Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 781
  • Last Modified:

how to give a user rights to kill a process via vbs

I have a logon script in vbs and need to kill the ctfmon.exe, add a registry key and then start the ctfmon.exe again.
This enables the language bar via Citrix. If I run this in Admin mode it works, as user i get an access denied. How can I assign the user the right to kill the process and start it again, using a vbs command?
objWshShell.Run "C:\WINNT\system32\pskill.exe ctfmon.exe" 
 
langbar = "C:\Apps\User\Langbar" 
Strlanguagebar = "C:\Apps\User\Langbar\languagebar.reg" 
 
If objFSO.FolderExists(Langbar) Then 
        If objFSO.FileExists(languagebar) Then 
                objWshShell.Run "regedit.exe /s " & Chr(34) & Strlanguagebar & Chr(34), 0, True 
                        If Err.number = 0 Then 
                                WriteLog "++ This is a Singapore server. The import of the registry key 'LanguageBar' was  successfull. The language bar will be displayed to all users" 
                                WriteLog Empty 
                        Else 
                                WriteLog "-- The import of the registry key 'LanguageBar' was not successfull" 
                                WriteLog Empty 
                        End If 
        Else 
                WriteLog "Regkey does not exist" 
        End If 
Else 
        WriteLog "  No need for Language bar " 
        WriteLog Empty 
End If 
        
objWshShell.Run "C:\WINNT\system32\psexec.exe ctfmon.exe"         
objWshShell.Run "C:\WINNT\system32\pskill.exe psexec.exe"

Open in new window

0
g_schrijver
Asked:
g_schrijver
  • 7
  • 5
  • 2
2 Solutions
 
anil_uCommented:
Create a batch file to use the runas command to run the script above as admin
or using psexec from sysinternals.com
0
 
anil_uCommented:
0
 
g_schrijverAuthor Commented:
Hi Thanks for the quick response, but if I read correctly, this requires a password and username with administrative credentials to be passed in plain text.

What would be the target is to change the user rights in this part of the script to administrative rights, and after this section is done, set them beack to normal user rights

(like you can do with cacls. The problem is I do not know how to do this for a process)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
anil_uCommented:
I dont fully understand but from what i understand..

Processes are usually services running
(Start->Run->Services.msc)
If you look at the "log on as" column, you can see which user the process is running under

You can use the "SC" command from the command prompt to change this/stop/start this service - better to stop start it this way than kill the service as per you script.
0
 
g_schrijverAuthor Commented:
Hello Thanks for the answer,

OK I will try to explain more detailed

We have users in APAC that need different languages via a citrix connection. The target is to get the language bar in the ICA session when the user logs on.

I have found ou t he registry keys and exported them. Now the target is to import the keys during the userlogon - which is not the problem - and then restart the process ctfmon.exe, to have the new reg settings read and the languagebar to be shown floating.

Now the problem is to stop the process ctfmon.exe, as this is not a service ( at least not that I am aware of). Therefore I use PSKill.exe and after inserting the reg key, psexec.exe to start it again. Problem here is that the user does not have the rights on the server to do so. That is why I have to raise the user rights to administrative rights, get the reg keys inserted, start ctfmon.exe and then set the users rights back to normal user

If anyonbe has a better or more simple idea, please ... Open for suggestions.

0
 
anil_uCommented:
so somehow you have to escalate the users privlidge temporarly to run the script and set it back.

To be honest, without eiher providing the user with more rights or running the script with escalted right, not sure how you would do this.

Do the users leave the computers on in the evening - If so you could scedule a task remotly to run the script using any user.

schtasks /create /?

Other than that, I am a a loss.

0
 
g_schrijverAuthor Commented:
Hello Anil,

The problem the users work different hours, but my biggest problem is that the profiles are beieng deleted every night on the citrix server. Therefore it has to be recreated every day. :-(

Is there an API maybe that i can try?...
0
 
anil_uCommented:
I have requested help for this...

I have also had a look around and I think you were on the right track with ACL - in the following link, they should how you can deny access - in the same way, you could amend it to allow access to users.
http://andymorgan.wordpress.com/2008/07/18/how-do-i-remove-the-language-bar/

you could also add this to the default profile, then when a new user is created, they would have those changes.
0
 
Adam314Commented:
On unix type systems, you would do this with the set-user-id (suid) permission.  I did a google for "windows suid", and found some things that might be helpful, but don't have any experience with them directly.

Use the CreateProcessAsUser function:
    http://msdn.microsoft.com/en-us/library/ms682429.aspx

Use the CPAU program (I'm guessing named after above function call name):
    http://www.joeware.net/freetools/tools/cpau/index.htm
Basically a runas replacement, but allows you to store the password in an encrypted file.

There were many other results in google, but these looked like the most promising.
0
 
g_schrijverAuthor Commented:
Hi Guys,

thanks for the info's. I'll get started with this right away. The CPAU and the access denied function are the most promising. I'll let you know if it worked
0
 
g_schrijverAuthor Commented:
Hi, The good news is it s working on my local machine, but the bad news is, it will not show in a Citrix session (yet).

I have created the following script that actually does the trick (locally at least). The access to the ctfmon and psexec file are apparently ok, as the script does not halt or bring an error.
The wscript.echo are actually log entries, but for the functionality i have renamed them to wscript.echo.

