| AlexG |
| (Fresh Scripter) |
| 2009-07-28 04:51 PM |
Run Kix Script as a different user
|
We have PC's that login with a generic account and run Kix. I want to create a batch file that calls a different user other then the local
%username% account that is currently logged in on the PC and map that users drives.
| Mart |
| (KiX Supporter) |
| 2009-07-28 04:59 PM |
|
Re: Run Kix Script as a different user
|
Hi and welcome to the board.
You could use Runas (not secure) or RunnAs (more secure). Note the double N on the second one. Both are discussed frequently on this board. You can also setup a scheduled task on the target system. They can run with alternate credentials and the user is not able to read the password.
| AlexG |
| (Fresh Scripter) |
| 2009-07-28 05:28 PM |
|
Re: Run Kix Script as a different user
|
Is there anyway to pass a password variable? We are using Sentillion's Vergence for Single Sign on. Have you had any experience with using this product and launching Kix Scripts?
| Mart |
| (KiX Supporter) |
| 2009-07-28 07:51 PM |
|
|
|
Re: Run Kix Script as a different user
|
Originally Posted By: AlexG
Is there anyway to pass a password variable?
....
With Runnas you can.
RUNNAS - Tokenized Runas Utility
When using any of the "run with other credentials apps", think it trough!
Get some pro's and con's cause only then you can make the correct decision to use it or not. Do not just throw in an app like this cause it might cause you more grief then pleasure. A scheduled task would still be the safest way imho.
Originally Posted By: AlexG
....
We are using Sentillion's Vergence for Single Sign on. Have you had any experience with using this product and launching Kix Scripts?
Nope, sorry.
| AlexG |
| (Fresh Scripter) |
| 2009-07-31 08:18 PM |
|
Re: Run Kix Script as a different user
|
Okay - thanks now I am bit confused, probably since I don't quite understand the syntax yet. I have tried passing the PW variable and it did not work for me. And what is a tokenized file? Thanks again for your help...
Glenn Barnas
|
| (KiX Supporter) |
| 2009-07-31 08:30 PM |
|
|
Re: Run Kix Script as a different user
|
Are you using ruN-as or ruNN-as? "runas" comes with Windows and won't allow passing the password as an arg. "runnas" is an add-on program that allows passing the passoword, or even creating a "tokenized" (obfuscated) program with the password embedded in it.
I don't allow either in the environments I support. If an automated process needs to run with elevated rights, it's done with a scheduled task.
We do use runas for interactive admin sessions, just not for automation by non-admin users. (Our admins have "Clark Kent" accounts and use RunAs as a "phone booth" to turn into SuperAdmin and obtain elevated rights when needed.
Glenn
| AlexG |
| (Fresh Scripter) |
| 2009-07-31 08:49 PM |
|
Re: Run Kix Script as a different user
|
Yes - actually using ruNN-as with the 2 NN's - I have been searching this site for samples of how it would look to pass the PW credentials and have not found any...Is there a good source, or anyone know what the syntax would look like? Thanks
| AlexG |
| (Fresh Scripter) |
| 2009-07-31 10:13 PM |
|
Re: Run Kix Script as a different user
|
Here is my example
"C:\Program Files\Sentillion\runnas.exe" /user:%1 %logonserver%\netlogon\logon.bat /pass:%2
not working of course
Authenticator passes the following arguments to the script at Logon (no arguments are passed at Logoff):
%1 = current username
%2 = current user’s password
%3 = current user’s domain
|
Glenn Barnas
|
| (KiX Supporter) |
| 2009-08-01 12:56 PM |
|
|
|
Re: Run Kix Script as a different user
|
It's unlikely that positional arguments would still be valid once you run a Kix script..
You may need a batch file to launch Kix - something like
Code:
@kix32.exe kixtart.kix $USRNAME="%1" $USERPASS="%2" $USERDOMAIN="%3"
Kix doesn't recognize "%#" args, because they are special environmental args passed to the command shell. You could also try the GetCommandLine() function, but that's a bit tricky. I'd try the batch method to verify that it works, and then investigate GetCommandLine() to eliminate a Batch to Kix solution.
Glenn
| AlexG |
| (Fresh Scripter) |
| 2009-08-10 05:41 PM |
|
Re: Run Kix Script as a different user
|
What I am doing is that the logon.bat will map drives for users. I can get the kixscript to run, and is shows the users drives mapping. The problem is that the local account USERA already has mapped drives, and the drives that are getting mapped by USERB do not show up. Can RuNNas be used for user drive mappings?
| Gargoyle |
| (MM club member) |
| 2009-08-10 07:46 PM |
|
|
Re: Run Kix Script as a different user
|
AlexG -
Can I make sure we all understand correctly... You have a workstation(s) that uses a generic logon (AUser@Local.Domain.Com)?
Now BUser sits down at the workstation and needs to map additional drives via some script or batch file. There is no logon to the workstation required.
Where does your application come into play? When Buser launches it? What does it do? Does it read the properties of the User account in AD to find out what script to run at logon?
| BradV |
| (Seasoned Scripter) |
| 2009-08-11 12:48 PM |
|
Re: Run Kix Script as a different user
|
I was reading it that he wants AUser@Local.Domain.Com to login and map drives based on that userid as well as BUser@Local.Domain.Com.
AlexG, if my interpretation is correct, why not create a group. Put AUser in it and give it what ever rights BUser has so that the login can happen all under one user id?
| AlexG |
| (Fresh Scripter) |
| 2009-08-11 04:52 PM |
|
Re: Run Kix Script as a different user
|
Correct - We have workstations that auto login using a generic account and maps a set of drives that are public. What I am trying to do is create a batch file where someone can map to there own personal, and department drives exlusively to them. What we are using is a product called Sentillion Vergence which has Single Sign on Cabability. The user is presented with a login box and they enter their credentials. I can get the Kix Login script to run, and it looks like the drives are mapping. But when I go to my computer, the Generic Accounts Drives are still there...I did check the Application Event Logs and got this error:
Event Type: Error
Event Source: KIXTART
Event Category: None
Event ID: 5
Date: 08/10/2009
Time: 3:47:03 PM
User: N/A
Computer: LKLKBLR
Description:
The description for Event ID ( 5 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Failed to create cookie Error : Access is denied. (0x5/5).
|
Glenn Barnas
|
| (KiX Supporter) |
| 2009-08-11 05:52 PM |
|
|
|
Re: Run Kix Script as a different user
|
Clearly the script is encountering permissions issues when it runs.
How are you passing the credentials to Kix?
How about posting your Kix script and any supporting scripts/batch files?
Did you consider the example I posted earlier about using positional args with Kix?
Since all you want to do is map drives based on a specific user, you don't need to RunAs anything.. in fact, doing so will set up a child process that will likely run, map drives, and then exit *(taking its mapped drives with it).
Glenn