Calling CreateProcessWithLogonW

[Benjamin Bittner]

Hallo NG,
ive posted this before on microsoft.public.dotnet.framework.aspnet but didnt
get a response. im stuck with this for a week now. and i think i used every
possible resource but didnt get it to work.
===
I have problems with calling the CreateProcessWithLogonW() function. I tried
converting an VB6 example
([url]http://support.microsoft.com/default.aspx?scid=kb;en-us;285879[/url]) and some
snippets i found around the web. but i cant get it to work. It tries to
start the application, but it fails. In my eventlog i can see a new info
message, everytime i execute my code. i try to translate it, cause i have a
german windows installed, so it maybe wont be the exact words of the
original english info message.

Application popup: some.exe - Error in application: the application couldnt
be initialized properly (0xc0000142). Click "OK" to exit.
event-id: 26

I tried launching notepad.exe, cmd.exe, cscript.exe but everytime the same
error. What im tryin to achieve is, to execute the vbscript file
makew3site.vbs from IIS > AdminScripts.

This is my code:

Option Strict Off
Option Explicit On
Imports System.Runtime.InteropServices

Public Class WebForm2
Inherits System.Web.UI.Page

Protected WithEvents lblTest As System.Web.UI.WebControls.Label

#Region "Structs"
<StructLayout(LayoutKind.Sequential)> _
Public Structure PROCESS_INFORMATION
Dim hProcess As System.IntPtr
Dim hThread As System.IntPtr
Dim dwProcessId As Integer
Dim dwThreadId As Integer
End Structure

<StructLayout(LayoutKind.Sequential)> _
Public Structure STARTUPINFO
Dim cb As Integer
Dim lpReserved As System.IntPtr
Dim lpDesktop As System.IntPtr
Dim lpTitle As System.IntPtr
Dim dwX As Integer
Dim dwY As Integer
Dim dwXSize As Integer
Dim dwYSize As Integer
Dim dwXCountChars As Integer
Dim dwYCountChars As Integer
Dim dwFillAttribute As Integer
Dim dwFlags As Integer
Dim wShowWindow As Short
Dim cbReserved2 As Short
Dim lpReserved2 As System.IntPtr
Dim hStdInput As System.IntPtr
Dim hStdOutput As System.IntPtr
Dim hStdError As System.IntPtr
End Structure

#End Region

#Region "APIINFO"
Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
Private Const CREATE_NEW_CONSOLE As Integer = &H10
Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
Private Const LOGON_WITH_PROFILE As Integer = &H1

Private Declare Unicode Function CreateProcessWithLogon Lib "Advapi32"
Alias "CreateProcessWithLogonW" _
(ByVal lpUsername As String, _
ByVal lpDomain As String, _
ByVal lpPassword As String, _
ByVal dwLogonFlags As Integer, _
ByVal lpApplicationName As String, _
ByVal lpCommandLine As String, _
ByVal dwCreationFlags As Integer, _
ByVal lpEnvironment As System.IntPtr, _
ByVal lpCurrentDirectory As System.IntPtr, _
ByRef lpStartupInfo As STARTUPINFO, _
ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer

Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As
System.IntPtr) As Integer
#End Region

#Region " Vom Web Form Designer generierter Code "

'Dieser Aufruf ist für den Web Form-Designer erforderlich.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()

End Sub

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Dim szApp As String = "C:\winnt\notepad.exe"
Dim szCmdLine As String = ""
Dim szUser As String = "user"
Dim szPass As String = "password"
Dim szDomain As String = "TEST"
Dim siStartup As STARTUPINFO
Dim piProcess As PROCESS_INFORMATION

siStartup.cb = Marshal.SizeOf(siStartup)
siStartup.dwFlags = 0

Dim ret As Integer = CreateProcessWithLogon(szUser, szDomain,
szPass, LOGON_WITH_PROFILE, szApp, szCmdLine, _
CREATE_DEFAULT_ERROR_MODE, _
IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)

If ret = 0 Then
lblTest.Text = New
System.ComponentModel.Win32Exception(Marshal.GetLa stWin32Error()).Message
End If

