KAMIRAN Support 0 Posted April 30, 2017 Share Posted April 30, 2017 (edited) Hi dears , We have problem with Run Command task and we can not even run calc.exe. we use this : COMMAND LINE TO RUN : calc.exe WORKING DIRECTORY : c:\windows\system32 But nothing will run on client ! Also I create a simple batch file c:\1.bat and try to run it on my clients but it can not be run by "Run Command " why ? I must add this : just the command "Shutdown -r" work find with run command task. Edited April 30, 2017 by KAMIRAN Support Link to comment Share on other sites More sharing options...
bbahes 29 Posted May 1, 2017 Share Posted May 1, 2017 Have you tried to type entire path to calc.exe in "COMMAND LINE TO RUN:" ? Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted May 1, 2017 ESET Staff Share Posted May 1, 2017 Problem is that executed command is executed with "Local System" permissions. That is reason why applications like calc.exe are not visible for standard users with desktop environment. It is possible that application is actually running, but is is not accessible by user. Techcnically content of "Run Command" task is placed into temporary bat file and executed - have tou used "call c:\1.bat" syntax to execute your bat file using this task? When writing custom commands, you have to be aware of Local System user environment, which is different from standard user/administrator account. Environment variables may differ, user-specific section of windows registry is different. Also filesystem and network permissions may be different, especially when accessing user files. As already mentioned, system user has no access to desktop environment, which may causes failure of application startup. Link to comment Share on other sites More sharing options...
bbahes 29 Posted May 1, 2017 Share Posted May 1, 2017 14 minutes ago, MartinK said: Problem is that executed command is executed with "Local System" permissions. That is reason why applications like calc.exe are not visible for standard users with desktop environment. It is possible that application is actually running, but is is not accessible by user. Techcnically content of "Run Command" task is placed into temporary bat file and executed - have tou used "call c:\1.bat" syntax to execute your bat file using this task? When writing custom commands, you have to be aware of Local System user environment, which is different from standard user/administrator account. Environment variables may differ, user-specific section of windows registry is different. Also filesystem and network permissions may be different, especially when accessing user files. As already mentioned, system user has no access to desktop environment, which may causes failure of application startup. Do you plan to develop option like "Run As" to specify user under which commands can be executed? Link to comment Share on other sites More sharing options...
KAMIRAN Support 0 Posted May 1, 2017 Author Share Posted May 1, 2017 10 hours ago, MartinK said: Problem is that executed command is executed with "Local System" permissions. That is reason why applications like calc.exe are not visible for standard users with desktop environment. It is possible that application is actually running, but is is not accessible by user. Techcnically content of "Run Command" task is placed into temporary bat file and executed - have tou used "call c:\1.bat" syntax to execute your bat file using this task? When writing custom commands, you have to be aware of Local System user environment, which is different from standard user/administrator account. Environment variables may differ, user-specific section of windows registry is different. Also filesystem and network permissions may be different, especially when accessing user files. As already mentioned, system user has no access to desktop environment, which may causes failure of application startup. Yes you are right , I check the prepossesses and it seems that as you said all commands are run by a temp batch file under Local System Account, So we can not see the interface of applications. is there any way to run the command as a user or administrator ? Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted May 1, 2017 Share Posted May 1, 2017 you could try making your "command to run" something like runas /user:ABC "calc.exe" However it still won't pop up on the user's screen because the command will be running in session 0 (system) whereas the logged-in user will be a different non-zero session number. Jim Link to comment Share on other sites More sharing options...
KAMIRAN Support 0 Posted May 1, 2017 Author Share Posted May 1, 2017 2 minutes ago, jimwillsher said: you could try making your "command to run" something like runas /user:ABC "calc.exe" However it still won't pop up on the user's screen because the command will be running in session 0 (system) whereas the logged-in user will be a different non-zero session number. Jim You are right , Run as command can not be used because it will run in session 0. Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted May 1, 2017 Share Posted May 1, 2017 May I ask what it is you are trying to achieve? Link to comment Share on other sites More sharing options...
KAMIRAN Support 0 Posted May 1, 2017 Author Share Posted May 1, 2017 3 minutes ago, jimwillsher said: May I ask what it is you are trying to achieve? One of our customers want to install some certificates in all clients or install some programs or update patches and we are trying to do this. They want to solve for example certificates problems in all of 1000 clients , Example : hxxp://support.eset.com/kb6208/ We are testing trying to do this with CMD. Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted May 1, 2017 Share Posted May 1, 2017 If you've got 1000 clients then I am guessing they are in a domain, in which case Group Policy or SCCM is probably a better solution. Link to comment Share on other sites More sharing options...
KAMIRAN Support 0 Posted May 1, 2017 Author Share Posted May 1, 2017 6 minutes ago, jimwillsher said: If you've got 1000 clients then I am guessing they are in a domain, in which case Group Policy or SCCM is probably a better solution. Yes but they want to use ESET Agent to install their certificates and we run it with power shell and certutil , And it works find in local system now . Link to comment Share on other sites More sharing options...
Recommended Posts