确实窗口有一个限制,当计划任务在一组creds的启动过程一组不同的Creds的运行另一个程序 [英] does windows have a limitation when a process started by a scheduled task under one set of creds runs another program under a different set of Creds
问题描述
所以我有一个简单的例子,在那里我有一个应用程序,其中有一些硬编码creds用户X,本地管理员,然后启动使用硬编码的绝对路径,这些凭证附录二。 A和B和DOTNET控制台应用程序,但他们不与控制台交互,就只写了一个文件信息。
So i have a simple example, where i have app A, which has some hard coded creds to user X , a local admin, and then it launches app B with those Credentials using a hardcoded absolute path. Both A and B and dotnet console applications, however they don't interact with the console, just just write out info to a file.
当我运行一个交互(下我Creds,通过双击,或通过的CMD.exe,还是一个互动的PowerShell会话运行良好。成功呼叫乙
When i run A interactively (under my Creds, by double clicking, or through CMD.exe , or an interactive PowerShell session it runs fine. successfully calling B
当我运行它通过与计划任务下被creds,并调用b带用户X的的Process.Start(mystartinfo)的错误代码是
-1073741502
或0xC0000142十六进制的,意思是应用程序未能正确初始化
When i run it through a scheduled tasks with A being under by creds, and calling B with user X the error code of the Process.Start(mystartinfo) is -1073741502 or 0xC0000142 in hex which means "The application failed to initialize properly"
但是,如果我运行计划任务调用它的工作原理用户X凭据。
However if i run the scheduled task calling A with user X credentials it works..
我大多做这个小测试因为我看到类似的行为努力,无论是从计划任务或远程办启动工作-Credential在PowerShell中的时候,还是在同一个场景调用PowerShell中或System.Diagnostic>的Process.Start启动过程在PowerShell中。在首先,我认为这是在PowerShell中的一个错误,但它似乎更深.. Windows或专门DOTNET,我想知道这是否是已知/记录,如果有任何变通办法。
I made this small test mostly because i see similar behaviour when trying to do "start-job -Credential" in powershell from either a scheduled task or remoting, or calling start-process in powershell or System.Diagnostic>Process.Start from within PowerShell in the same scenarios. At first i thought it was a bug in PowerShell but it seems to be deeper.. Either Windows or specifically Dotnet and i want to know if this is known/documented and if there are any workarounds.
推荐答案
我遇到过这样的行为在Windows Server 2008R2造成的。我的C#应用程序(A)将启动一个进程B.
I encountered such a behavior caused under Windows Server 2008R2. My C# application (A) starts a process B.
进程B将无法运行,而不访问Windows桌面,[无法调用Windows API CreateWindow的(); ]其中,防止运行时服务(或调度)
(这是为了防止使用AT /交互式cmd.exe一个众所周知的用户权限升级)
Process B fails to run without access to Windows Desktop, [fails to Call Windows API CreateWindow();] which is prevented to run when run as a Service (or by scheduler) (this is to prevent a well known user privilege escalation using "at /interactive cmd.exe")
我建议检查您所使用的环境,并检查它是否是同样的问题。如果是这样,那么你应该寻找如何删除引用到的CreateWindow()API调用或正确地处理它。
I recommend to check the environment you are using and check if it is the same problem. If so, then you should search for how to remove references to the CreateWindow() API call or handle it correctly.
不幸的是,我不得不进程B用不上,因此曾在解决这个问题上没有取得成功。我结束了部署Server 2003的计算机上的解决方案。
Unfortunately, I had no access to Process B and therefore had no success in solving this issue. I ended up deploying the solution on a Server 2003 machine.
这篇关于确实窗口有一个限制,当计划任务在一组creds的启动过程一组不同的Creds的运行另一个程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
