dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5777
share rss forum feed

SipSizzurp
Fo' Shizzle
Premium
join:2005-12-28
Houston, TX
kudos:4
reply to LLigetfa

Re: [XPPro] Run batch file per user login

said by LLigetfa:

Schedule it to run at logon and check that it is the peon account logging on.

I just tried that with no success. I tried all of these combinations ;

1 - When logged on as admin, schedule a logon task with limited user credentials. Task would not create due to mismatched creds.

2 - When logged on as admin, schedule a logon task with admin creds. This works as expected, but does not affect the the LUA login.

3 - When logged on as LUA create a task that blocks port 80 using LUA credentials. IPsec will not run due to lack of privileges.

4 - When logged on as LUA create a task that blocks port 80 using Admin creds. Task will not create due to credential problem.

Now I am looking for a whole new approach. Maybe even an automated script to re-program the router, but that might get a bit hairier than this project calls for.
Expand your moderator at work

SipSizzurp
Fo' Shizzle
Premium
join:2005-12-28
Houston, TX
kudos:4
reply to SipSizzurp

Re: [XPPro] Run batch file per user login

Click for full size
Problem solved. Do you think this might cause other issues ? The LUA account seems to work properly otherwise. I can even select "Run As" and provide the admin creds and it works anyway.

LLigetfa

join:2006-05-15
Fort Frances, ON
kudos:1
reply to SipSizzurp

What prevents the user from installing and using Chrome?


SipSizzurp
Fo' Shizzle
Premium
join:2005-12-28
Houston, TX
kudos:4

Click for full size
said by LLigetfa:

What prevents the user from installing and using Chrome?

I justa saiz "Oops Upside Your Head"

»www.youtube.com/watch?v=JlMIzAl_nDo


If they can't take a hint then I'll just bust out some Faronics Anti-executable on their nasty azzes.


mmainprize

join:2001-12-06
Houghton Lake, MI
Reviews:
·Charter
reply to SipSizzurp

Click for full size
said by SipSizzurp:

said by LLigetfa:

Schedule it to run at logon and check that it is the peon account logging on.

I just tried that with no success. I tried all of these combinations ;

1 - When logged on as admin, schedule a logon task with limited user credentials. Task would not create due to mismatched creds.

2 - When logged on as admin, schedule a logon task with admin creds. This works as expected, but does not affect the the LUA login.

3 - When logged on as LUA create a task that blocks port 80 using LUA credentials. IPsec will not run due to lack of privileges.

4 - When logged on as LUA create a task that blocks port 80 using Admin creds. Task will not create due to credential problem.

Now I am looking for a whole new approach. Maybe even an automated script to re-program the router, but that might get a bit hairier than this project calls for.

You run the task as Admin but edit the trigger for logon and user
see attached

SipSizzurp
Fo' Shizzle
Premium
join:2005-12-28
Houston, TX
kudos:4

2 edits

.
I do not see that ability in XP, but I am understanding more about what does not work !


60632649
Premium
join:2003-09-29
New York, NY

1 recommendation

reply to SipSizzurp

You might want to try running the program or batch file with the runas command, it'll allow a program to be run with a different user context. The problem might be the password on the account , the password has to be stored somewhere. You might be better off making a user group that has the required permissions to run everything in the first place then associating that group to all the users.

runas is generally in [boot drive]windows/system32

C:\TEMP>runas /?
 
RUNAS USAGE:
 
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
        /user:<UserName> program
 
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
        /smartcard [/user:<UserName>] program
 
   /noprofile        specifies that the user's profile should not be loaded.
                     This causes the application to load more quickly, but
                     can cause some applications to malfunction.
   /profile          specifies that the user's profile should be loaded.
                     This is the default.
   /env              to use current environment instead of user's.
   /netonly          use if the credentials specified are for remote
                     access only.
   /savecred         to use credentials previously saved by the user.
                     This option is not available on Windows XP Home Edition
                     and will be ignored.
   /smartcard        use if the credentials are to be supplied from a
                     smartcard.
   /user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER
   program         command line for EXE.  See below for examples
 
Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""
 
NOTE:  Enter user's password only when prompted.
NOTE:  USER@DOMAIN is not compatible with /netonly.
NOTE:  /profile is not compatible with /netonly.
 

You can pump in the password using redirection but it has to come from somewhere and the user context wont be setup properly yet to make it read only. You could schedule a task that runs every minute or whatever and type the password in yourself on scheduling,

cmd.exe "... \pw\password.txt"
that sort of thing.


60632649
Premium
join:2003-09-29
New York, NY

1 edit

1 recommendation

reply to SipSizzurp

If you use the /savecred switch it'll save the password then using the /savecred switch again, it'll be on auto pilot.

runas /noprofile /savecred /user:mymachine\administrator cmd

That first time you'll have to enter the password.

Then the other times through login/logout scripts
runas /noprofile /savecred /user:mymachine\administrator cmd

That might do it.


SipSizzurp
Fo' Shizzle
Premium
join:2005-12-28
Houston, TX
kudos:4

Mohito, thanks a lot for going into this amount of detail. A lot of this stuff is just below the surface of what I am familiar with. I will spend some time configuring with these options and it looks like it will help quite a lot.



mmainprize

join:2001-12-06
Houghton Lake, MI
Reviews:
·Charter
reply to SipSizzurp

Sorry about the schedule task screenshot, that was from Windows 8 and should be about the same as windows 7.
I though you were running windows 7 but i see it clearly states WinXP on the first post. As you pointed out not as many options in XP, i did not try it on XP.



60632649
Premium
join:2003-09-29
New York, NY
reply to SipSizzurp

I hope it works for you, with Windows there are a lot of ways to skin the same cat, same with Unix and Linux. It all starts looking the same after a time.