Is it possible to run a windows form application or a console application under system account? Like asp.net application can run under system account by changing machine config file :
<processModel userName="machine" password="AutoGenerate" />
This is to give more privileges to the program ...
It sounds like you're attacking the symptom rather than the problem. What exactly does your program need to do that requires additional permissions? Maybe there's a different way of accomplishing that task without requiring any kind of elevation.
Yes. You can run any app under the system account. One technique is to launch it as a scheduled task, or by using the "at" command line utility.
Unfortunately, however, since Windows Vista, applications run in this way can't interact with the user, since they run in a different session.
This means that running a WinForms (or any kind of GUI, really) application in this way is kinda pointless. Similarly for a console app, if you want to see the output.
If it's for a one-off, you can probably live with it. Otherwise, you should be looking at creating a Windows Service, which can be configured to run under any user account (including SYSTEM). If you want to interact with it, you'll need to implement a separate app that talks to it through (e.g.) .NET remoting.
Can't you do that by launching it from a scheduled task in Windows?
That depends on what your goal is. If you want it to run under the system account and let a user interact with it, you can't do that. If you absolutely need to do this your best bet it to create a service that handles the operations that require additional priveleges and runs as System, and the connect to that service from a GUI running as user. However, if you go this route, realize that you're creating a hole in the security boundary between what a standard user can do and what System can do so be sure you protect the connection between the GUI and the service and limit the scope of the service to only what you absolutely need it to do.
As lassevk mentions if you just need to do this once or occasionally you can use runas to run in another security context but still have an interactive GUI / console.
On the other hand, if you just want it to run unattended at a certain time, you should be able to use the task scheduler like Martin suggests.
Related
I would like to create an application in C# which cannot be terminable by a user from task manager or taskkill.
I found some methods on the internet. but what would you recommend? What's the best practices method for this?
RegisterServiceProcess
Procected Services
Keep-alive processes
and so on.
Thanks,
Task manager is OS supplied way to stop/kick nonresponsive applications. You cannot bypass task manager. For that matter, you cannot bypass any tool whatsoever. Operating system is custodian of system's resources and is responsible for controlling its execution, managing resources etc.
OS provisions certain ways for its users so that they can view/interrupt running processes, allocate more memory, view other relevant parameters. Any sane OS (windows or not) never exposes interface whereby user can run amok through the system creating destroying whatever he or she wants. If it does, it will simply lose control over system internals - something only it can control and not the user.
If you are trying to develop something that works like antivirus, take a look at here - https://learn.microsoft.com/en-us/windows/win32/services/protecting-anti-malware-services- . This is vendor specific way provided by MS to create a process that stays around even if other processes try to kill it. Useful in scenarios like anti-malware defence.
There is a way to deal with this in Linux - https://unix.stackexchange.com/questions/227459/make-a-process-unkillable-on-linux . Note that root user can kill any process that it wants to.
The task needs to run under R0 privileges which sits above an elevated administrator. Our antivirus and several other security packages do this so it absolutely is possible. I'm a domain admin and cannot kill the task via task manager.
I'm trying to build an application that would run on startup for all users, but non-admin users shouldn't be able to close it. I apologize if this has been answered, but I cannot find the answer even after googling it.
Sounds like it is a system level process, that is only marginally controlable by the Administrator. Controling System processes is one of the Admin tasks.
The two ways to start something with Windows are:
Make it a service. However do note that services operate under severe limitations, like not be able to create GUI themself. If you want to have any UI, you have to use a seperate process that talks with the service with IPC.
Have the Windows Task Sheduler start it on Windows Startup, using the Admin Account. The sheduler has replaced services in many cases, even for builtin processes like the automatic defragmentation.
The easiest way would probably be to check if the current user is an Administrator in your program's OnClose() event and cancel the event if the result is false. Check here for more details on how to do that: Check if the current user is administrator
I need to create an application that will run on a server and be able to be configured to run commands at certain times. For instance, there will be a web interface allowing a user to set an engage time and a disengage time. Once those values have been saved by the user I need for the server to be able to fire off those commands precisely at the time specified each day.
