run a script from a systemaccount but display it to “normal” user
-
03-07-2021 - |
Frage
I'm trying to make our software deployment more user friendly by displaying sort of a gui to the user where he can get some informations and make some settings himself. The problem I ran into is that the script that acts as a gui(it's an HTA vbscrtipt) is executed via the system account and therefore not directly shown to the user. Instead the user gets the message "interactive service detection" (initialized by the UIODetect service on Windows 7). After clicking on that message the user can see the gui. Is there a way to show the gui directly to the user? Maybe like creating a task for the user but than run the script with privileged rights (the users have no administration rights)?
Lösung
The problems you are having are because of Session 0 Isolation, Session 0 isolation was introduced in Vista and up. The following is and excerpt from the website:
http://technet.microsoft.com/en-us/library/ee449431(v=ws.10).aspx
Session 0 Isolation. In Windows XP and earlier versions of Windows, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents that are looking for a means to elevate their own privilege levels. The Windows Vista and Windows 7 operating systems mitigate this security risk by isolating services in Session 0 and making Session 0 non-interactive. In this case, only system processes and services run in Session 0. The first user logs on to Session 1, and subsequent users log on to subsequent sessions. This approach means that services never run in the same session as users' applications and are therefore safeguarded from attacks that originate in application code.
This website may help provide a solution:
Andere Tipps
Check http://dieseyer.de/scr/elevate.hta
and use
Function HTAElevate()
in WinXP and Win7 - its works fine
<html>
<head>
<title>HTA Helpomatic</title>
<HTA:APPLICATION
ID="oHTA"
APPLICATIONNAME="HTAHelpomatic"
SCROLL="yes"
SINGLEINSTANCE="yes"
>
<!-- ID="objHTAHelpomatic" -->
<!-- WINDOWSTATE="maximize" -->
</head>
<SCRIPT Language="VBScript">
If HTAElevate() = True Then
CreateObject("WScript.Shell").Run "mmc.exe compmgmt.msc", , True
Call Main()
End If
Sub Main()
MsgBox "HTA-Ende", 4096
End Sub
'*** v13.3 *** www.dieseyer.de *****************************
Function HTAElevate()
'***********************************************************
' http://dieseyer.de/scr/elevate.hta
' Unter Windows x64 laufen VBS' nach einem Doppelklick in der x64-Umgebung
' mit %WinDi%\System32\wscript.exe oder mit %WinDi%\System32\cscript.exe.
' In der x64-Umgebung laufen VBS aber nicht (richtig). Die Prozedur
' HTAElevate() erkennt dies und startet ggf. das VBS in der
Const Elev = " /elevated"
' MsgBox oHTA.commandLine, , "5016 :: "
' Trace32Log "5018 :: oHTA.commandLine: ==" & oHTA.commandLine & "==", 1
HTAElevate = True
' If InStr( LCase( oHTA.commandLine ), Elev) > 0 then MsgBox oHTA.commandLine, , "5022 :: "
If InStr( LCase( oHTA.commandLine ), Elev) > 0 then Exit Function
On Error Resume Next
window.resizeto 750, 10 ' : window.moveto screen.width / 2, screen.height / 2
On Error GoTo 0
' MsgBox oHTA.commandLine, , "5030 :: "
createobject("Shell.Application").ShellExecute "mshta.exe", oHTA.commandLine & Elev, "", "runas", 1
HTAElevate = False
self.close
End Function ' HTAElevate()
</SCRIPT>
<body>
</body>
</html>
PAExec is a free, redistributable and open source equivalent to Microsoft's popular PsExec application
For example, I have two active sessions:
PS C:\> query session
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
>console Administrator 1 Active
rdp-tcp#3 administrator2 2 Active
rdp-tcp 65536 Listen
Open the calculator on session 2:
PS C:\> paexec.exe -i 2 -s C:\Windows\System32\calc.exe
The -s
argument may not be necessary when run from session 0.