CloseHandle(piProcess.hProcess)
CloseHandle(piProcess.hThread)
End Sub

End Class

I tried many combinations for szApp and szCmdLine, like tryin to give szApp
a reference to the exe, and szCmdLine the arguments, or leaving szApp empty
and passing everything woth szCmdLine like this:

Dim szCmdLine As String = "C:\Winnt\notepad.exe /put params here"

Also i tried to pass 0& as an integer in szApp, and szCmdLine like the above
one.
What i want to do is:

Dim szApp As String = "C:\Inetpub\AdminScripts\mkw3site.vbs"
Dim szCmdLine As String = "-r C:\Inetpub\wwwroot\client -t client.test.de -o
8080"

Could plz someone help me, im stuck with this for quite some days now, and
its drivin me nuts.
thx in advance
regards benni
====
in addition to that, someone found out that this works on a w2k workstation,
but doesnt on a w2k server. could someone plz help me, or give me another
way to contact microsoft directly (i know thats what newsgroups are for, but
i know that this should work but it doesnt, and i need it really bad)

thanx for every response
regards benni

[M. Zeeshan Mustafa]

Benjamin,

Not all APIs are supported on all versions/editions.

referencing the conversation:
[url]http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&frame=right&th=b5454e91a0416f41&seekm=%23VPJN0RX EHA.3476%40TK2MSFTNGP10.phx.gbl#link1[/url]

You can impersonate your application to run under an account
which has permissions to access certain resources:
<identity impersonate="true" username="domain\username"
password="password" />

This way when you application attempts to access another resource
that requires authentication, the username and password specified
here are used to authenticate for that resource. Storing passwords
in clear text is a security issue so thats solved here:
[url]http://support.microsoft.com/?id=329290[/url]

--
Hope this helps,
Zeeshan Mustafa, MCSD


"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:%23GZi7bCYEHA.3804@TK2MSFTNGP10.phx.gbl...

> Hallo NG,
> ive posted this before on microsoft.public.dotnet.framework.aspnet but

didnt

> get a response. im stuck with this for a week now. and i think i used

every

> possible resource but didnt get it to work.
> ===
> I have problems with calling the CreateProcessWithLogonW() function. I

tried

> converting an VB6 example
> ([url]http://support.microsoft.com/default.aspx?scid=kb;en-us;285879[/url]) and some
> snippets i found around the web. but i cant get it to work. It tries to
> start the application, but it fails. In my eventlog i can see a new info
> message, everytime i execute my code. i try to translate it, cause i have

a

> german windows installed, so it maybe wont be the exact words of the
> original english info message.
>
> Application popup: some.exe - Error in application: the application

