Scheduled task running as SYSTEM - execute something as current user?

windows-7 windows-xp scheduled-tasks

I have a scheduled task which runs a batch file which does some stuff. I want the batch file to kick off another batch file which runs in user space; i.e. %username% == the currently logged-in user, with user permissions, etc. How can I run a command under the current user, given that the scheduled task runs with SYSTEM permissions?

I need this for both Windows XP and Windows 7.


Solution 1:

Ever since the introduction of Terminal Services, "current user" can be plural. Even XP supports fast user switching.

The closest you can get is "user connected to the console session". For this, use WTSGetActiveConsoleSessionId() + WTSQueryUserToken() + CreateEnvironmentBlock() + CreateProcessAsUser().

I wrote this: https://gist.github.com/871048 – Compile, run with full path to your batch file as arguments.

Yes, this requires .NET Runtime, but it's likely that your systems already have it. The compiler's part of the Runtime, too: %SystemRoot%\Microsoft.NET\Framework64\v3.5\csc.exe (any version starting with v2.* will work).

Note: WTSQueryUserToken() requires the program to be running as LocalSystem. (According to the docs, SeTcbPrivilege is not enough, but I haven't checked.)

Solution 2:

Under "When Running Task, use the following user account:" you can set it to "BUILTIN\Users" group, it will run the task as the current logged in user.

Related

May I forbid a user to install apps from the Store?
Do Google and Facebook keep track of the sites I browse outside of their own sites?
flac2mp3 on mac?
Cloning HDDs from a hardware RAID array?
Smart domain-masking, redirection or forwarding
Raid 0+1 and Different Disk Speeds/Sizes
AutoHotKey: remapping Alt+Shift+<plus> to \
Aquamacs: How to Remap Capslock to Meta Key, at Application Level?
Problem with IE 9 Download Manager
SATA to USB 3.5'' hard drive using only usb power
Microsoft PHP SQL Server Drivers not working, cant load module
How to change DNS on hotspot