Solved

Execute scheduled task remotely by non-admin

Posted on 2007-11-27
6
3,770 Views
Last Modified: 2008-02-01
I have a batch file on a windows 2000 server which i need an end user to run manually without having server admin rights. I setup a scheduled task on the server which runs the batch file using an admin account and i can start the scheduled task remotely myself using psexec but the user does not have rights to start the scheduled task and gets an 'access denied' trying to psexec the task. I have tried using cacls to give the user full rights to the windows/tasks folder but still denied. I obviously dont want to put a username/password in the psexec command as that will give the end user the login details. Ive spent the last 2 hours going through experts exchange for an answer without any luck.
0
Comment
Question by:Erron
  • 3
  • 2
6 Comments
 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
No easy answer/

You need a compiled- encrypted script to protect the user/ password.

A free one that compiles but does not encrypt is

auto-it Free scripting tool, keyboard macros, compiled option

http://www.autoitscript.com/autoit3/


Other option is to use a scheduled task.

I hope this helps !
0
 
LVL 29

Expert Comment

by:matrixnz
Comment Utility
Hi Erron

Little confused, is it an actual scheduled task or is it just a batch file that you wish to run remotely?  Any reason why you can't use the system account to run the batch?

Cheers
0
 

Author Comment

by:Erron
Comment Utility
either way matrixnz, ive setup a scheduled task which uses an admin account to run the batch file, but the the problem is giving a non-admin access to run that scheduled task.
As this is a sensitive server, we cannot give the end user any access other than to run the scheduled task or execute the batch file on the server.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 29

Expert Comment

by:matrixnz
Comment Utility
Hi Erron

What I meant was a Windows Scheduled Task runs on a Schedule automatically for e.g. once a day, once every hour etc.. as either the system account or a user account.  However I now assume that this isn't a Windows Scheduled Task, if this is the case personally I'd find check what the script requires access to i.e. registry, system etc.. then assign a domain group to these objects, then add only the users you require to have access to this group, those users should then be able to run the batch file manually.  Another method as SysExpert suggested was using something like AutoIT to runas xyz user, if you wish to do this, then I'd recommend creating a local user which is a member of the local administrators group, if possible then using the script to runas this user.

An AutoIT Script would look something like the following (see below)
Note: @Computername can be changed to your domain if you wish to use a domain account

Once completed, just right click your script and select compile, this will create an exe within the same folder as your script.

Hope that helps.

Cheers
#NoTrayIcon
 

RunAsSet("Administrator", @Computername, 'my password goes here')
 

RunWait(@Comspec & ' /c "C:\Data\MyScript.CMD"', '')
 

RunAsSet()

Open in new window

0
 

Author Comment

by:Erron
Comment Utility
Thanks MatrixNZ, getting there, i do mean the windows scheduled task but it really is getting messy, AutoIT may be the way then by the sound of it, here is what i have but it runs the file locally on the pc im running the autoit build on, how do i get it to run the bat file on the host server using the credentials in RunAsSet (never used AutoIT before).

Note: point value raised.
$answer = MsgBox(4, "CHRIS Daily Backup", "Run Daily backup?")
 

If $answer = 7 Then

    MsgBox(0, "CHRIS Daily Backup", "OK.  Bye!")

    Exit

EndIf
 

TestFunc1()
 

MsgBox(0, "CHRIS Daily Backup", "Finished!")

Exit
 

Func TestFunc1()

	#NoTrayIcon

	RunAsSet("username", 'domain', 'password')

	RunWait(@Comspec & ' /c "\\servername\e$\bat\test.bat"', '')

	RunAsSet() 

EndFunc

Open in new window

0
 
LVL 29

Accepted Solution

by:
matrixnz earned 350 total points
Comment Utility
Hi Erron

Very good for your first try, only change would be to have #NoTrayIcon at the top of the script, this removes the AutoIT debug icon from the system tray.

With regards to the question, the method mentitioned would be good if you were on the server, however to run it remotely, as you first suggested I'd use PSExec.  Just copy psexec.exe into the same folder as the script you can than use the following script and compile.

Hope that helps.

Cheers
#NoTrayIcon
 

$username   = "USERNAME"

$password   = "PASSWORD"

$servername = "\\SERVER"

$filename   = "E:\BAT\TEST.BAT"
 

$answer = MsgBox(4, "CHRIS Daily Backup", "Run Daily backup?")

 

If $answer = 7 Then

    MsgBox(0, "CHRIS Daily Backup", "OK.  Bye!")

    Exit

EndIf

 

RunWait(@Comspec & ' /c ' & @ScriptDir & '\psexec.exe ' & $servername & ' /i ' & $filename & ' -u ' & $username & ' -p ' & $password, '', @SW_HIDE)
 

MsgBox(0, "CHRIS Daily Backup", "Finished!")

Exit

Open in new window

0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
Using dates in 'DOS' batch files has always been tricky as it has no built in ways of extracting date information.  There are many tricks using string manipulation to pull out parts of the %date% variable or output of the date /t command but these r…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now