couldnt

> be initialized properly (0xc0000142). Click "OK" to exit.
> event-id: 26
>
> I tried launching notepad.exe, cmd.exe, cscript.exe but everytime the same
> error. What im tryin to achieve is, to execute the vbscript file
> makew3site.vbs from IIS > AdminScripts.
>
> This is my code:
>
> Option Strict Off
> Option Explicit On
> Imports System.Runtime.InteropServices
>
> Public Class WebForm2
> Inherits System.Web.UI.Page
>
> Protected WithEvents lblTest As System.Web.UI.WebControls.Label
>
> #Region "Structs"
> <StructLayout(LayoutKind.Sequential)> _
> Public Structure PROCESS_INFORMATION
> Dim hProcess As System.IntPtr
> Dim hThread As System.IntPtr
> Dim dwProcessId As Integer
> Dim dwThreadId As Integer
> End Structure
>
> <StructLayout(LayoutKind.Sequential)> _
> Public Structure STARTUPINFO
> Dim cb As Integer
> Dim lpReserved As System.IntPtr
> Dim lpDesktop As System.IntPtr
> Dim lpTitle As System.IntPtr
> Dim dwX As Integer
> Dim dwY As Integer
> Dim dwXSize As Integer
> Dim dwYSize As Integer
> Dim dwXCountChars As Integer
> Dim dwYCountChars As Integer
> Dim dwFillAttribute As Integer
> Dim dwFlags As Integer
> Dim wShowWindow As Short
> Dim cbReserved2 As Short
> Dim lpReserved2 As System.IntPtr
> Dim hStdInput As System.IntPtr
> Dim hStdOutput As System.IntPtr
> Dim hStdError As System.IntPtr
> End Structure
>
> #End Region
>
> #Region "APIINFO"
> Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
> Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
> Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
> Private Const CREATE_NEW_CONSOLE As Integer = &H10
> Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
> Private Const LOGON_WITH_PROFILE As Integer = &H1
>
> Private Declare Unicode Function CreateProcessWithLogon Lib "Advapi32"
> Alias "CreateProcessWithLogonW" _
> (ByVal lpUsername As String, _
> ByVal lpDomain As String, _
> ByVal lpPassword As String, _
> ByVal dwLogonFlags As Integer, _
> ByVal lpApplicationName As String, _
> ByVal lpCommandLine As String, _
> ByVal dwCreationFlags As Integer, _
> ByVal lpEnvironment As System.IntPtr, _
> ByVal lpCurrentDirectory As System.IntPtr, _
> ByRef lpStartupInfo As STARTUPINFO, _
> ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer
>
> Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As
> System.IntPtr) As Integer
> #End Region
>
> #Region " Vom Web Form Designer generierter Code "
>
> 'Dieser Aufruf ist für den Web Form-Designer erforderlich.
> <System.Diagnostics.DebuggerStepThrough()> Private Sub
> InitializeComponent()
>
> End Sub
>
> Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Init
> 'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
> 'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
> InitializeComponent()
> End Sub
>
> #End Region
>
> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Load
> Dim szApp As String = "C:\winnt\notepad.exe"
> Dim szCmdLine As String = ""
> Dim szUser As String = "user"
> Dim szPass As String = "password"
> Dim szDomain As String = "TEST"
> Dim siStartup As STARTUPINFO
> Dim piProcess As PROCESS_INFORMATION
>
> siStartup.cb = Marshal.SizeOf(siStartup)
> siStartup.dwFlags = 0
>
> Dim ret As Integer = CreateProcessWithLogon(szUser, szDomain,
> szPass, LOGON_WITH_PROFILE, szApp, szCmdLine, _
> CREATE_DEFAULT_ERROR_MODE, _
> IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)
>
> If ret = 0 Then
> lblTest.Text = New
> System.ComponentModel.Win32Exception(Marshal.GetLa stWin32Error()).Message
> End If
>
> CloseHandle(piProcess.hProcess)
> CloseHandle(piProcess.hThread)
> End Sub
>
> End Class
>
> I tried many combinations for szApp and szCmdLine, like tryin to give

szApp

> a reference to the exe, and szCmdLine the arguments, or leaving szApp

empty

> and passing everything woth szCmdLine like this:
>
> Dim szCmdLine As String = "C:\Winnt\notepad.exe /put params here"
>
> Also i tried to pass 0& as an integer in szApp, and szCmdLine like the

above

> one.
> What i want to do is:
>
> Dim szApp As String = "C:\Inetpub\AdminScripts\mkw3site.vbs"
> Dim szCmdLine As String = "-r C:\Inetpub\wwwroot\client -t

client.test.de -o

> 8080"
>
> Could plz someone help me, im stuck with this for quite some days now, and
> its drivin me nuts.
> thx in advance
> regards benni
> ====
> in addition to that, someone found out that this works on a w2k

workstation,

> but doesnt on a w2k server. could someone plz help me, or give me another
> way to contact microsoft directly (i know thats what newsgroups are for,

but

> i know that this should work but it doesnt, and i need it really bad)
>
> thanx for every response
> regards benni
>
>
>

[Joe Kaplan \(MVP - ADSI\)]

Under Win2K, you need the Act As Part of the Operating System privilege to
call LogonUser or CreateProcessWithLogon. You only have this by default if
you are the SYSTEM account. This may be part of the problem.

Joe K.

"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:%23GZi7bCYEHA.3804@TK2MSFTNGP10.phx.gbl...

