Database Search
TechHome
- !! Performance Monitoring and WinBatch !!
- AddExtender function - freeing the DLL
- Advantages of While over Goto
- AppExist AppWaitClose Fail
- AppExist Fails
- AppExist Not Working on NT
- AppWaitClose for Terminalserver
- Ask Function Will Not Display
- AskDirectory Flags Not Working
- AskDirectory Questions
- AskFileName Bug
- AskFileName Limit
- AskFileName Window Location and Size
- AskItemList and Switch Statement
- AskYesNo with Custom Button Names
- AskYesNo with Default NO
- AskYesNo without Cancel Button
- BinaryHashRec Examples
- BinaryReadEx
- BoxShut and WBT icon
- Buttonnames function
- Call Versus Include
- Call vs CallExt
- Command Line Limitation
- Concatenate using StrCat to Cat info Together
- Converting files with LF Endings
- Debug window and Longest Line Displayable
- Decipher Debugtrace output
- Dirchange versus LogDisk
- DirExist Failing
- DirHome vs DirGet
- DirRemove Not Removing Directory
- DirSize Function Anomalies
- DirSize Slow
- DiskFree Function
- Diskscan Function
- DiskSize and DiskFree returning incorrect values
- DiskSize and Network Shares
- DiskSize limit
- Display Function and More than 256 Chars
- Display Using Fractional Timeout
- Drop Function
- DropWild Function
- ERRORMODE Suppressing Errors Important Info
- Execute Function
- Explanation of Negative Value in Display Function
- FileAppend is Leaving an End of File Marker
- FileClose Greater than 5 Files Error
- FileCompare - FileSize - FileTimeCode
- FileCopy Eats CPU
- FileCopy Fails going to SMB or UNIX Servers
- FileCopy Failure with McAfee Virus Files
- FileCopy Failure
- FileCopy to a Null Device
- FileDelete Error 1016 when File Doesnt Exist
- FileDelete Returns True but File Shows up in Explorer
- FileExist Check In Use
- FileExist Returns Sharing Violation
- FileExist Unable to Locate an EXE
- FileExtension Example
- FileGet and Unicode
- FileInfoToArray Total File Size Problem
- FileItemize File Mask IntControl 91
- FileMove Function
- FileOpen and Determing if File is Open
- FileOpen on File Opened by Another Process
- FileRead Examples
- FileRename Function General Info
- FileSize Returns Zero
- FileSizeEx and Integer Math
- FileSizeEX Returns Zero for Pagefile
- FileTimeCode Example
- FileVerinfo and Language Keys
- FileWrite Adds CRLF
- FileWrite and CRLF Character
- FileWrite FilePut Benchmark
- Floor Function question
- Fonts in Message Boxes
- Get extension from AskFileName is user did not supply one
- GetTickCount Explained
- IconReplace - IntControl 37 - Not Working
- Icons, IconGroups, and IconImages Explained
- IniReadPvt returns default using Citrix WinFrame
- InstallFile Function and Return Codes
- IntControl 1005 - A Treatise
- Intcontrol 1005 and Shutdown
- IntControl 1005
- Intcontrol 1006
- Intcontrol 1007 and 1008
- IntControl 28 Fixed Pitch Font
- IntControl 30 Allow Protected Renames
- Intcontrol 30 and Shared Mapped Drives
- IntControl 30 Failing to Move File
- IntControl 31...
- IntControl 38 and 73 and WbErrorHandler
- Intcontrol 39-40 and Share Violations
- Intcontrol 50 and Specifying your own URL
- Intcontrol 61 Usage
- Intcontrol 65 and FileRead
- IntControl 67 and Windows 95 Hangs on Shutdown
- IntControl 67 and Windows 98 Blue Screen
- IntControl 67 and Windows NT logs user out rather than rebooting
- IntControl 67 and Windows XP
- IntControl 68 will reboot instead of shut down
- IntControl 76 Explained
- IntControl 92 and the Performance Monitor
- IsInt with Trailing Spaces
- IsLicensed Function
- IsMenuChecked - MenuChange - IsMenuEnabled
- IsNumber Problem
- ItemInsert and the Lists Problem
- ItemSort and Hyphens
- ItemSort and Other Sorting Functions
- ItemSort Reverse Sort Order
- KeyToggleGet and Problem Detecting Key Toggle
- Max Length of an Item in AskItemList
- Message Function and Strings Greater than 261 Chars
- Mod - Modulo - Function
- MouseClickBtn and Sending Ampersands
- NetInfo API Info
- Netware wntRunAsUser and RunwithLogon Problem
- Orphaned Functions
- ParseData Function
- ParseData Removes Quotes
- Performance Counters Disabled
- Persistent Verses Global Variables
- Place AskColor Dialog
- Random() Function
- Run Function Crash
- Run on Win95 Finished but Icon Persists
- Run or Runwait and Second Parameter 125 or more Chars
- RunExit in Win95 WinNT
- RunHide Command Info
- RunShell with Parameters longer than 100 Char
- RunWait - AppWaitClose Failing and Loader Programs
- RunWait 16 bit script doesnt wait for 32 bit apps
- RunWait Not Working with Word Perfect 60
- RunWithLogon Ignores the Display Mode Flag
- RunwithLogon with no password
- RunWithLogon wntRunAsUser LocalSystem Account
- SendMenusTo Not Working
- ShellExecute With Wait
- StrClean Function
- StrFixLeft Issue
- String Comparisons in a Switch Statement
- Switch Statement - Multiple Values Under One Case
- Switch with a Variable Name
- SysParamInfo
- Terminate Function
- TimeDelay and Millisecond Intervals
- TimeDelay Discussion
- WaitforKey and CPU Usage
- WaitForKey Issues
- WildCards with FileExist
- WinActivate Erratic Behavior
