Hi I'm trying to make a C# app that can check for missing windows updates. I can get my code to work when a user is logged in as that seems to sort out my proxy authentication issues but I want it to run on startup, before a user logs in. Below is my code, it runs fine from visual studio or when I build it and run on another PC but when I set it to run on startup and restart the PC all I get is "System.Runtime.InteropServices.COMException (0x80240438): Exception from HRESULT: 0x80240438 at WUApiLib.IUpdateSearcher.Search(String criteria)"
IUpdateSession uSession = new UpdateSession();
uSession.WebProxy.AutoDetect = false;
uSession.WebProxy.Address = "http://ipAddress:port";
uSession.WebProxy.UserName = #"Domain\user";
string password = "password";
uSession.WebProxy.SetPassword(password);
IUpdateSearcher uSearcher = uSession.CreateUpdateSearcher();
ISearchResult uResult = uSearcher.Search("IsInstalled=0");
Your proxy is probably Active Directory integrated and does not accept this kind of login.
You may try to create a scheduled task which runs in the context of the wanted user and start your code there.
Related
I'm creating Windows Scheduled Tasks dynamically from c# using the build-in TaskService and TaskDefinition libraries.
But for some of them, we need to create then to run as a different user (Local Service or Network Service). As the tasks are created and removed dynamically we cannot edit all of them manually to change the user. We need to do it via code.
Is is possible?
I've tried the following settings:
TaskDefinition.Principal.Id = "NETWORK SERVICE";
TaskDefinition.Principal.LogonType = TaskLogonType.ServiceAccount;
but this gives me the very descript error when creating the task:
System.Runtime.InteropServices.COMException: '(52,4):Task:'
Without those 2 lines, it works but creates them as the logged in user.
I've played around with the Task Scheduler stuff a bit and have replicated your problem. I believe I’ve found some things out, maybe they can help.
1. Firstly if your making Tasks in the debugger using Services Accounts, you'll want to ensure your Visual Studio or other IDE is launched as administrator to ensure you have the correct privileges to do this task.
2. I'm not sure if you do this later in your code but to make the task save and run as NETWORK SERVICE, I had to Identify Network Service as NT AUTHORITY\\NETWORKSERVICE in both the principle and on the RegisterTaskDefinition method:
TaskService tService = new TaskService();
TaskDefinition tDefinition = tService.NewTask();
tDefinition.Principal.Id = "NT AUTHORITY\\NETWORKSERVICE";
tDefinition.Principal.LogonType = TaskLogonType.ServiceAccount;
tDefinition.RegistrationInfo.Description = "Testing";
tDefinition.Triggers.Add(new DailyTrigger {DaysInterval = 2});
tDefinition.Actions.Add(new ExecAction("notepad.exe"));
tService.RootFolder.RegisterTaskDefinition(#"Test", tDefinition, TaskCreation.CreateOrUpdate,
"NT AUTHORITY\\NETWORKSERVICE", null,
TaskLogonType.ServiceAccount);
I used the above code to make a test Task that got successfully added to my scheduler as Network Service as shown below:
I'm guessing that one or both of the above points may have stopped the task from being added, hope that helps
I'm developing an application that requires me to install a Windows Service as a user (so far, I was registering successfully it as LocalSystem, but the requirements had changed).
I'm aware that, if I set ServiceAccount as User, it would prompt me with the credentials. That's ok for me. But when I hit ok, it gives me an error saying username or password are wrong, even after I triple-check it.
I can only "bypass" it by changing the Log On property AFTER I've installed the Windows Service, which is not ideal. Am I wrong about something? Here's the snippet of code I'm trying to use.
process = new ServiceProcessInstaller();
process.Account = ServiceAccount.User; //.LocalSystem works fine.
service = new ServiceInstaller();
service.ServiceName = "myService";
service.StartType = ServiceStartMode.Automatic;
Installers.Add(process);
Installers.Add(service);
I work with emergency services and they have an application that uses map files to let them know where they need to go and it uses GPS to let them know where they are. We have to update the map files as things change and before I started here they were being done through VB scripts which started to fail. I decided to code my own app in C# to do this which works fine.
I created a package in SCCM 2012 that caches all of the files locally and then it compares the files in the cache to what is on the machine and then replaces any older files. This all works fine but the application they use called MobileCAD locks the files so I have to kill this process and then do the file copy and start the application again. We never know when an emergency happens so this update may start when they are on the road so it is important that it starts the application again as soon as possible. If it does not start the application then the emergency services people may try to do so manually but if core files are being updated then it may not start or cause issues.