I would also need to be able to set single use non recurring events that would occur... maybe 10 minutes from the time an event was triggered and have a command fired off when that 10 minute timer goes off.
I've already got a class library written that has the engage and disengage commands exposed. I would hope to be able to integrate this into whatever solution I end up with and simply be able to make calls directly to the class. Alternatively I could also compile the class library into an executable and have commands issued to it via command line. I'm hoping to not have to do the latter.
I've never written anything like this before. I've peeked a bit at Windows Services, but there is a lot of chatter out there saying that it isn't necessarily the best option. Can someone please guide me in the right direction please?
A windows service is not a bad idea, its perfect for this kind of application. Unless you end up using standard windows scheduled tasks as the trigger for your command, you need some sort of process that is always running to contain your scheduler. A windows service is an excellent candidate for this.
Using a windows service in conjunction with Quartz.NET and some sort of persistence layer so you can store your schedules (in case you need to restart the service or it crashes etc) would be a good way to go.
Alternatively, you could write an application that just adds and removes windows scheduled tasks, but considering you have existing class libraries, using Quartz.NET will fit in well with your existing libraries.
easiest solution:
make a console exe and run under scheduled task in windows.
Let web page to accept user input and modify a configuration file.
I am writing a software for a company in c# which is intended to run on windows platform.
One of my requirements is to allow the user to schedule back ups.
That is, the user will set a time where the database will be backed up automatically by the computer.
On the linux platform I would have use crons but I am a bit lost on the windows platform. I do not want the software itself to be actually opened for the back up to run. I want it to be carried out even if the software itself is not running.
My best bet is to use windows scheduler or create a custom service which will run at start up.
Can anyone point me to how to actually achieve this? Any constructive suggestions are welcomed.
Thanks.
For info the Windows "AT" command is somewhat similar to cron. You can get help from the command line thus:
AT /?
I wouldn't necessarily recommend it for a db backup. Either create a Windows scheduled task, or to backup a SQL Server database, use SQL server's built in scheduler.
Another alternative would be to create a windows service to handle the task. Then you could write any code needed (e.g. Backup / Email logs, etc) quickly and easily, and it would work w/o your application running.
There are ways to accomplish the same task with Task Scheduler built into windows, but just an alternative that I would prefer.
I have done a lot of searching to find a way to start a GUI application from a windows service on Windows 7. Most of what I have found is that with Windows 7 services now run in a separate user session and can not display any graphical interface to the current user. I'm wondering is there is any kind of workaround or different way of accomplishing something like this? Can the service start a process in a different user session?
This change was made for a reason and not simply to annoy developers. The correct approach is to put your UI in a different program and communicate with the session through a pipe, or some other IPC mechanism. The recommendation that services do not present UI is more than 10 years old now.
You should really try to follow these rules, even though it may seem inconvenient to begin with. On the plus side you will enjoy the benefit of keeping your service logic and UI logic separate
If your services runs under the LOCALSYSTEM account then you can check "Allow service to interact with desktop", for the benefit of legacy services that would fail if they could not show UI. But it won't help you anyway because the UI will show in session 0 where it is never seen!
I recommend you take a read of the official Microsoft document describing session 0 isolation.
There is a way to do this.
If you need to show a simple message box you can use the WTSSendMessage Routine.
If you need a complex UI elements you can put it in a separate program and you need to use CreateProcessAsUser Routine.
In this sample provided by microsoft you can see the process.
http://blogs.msdn.com/b/codefx/archive/2010/11/26/all-in-one-windows-service-code-samples.aspx
Windows 7 introduced what is called "Session 0 isolation" that in practice means that every service (except system services) run in a separate non-interactive session. For this reason you cannot directly create a GUI from within the service, except if you run in legacy mode by flagging the Interact With Destop option, which is not good if you plan to run your service for some years in the future.
As David Heffernan said, the best is to use a client-server architecture. WCF makes it easy to communicate with named pipes.
This page is a good starting point to read about Session 0 Isolation and this white paper is also very good.