Solved

Publishing an App on Citrx using 'run as'

Posted on 2010-08-31
34
3,699 Views
Last Modified: 2013-12-04
We have an install of Citrix in our DMZ (EXT) that is publishing an app that pulls data from a SQL server on our actual domain (INT) - there is some amount of trust between the INT and EXT domains but obviously we can't give non employee accounts in EXT access to servers on INT

Want we need to do is publish the app through Citrix using run as, using a local account which then has permissions to access the resources on INT

The Citrix publish applications properties are attached, what I'm trying to do is just add a /runas /user switch on to the end but it doesnt seem to be working - i.e /runas /user:administrator



app properties


It may be that I have the syntax wrong or Citrix doesn't allow this or there is another way to achieve what we want so any advice would be appreciated!

thanks
0
Comment
Question by:mce-man-it
  • 15
  • 11
  • 8
34 Comments
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33567735
Does the application work from the dmz server when you are logged in as an administrator?
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33567840
publish app.bat with content c:\windows\system32\cscript.exe c:\batch\runasapp.vbs

RunAsApp.vbs
Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")

'Replace the path with the program you wish to run c:\program files...

oShell.Run "runas /user:domain\username ""C:\Program Files\...."""
WScript.Sleep 100

'Replace the string --> yourpassword~ with the

'password used on your system. Include the tilde "~"

oShell.Sendkeys "password~"
Wscript.Quit
0
 

Author Comment

by:mce-man-it
ID: 33574403
thanks for this - trying the batch file now
0
 

Author Comment

by:mce-man-it
ID: 33574649
Ok I tried it and got the attached errors

I'm sure its me doing something wrong with the batch file..
alterianbat.JPG
0
 

Author Comment

by:mce-man-it
ID: 33574700
heres the exact contents of the batch file:




publish app.bat with content c:\windows\system32\cscript.exe c:\batch\runasapp.vbs

RunAsApp.vbs
Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")

'Replace the path with the program you wish to run c:\program files...

oShell.Run "runas /user:manmewctx02\administrator"""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"""
WScript.Sleep 100

'Replace the string --> yourpassword~ with the

'password used on your system. Include the tilde "~"

oShell.Sendkeys "Manchester10~"
Wscript.Quit
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33575189
It is mistake - PUBLISH is not command - I mean publish application "app.bat"
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576496
Delete everything in front of c:\ on your first line, like this.  Make sure runasapp.vbs is in the batch folder.
__________________________________________________________________
c:\windows\system32\cscript.exe c:\batch\runasapp.vbs
RunAsApp.vbs
Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
'Replace the path with the program you wish to run c:\program files...
oShell.Run "runas /user:manmewctx02\administrator"""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"""
WScript.Sleep 100
'Replace the string --> yourpassword~ with the
'password used on your system. Include the tilde "~"
oShell.Sendkeys "Manchester10~"
Wscript.Quit
0
 

Author Comment

by:mce-man-it
ID: 33576515
thanks,

that gives me an 'input error'


error--alt.JPG
0
 

Author Comment

by:mce-man-it
ID: 33576539
ahh ok - sorry im missing runasapp.vbs then

do i need to create this myself? at the moment i just have the .bat file with the contents as above in the folder, nothing else
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576540
So your vbs file "runasapp.vbs is not in the batch folder.  Put it their and try again.
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576547
Give me a minute.  I will fix it.
 
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33576567
create both files (.bat and .vbs) in the same folder c:\batch on every Citrix server onto you will want to run it.
0
 
LVL 5

Assisted Solution

by:talkinsmak
talkinsmak earned 250 total points
ID: 33576571
Step one:
The following should be your only line in your batch file:
c:\windows\system32\cscript.exe c:\batch\runasapp.vbs
 
Save this in your c:\batch folder

 
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576592
Step two:
Create a new text file called "runasapp.vbs"  You need to do a "Save as all files" to save it correctly.
Insert the below text into the new vbs file:
_________________________________

Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
'Replace the path with the program you wish to run c:\program files...
oShell.Run "runas /user:manmewctx02\administrator"""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"""
WScript.Sleep 100
'Replace the string --> yourpassword~ with the
'password used on your system. Include the tilde "~"
oShell.Sendkeys "Manchester10~"
Wscript.Quit
Try that and let me know.
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576610
Oh, and change your password in the batch file now that half the world knows your admin password to get into your network.
0
 

Author Comment

by:mce-man-it
ID: 33576663
thanks lot for that, trying this now

i already changed the password on the dmz account before posting the batch file so no worries!
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576684
the new file should be saved in the c:\batch folder too.  I think you knew that but I just wanted to be clear.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:mce-man-it
ID: 33576727
ok its running now but giving the following error

cheers
error-alt2.JPG
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576764
Line 5, character 53 of your script is incorrect.  looks like it is the remmed out line.  Why don't you remove all the lines that have ' in front of them and try again.
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33576801
on the line 5 in your runasapp.vbs you have missing space after username and the pair of "" should be removed - see my original script..
0
 

Author Comment

by:mce-man-it
ID: 33576850


Thanks again - I took out the remmed lines which removed that error and then gave another which seemed to be an extra " - I removed that and now its giving the error on line 4, character 115 but I don't see a problem - it looks like this now:

Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:manmewctx02\administrator""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"
WScript.Sleep 100
oShell.Sendkeys "Manchester10~"
Wscript.Quit
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33576871
after word administrator is missing space
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576900
The space should actually be between the quotes like this .....\administrator" "C:\progr.......
But that is not character 115.  might get another error
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33576908
replace in your script with this:

oShell.Run "runas /user:manmewctx02\administrator ""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"""
0
 

Author Comment

by:mce-man-it
ID: 33576932
still the same error but now 4,116 and it looks like the below:

Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:manmewctx02\administrator ""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"
WScript.Sleep 100
oShell.Sendkeys "Manchester10~"
Wscript.Quit

thanks
0
 

Author Comment

by:mce-man-it
ID: 33576934
trying that now, thanks
0
 

Author Comment

by:mce-man-it
ID: 33576960
ok with it now looking like this:

Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:manmewctx02\administrator ""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"""
WScript.Sleep 100
oShell.Sendkeys "Manchester10~"
Wscript.Quit

it gives error on 4,116

0
 

Author Comment

by:mce-man-it
ID: 33576974
tried with a space between the "'s after administrator as well and doesn't work either
0
 
LVL 5

Expert Comment

by:talkinsmak
ID: 33576985
what is the error
0
 

Author Comment

by:mce-man-it
ID: 33577000
attached the error
script-error.JPG
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33577080
here is only problem with quotation marks. And is the whole command on one line ? Here is not visible because there is word wrapping...
oShell.Run "runas /user:manmewctx02\administrator ""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"""
0
 

Author Comment

by:mce-man-it
ID: 33577157
yeah ive got the whole command on one line

i copied and pasted into the file exactly as it is here but it still gives me that error

oShell.Run "runas /user:manmewctx02\administrator ""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe" /SERVER:10.68.40.178  /PROJECT:Clarks"""
0
 
LVL 9

Accepted Solution

by:
Tomas Valenta earned 250 total points
ID: 33577254
oShell.Run "runas /user:manmewctx02\administrator ""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe /SERVER:10.68.40.178  /PROJECT:Clarks"""
0
 

Author Comment

by:mce-man-it
ID: 33577299
it works!!

thank you so much for the help, its really appreciated
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
Citrix XenDesktop 7.6 Citrix Policies Audio
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now