I coded my application which uses an app manifest to force it to run as an administrator for the file copy. This application is run through SCCM which uses the local 'System' account to do all of the work and killing MobileCAD and copying files which works great. What I originally found was that it does start MobileCAD but it does so under the System account and the process would be there but it was not visible. I think this is the same problem they were originally having so the emergency services people would need to reboot the computer and wait for it to log back in and then start the wireless service so they could get back into MobileCAD.
To address this issue I did research and found that I could use the ProcessStartInfo in .NET and force it to use another account. As we use an automatic logon for these machines the users name, password, and domain are all in the registry so it was easy to pull it out and inject it into the code. Awesome, looks like it is easy enough so I code it up and sure enough it works perfectly when run under my admin account. In my basic testing everything worked perfectly until I try the same in SCCM, now it fails with the following error message.
System.ComponentModel.Win32Exception (0x80004005): Access is denied
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at UpdateFDM.Program.StartProcess(String processName)
I am sorry for all of the words but I believe it helps if you have a good understanding of the issue and what I am trying to do. I have also hard coded the user information into the code instead of pulling it from the registry but I get the same error. Again, this works fine under my admin account but fails when it is pushed through SCCM and it is only launching MobileCAD that fails.
This is the code I am using for launching MobleCAD, do you see where my issue may lie? I know SCCM confuses it but SCCM basically runs things just as you would from the command line but it uses the local System account.
Thanks for any help.
// Declares the new start instance
ProcessStartInfo process = new ProcessStartInfo();
// Gets the process to start
process.FileName = processName;
// Maximizes the process windows at start-up
process.WindowStyle = ProcessWindowStyle.Maximized;
// Gets the user name from the autologon information
process.UserName = GetDefaultUserInfo("DefaultUserName");
// Gets the domain for the user
process.Domain = GetDefaultUserInfo("DefaultDomainName");
// Holds the password for the default user
SecureString password = new SecureString();
// Gets the raw password from the registry
string rawPassword = GetDefaultUserInfo("DefaultPassword");
// Copies the password in a secure string
foreach (char ch in rawPassword)
{
password.AppendChar(ch);
}
// Sets the password
process.Password = password;
// Needed to launch the app as the logged on user
process.LoadUserProfile = true;
process.UseShellExecute = false;
// Starts the process
Process.Start(process);
// Process started, return true
return true;
I want to remotely start a program on a Win2k8R2 Server, Web Edition, which installs Windows services.
Service installation is afaik only possible if there's a "screen>0" - that means a user must be logged in to do that (I read somewhere that the login dialog window is representing "screen 0", correct me if I'm wrong here).
So to get a screen, I open up a RDP connection and then trigger the setup exe which installs everything silently.
I made it run on Windows Server 2003 already. On 2008 R2 though it doesn't work anymore.
I assume there may be some security policy or even completely other technique to achieve what I want.
Here's the code:
this.axMsRdpClient7 = new AxMSTSCLib.AxMsRdpClient7();
// ... some GUI stuff happens here..
axMsRdpClient7.Server = hostname;
axMsRdpClient7.UserName = username;
axMsRdpClient7.AdvancedSettings.Compress = -1;
axMsRdpClient7.AdvancedSettings2.DisplayConnectionBar = true;
axMsRdpClient7.AdvancedSettings7.ClearTextPassword = userpassword;
axMsRdpClient7.AdvancedSettings2.EncryptionEnabled = -1;
// Set start program information. vvv THIS IS NOT GOING TO BE EXECUTED vvv
axMsRdpClient7.SecuredSettings.StartProgram = executablePath + " " + arguments;
axMsRdpClient7.SecuredSettings.WorkDir = workingDirectory;
// ... here I'm attaching some events like OnDisconnect...
// Start connection
axMsRdpClient7.Connect();
// Now the startprogram should be executed, but doesn't.
// (at this time its ok that I have to manually log off to reach disconnect. Except you have a better idea to disconnect after startprogram finishes)
while (axMsRdpClient7.Connected != 0)
{
Application.DoEvents();
Thread.Sleep(1);
}
// End connection
axMsRdpClient7.Disconnect();
Anyone knows why StartProgram is not being executed? I don't have any error, it just doesn't start.
Or anyone knows a better method to remotely install services?
