEN_ADJUST_GROUPS Or TOKEN_ADJUST_DEFAULT)
    Private Const TOKEN_EXECUTE As Long = (STANDARD_RIGHTS_EXECUTE)
    Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
 
 
    Function main(ByVal agrs() As String) As Integer
        Dim ret As Integer = 0
        Dim lToken As Long = GetTokenOfLoggedOnUser()
        Console.WriteLine("The lToken is " + CStr(lToken))
        If lToken = -1 Then
            Return 99
        End If
        ImpersonateLoggedOnUser(lToken)
        Dim cmdLine As String = Environment.CommandLine.Substring(Environment.GetCommandLineArgs(0).Length + 1)
        Shell(cmdLine)
        Return ret
    End Function
    Function ExplorerPID() As Long
        Dim ret As Long = -1
        Dim UObj, colComputer, objComputer As Object
        Dim Task As String
        Try
            UObj = GetObject("winmgmts:" _
            + "{impersonationLevel=impersonate}!\\.\root\cimv2")
            colComputer = UObj.ExecQuery _
            ("Select * from Win32_Process")
            Task = "None"
            For Each objComputer In colComputer
                Task = objComputer.Name
                If Task.ToLower.Contains("explorer") Then
                    ret = objComputer.ProcessID
                End If
            Next
        Catch ex As Exception
            ret = -1
        End Try
        Return ret
    End Function
    Function GetTokenOfLoggedOnUser() As Long
        Dim epid As Long = ExplorerPID()
        Dim hProcess As Long = OpenProcess(PROCESS_ALL_ACCESS, True, epid)
        Dim hToken As Long = 0
        Dim optResult As Boolean = OpenProcessToken(hProcess, TOKEN_EXECUTE Or TOKEN_READ _
        Or TOKEN_QUERY Or TOKEN_ASSIGN_PRIMARY Or TOKEN_QUERY_SOURCE Or TOKEN_WRITE Or TOKEN_DUPLICATE, _
        hToken)
        If hToken < 1 Or Not optResult Then
            Return -1
        End If
        Return hToken
    End Function
Related Solutions: Has anyone found a way for this to work for the Local Administrator?
[+][-]01/07/09 02:43 PM, ID: 23320405Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01/07/09 02:59 PM, ID: 23320540Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01/07/09 05:01 PM, ID: 23321270Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01/09/09 08:07 AM, ID: 23336882Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01/14/09 10:50 AM, ID: 23376009Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02/02/09 12:36 PM, ID: 23531040Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Microsoft Windows Operating Systems, Microsoft Visual Basic.Net
Tags: Windows, System Account, Logged On User, Credentials
Sign Up Now!
Solution Provided By: TechSinger
Participating Experts: 1
Solution Grade: A
 
 
Loading Advertisement...
20091021-EE-VQP-81 - Hierarchy / EE_QW_EXPERT_20070906