run a script from a systemaccount but display it to “normal” user

StackOverflow https://stackoverflow.com/questions/12563715

Question

I'm trying to make our software deployment more user friendly by displaying sort of a gui to the user where he can get some informations and make some settings himself. The problem I ran into is that the script that acts as a gui(it's an HTA vbscrtipt) is executed via the system account and therefore not directly shown to the user. Instead the user gets the message "interactive service detection" (initialized by the UIODetect service on Windows 7). After clicking on that message the user can see the gui. Is there a way to show the gui directly to the user? Maybe like creating a task for the user but than run the script with privileged rights (the users have no administration rights)?

Was it helpful?

Solution

The problems you are having are because of Session 0 Isolation, Session 0 isolation was introduced in Vista and up. The following is and excerpt from the website:

http://technet.microsoft.com/en-us/library/ee449431(v=ws.10).aspx

Session 0 Isolation. In Windows XP and earlier versions of Windows, all services run in the same session as the first user who logs on to the console. This session is called Session 0. Running services and user applications together in Session 0 poses a security risk because services run at elevated privilege and therefore are targets for malicious agents that are looking for a means to elevate their own privilege levels. The Windows Vista and Windows 7 operating systems mitigate this security risk by isolating services in Session 0 and making Session 0 non-interactive. In this case, only system processes and services run in Session 0. The first user logs on to Session 1, and subsequent users log on to subsequent sessions. This approach means that services never run in the same session as users' applications and are therefore safeguarded from attacks that originate in application code.

This website may help provide a solution:

http://csi-windows.com/toolkit/csi-msgq

OTHER TIPS

Check http://dieseyer.de/scr/elevate.hta

and use

Function HTAElevate()

in WinXP and Win7 - its works fine

<html>
<head>
<title>HTA Helpomatic</title>

<HTA:APPLICATION
     ID="oHTA"
     APPLICATIONNAME="HTAHelpomatic"
     SCROLL="yes"
     SINGLEINSTANCE="yes"
>
<!-- ID="objHTAHelpomatic" -->
<!-- WINDOWSTATE="maximize" -->

</head>

<SCRIPT Language="VBScript">

If HTAElevate() = True Then
    CreateObject("WScript.Shell").Run "mmc.exe compmgmt.msc", , True
    Call Main()
End If

Sub Main()
    MsgBox "HTA-Ende", 4096
End Sub


'*** v13.3 *** www.dieseyer.de *****************************
Function HTAElevate()
'***********************************************************
' http://dieseyer.de/scr/elevate.hta
' Unter Windows x64 laufen VBS' nach einem Doppelklick in der x64-Umgebung
' mit %WinDi%\System32\wscript.exe oder mit %WinDi%\System32\cscript.exe.
' In der x64-Umgebung laufen VBS aber nicht (richtig). Die Prozedur
' HTAElevate() erkennt dies und startet ggf. das VBS in der

  Const Elev = " /elevated"

' MsgBox oHTA.commandLine, , "5016 :: "

' Trace32Log "5018 :: oHTA.commandLine: ==" & oHTA.commandLine & "==", 1

  HTAElevate = True

' If InStr( LCase( oHTA.commandLine ), Elev) > 0 then MsgBox oHTA.commandLine, , "5022 :: "
  If InStr( LCase( oHTA.commandLine ), Elev) > 0 then Exit Function


  On Error Resume Next
    window.resizeto 750, 10 ' : window.moveto screen.width / 2, screen.height / 2
  On Error GoTo 0

' MsgBox oHTA.commandLine, , "5030 :: "

  createobject("Shell.Application").ShellExecute "mshta.exe", oHTA.commandLine & Elev, "", "runas", 1

  HTAElevate = False

  self.close

End Function ' HTAElevate()


</SCRIPT>
<body>


</body>
</html>

PAExec is a free, redistributable and open source equivalent to Microsoft's popular PsExec application

For example, I have two active sessions:

PS C:\> query session
SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
>console           Administrator             1  Active
 rdp-tcp#3         administrator2            2  Active
 rdp-tcp                                 65536  Listen

Open the calculator on session 2:

PS C:\> paexec.exe -i 2 -s C:\Windows\System32\calc.exe

The -s argument may not be necessary when run from session 0.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top