I need to start a windows forms application with admin rights whenever a domain user logs in.
I am trying to start the application with service and task scheduler but the application UI does not show up. However I can see it running in the task manager. and if I add a timer and terminate the app. it terminates after correct interval as well.
Can someone help me on how to develop/deploy an application so that it shows "the UI" when whenever any user logs in to the machine. should I add some registry entry that will start me application or is there any other way to achieve this..
It seems to me that when the user logs in, the task does not really work because there are not enough rights. Try it like this:
you need to create a new task that simply launches the program you want to use without UAC dialogs. When creating this task, in the General tab, enter the name of the task (remember this name, you will need it later) and check the box that says “Run with highest privileges - Run with highest privileges”. This puts the task to run with administrator rights.
To make sure there are no compatibility issues, go to the “Configure for” drop-down list at the bottom of the Create Task window and select Windows ® 7, Windows Server ™ 2008 R2.
On the Actions tab - Actions, you need to create an action that launches the program. Everything is very simple here: select the action “Start a program”, specify the path to the program that will be executed, and click OK.
Your last stop is on the Settings tab. Here you need to make sure that the checkbox “Allow task to be run on demand” is checked. Also, make sure that when the task is already running, another instance will not be started by choosing the option “Do not start a new instance”
The second step in this procedure is to create a shortcut that launches the task you just created, which in turn launches the program of your choice without the UAC line appearing.
An important difference when creating a shortcut to a task compared to a normal shortcut on the desktop is to enter schtasks / run / tn Task Name - Schtasks / run / tn “Task Name” (Task Name must be replaced with the actual task name) in the Item Location field. In this command, the / Run parameter simply performs a specific task, and / tn allows you to enter the name of the task you want to run.
Once the shortcut is created, if you click on it, it will work like the task you created, and this in turn launches the program specified with administrator rights, but without UAC.
Thus, you can create a task to run the created shortcut.
To check if user has logged in into a domain, you can use
System.Security.Principal.WindowsIdentity.GetCurrent.Name which gives you "domain\username".
and for starting your application once user logged in, you have to run your program at start up, try this link.
And to run your app at startup using group policy (recommended) try this.
Related
A process is already running that has uiAccess=true in it's manifest. Is it possible for this program to start another such process with uiAccess=true? Currently, whenever Process.Start is called for the second process a Win32Exception is thrown with message:
The requested operation requires elevation
Running the first process as Administrator stops the failure however this is not an option for me.
I know it is possible to do this from a service using SetTokenInformation etc. (and I'm already doing this) but that's as user Local System so I'm presuming is not reusable.
I seem to be asking the opposite of everyone else. I want to spawn a process and NOT have it request admin rights on the machine.
I have 2 executables:
1) Application
2) Updater
The application periodically checks a web service to see if there are any software updates. If there are, it will spawn the updater .exe and close the current application.
The updater then downloads the files, unpacks and spawns the original process.
Nothing here seems to need admin rights, and yet UAC keeps getting involved.
This is an application that runs on a machine with no keyboard or mouse and I want the update process to run with no user interaction.
Do I have to turn off UAC in order to get this to work, or have I got something enabled that I need to disable?
I think the only other piece to add here is that I'm using ClickOnce to deploy a minimal app initially that will always run the updater and download the latest copy of the program.
I'm using the following lines to spawn the updater or the calling app:
if (System.IO.File.Exists("AppUpdater.exe"))
{
Process.Start(fileName: "AppUpdater.exe", arguments: appId + " " + versionNo + " " + callingApp);
}
if (File.Exists(CallingApp))
{
Process.Start(CallingApp);
}
Thanks
Turns out it was my executable for the updater application that was causing the issue. I had to change some settings in the project properties.
I'm not sure exactly which one was causing the issue because I changed a number of settings to match another application that didn't cause the UAC message to be displayed.
I suspect the main one was the "Icon and Manifest" setting; I changed this to "Embed manifest with default settings".
