Solved

Execute scheduled task remotely by non-admin

Posted on 2007-11-27
6
3,784 Views
Last Modified: 2008-02-01
I have a batch file on a windows 2000 server which i need an end user to run manually without having server admin rights. I setup a scheduled task on the server which runs the batch file using an admin account and i can start the scheduled task remotely myself using psexec but the user does not have rights to start the scheduled task and gets an 'access denied' trying to psexec the task. I have tried using cacls to give the user full rights to the windows/tasks folder but still denied. I obviously dont want to put a username/password in the psexec command as that will give the end user the login details. Ive spent the last 2 hours going through experts exchange for an answer without any luck.
0
Comment
Question by:Erron
  • 3
  • 2
6 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 20362796
No easy answer/

You need a compiled- encrypted script to protect the user/ password.

A free one that compiles but does not encrypt is

auto-it Free scripting tool, keyboard macros, compiled option

http://www.autoitscript.com/autoit3/


Other option is to use a scheduled task.

I hope this helps !
0
 
LVL 29

Expert Comment

by:matrixnz
ID: 20362867
Hi Erron

Little confused, is it an actual scheduled task or is it just a batch file that you wish to run remotely?  Any reason why you can't use the system account to run the batch?

Cheers
0
 

Author Comment

by:Erron
ID: 20362913
either way matrixnz, ive setup a scheduled task which uses an admin account to run the batch file, but the the problem is giving a non-admin access to run that scheduled task.
As this is a sensitive server, we cannot give the end user any access other than to run the scheduled task or execute the batch file on the server.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 29

Expert Comment

by:matrixnz
ID: 20364969
Hi Erron

What I meant was a Windows Scheduled Task runs on a Schedule automatically for e.g. once a day, once every hour etc.. as either the system account or a user account.  However I now assume that this isn't a Windows Scheduled Task, if this is the case personally I'd find check what the script requires access to i.e. registry, system etc.. then assign a domain group to these objects, then add only the users you require to have access to this group, those users should then be able to run the batch file manually.  Another method as SysExpert suggested was using something like AutoIT to runas xyz user, if you wish to do this, then I'd recommend creating a local user which is a member of the local administrators group, if possible then using the script to runas this user.

An AutoIT Script would look something like the following (see below)
Note: @Computername can be changed to your domain if you wish to use a domain account

Once completed, just right click your script and select compile, this will create an exe within the same folder as your script.

Hope that helps.

Cheers
#NoTrayIcon
 
RunAsSet("Administrator", @Computername, 'my password goes here')
 
RunWait(@Comspec & ' /c "C:\Data\MyScript.CMD"', '')
 
RunAsSet()

Open in new window

0
 

Author Comment

by:Erron
ID: 20379613
Thanks MatrixNZ, getting there, i do mean the windows scheduled task but it really is getting messy, AutoIT may be the way then by the sound of it, here is what i have but it runs the file locally on the pc im running the autoit build on, how do i get it to run the bat file on the host server using the credentials in RunAsSet (never used AutoIT before).

Note: point value raised.
$answer = MsgBox(4, "CHRIS Daily Backup", "Run Daily backup?")
 
If $answer = 7 Then
    MsgBox(0, "CHRIS Daily Backup", "OK.  Bye!")
    Exit
EndIf
 
TestFunc1()
 
MsgBox(0, "CHRIS Daily Backup", "Finished!")
Exit
 
Func TestFunc1()
	#NoTrayIcon
	RunAsSet("username", 'domain', 'password')
	RunWait(@Comspec & ' /c "\\servername\e$\bat\test.bat"', '')
	RunAsSet() 
EndFunc

Open in new window

0
 
LVL 29

Accepted Solution

by:
matrixnz earned 350 total points
ID: 20385547
Hi Erron

Very good for your first try, only change would be to have #NoTrayIcon at the top of the script, this removes the AutoIT debug icon from the system tray.

With regards to the question, the method mentitioned would be good if you were on the server, however to run it remotely, as you first suggested I'd use PSExec.  Just copy psexec.exe into the same folder as the script you can than use the following script and compile.

Hope that helps.

Cheers
#NoTrayIcon
 
$username   = "USERNAME"
$password   = "PASSWORD"
$servername = "\\SERVER"
$filename   = "E:\BAT\TEST.BAT"
 
$answer = MsgBox(4, "CHRIS Daily Backup", "Run Daily backup?")
 
If $answer = 7 Then
    MsgBox(0, "CHRIS Daily Backup", "OK.  Bye!")
    Exit
EndIf
 
RunWait(@Comspec & ' /c ' & @ScriptDir & '\psexec.exe ' & $servername & ' /i ' & $filename & ' -u ' & $username & ' -p ' & $password, '', @SW_HIDE)
 
MsgBox(0, "CHRIS Daily Backup", "Finished!")
Exit

Open in new window

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
Being a system administrator some time we require to do things remotely, one of them is installing software. Here I am going to tell you how to install software through wmic (Windows management instrument console). I am not at all saying that this i…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question