I'm trying to run djoin.exe tool with System.Diagnostics.Process from a C# service using a different user (not as the service user).
The process returns code -1073741502.
In the event log I can see:
Application popup: djoin.exe - Application Error : The application was
unable to start correctly (0xc0000142). Click OK to close the
application.
No stderr or stdout.
Here is the process configurations I used:
ProcessStartInfo startInfo = new ProcessStartInfo
{
Arguments = "/Provision /Domain domain.com /Machine PC12 /SaveFile NUL /printblob",
WorkingDirectory = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location),
FileName = "djoin.exe"
UseShellExecute = false,
RedirectStandardError = true,
RedirectStandardInput = true,
RedirectStandardOutput = true,
CreateNoWindow =true,
Domain = "domain.com",
UserName = "other-user",
Password = "***"
};
if (username!=null)
{
startInfo.Domain = domain;
startInfo.UserName = username;
startInfo.Password = ToSecureString(password);
}
p = new Process { StartInfo = startInfo };
p.Start();
When using the RUNAS command, everything works fine.
What is the problem?
Seems like it is a permissions issue. This can either be at the folder level of where the exe is located, or to do with the user that the process is running under.
To diagnose this, you can first go to the folder where the exe is located. Then right click and set the permissions to "everyone" with full control. Then try to run again and see if you get the same message.
Also when you run Visual studio, at the start, right click and run as administrator. I take it from your comment that this works OK, leading me to believe it is in fact permission related. e.g. Are the different users in the same domain? Once you work out the permissions of the folder where the applcation lives, create an account with permission on that folder and then have whatever process schedules/runs the exe to execute under that account.
Update - the comments above prompted another idea, you could use system.diagnostics to write eventlog entries at each point of the code, to help determine what is going wrong. Another tool that may be of use if WinDBG to get more info about what is throwing that exception.
Related
I'm working on a WPF application targeting .NET 3.0. I need to call an exe which requires administrative privileges. I can get the UAC to prompt for permission by using something like:
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.Verb = "runas";
startInfo.UseShellExecute = true;
startInfo.FileName = "target.exe";
Process p = new Process();
p.StartInfo = startInfo;
p.Start();
My problem is I need to redirect standard output, and doing so with UseShellExecute = true results in an exception stating that:
The Process object must have the UseShellExecute property set to false
in order to redirect IO streams
However, setting it to false results in the UAC not prompting for permission and I get an exception stating:
The requested operation requires elevation
How can I redirect standard output and prompt for UAC?
I have seen this similar question, however the solution is to use the app.manifest to give my application administrative privileges. This is something I cannot do due to requirements.
UseShellExecute must be set to false to redirect IO, and to true to use the Verb property. So you can't.
But this article seems do the magic, although I haven't tested it.
It's written in C++, but a wrapper API can easily be created to be called from C# by using DllImport.
Note: If you want to pass data between the two programs and have access to the target program's source code, you can easily re-design you application to use Named Pipes instead of redirecting standard I/O.
There is another pretty simple solution:
If you want to run a child-executable elevated AND redirect the output (optionally including window hiding), then your main code must be running elevated too. This is a security requirement.
To accomplish this:
Manually edit your app.manifest in your project folder.
Find the comment regarding UAC Manifest Options, you will see the 3 examples of requestedExecutionLevel.
Under the comment, locate the tricky asInvoker which is currently enabled, and replace it with requireAdministrator.
Restart Visual Studio in order to take into effect, and after re-building your app it should have the typical UAC shield icon.
Now your code will run elevated, everything that it launches will be elevated too, and you can also capture output streams. Here is an example in VB.NET:
Dim startInfo As New ProcessStartInfo
startInfo.Verb = "runas"
startInfo.FileName = "subprocess-elevated.exe"
startInfo.Arguments = "arg1 arg2 arg3"
startInfo.WorkingDirectory = Environment.CurrentDirectory
startInfo.WindowStyle = ProcessWindowStyle.Hidden
startInfo.CreateNoWindow = True
Dim p As Process = New Process()
p.StartInfo = startInfo
p.StartInfo.UseShellExecute = False
p.StartInfo.RedirectStandardOutput = True
p.StartInfo.RedirectStandardError = True
p.Start()
Console.WriteLine(p.StandardOutput.ReadToEnd)
Console.WriteLine(p.StandardError.ReadToEnd)
p.WaitForExit()
What I am trying to do is run a batch file that is located on the webserver's desktop when a button is clicked. This is what I have thus far.