- WinActivate with Remote Desktop
- WinActiveChild Failing
- Winbatch hangs on TimeDelay
- Winclose Failure with McAfee Virus
- WinCloseNot Doesnt Work
- WinExeName Returning a Null String on Some Systems
- WinExist Failing
- Winhelp Function
- WinItemizeEx
- WinItemNameId and IP address
- WinItemNameId and WinItemizeEx
- WinMetrics and Screen Resolution
- Winplace and Child Windows
- WinPlaceSet of a Winbatch Dialog
- WinShow Maximizes Window
- WinState Waits up to 8 Seconds
- WinWaitClose( ) with Minimized Windows
- Yield versus TimeDelay
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Netware wntRunAsUser and RunwithLogon Problem
I'm trying to install an app that resides on a netware drive. I have a Netware account that will have rights over the local machine, as well as rights on the share. My question was, do I use wntrunasuser() or do I use runwithlogon() to do the credentials\authentication.
You said...
Regardless of whether you use wntRunAsUser() or RunWithLogon(), the process that you create under a different set of credentials is not going to be logged in to NDS/eDir because its security context will have changed. This means that you need to launch a *local* script under new credentials and then have that script authenticated to NDS/eDir before attempting to start the Oracle installation.Can you help me out in understanding this more clearly?
Answer:
No user account in NDS/eDir is going to have rights over the local workstation. You have have an NDS/eDir account that has rights to directory services & file resources in the NetWare environment, and then you have a separate Windows account that has rights to the workstation.The probem is very straight forward. As soon as you begin impersonation with wntRunAsUser(), or as soon as a process is started under a different set of credentials using RunWithLogon(), the process no longer has access to the same set of Novell Client services that were available under the original set of credentials.
Let's look at it like this:
Windows user "WinUserA" is logged on to the workstation and is logged on to eDir as "NWUserA". WinUserA begins impersonating "WinUserB" via wntRunAsUser(). When the impersonation begins, the the process is now "WinUserB" as far as the Novell Client is concerned, and "WinUserB" isn't logged in to eDir and doesn't have any access to NetWare resources. It is necessary for the process running under WinUserB's Windows credentials to authenticate to eDir. When the impersonation ends, the Novell Client authentication information for WinUserB is destroyed and the process reverts back to having access to the Novell Client environment that existed before it started impersonating WinUserB.
If we take the same scenario and use RunWithLogon(), things are pretty much the same but with one minor twist. The process that is created to run the program specified in RunWithLogon() is going to run under new Windows credentials, such as the WinUserB account mentioned in the first example. That's all well and fine. The process gets created under the new set of Windows credentials, and because it is in a new security context, the Novell Client environment that it is in is not authenticated to eDir. If RunWithLogon() was set up to run a program located on a local drive, then you only have to worry about WinUserB having permissions to execute that program. However, if the program was located on a remote server, then that's where things get trickier. If the remote server is a Windows server and WinUserB has rights to access the file, then RunWithLogon() will be successful. If the remote server is a NetWare server, then WinUserB doesn't have any authenticated NDS/eDir credentials and thus RunWithLogon() will fail as the process that was created cannot access the program that it was created to run.
Drive letter mappings are part of the security context, so not only do you have to deal with changes in access rights to UNC paths, you also have to deal with the disappearance of mapped drive letters as well regardless of what type of remote server the drive letters were mapped to. This can cause RunWithLogon() to fail of the program it was going to execute under a new process using new credentials is specified using a drive letter path instead of a UNC path.
Now, all of that discussion aside, the following things come to mind as being the "safe" way to handle impersonation, etc... and remote resources.
Have script "ScriptA" use RunWithLogon() to execute script "ScriptB" under new Windows credentials. Make sure that ScriptB is located on a local drive on the workstation. then, if "ScriptB" has to access resources on a NetWare server, it will be necessary for "ScriptB" to use the NetWareX extender to login to NDS using Netware credentials that will allow it to access file resources on a remote NetWare server. Once "ScriptB" does this, it can, in turn, execute any software installation programs that are required to perform a software installation.
Article ID: W16448
File Created: 2005:02:18:12:20:46
Last Updated: 2005:02:18:12:20:46