> Hallo NG,
> ive posted this before on microsoft.public.dotnet.framework.aspnet but

didnt

> get a response. im stuck with this for a week now. and i think i used

every

> possible resource but didnt get it to work.
> ===
> I have problems with calling the CreateProcessWithLogonW() function. I

tried

> converting an VB6 example
> ([url]http://support.microsoft.com/default.aspx?scid=kb;en-us;285879[/url]) and some
> snippets i found around the web. but i cant get it to work. It tries to
> start the application, but it fails. In my eventlog i can see a new info
> message, everytime i execute my code. i try to translate it, cause i have

a

> german windows installed, so it maybe wont be the exact words of the
> original english info message.
>
> Application popup: some.exe - Error in application: the application

couldnt

> be initialized properly (0xc0000142). Click "OK" to exit.
> event-id: 26
>
> I tried launching notepad.exe, cmd.exe, cscript.exe but everytime the same
> error. What im tryin to achieve is, to execute the vbscript file
> makew3site.vbs from IIS > AdminScripts.
>
> This is my code:
>
> Option Strict Off
> Option Explicit On
> Imports System.Runtime.InteropServices
>
> Public Class WebForm2
> Inherits System.Web.UI.Page
>
> Protected WithEvents lblTest As System.Web.UI.WebControls.Label
>
> #Region "Structs"
> <StructLayout(LayoutKind.Sequential)> _
> Public Structure PROCESS_INFORMATION
> Dim hProcess As System.IntPtr
> Dim hThread As System.IntPtr
> Dim dwProcessId As Integer
> Dim dwThreadId As Integer
> End Structure
>
> <StructLayout(LayoutKind.Sequential)> _
> Public Structure STARTUPINFO
> Dim cb As Integer
> Dim lpReserved As System.IntPtr
> Dim lpDesktop As System.IntPtr
> Dim lpTitle As System.IntPtr
> Dim dwX As Integer
> Dim dwY As Integer
> Dim dwXSize As Integer
> Dim dwYSize As Integer
> Dim dwXCountChars As Integer
> Dim dwYCountChars As Integer
> Dim dwFillAttribute As Integer
> Dim dwFlags As Integer
> Dim wShowWindow As Short
> Dim cbReserved2 As Short
> Dim lpReserved2 As System.IntPtr
> Dim hStdInput As System.IntPtr
> Dim hStdOutput As System.IntPtr
> Dim hStdError As System.IntPtr
> End Structure
>
> #End Region
>
> #Region "APIINFO"
> Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
> Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
> Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
> Private Const CREATE_NEW_CONSOLE As Integer = &H10
> Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
> Private Const LOGON_WITH_PROFILE As Integer = &H1
>
> Private Declare Unicode Function CreateProcessWithLogon Lib "Advapi32"
> Alias "CreateProcessWithLogonW" _
> (ByVal lpUsername As String, _
> ByVal lpDomain As String, _
> ByVal lpPassword As String, _
> ByVal dwLogonFlags As Integer, _
> ByVal lpApplicationName As String, _
> ByVal lpCommandLine As String, _
> ByVal dwCreationFlags As Integer, _
> ByVal lpEnvironment As System.IntPtr, _
> ByVal lpCurrentDirectory As System.IntPtr, _
> ByRef lpStartupInfo As STARTUPINFO, _
> ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer
>
> Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As
> System.IntPtr) As Integer
> #End Region
>
> #Region " Vom Web Form Designer generierter Code "
>
> 'Dieser Aufruf ist für den Web Form-Designer erforderlich.
> <System.Diagnostics.DebuggerStepThrough()> Private Sub
> InitializeComponent()
>
> End Sub
>
> Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Init
> 'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
> 'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
> InitializeComponent()
> End Sub
>
> #End Region
>
> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Load
> Dim szApp As String = "C:\winnt\notepad.exe"
> Dim szCmdLine As String = ""
> Dim szUser As String = "user"
> Dim szPass As String = "password"
> Dim szDomain As String = "TEST"
> Dim siStartup As STARTUPINFO
> Dim piProcess As PROCESS_INFORMATION
>
> siStartup.cb = Marshal.SizeOf(siStartup)
> siStartup.dwFlags = 0
>
> Dim ret As Integer = CreateProcessWithLogon(szUser, szDomain,
> szPass, LOGON_WITH_PROFILE, szApp, szCmdLine, _
> CREATE_DEFAULT_ERROR_MODE, _
> IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)
>
> If ret = 0 Then
> lblTest.Text = New
> System.ComponentModel.Win32Exception(Marshal.GetLa stWin32Error()).Message
> End If
>
> CloseHandle(piProcess.hProcess)
> CloseHandle(piProcess.hThread)
> End Sub
>
> End Class
>
> I tried many combinations for szApp and szCmdLine, like tryin to give

