g_schrijver
asked on
how to give a user rights to kill a process via vbs
I have a logon script in vbs and need to kill the ctfmon.exe, add a registry key and then start the ctfmon.exe again.
This enables the language bar via Citrix. If I run this in Admin mode it works, as user i get an access denied. How can I assign the user the right to kill the process and start it again, using a vbs command?
This enables the language bar via Citrix. If I run this in Admin mode it works, as user i get an access denied. How can I assign the user the right to kill the process and start it again, using a vbs command?
objWshShell.Run "C:\WINNT\system32\pskill.exe ctfmon.exe"
langbar = "C:\Apps\User\Langbar"
Strlanguagebar = "C:\Apps\User\Langbar\languagebar.reg"
If objFSO.FolderExists(Langbar) Then
If objFSO.FileExists(languagebar) Then
objWshShell.Run "regedit.exe /s " & Chr(34) & Strlanguagebar & Chr(34), 0, True
If Err.number = 0 Then
WriteLog "++ This is a Singapore server. The import of the registry key 'LanguageBar' was successfull. The language bar will be displayed to all users"
WriteLog Empty
Else
WriteLog "-- The import of the registry key 'LanguageBar' was not successfull"
WriteLog Empty
End If
Else
WriteLog "Regkey does not exist"
End If
Else
WriteLog " No need for Language bar "
WriteLog Empty
End If
objWshShell.Run "C:\WINNT\system32\psexec.exe ctfmon.exe"
objWshShell.Run "C:\WINNT\system32\pskill.exe psexec.exe"
Have a look at these for more info on the above
RunAs using VBS
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr06/hey0428.mspx
PSEXEC
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
RunAs using VBS
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr06/hey0428.mspx
PSEXEC
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
ASKER
Hi Thanks for the quick response, but if I read correctly, this requires a password and username with administrative credentials to be passed in plain text.
What would be the target is to change the user rights in this part of the script to administrative rights, and after this section is done, set them beack to normal user rights
(like you can do with cacls. The problem is I do not know how to do this for a process)
What would be the target is to change the user rights in this part of the script to administrative rights, and after this section is done, set them beack to normal user rights
(like you can do with cacls. The problem is I do not know how to do this for a process)
I dont fully understand but from what i understand..
Processes are usually services running
(Start->Run->Services.msc)
If you look at the "log on as" column, you can see which user the process is running under
You can use the "SC" command from the command prompt to change this/stop/start this service - better to stop start it this way than kill the service as per you script.
Processes are usually services running
(Start->Run->Services.msc)
If you look at the "log on as" column, you can see which user the process is running under
You can use the "SC" command from the command prompt to change this/stop/start this service - better to stop start it this way than kill the service as per you script.
ASKER
Hello Thanks for the answer,
OK I will try to explain more detailed
We have users in APAC that need different languages via a citrix connection. The target is to get the language bar in the ICA session when the user logs on.
I have found ou t he registry keys and exported them. Now the target is to import the keys during the userlogon - which is not the problem - and then restart the process ctfmon.exe, to have the new reg settings read and the languagebar to be shown floating.
Now the problem is to stop the process ctfmon.exe, as this is not a service ( at least not that I am aware of). Therefore I use PSKill.exe and after inserting the reg key, psexec.exe to start it again. Problem here is that the user does not have the rights on the server to do so. That is why I have to raise the user rights to administrative rights, get the reg keys inserted, start ctfmon.exe and then set the users rights back to normal user
If anyonbe has a better or more simple idea, please ... Open for suggestions.
OK I will try to explain more detailed
We have users in APAC that need different languages via a citrix connection. The target is to get the language bar in the ICA session when the user logs on.
I have found ou t he registry keys and exported them. Now the target is to import the keys during the userlogon - which is not the problem - and then restart the process ctfmon.exe, to have the new reg settings read and the languagebar to be shown floating.
Now the problem is to stop the process ctfmon.exe, as this is not a service ( at least not that I am aware of). Therefore I use PSKill.exe and after inserting the reg key, psexec.exe to start it again. Problem here is that the user does not have the rights on the server to do so. That is why I have to raise the user rights to administrative rights, get the reg keys inserted, start ctfmon.exe and then set the users rights back to normal user
If anyonbe has a better or more simple idea, please ... Open for suggestions.
so somehow you have to escalate the users privlidge temporarly to run the script and set it back.
To be honest, without eiher providing the user with more rights or running the script with escalted right, not sure how you would do this.
Do the users leave the computers on in the evening - If so you could scedule a task remotly to run the script using any user.
schtasks /create /?
Other than that, I am a a loss.
To be honest, without eiher providing the user with more rights or running the script with escalted right, not sure how you would do this.
Do the users leave the computers on in the evening - If so you could scedule a task remotly to run the script using any user.
schtasks /create /?
Other than that, I am a a loss.
ASKER
Hello Anil,
The problem the users work different hours, but my biggest problem is that the profiles are beieng deleted every night on the citrix server. Therefore it has to be recreated every day. :-(
Is there an API maybe that i can try?...
The problem the users work different hours, but my biggest problem is that the profiles are beieng deleted every night on the citrix server. Therefore it has to be recreated every day. :-(
Is there an API maybe that i can try?...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Guys,
thanks for the info's. I'll get started with this right away. The CPAU and the access denied function are the most promising. I'll let you know if it worked
thanks for the info's. I'll get started with this right away. The CPAU and the access denied function are the most promising. I'll let you know if it worked
ASKER
Hi, The good news is it s working on my local machine, but the bad news is, it will not show in a Citrix session (yet).
I have created the following script that actually does the trick (locally at least). The access to the ctfmon and psexec file are apparently ok, as the script does not halt or bring an error.