ProcessStartInfo psi = new ProcessStartInfo("Notepad.exe");
psi.WorkingDirectory = #"C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories";
psi.UseShellExecute = false;
psi.UserName = "administrator"; //username
psi.Password = secure; //secure string
var process = Process.Start(psi);
When I debug it, it does exactly what I want it to, but when I access the site on IIS (localhost:81) the batch file never runs. I've tried many different variants of ProcessStartInfo and Process with no luck. I've tested the username and password and they are both correct too.
I don't get any errors, the button just triggers a page post back.
I have given IUSR and IIS_IUSRS permissions to the file, and still nothing runs. I also removed the username and password and set the UseShellExecute to true, but that did nothing as well.
EDIT:
It looks like everyone thinks its some permissions. Any idea on what I need to do to allow IIS to open the process?
Thanks in advance!
Just change the third line to this:
psi.UseShellExecute = true;
or read this article which really gets the work done:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;889251
I'm working on a WPF application targeting .NET 3.0. I need to call an exe which requires administrative privileges. I can get the UAC to prompt for permission by using something like:
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.Verb = "runas";
startInfo.UseShellExecute = true;
startInfo.FileName = "target.exe";
Process p = new Process();
p.StartInfo = startInfo;
p.Start();
My problem is I need to redirect standard output, and doing so with UseShellExecute = true results in an exception stating that:
The Process object must have the UseShellExecute property set to false
in order to redirect IO streams
However, setting it to false results in the UAC not prompting for permission and I get an exception stating:
The requested operation requires elevation
How can I redirect standard output and prompt for UAC?
I have seen this similar question, however the solution is to use the app.manifest to give my application administrative privileges. This is something I cannot do due to requirements.
UseShellExecute must be set to false to redirect IO, and to true to use the Verb property. So you can't.
But this article seems do the magic, although I haven't tested it.
It's written in C++, but a wrapper API can easily be created to be called from C# by using DllImport.
Note: If you want to pass data between the two programs and have access to the target program's source code, you can easily re-design you application to use Named Pipes instead of redirecting standard I/O.
There is another pretty simple solution:
If you want to run a child-executable elevated AND redirect the output (optionally including window hiding), then your main code must be running elevated too. This is a security requirement.
To accomplish this:
Manually edit your app.manifest in your project folder.
Find the comment regarding UAC Manifest Options, you will see the 3 examples of requestedExecutionLevel.
Under the comment, locate the tricky asInvoker which is currently enabled, and replace it with requireAdministrator.
Restart Visual Studio in order to take into effect, and after re-building your app it should have the typical UAC shield icon.
Now your code will run elevated, everything that it launches will be elevated too, and you can also capture output streams. Here is an example in VB.NET:
Dim startInfo As New ProcessStartInfo
startInfo.Verb = "runas"
startInfo.FileName = "subprocess-elevated.exe"
startInfo.Arguments = "arg1 arg2 arg3"
startInfo.WorkingDirectory = Environment.CurrentDirectory
startInfo.WindowStyle = ProcessWindowStyle.Hidden
startInfo.CreateNoWindow = True
Dim p As Process = New Process()
p.StartInfo = startInfo
p.StartInfo.UseShellExecute = False
p.StartInfo.RedirectStandardOutput = True
p.StartInfo.RedirectStandardError = True
p.Start()
Console.WriteLine(p.StandardOutput.ReadToEnd)
Console.WriteLine(p.StandardError.ReadToEnd)
p.WaitForExit()
i m building a website, and i want to run MATLAB file on the server and display the result on web page,
please if u have any idea how to run matlab from web site tell me
thank u soo much .
This is explained in detail in this guide: http://www.mathworks.com/help/toolbox/compiler/example_guide/brh232k.html
Basically you need to compile your .m file using the Matlab Builder NE and deploy it as a
webservice or normal ASPX file. See here for an overview of the deployment scheme.
This might be a terrible hack but perhaps it helps. I have read that you can make an executable from your MATLAB file. If that is so. The following has worked for me when I need a Web Application to execute an executable and show the results. Be warned, the account your web application runs under will need permissions to run the executable.
Once you have made your MATLAB file into an executable you can create a process, redirect its standard output and place that output in a web element (in this example I used a label).