szApp

> a reference to the exe, and szCmdLine the arguments, or leaving szApp

empty

> and passing everything woth szCmdLine like this:
>
> Dim szCmdLine As String = "C:\Winnt\notepad.exe /put params here"
>
> Also i tried to pass 0& as an integer in szApp, and szCmdLine like the

above

> one.
> What i want to do is:
>
> Dim szApp As String = "C:\Inetpub\AdminScripts\mkw3site.vbs"
> Dim szCmdLine As String = "-r C:\Inetpub\wwwroot\client -t

client.test.de -o

> 8080"
>
> Could plz someone help me, im stuck with this for quite some days now, and
> its drivin me nuts.
> thx in advance
> regards benni
> ====
> in addition to that, someone found out that this works on a w2k

workstation,

> but doesnt on a w2k server. could someone plz help me, or give me another
> way to contact microsoft directly (i know thats what newsgroups are for,

but

> i know that this should work but it doesnt, and i need it really bad)
>
> thanx for every response
> regards benni
>
>
>

[Benjamin Bittner]

Hallo Joe and Zeeshan
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> schrieb
im Newsbeitrag news:eBgwocGYEHA.264@TK2MSFTNGP10.phx.gbl...

> Under Win2K, you need the Act As Part of the Operating System privilege to
> call LogonUser or CreateProcessWithLogon. You only have this by default

if

> you are the SYSTEM account. This may be part of the problem.
>
> Joe K.
>

I think i tried everything. Im impersonating already. But starting a process
from an asp.net app, starts the process in the user context of the parent
process, which is the asp.net worker process, so impersonating wont help.
The Adminstrator account im tryin to start my process in has the rights act
as part of the os, increase quotas, replace a process level token. Ive found
a comment in a script that calls CreateProcessWithLogonW:

' WARNING:
' Do not use "." (local computer) for RUNAS_DOMAIN. I got some errors when I
' used this class with "." on ASP.NET Aplications (0xc0000142)
' Instead, use the computer name or the domain associated with the user.
' CreateProcessAsUser() requires that the caller has the following
permissions
' Permission Display Name
' ---------------------------------------------------------------
' SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token
' SE_INCREASE_QUOTA_NAME Increase quotas

0xc0000142 is the exact error im getting. But i dont call the function with
"." for local, i call it with "TEST", which is the computers name. Ive
searched google a lot for that error code, but theres just too much that can
cause this error. I found a possible solution that said that you have to do
"sfc /scannow" at cmd prompt to scan all protected system files. So i did
this, but the error stays. But by doing this, i found out something else,
that might be interesting for my problem. I couldnt do "/sfc /scannow", if i
was logged in on this server with the terminal service client (i dont
exactly know wether it is called this way in the us version, i just tried to
translate it), although i was logged in as Administrator. But sitting in
front of the machine, executing this command was no problem. Maybe there are
some restriction on rights with external connections, but i didnt find
something.

Regars Benni

[Joe Kaplan \(MVP - ADSI\)]

Hi Benni,

Just to confirm that I understand what you are doing, you are calling
CreateProcessWithLogonW from an ASP.NET application on Win2K with the
current impersonated thread identity being a highly privileged admin account
and the process identity being the standard ASPNET worker process account,
right?

I'm not sure what the error you are getting is (VS2003 error lookup didn't
seem to find it), but I was wondering if you can try calling the LogonUser
API with the credentials you have first to create a logon token? Then from
there, perhaps you could try calling CreateProcessWithTokenW? That way, you
can determine if you can get the logon part working and can create the token
you need.

HTH,

Joe K.

"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:%23YSjasmYEHA.3012@tk2msftngp13.phx.gbl...

> Hallo Joe and Zeeshan
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

schrieb

> im Newsbeitrag news:eBgwocGYEHA.264@TK2MSFTNGP10.phx.gbl...

