Solved

Execute scheduled task remotely by non-admin

Posted on 2007-11-27
6
3,791 Views
Last Modified: 2008-02-01
I have a batch file on a windows 2000 server which i need an end user to run manually without having server admin rights. I setup a scheduled task on the server which runs the batch file using an admin account and i can start the scheduled task remotely myself using psexec but the user does not have rights to start the scheduled task and gets an 'access denied' trying to psexec the task. I have tried using cacls to give the user full rights to the windows/tasks folder but still denied. I obviously dont want to put a username/password in the psexec command as that will give the end user the login details. Ive spent the last 2 hours going through experts exchange for an answer without any luck.
0
Comment
Question by:Erron
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 20362796
No easy answer/

You need a compiled- encrypted script to protect the user/ password.

A free one that compiles but does not encrypt is

auto-it Free scripting tool, keyboard macros, compiled option

http://www.autoitscript.com/autoit3/


Other option is to use a scheduled task.

I hope this helps !
0
 
LVL 29

Expert Comment

by:matrixnz
ID: 20362867
Hi Erron

Little confused, is it an actual scheduled task or is it just a batch file that you wish to run remotely?  Any reason why you can't use the system account to run the batch?

Cheers
0
 

Author Comment

by:Erron
ID: 20362913
either way matrixnz, ive setup a scheduled task which uses an admin account to run the batch file, but the the problem is giving a non-admin access to run that scheduled task.
As this is a sensitive server, we cannot give the end user any access other than to run the scheduled task or execute the batch file on the server.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 29

Expert Comment

by:matrixnz
ID: 20364969
Hi Erron

What I meant was a Windows Scheduled Task runs on a Schedule automatically for e.g. once a day, once every hour etc.. as either the system account or a user account.  However I now assume that this isn't a Windows Scheduled Task, if this is the case personally I'd find check what the script requires access to i.e. registry, system etc.. then assign a domain group to these objects, then add only the users you require to have access to this group, those users should then be able to run the batch file manually.  Another method as SysExpert suggested was using something like AutoIT to runas xyz user, if you wish to do this, then I'd recommend creating a local user which is a member of the local administrators group, if possible then using the script to runas this user.

An AutoIT Script would look something like the following (see below)
Note: @Computername can be changed to your domain if you wish to use a domain account

Once completed, just right click your script and select compile, this will create an exe within the same folder as your script.

Hope that helps.

Cheers
#NoTrayIcon
 
RunAsSet("Administrator", @Computername, 'my password goes here')
 
RunWait(@Comspec & ' /c "C:\Data\MyScript.CMD"', '')
 
RunAsSet()

Open in new window

0
 

Author Comment

by:Erron
ID: 20379613
Thanks MatrixNZ, getting there, i do mean the windows scheduled task but it really is getting messy, AutoIT may be the way then by the sound of it, here is what i have but it runs the file locally on the pc im running the autoit build on, how do i get it to run the bat file on the host server using the credentials in RunAsSet (never used AutoIT before).

Note: point value raised.
$answer = MsgBox(4, "CHRIS Daily Backup", "Run Daily backup?")
 
If $answer = 7 Then
    MsgBox(0, "CHRIS Daily Backup", "OK.  Bye!")
    Exit
EndIf
 
TestFunc1()
 
MsgBox(0, "CHRIS Daily Backup", "Finished!")
Exit
 
Func TestFunc1()
	#NoTrayIcon
	RunAsSet("username", 'domain', 'password')
	RunWait(@Comspec & ' /c "\\servername\e$\bat\test.bat"', '')
	RunAsSet() 
EndFunc

Open in new window

0
 
LVL 29

Accepted Solution

by:
matrixnz earned 350 total points
ID: 20385547
Hi Erron

Very good for your first try, only change would be to have #NoTrayIcon at the top of the script, this removes the AutoIT debug icon from the system tray.

With regards to the question, the method mentitioned would be good if you were on the server, however to run it remotely, as you first suggested I'd use PSExec.  Just copy psexec.exe into the same folder as the script you can than use the following script and compile.

Hope that helps.

Cheers
#NoTrayIcon
 
$username   = "USERNAME"
$password   = "PASSWORD"
$servername = "\\SERVER"
$filename   = "E:\BAT\TEST.BAT"
 
$answer = MsgBox(4, "CHRIS Daily Backup", "Run Daily backup?")
 
If $answer = 7 Then
    MsgBox(0, "CHRIS Daily Backup", "OK.  Bye!")
    Exit
EndIf
 
RunWait(@Comspec & ' /c ' & @ScriptDir & '\psexec.exe ' & $servername & ' /i ' & $filename & ' -u ' & $username & ' -p ' & $password, '', @SW_HIDE)
 
MsgBox(0, "CHRIS Daily Backup", "Finished!")
Exit

Open in new window

0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using dates in 'DOS' batch files has always been tricky as it has no built in ways of extracting date information.  There are many tricks using string manipulation to pull out parts of the %date% variable or output of the date /t command but these r…
VALIDATING DATES One method of validating dates is to jam the date into the DATE command and see if it accepts it by examining the system's errorlevel value. A non-zero result indicates failure. A typical example might look something like the fol…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question