//Get the path to the executable you wish to run from a setting in web.config
var executablePath = ConfigurationManager.AppSettings["MATLAB_EXECUTABLE_PATH"];
//Create a process to execute the executable. Redirecting the output.
var proc = new Process();
proc.StartInfo = new ProcessStartInfo
{
CreateNoWindow = true,
ErrorDialog = false,
FileName = executablePath,
RedirectStandardError = true,
RedirectStandardOutput = true,
Arguments = args,
UseShellExecute = false //Very important do not leave this out.
};
proc.Start(); //Execute the executable.
lblOutput.Text = proc.StandardOutput.ReadToEnd(); //use the results
lblErrorMessages.Text = proc.StandardError.ReadToEnd(); //Show any error output from the executable.
I'm trying to install a service using InstallUtil.exe but invoked through Process.Start. Here's the code:
ProcessStartInfo startInfo = new ProcessStartInfo (m_strInstallUtil, strExePath);
System.Diagnostics.Process.Start (startInfo);
where m_strInstallUtil is the fully qualified path and exe to "InstallUtil.exe" and strExePath is the fully qualified path/name to my service.
Running the command line syntax from an elevated command prompt works; running from my app (using the above code) does not. I assume I'm dealing with some process elevation issue, so how would I run my process in an elevated state? Do I need to look at ShellExecute for this?
This is all on Windows Vista. I am running the process in the VS2008 debugger elevated to admin privilege.
I also tried setting startInfo.Verb = "runas"; but it didn't seem to solve the problem.
You can indicate the new process should be started with elevated permissions by setting the Verb property of your startInfo object to 'runas', as follows:
startInfo.Verb = "runas";
This will cause Windows to behave as if the process has been started from Explorer with the "Run as Administrator" menu command.
This does mean the UAC prompt will come up and will need to be acknowledged by the user: if this is undesirable (for example because it would happen in the middle of a lengthy process), you'll need to run your entire host process with elevated permissions by Create and Embed an Application Manifest (UAC) to require the 'highestAvailable' execution level: this will cause the UAC prompt to appear as soon as your app is started, and cause all child processes to run with elevated permissions without additional prompting.
Edit: I see you just edited your question to state that "runas" didn't work for you. That's really strange, as it should (and does for me in several production apps). Requiring the parent process to run with elevated rights by embedding the manifest should definitely work, though.
This code puts the above all together and restarts the current wpf app with admin privs:
if (IsAdministrator() == false)
{
// Restart program and run as admin
var exeName = System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName;
ProcessStartInfo startInfo = new ProcessStartInfo(exeName);
startInfo.Verb = "runas";
System.Diagnostics.Process.Start(startInfo);
Application.Current.Shutdown();
return;
}
private static bool IsAdministrator()
{
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
// To run as admin, alter exe manifest file after building.
// Or create shortcut with "as admin" checked.
// Or ShellExecute(C# Process.Start) can elevate - use verb "runas".
// Or an elevate vbs script can launch programs as admin.
// (does not work: "runas /user:admin" from cmd-line prompts for admin pass)
Update: The app manifest way is preferred:
Right click project in visual studio, add, new application manifest file, change the file so you have requireAdministrator set as shown in the above.
A problem with the original way: If you put the restart code in app.xaml.cs OnStartup, it still may start the main window briefly even though Shutdown was called. My main window blew up if app.xaml.cs init was not run and in certain race conditions it would do this.
According to the article Chris Corio: Teach Your Apps To Play Nicely With Windows Vista User Account Control, MSDN Magazine, Jan. 2007, only ShellExecute checks the embedded manifest and prompts the user for elevation if needed, while CreateProcess and other APIs don't. Hope it helps.
See also: same article as .chm.
[PrincipalPermission(SecurityAction.Demand, Role = #"BUILTIN\Administrators")]
This will do it without UAC - no need to start a new process. If the running user is member of Admin group as for my case.
i know this is a very old post, but i just wanted to share my solution:
System.Diagnostics.ProcessStartInfo StartInfo = new System.Diagnostics.ProcessStartInfo
{
UseShellExecute = true, //<- for elevation
Verb = "runas", //<- for elevation
WorkingDirectory = Environment.CurrentDirectory,
FileName = "EDHM_UI_Patcher.exe",
Arguments = #"\D -FF"
};
System.Diagnostics.Process p = System.Diagnostics.Process.Start(StartInfo);
NOTE: If VisualStudio is already running Elevated then the UAC dialog won't show up, to test it run the exe from the bin folder.
You should use Impersonation to elevate the state.
WindowsIdentity identity = new WindowsIdentity(accessToken);
WindowsImpersonationContext context = identity.Impersonate();
Don't forget to undo the impersonated context when you are done.