> > Under Win2K, you need the Act As Part of the Operating System privilege

to

> > call LogonUser or CreateProcessWithLogon. You only have this by default

> if

> > you are the SYSTEM account. This may be part of the problem.
> >
> > Joe K.
> >

> I think i tried everything. Im impersonating already. But starting a

process

> from an asp.net app, starts the process in the user context of the parent
> process, which is the asp.net worker process, so impersonating wont help.
> The Adminstrator account im tryin to start my process in has the rights

act

> as part of the os, increase quotas, replace a process level token. Ive

found

> a comment in a script that calls CreateProcessWithLogonW:
>
> ' WARNING:
> ' Do not use "." (local computer) for RUNAS_DOMAIN. I got some errors when

I

> ' used this class with "." on ASP.NET Aplications (0xc0000142)
> ' Instead, use the computer name or the domain associated with the user.
> ' CreateProcessAsUser() requires that the caller has the following
> permissions
> ' Permission Display Name
> ' ---------------------------------------------------------------
> ' SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token
> ' SE_INCREASE_QUOTA_NAME Increase quotas
>
> 0xc0000142 is the exact error im getting. But i dont call the function

with

> "." for local, i call it with "TEST", which is the computers name. Ive
> searched google a lot for that error code, but theres just too much that

can

> cause this error. I found a possible solution that said that you have to

do

> "sfc /scannow" at cmd prompt to scan all protected system files. So i did
> this, but the error stays. But by doing this, i found out something else,
> that might be interesting for my problem. I couldnt do "/sfc /scannow", if

i

> was logged in on this server with the terminal service client (i dont
> exactly know wether it is called this way in the us version, i just tried

to

> translate it), although i was logged in as Administrator. But sitting in
> front of the machine, executing this command was no problem. Maybe there

are

> some restriction on rights with external connections, but i didnt find
> something.
>
> Regars Benni
>
>
>

[Benjamin Bittner]

Hallo Joe
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> schrieb
im Newsbeitrag news:uKzPBZrYEHA.3688@TK2MSFTNGP12.phx.gbl...

> Hi Benni,
>
> Just to confirm that I understand what you are doing, you are calling
> CreateProcessWithLogonW from an ASP.NET application on Win2K with the
> current impersonated thread identity being a highly privileged admin

account

> and the process identity being the standard ASPNET worker process account,
> right?

Exactly.

> I'm not sure what the error you are getting is (VS2003 error lookup didn't
> seem to find it), but I was wondering if you can try calling the LogonUser
> API with the credentials you have first to create a logon token? Then

from

> there, perhaps you could try calling CreateProcessWithTokenW? That way,

you

> can determine if you can get the logon part working and can create the

token

> you need.
>

Okay I tried that with this code:
=============Code===============
Option Strict Off
Option Explicit On
Imports System.Runtime.InteropServices

Public Class WebForm4
Inherits System.Web.UI.Page

Protected WithEvents lblTest As System.Web.UI.WebControls.Label

Public Enum eWindowsDefinesParamsLogonType
LOGON32_LOGON_INTERACTIVE = 2
LOGON32_LOGON_NETWORK = 3
LOGON32_LOGON_BATCH = 4
LOGON32_LOGON_SERVICE = 5
LOGON32_LOGON_UNLOCK = 7
'#if(_WIN32_WINNT >= 0x0500)
LOGON32_LOGON_NETWORK_CLEARTEXT = 8
LOGON32_LOGON_NEW_CREDENTIALS = 9
'#endif // (_WIN32_WINNT >= 0x0500)
End Enum

Public Enum eWindowsDefinesParamsLogonProvider
LOGON32_PROVIDER_DEFAULT = 0
LOGON32_PROVIDER_WINNT35 = 1
'#if(_WIN32_WINNT >= 0x0400)
LOGON32_PROVIDER_WINNT40 = 2
'#endif /* _WIN32_WINNT >= 0x0400 */
'#if(_WIN32_WINNT >= 0x0500)
LOGON32_PROVIDER_WINNT50 = 3
'#endif // (_WIN32_WINNT >= 0x0500)
End Enum

<DllImport("advapi32.dll", SetLastError:=True)> _
Public Shared Function LogonUser( _
ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Boolean
End Function

