Solved

Running a powershell task to call exe while logged off

Posted on 2016-09-09
8
54 Views
Last Modified: 2016-09-12
So I have been researching for hours and tried various solutions, I am still having trouble getting an exe to run while logged off.   This is a utility for a 3rd party program called sync.exe.  It will not run when called directly in task scheduler.

So we are trying a powershell script which works fine when logged in an running it manually outside task scheduler.  But once we set it as a scheduled task, the script apparently runs but the exe that it calls does not start.

We have tried running as a admin group and also privileged AD account.  I am using the start-process command in the script and pointing directly to sync.exe.  It is located on a local drive so it is not networked.

We cannot figure out why the exe does not run while logged off.
0
Comment
Question by:bigeven2002
  • 4
  • 3
8 Comments
 
LVL 39

Expert Comment

by:footech
ID: 41791798
It seems likely to me that the program either requires a GUI or a user profile environment.   Either one would mean that it can't run as a scheduled task with an account that is not logged in.
0
 
LVL 17

Author Comment

by:bigeven2002
ID: 41791907
Thanks for the reply.  The strange thing is, this sync.exe file was supposed to be designed to run as a task and it has no overhead or interface.  If double clicking to run the sync, the process will show up in task manager and do its thing. There is no window for it.  And when it is finished it auto terminates.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 41791987
I would leave calling it from PowerShell out, that just adds another layer of complication and doesn't add any ability to run it as a task.

If you set up a task to run the sync.exe, but set it to run only when user is logged on, does it work?  If so, then it's likely dependent on something in the user profile.  But from there I'm not sure it there's any way to determine what exactly.  Perhaps running Process Explorer or Process Monitor while the program runs could tell you, but especially with ProcMon, it's a lot to sort through.

Can the product maker provide any guidance?
0
 
LVL 17

Author Comment

by:bigeven2002
ID: 41792808
I had been working with the maker and that is how we ended up with the powershell script.  The exe will work when set to run when logged in but not when logged out, even though it is supposed to be able to.  I am still working with them as it may just be a bug.  The exit code for the exe is 1 instead of 0 when it finishes so that too may be a bug.

I just didn't know if powershell can circumvent this issue  by forcing it to run under session 0.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 39

Expert Comment

by:footech
ID: 41793298
Being very familiar with PowerShell, I can't think of any way that it would help the situation.  I wouldn't say it can't definitively, but I would be extremely surprised.

What does the program do?  Where does it get its config (assuming it's not hard-coded into the program)?  What resources does it try to access?

Have you tried it on other machines and OSes?
0
 
LVL 17

Author Comment

by:bigeven2002
ID: 41793437
Yes we have tried server 2008 r2 and server 2012 r2 as those are the only OSes available to try.  I think it is hard coded, I used procmon to dump the strings but didn't find any usable parameters.  We have the 3rd party program installed in multiple office servers that is client data management and this sync utility is provided by that program to synchronize the data across those servers.  

It is meant to be ran from a primary server whereas the others are secondary.  At present we are running the utility manually by logging in and double clicking it.  The 3rd party program even provides a way to setup this utility as a scheduled task so that is how we know it is supposed to work.  I am still leaning more towards bug if it cannot be ran otherwise.

But the reason for powershell was because that was their latest suggestion.  I should be able to find out more later this week when they get back with me.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41793560
I agree PowerShell cannot do anything for you here, unless you are using it to change privileges, make sure to run elevated, check parameters or similar.
However, what it can do is to run procmon, the sync utility, and then stop procmon again (not sure about that last part).
ProcMon with a filter of Process PowerShell.exe and sync.exe, with registry and file monitoring active.
0
 
LVL 17

Author Closing Comment

by:bigeven2002
ID: 41795215
Thanks for the replies.  After further information available today, it is a bug and so a user profile login is currently required for it to run.  The maker is going to fix it.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now