The wscript.echo are actually log entries, but for the functionality i have renamed them to wscript.echo.
The solution though in not found yet. I will continue the quest and keep you informed.
Thanks
I have created the following script that actually does the trick (locally at least). The access to the ctfmon and psexec file are apparently ok, as the script does not halt or bring an error.
The wscript.echo are actually log entries, but for the functionality i have renamed them to wscript.echo.
The solution though in not found yet. I will continue the quest and keep you informed.
Thanks
Option Explicit
Dim langbar, Strlanguagebar, objWshShell, objFSO, strUsr,strcacls,strProcess,colProcessList,objProcess
Set objWshShell = CreateObject("WScript.Shell") ' create WshShell object
Set objFSO = CreateObject("Scripting.FileSystemObject") ' create FSO object
strUsr = objWshShell.ExpandEnvironmentStrings("%USERNAME%")
strProcess = "ctfmon.exe"
Set colProcessList = GetObject("winmgmts:").ExecQuery ("Select * from Win32_Process Where Name ='" & strProcess & "'")
For Each objProcess In colProcessList
objProcess.Terminate()
Next
WScript.Echo " The process " & strProcess & " has been killed successfully"
Set colProcessList = Nothing
langbar = "C:\Apps\User\Langbar"
Strlanguagebar = "C:\Apps\User\Langbar\languagebar.reg"
If objFSO.FolderExists(Langbar) Then
If objFSO.FileExists(STRlanguagebar) Then
objWshShell.Run "regedit.exe /s " & Chr(34) & Strlanguagebar & Chr(34), 0, True
If Err.number = 0 Then
WScript.echo "++ This is a Singapore server. The import of the registry key 'LanguageBar' was successfull. The language bar will be displayed to all users"
WScript.echo Empty
Else
WScript.echo "-- The import of the registry key 'LanguageBar' was not successfull"
WScript.echo Empty
End If
Else
WScript.echo "Regkey does not exist"
End If
Else
WScript.echo " No need for Language bar "
WScript.echo Empty
End If
objWshShell.Run "cmd /c C:\apps\user\langbar\psexec.exe C:\WINNT\SYSTEM32\ctfmon.exe"
objWshShell.run Chr(34) & "C:\Program Files\Microsoft Office\Office10\winword.exe" & Chr(34)
I don't do this kind of stuff on windows systems - I saw the help request from modus_operandi, and thought I'd try to help.
Anyways... I'll try some more. When you say:
>>it will not show in a Citrix session
I'm not sure what this means.
There are 3 steps:
1) kill process
2) update registry
3) restart process
Which of these work? If you have your code only kill the process, can you verify the the process was killed?
If you then have your code kill the process, then update the registry, can you verify the registry was updated?
Anyways... I'll try some more. When you say:
>>it will not show in a Citrix session
I'm not sure what this means.
There are 3 steps:
1) kill process
2) update registry
3) restart process
Which of these work? If you have your code only kill the process, can you verify the the process was killed?
If you then have your code kill the process, then update the registry, can you verify the registry was updated?
ASKER
Thanks... I have the language bar now where I want to have it. I have used this VB script that i have created . Thank you all for being so supportive
Option Explicit
'Define the variables
Dim langbar, Strlanguagebar, objWshShell, objFSO, strUsr,strcacls,strProcess,colProcessList,objProcess,strUserDomain
'Set the objects
Set objWshShell = CreateObject("WScript.Shell") ' create WshShell object
Set objFSO = CreateObject("Scripting.FileSystemObject") ' create FSO object
'Set the variables
strUsr = objWshShell.ExpandEnvironmentStrings("%USERNAME%")
strUserDomain = objWshShell.ExpandEnvironmentStrings ("%USERDOMAIN%")
langbar = "C:\Apps\User\Langbar"
Strlanguagebar = "C:\Apps\User\Langbar\languagebar.reg"
'Strlanguagebar = "languagebar.reg"
'set the access rights on the files needed in the process
objWshShell.Run "c:\winnt\system32\cscript.exe c:\apps\user\langbar\xcacls.vbs C:\WINNT\System32\ctfmon.exe /E /G " & strUserDomain & "\" & strUsr & ":F /Q",0,True
'stop the ctfmon.exe before inserting the registry keys
strProcess = "ctfmon.exe"
Set colProcessList = GetObject("winmgmts:").ExecQuery ("Select * from Win32_Process Where Name ='" & strProcess & "'")
For Each objProcess In colProcessList
objProcess.Terminate()
Next
Set colProcessList = Nothing
'MsgBox Strlanguagebar
'Verify if the folder Langbar and the registry key exist. If yes import the registry key
If objFSO.FolderExists(Langbar) Then
If objFSO.FileExists(STRlanguagebar) Then
objWshShell.Run "regedit.exe /s " & Chr(34) & Strlanguagebar & Chr(34), 0, True
If Err.number = 0 Then
writelog "++ This is a Singapore server. The import of the registry key 'LanguageBar' was successfull. The language bar will be displayed to all users"
writelog Empty
Else
writelog "-- The import of the registry key 'LanguageBar' was not successfull"
writelog Empty
End If
Else
writelog "Regkey does not exist"
End If
Else
writelog "No need for Language bar "
writelog Empty
End If
'Start the executable 'ctfmon.exe'
objWshShell.Run "C:\WINNT\SYSTEM32\ctfmon.exe"
'writelog Err.number
objWshShell.Run "c:\winnt\system32\cscript.exe c:\apps\user\langbar\xcacls.vbs C:\WINNT\System32\ctfmon.exe /E /R " & strUserDomain & "\" & strUsr & " /Q",0,True
ASKER
I combined the answers and was able to achive my goal
or using psexec from sysinternals.com