I have created a simple weather application and I added the code below to let the user let it run on Startup:
RegistryKey rk = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", true);
if (startupCheck.Checked) {
rk.SetValue("WeTile", "\"" + Application.ExecutablePath.ToString() + "\"");
} else {
rk.DeleteValue("WeTile", false);
}
Now this runs fine on both my computers. But when I gave the app to my girlfriend. She said the app does not run on windows start up. I read it online that it could be because of the user permission or the location so I told her to move the app to c:/ and try checking the box again and then restarting. Now it works but on every startup she has the default windows message saying you want to run this app?
How do I get rid of this? What is the best way to add to windows startup that works with both windows 32/64 bit without any user permission disruptions?
It sounds like you may have run afoul of Windows' file blocking security function. Applications created on another computer are automatically blocked from executing unless the user specifically "unblocks" the file. Have your girlfriend right-click on the executable, select "Properties" and see if there is a button at the bottom of the dialog to unblock the file.
Once unblocked, you should no longer see the confirmation prompt at startup.
You could add it to the Windows startup folder, check if it's not there already and if not, add it (assuming this is what the user wants).
See How do I set a program to launch at startup
I want to create a scheduled task to run under the "LOCAL SERVICE" account. The task will call a C# program (.NET 4.5). To do a POC, i kept the C# program to be simple - one that just writes a text to a Console.
The taskscheduler task is set to run when not logged on. I have made sure that the c# executable has permissions for the LOCAL SERVICE (Read, REad and Execute).
When I run the scheduled task, i get the below error in the event log:
Task Scheduler failed to start instance "{e719a65e-d4fb-4515-9fc9-3635fe69e378}" of "\Testing LOCAL SERVICE" task for user "NT AUTHORITY\LOCAL SERVICE" . Additional Data: Error Value: 2147942405.
However, if I run the same task under LOCAL SERVICe by pointing to known programs like mspaint or notepad, the task runs without errors. I am not sure what is so specific with permissions for the C# program.
Appreciate some thoughts on this.
From here: Task Scheduler failed to start. Additional Data: Error Value: 2147943726. What does this mean?
The change of password has a role causing that error.
The quickest fix:
In Task Scheduler, open the scheduled job properties, go to settings.
The last listed option should read, "If the task is already running, the following rule applies:"
Select "Stop the existing instance", click OK and exit.
This should fix it.
I having the same error code "2147942405" when I change the User. At the end, I managed resolved it by enable the "Run with highest privileges"
The user used to run the task must have right permission on the folder that host the .exe file.
Right click on the folder > Properties > Security > Edit > Add > And try to add "full control" permission.
I have a winform that allows me to enable and disable all my 8 year old's network adapters using this code:
protected override void OnStart(string[] args)
{
//start timer
SelectQuery query = new SelectQuery("Win32_NetworkAdapter","NetConnectionStatus=2");
ManagementObjectSearcher search = new ManagementObjectSearcher(query);
foreach (ManagementObject result in search.Get())
{
NetworkAdapter adapter = new NetworkAdapter(result);
adapter.Disable();
enabled = false;
}
InternetCheckTimer.Start();
}
This code works fine on a win form assuming I am running with admin. I have never written a win service before so the problem might be else where, I am able to install using installutill and attach the debugger to the process, however no break points are hit. I have tried starting and stopping the process and cannot get the debugger to attach so I might be doing that wrong as well... Right now I am assuming that the code is running and I am too stupid to get the debugger working. That said, I think my code requires the service to have admin like the form did in order to work.
Sorry if this is unclear, I will do my best to clear it up if you need more information.
Use user and password for the service, and assure that the user that start the service has all rights needed for the application to run.
An other possibility if you can control the service is to use impersonation, see: http://www.codeproject.com/Articles/4051/Windows-Impersonation-using-C.
You can try couple of options.
Add app.manifest
After installing window service set the service permission to run at Highest Privilege and also you can set the user name and password for the logged in user.
How to Get Full Administrator Rights in Windows 7:
Click Start
Click Computer (you might also find this icon on the desktop).
Right click on the Hard Disk icon where your OS is installed on and click Properties.
Click the Security tab.
Click the Advanced tab.
Click the Change Permissions button located after the Permission Entries list.
A new window will appear on your screen; which contains a list of all the User Accounts
Select the user account you want to give total control over your Windows 7) and click the Edit button.
Now, tick the checkbox labeled "Total Control" and press OK.
You're all done!