<DllImport("kernel32.dll",
CharSet:=System.Runtime.InteropServices.CharSet.Au to, SetLastError:=True)> _
Public Function CloseHandle(ByVal handle As IntPtr) As Boolean
End Function

Private Const VER_PLATFORM_WIN32_NT = &H2

#Region " Vom Web Form Designer generierter Code "

'Dieser Aufruf ist für den Web Form-Designer erforderlich.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()

End Sub

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Dim tokenHandle As IntPtr = IntPtr.Zero
Dim result As Boolean = LogonUser("Administrator", "TEST",
"huhukolo72#", eWindowsDefinesParamsLogonType.LOGON32_LOGON_INTER ACTIVE,
eWindowsDefinesParamsLogonProvider.LOGON32_PROVIDE R_DEFAULT, tokenHandle)
If result Then
'logged in
Else
lblTest.Text = Marshal.GetLastWin32Error().ToString
End If
End Sub

End Class
=============/Code===============

I get the error code 1314 without any text. Just 1314. Ill try to find out
what that means.

Regards Benni

[Joe Kaplan \(MVP - ADSI\)]

That means "A required privilege is not held by the client". You can
determine this easily by calling Marshal.GetLastWin32Error and passing the
resulting code to the constructor on the
System.ComponentModel.Win32Exception class.

Basically what this means is that the code calling LogonUser doesn't have
the "Act as part of the operating system" privilege that you need under
Win2K. You might to review your settings for the account that is calling
this code.

Joe K.

"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:eaeA1CzYEHA.2908@TK2MSFTNGP10.phx.gbl...

> Hallo Joe
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

schrieb

> im Newsbeitrag news:uKzPBZrYEHA.3688@TK2MSFTNGP12.phx.gbl...

> > Hi Benni,
> >
> > Just to confirm that I understand what you are doing, you are calling
> > CreateProcessWithLogonW from an ASP.NET application on Win2K with the
> > current impersonated thread identity being a highly privileged admin

> account

> > and the process identity being the standard ASPNET worker process

account,

> > right?

>
> Exactly.
>

> > I'm not sure what the error you are getting is (VS2003 error lookup

didn't

> > seem to find it), but I was wondering if you can try calling the

LogonUser

> > API with the credentials you have first to create a logon token? Then

> from

> > there, perhaps you could try calling CreateProcessWithTokenW? That way,

> you

> > can determine if you can get the logon part working and can create the

> token

> > you need.
> >

>
> Okay I tried that with this code:
> =============Code===============
> Option Strict Off
> Option Explicit On
> Imports System.Runtime.InteropServices
>
> Public Class WebForm4
> Inherits System.Web.UI.Page
>
> Protected WithEvents lblTest As System.Web.UI.WebControls.Label
>
> Public Enum eWindowsDefinesParamsLogonType
> LOGON32_LOGON_INTERACTIVE = 2
> LOGON32_LOGON_NETWORK = 3
> LOGON32_LOGON_BATCH = 4
> LOGON32_LOGON_SERVICE = 5
> LOGON32_LOGON_UNLOCK = 7
> '#if(_WIN32_WINNT >= 0x0500)
> LOGON32_LOGON_NETWORK_CLEARTEXT = 8
> LOGON32_LOGON_NEW_CREDENTIALS = 9
> '#endif // (_WIN32_WINNT >= 0x0500)
> End Enum
>
> Public Enum eWindowsDefinesParamsLogonProvider
> LOGON32_PROVIDER_DEFAULT = 0
> LOGON32_PROVIDER_WINNT35 = 1
> '#if(_WIN32_WINNT >= 0x0400)
> LOGON32_PROVIDER_WINNT40 = 2
> '#endif /* _WIN32_WINNT >= 0x0400 */
> '#if(_WIN32_WINNT >= 0x0500)
> LOGON32_PROVIDER_WINNT50 = 3
> '#endif // (_WIN32_WINNT >= 0x0500)
> End Enum
>
> <DllImport("advapi32.dll", SetLastError:=True)> _
> Public Shared Function LogonUser( _
> ByVal lpszUsername As String, _
> ByVal lpszDomain As String, _
> ByVal lpszPassword As String, _
> ByVal dwLogonType As Integer, _
> ByVal dwLogonProvider As Integer, _
> ByRef phToken As IntPtr) As Boolean
> End Function
>
> <DllImport("kernel32.dll",
> CharSet:=System.Runtime.InteropServices.CharSet.Au to, SetLastError:=True)>

