Solved

How can I run a vb.net application as a "startup script" before logon with an administrator account?

Posted on 2009-04-06
10
758 Views
Last Modified: 2012-08-14
Hi,

I'm working on a VB.Net application that runs before the logon. The application visualizes and configures the behaviour of a service. For certain reasons it should run before logon (as well as after).
At the moment the application runs as "Local System". The application should read the registry of remote PCs and also check the state of a service of remote PCs. Therefore administrator priviledges are needed.

I tried to restart the application with "CreateProcessWithLogonW" from "Advapi32" and the System.Diagnostics.Process class. But without success.
If logged in it works.

To start my application a batch file is registered in the GPO.

What is the best way to do this?
It should work on all OperatingSystems after XP and Server 2003

Thanks
0
Comment
Question by:Andreas9
10 Comments
 
LVL 14

Expert Comment

by:theras2000
ID: 24078459
I dond't know how to get it to run before login, but if you don't get a good answer, you could probably just set the service to manual starting mode, and then use a 'net start' command in your batch file to start it after your script.
0
 
LVL 15

Expert Comment

by:spprivate
ID: 24078582
You can use Autoexec.bat to put in a command line

Also you can create a service and make it run  under the local system account.
Here are few tips

http://www.tech-recipes.com/rx/1288/how-to-run-applications-in-the-local-system-account-lsa/
0
 
LVL 17

Expert Comment

by:Jared Luker
ID: 24078666
Creating a startup script via GPO is the best way to make this happen.  This is the way that  do many things pre-login here at the site that I support.

Create a GPO that establishes a startup script.  Use that startup script to call your vb.net application and it will run in the context of the system account wth full admin rights.

Enjoy!
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:Andreas9
ID: 24079221
Dear jared_luker

Thanks. I need access rights on remote computers (registry, service status). Therefore I need my application to run as a certain user account (Administrator). With the system account it does not work.
0
 
LVL 17

Expert Comment

by:Jared Luker
ID: 24079439
I can't say for sure, but I bet it would still work in a startup script.  The system account is domain based if I remember correctly.
0
 

Author Comment

by:Andreas9
ID: 24090124
The system account has only local administrative rights. No network access is possible.
The target computer is normaly not in a domain.

Is impersonation a possibility? How does this work?
0
 

Author Comment

by:Andreas9
ID: 24094326
I found out how to do the impersonation and it works.

I found an example in the Internet that I could use. See attachment

Code Snippet
Public Class AliasAccount
 
Private _username, _password, _domainname As String
 
Private _tokenHandle As New IntPtr(0)
 
Private _dupeTokenHandle As New IntPtr(0)
 
Private _impersonatedUser As System.Security.Principal.WindowsImpersonationContext
 
 
 
Public Sub New(ByVal username As String, ByVal password As String)
 
Dim nameparts() As String = username.Split("\"c)
 
If nameparts.Length > 1 Then
 
_domainname = nameparts(0)
 
_username = nameparts(1)
 
Else
 
_username = username
 
End If
 
_password = password
 
End Sub
 
Public Sub New(ByVal username As String, ByVal password As String, ByVal domainname As String)
 
_username = username
 
_password = password
 
_domainname = domainname
 
End Sub
 
 
 
Public Sub BeginImpersonation()
 
Const LOGON32_PROVIDER_DEFAULT As Integer = 0
 
Const LOGON32_LOGON_INTERACTIVE As Integer = 2
 
Const SecurityImpersonation As Integer = 2
 
Dim win32ErrorNumber As Integer
 
_tokenHandle = IntPtr.Zero
 
_dupeTokenHandle = IntPtr.Zero
 
If Not LogonUser(_username, _domainname, _password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, _tokenHandle) Then
 
win32ErrorNumber = System.Runtime.InteropServices.Marshal.GetLastWin32Error()
 
Throw New ImpersonationException(win32ErrorNumber, GetErrorMessage(win32ErrorNumber), _username, _domainname)
 
End If
 
If Not DuplicateToken(_tokenHandle, SecurityImpersonation, _dupeTokenHandle) Then
 
win32ErrorNumber = System.Runtime.InteropServices.Marshal.GetLastWin32Error()
 
CloseHandle(_tokenHandle)
 
Throw New ImpersonationException(win32ErrorNumber, "Unable to duplicate token!", _username, _domainname)
 
End If
 
Dim newId As New System.Security.Principal.WindowsIdentity(_dupeTokenHandle)
 
_impersonatedUser = newId.Impersonate()
 
End Sub
 
 
 
Public Sub EndImpersonation()
 
If Not _impersonatedUser Is Nothing Then
 
_impersonatedUser.Undo()
 