Thanks in advance!
You should not need to call Disconnect(). When using the StartProgram approach you are using what used to be called the 'Alternate Shell' approach. This means that when the program terminates, the session is automatically closed/disconnected.
See http://msdn.microsoft.com/en-us/library/ms861803.aspx, search for 'AlternateShell'.
I recently wrote an ActiveX library that initiates an Windows 2008 RDS session using the StartProgram parameter. Once the user closes the program that is started automatically when the RDS session starts, the RDS session automatically terminates. So you shouldn't need the looping mechanism nor the call to Disconnect() with your approach.
In my code, for user credentials, I specify the domain as well. Is your user account a Windows Domain account? If so you probably need to specify that as well.
Additionally, I set the following parameters:
// server authentication is required - set Auth level to 2
AdvancedSettings7.AuthenticationLevel := 2;
// use CredSsp if the client supports it.
AdvancedSettings7.EnableCredSspSupport := True;
// setting PublicMode to false allows the saving of credentials, which prevents
// prompting the user to log in
AdvancedSettings7.PublicMode := False;
HTH
I would like to run a process from an intranet client on the WCF service side. In my case a client asks a server to create a new process on the server's machine under the provided credentials. WCF service is hosted on IIS 7.5 and I start a process using this code
var processInfo = new ProcessStartInfo("C:\\Windows\\System32\\notepad.exe")
{
UserName = "some user",
Password = MakeSecureString("some password"),
UseShellExecute = false,
LoadUserProfile = true
};
Process process = Process.Start(processInfo);
This code works if I host WCF service as a self-hosted console application running under admin user and I see the notepad started under another user. It fails on IIS with no exception, but process is immediately terminated
process.HasExited = true;
process.ExitCode = -1073741502;
On IIS WCF application is running under the user with admin rights and has got full trust defined in web.config. I cannot use self hosted application as it doesn't support easy continuous delivery (like WebDeploy with IIS web farms).
Q: How can I start a process on a server side from WCF service hosted on IIS?
EDIT:
I stumbled upon this post, with similar issues and I tried all the methods there, including all possible variations for Process.Start and P/Invoke with CreateProcessWithLogonW and CreateProcessAsUser I also tried granting additional permissions to users. Non of this would work with the error messages identical to the ones the guy had posted.
Oleksii, the point is that if you host the WCF service in a console application, there is a windows session (a user logged in and Windows Explorer loaded) for that user and the notepad is opened and shown for that user, so you see it in the UI.
when you host your WCF service in IIS, being a server, IIS requires and allows no user interaction and works also if no user is logged in; in that context there is no UI to host your notepad or other UI enabled applications, you could execute a process for elaboration or other batch jobs but not render a windows UI application, because Windows Explorer is not loaded for you and there is no place to render your process's UI.
here is what I use to call GnuPGP to do encryption. How does your setup compare?
private int ExecuteCommand(string arguments, string passPhrase, int timeout)
{
Process processObject;
ProcessStartInfo pInfo = new ProcessStartInfo(_executablePath, arguments);
pInfo.CreateNoWindow = true;
pInfo.UseShellExecute = false;
pInfo.RedirectStandardInput = true;
pInfo.RedirectStandardOutput = true;
pInfo.RedirectStandardError = true;
processObject = Process.Start(pInfo);
if (!string.IsNullOrEmpty(passPhrase))
{
processObject.StandardInput.WriteLine(passPhrase);
processObject.StandardInput.Flush();
}
string result = processObject.StandardOutput.ReadToEnd();
string error = processObject.StandardError.ReadToEnd();
if (!processObject.WaitForExit(timeout))
{
throw new TimeoutException("GnuPG operation timeout. Waited " + timeout + " milliseconds ");
}
int exitcode = processObject.ExitCode;
Error = error;
Output = result;
return exitcode;
}
There's an apppool setting to make sure it loads the user profile.
loadUserProfile Optional Boolean attribute.
Specifies whether IIS loads the user profile for the application pool identity. Setting
this value to false causes IIS to revert to IIS 6.0 behavior. IIS 6.0 does not load the
user profile for an application pool identity.
The default value is false.
That along with being a domain user as the identity with enough permissions might work?? I know that at a minimum the user will need a user profile.
That said, it's a little bit of an odd architecture. It seems like a better arch would be to have a persistent process like a windows service that the site communicates with but I'm not sure what your constraints are.
Hope that helps.