Database Search
TechHome
- !! Understanding UAC !!
- A Referral was Returned From the Server
- Admin Privilege OK in WinBatch, but not Compiled
- Cmd Prompt Run As Administrator
- Determine if Application is Elevated
- Elevation Level and Environment Varibles
- FileCopy and UAC
- Installation Scripts
- Installing a program using Compatibility Mode
- Mapped Drives Issue with UAC
- Protected Directories
- Run As Admin WinBatch Script With UAC On
- RunWithLogon and UAC
- Scheduled Tasks
- SendKey and UAC
- Signing and Certificates
- StartUp No Prompt
- UAC Administrator Account
- UAC and WinBatch Studio
- UAC Help
- UAC Local System Account
- Unknown Publisher
- wntAccessAdd 64-bit Registry Key
- wntRunAsUser Issues
- wntShare UAC Problem
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Scheduled Tasks
Keywords: Scheduled Task Scheduler UAC Windows Vista 7 RunWithLogon wntRunAsUser Local System
Question:
I'm a long-time user of Winbatch. I've used Winbatch and Windows Schedule Tasks (in XP) for years to do over-night maintenance work ( such as backups, defrag, etc). I recently purchased my first Windows 7 workstation (Pro) and I've run into a wall trying to make things work. I would appreciate any help or insight.Here is some background:
- Running Windows 7 Pro and Winbatch 2011a.
- Logged into Windows as a standard user (not admin).
- UAC turned on.
- I have scheduled tasks that run various Winbatch scripts. These Winbatch scripts need a certain amount of admin privileges. For example, I want the backups to backup the user folders for all users on the machine, and I want to backup certain folders in the programs and systems folder.
- I need the Winbatch scripts to run with elevated admin privileges without any user intervention (i.e. UAC prompts). I have tried using RunWithLogon.
Answer:
That is correct. UAC, by design, was intended to not be capable of being bypassed regardless of whether you are a normal user or an admin user. This means that any process used for administrative tasks on versions of Windows prior to Vista may need to be reworked in order to have the process function properly under UAC on Vista & newer.The RunWithLogon() function makes direct use of a Win32 API function, CreateProcessWithLogonW(), which performs an interactive logon using the specified credentials. Because the logon is interactive, it is subject to automatic token filtering via UAC. This means that even if the credentials passed to RunWithLogon() are for an admin account, the access-token that is created for the child process will be a filtered admin token that has no more privileges than a normal user.
If the Task Scheduler runs scheduled tasks as the Local System account in service mode rather than as interactive tasks in the user's session, then the scripts will have admin rights locally but won't have any identity on the network except for that of the computer on which the script is running. By running as local system, though, it is permissible for the script to call the wntRunAsUser() function [in the Win32 Network Extender] to create a service mode or batch mode access-token that can then be impersonated by the script to have a specific admin account identity both on the local system and on the network.
Of course, all scheduled tasks set up to run as Local System have to be created by a user currently running with admin rights, so even this method doesn't allow a normal user to bypass UAC if it is enabled in order to set up the scheduled tasks.
Article ID: W18320
Filename: Scheduled Tasks.txt
File Created: 2011:09:12:10:39:40
Last Updated: 2011:09:12:10:39:40