The solution though in not found yet. I will continue the quest and keep you informed.
Thanks
Option Explicit 
Dim langbar, Strlanguagebar, objWshShell, objFSO, strUsr,strcacls,strProcess,colProcessList,objProcess 
 
Set objWshShell = CreateObject("WScript.Shell")                                                                ' create WshShell object 
Set objFSO = CreateObject("Scripting.FileSystemObject")                                                ' create FSO object 
strUsr = objWshShell.ExpandEnvironmentStrings("%USERNAME%") 
 
strProcess = "ctfmon.exe" 
Set colProcessList = GetObject("winmgmts:").ExecQuery ("Select * from Win32_Process Where Name ='" & strProcess & "'") 
For Each objProcess In colProcessList 
        objProcess.Terminate() 
        
Next 
WScript.Echo " The process " & strProcess & " has been killed successfully" 
Set colProcessList = Nothing 
 
langbar = "C:\Apps\User\Langbar" 
Strlanguagebar = "C:\Apps\User\Langbar\languagebar.reg" 
 
If objFSO.FolderExists(Langbar) Then 
        If objFSO.FileExists(STRlanguagebar) Then 
                objWshShell.Run "regedit.exe /s " & Chr(34) & Strlanguagebar & Chr(34), 0, True 
                        If Err.number = 0 Then 
                                WScript.echo "++ This is a Singapore server. The import of the registry key 'LanguageBar' was  successfull. The language bar will be displayed to all users" 
                                WScript.echo Empty 
                        Else 
                                WScript.echo "-- The import of the registry key 'LanguageBar' was not successfull" 
                                WScript.echo Empty 
                        End If 
        Else 
                WScript.echo "Regkey does not exist" 
        End If 
Else 
        WScript.echo " No need for Language bar " 
        WScript.echo Empty 
End If 
        
objWshShell.Run "cmd /c C:\apps\user\langbar\psexec.exe C:\WINNT\SYSTEM32\ctfmon.exe" 
 
objWshShell.run Chr(34) & "C:\Program Files\Microsoft Office\Office10\winword.exe" & Chr(34) 

Open in new window

0
 
Adam314Commented:
I don't do this kind of stuff on windows systems - I saw the help request from modus_operandi, and thought I'd try to help.

Anyways... I'll try some more.  When you say:
>>it will not show in a Citrix session
I'm not sure what this means.

There are 3 steps:
    1) kill process
    2) update registry
    3) restart process


Which of these work?  If you have your code only kill the process, can you verify the the process was killed?
If you then have your code kill the process, then update the registry, can you verify the registry was updated?
0
 
g_schrijverAuthor Commented:
Thanks... I have the language bar now where I want to have it. I have used this VB script that i have created . Thank you all for being so supportive
Option Explicit 
 
'Define the variables 
Dim langbar, Strlanguagebar, objWshShell, objFSO, strUsr,strcacls,strProcess,colProcessList,objProcess,strUserDomain 
 
'Set the objects 
Set objWshShell = CreateObject("WScript.Shell")                                                                ' create WshShell object 
Set objFSO = CreateObject("Scripting.FileSystemObject")                                                ' create FSO object 
 
'Set the variables 
strUsr = objWshShell.ExpandEnvironmentStrings("%USERNAME%") 
strUserDomain = objWshShell.ExpandEnvironmentStrings ("%USERDOMAIN%") 
langbar = "C:\Apps\User\Langbar" 
Strlanguagebar = "C:\Apps\User\Langbar\languagebar.reg" 
'Strlanguagebar = "languagebar.reg" 
 
'set the access rights on the files needed in the process 
objWshShell.Run "c:\winnt\system32\cscript.exe c:\apps\user\langbar\xcacls.vbs C:\WINNT\System32\ctfmon.exe /E /G " & strUserDomain & "\" & strUsr & ":F /Q",0,True 
 
'stop the ctfmon.exe before inserting the registry keys 
 
strProcess = "ctfmon.exe" 
Set colProcessList = GetObject("winmgmts:").ExecQuery ("Select * from Win32_Process Where Name ='" & strProcess & "'") 
 
For Each objProcess In colProcessList 
        objProcess.Terminate() 
Next 
 
Set colProcessList = Nothing 
'MsgBox Strlanguagebar 
'Verify if the folder Langbar and the registry key exist. If yes import the registry key 
If objFSO.FolderExists(Langbar) Then 
        If objFSO.FileExists(STRlanguagebar) Then 
                objWshShell.Run "regedit.exe /s " & Chr(34) & Strlanguagebar & Chr(34), 0, True 
                        If Err.number = 0 Then 
                                writelog "++ This is a Singapore server. The import of the registry key 'LanguageBar' was  successfull. The language bar will be displayed to all users" 
                                writelog Empty 
                        Else 
                                writelog "-- The import of the registry key 'LanguageBar' was not successfull" 
                                writelog Empty 
                        End If 
        Else 
                writelog "Regkey does not exist" 
        End If 
Else 
        writelog "No need for Language bar " 
        writelog Empty 
End If 
 
'Start the executable 'ctfmon.exe' 
objWshShell.Run "C:\WINNT\SYSTEM32\ctfmon.exe" 
'writelog Err.number 
objWshShell.Run "c:\winnt\system32\cscript.exe c:\apps\user\langbar\xcacls.vbs C:\WINNT\System32\ctfmon.exe /E /R " & strUserDomain & "\" & strUsr & " /Q",0,True

Open in new window

0
 
g_schrijverAuthor Commented:
I combined the answers and was able to achive my goal
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now