_impersonatedUser = Nothing
 
If Not System.IntPtr.op_Equality(_tokenHandle, IntPtr.Zero) Then
 
CloseHandle(_tokenHandle)
 
End If
 
If Not System.IntPtr.op_Equality(_dupeTokenHandle, IntPtr.Zero) Then
 
CloseHandle(_dupeTokenHandle)
 
End If
 
End If
 
End Sub
 
 
 
Public ReadOnly Property username() As String
 
Get
 
Return _username
 
End Get
 
End Property
 
Public ReadOnly Property domainname() As String
 
Get
 
Return _domainname
 
End Get
 
End Property
 
 
 
Public ReadOnly Property currentWindowsUsername() As String
 
Get
 
Return System.Security.Principal.WindowsIdentity.GetCurrent().Name
 
End Get
 
End Property
 
 
 
#Region "Exception Class"
 
Public Class ImpersonationException
 
Inherits System.Exception
 
Public ReadOnly win32ErrorNumber As Integer
 
Public Sub New(ByVal win32ErrorNumber As Integer, ByVal msg As String, ByVal username As String, ByVal domainname As String)
 
MyBase.New(String.Format("Impersonation of {1}\{0} failed! [{2}] {3}", username, domainname, win32ErrorNumber, msg))
 
Me.win32ErrorNumber = win32ErrorNumber
 
End Sub
 
End Class
 
#End Region
 
 
 
#Region "External Declarations and Helpers"
 
Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _
 
ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
 
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
 
ByRef phToken As IntPtr) As Boolean
 
 
 
Private Declare Auto Function DuplicateToken Lib "advapi32.dll" (ByVal ExistingTokenHandle As IntPtr, _
 
ByVal SECURITY_IMPERSONATION_LEVEL As Integer, _
 
ByRef DuplicateTokenHandle As IntPtr) As Boolean
 
 
 
Private Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean
 
 
 
_
 
Private Shared Function FormatMessage(ByVal dwFlags As Integer, ByRef lpSource As IntPtr, _
 
ByVal dwMessageId As Integer, ByVal dwLanguageId As Integer, ByRef lpBuffer As [String], _
 
ByVal nSize As Integer, ByRef Arguments As IntPtr) As Integer
 
End Function
 
 
 
Private Function GetErrorMessage(ByVal errorCode As Integer) As String
 
Dim FORMAT_MESSAGE_ALLOCATE_BUFFER As Integer = &H100
 
Dim FORMAT_MESSAGE_IGNORE_INSERTS As Integer = &H200
 
Dim FORMAT_MESSAGE_FROM_SYSTEM As Integer = &H1000
 
Dim messageSize As Integer = 255
 
Dim lpMsgBuf As String
 
Dim dwFlags As Integer = FORMAT_MESSAGE_ALLOCATE_BUFFER Or FORMAT_MESSAGE_FROM_SYSTEM Or FORMAT_MESSAGE_IGNORE_INSERTS
 
Dim ptrlpSource As IntPtr = IntPtr.Zero
 
Dim prtArguments As IntPtr = IntPtr.Zero
 
Dim retVal As Integer = FormatMessage(dwFlags, ptrlpSource, errorCode, 0, lpMsgBuf, messageSize, prtArguments)
 
If 0 = retVal Then
 
Throw New System.Exception("Failed to format message for error code " + errorCode.ToString() + ". ")
 
End If
 
Return lpMsgBuf
 
End Function
 
#End Region
 
End Class
 
 
 
Then to use it:
 
 
 
 
Code Snippet
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
 
Dim Act As New Impersonation.AliasAccount("TestImpersonate", "password")
 
Act.BeginImpersonation()
 
Try
 
Dim Key As Microsoft.Win32.RegistryKey = Microsoft.Win32.Registry.CurrentUser
 
Dim SvrKey As Microsoft.Win32.RegistryKey
 
'If SvrKey Is Nothing Then
 
SvrKey = Key.CreateSubKey("Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hidi-server2")
 
SvrKey.SetValue("*", 1)
 
SvrKey.Close()
 
Key.Close()
 
Catch ex As Exception
 
MessageBox.Show(ex.Message)
 
End Try
 
Act.EndImpersonation()
 
End Sub

Open in new window

0
 

Expert Comment

by:carlnys
ID: 24094379
I'd make it a part of group policy and disable Apply Group Policy for users asynchronously during logon, however in your case does it need to be applied before the user authenticates, or actually gets presented with explorer?

Carl
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 24811548
Question PAQ'd, 500 points refunded, and stored in the solution database.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to install Windows XP Driver 28 139
IBMi supported MySQL versions. 2 48
use subinacle for permission translation on Win 10 machine 3 47
Details to create developer account 10 35
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question