_

> Public Function CloseHandle(ByVal handle As IntPtr) As Boolean
> End Function
>
> Private Const VER_PLATFORM_WIN32_NT = &H2
>
> #Region " Vom Web Form Designer generierter Code "
>
> 'Dieser Aufruf ist für den Web Form-Designer erforderlich.
> <System.Diagnostics.DebuggerStepThrough()> Private Sub
> InitializeComponent()
>
> End Sub
>
> Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Init
> 'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
> 'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
> InitializeComponent()
> End Sub
>
> #End Region
>
> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Load
> Dim tokenHandle As IntPtr = IntPtr.Zero
> Dim result As Boolean = LogonUser("Administrator", "TEST",
> "huhukolo72#", eWindowsDefinesParamsLogonType.LOGON32_LOGON_INTER ACTIVE,
> eWindowsDefinesParamsLogonProvider.LOGON32_PROVIDE R_DEFAULT, tokenHandle)
> If result Then
> 'logged in
> Else
> lblTest.Text = Marshal.GetLastWin32Error().ToString
> End If
> End Sub
>
> End Class
> =============/Code===============
>
> I get the error code 1314 without any text. Just 1314. Ill try to find out
> what that means.
>
> Regards Benni
>
>

[Benjamin Bittner]

Hallo Joe
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> schrieb
im Newsbeitrag news:eMYBvL2YEHA.3112@TK2MSFTNGP09.phx.gbl...

> That means "A required privilege is not held by the client". You can
> determine this easily by calling Marshal.GetLastWin32Error and passing the
> resulting code to the constructor on the
> System.ComponentModel.Win32Exception class.
>
> Basically what this means is that the code calling LogonUser doesn't have
> the "Act as part of the operating system" privilege that you need under
> Win2K. You might to review your settings for the account that is calling
> this code.
>
> Joe K.
>

I get the current user with WindowsIdentity.GetCurrent().Name. Current user
is TEST/Administrator, which has the "Act as part of the operating system"
privilege. With this im impersonating:
<identity impersonate="true" userName="TEST\Administrator"
password="myPassword"/>
Are there some other rights, that the account must have?

regards benni

[Joe Kaplan \(MVP - ADSI\)]

Hi Benjamin,

According to the docs for LogonUser, you may also need
SE_CHANGE_NOTIFY_NAME, but you probably already have that. I don't know
what else to tell you. If you have SE_TCB_NAME, it should work (or at least
give you a different error).

Joe K.

"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:eZ%23IEK$YEHA.644@tk2msftngp13.phx.gbl...

> Hallo Joe
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

schrieb

> im Newsbeitrag news:eMYBvL2YEHA.3112@TK2MSFTNGP09.phx.gbl...

> > That means "A required privilege is not held by the client". You can
> > determine this easily by calling Marshal.GetLastWin32Error and passing

the

> > resulting code to the constructor on the
> > System.ComponentModel.Win32Exception class.
> >
> > Basically what this means is that the code calling LogonUser doesn't

have

> > the "Act as part of the operating system" privilege that you need under
> > Win2K. You might to review your settings for the account that is

calling

> > this code.
> >
> > Joe K.
> >

> I get the current user with WindowsIdentity.GetCurrent().Name. Current

user

> is TEST/Administrator, which has the "Act as part of the operating system"
> privilege. With this im impersonating:
> <identity impersonate="true" userName="TEST\Administrator"
> password="myPassword"/>
> Are there some other rights, that the account must have?
>
> regards benni
>
>

[Benjamin Bittner]

Hallo Joe
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> schrieb
im Newsbeitrag news:uTlVoJDZEHA.384@TK2MSFTNGP10.phx.gbl...

> Hi Benjamin,
>
> According to the docs for LogonUser, you may also need
> SE_CHANGE_NOTIFY_NAME, but you probably already have that. I don't know
> what else to tell you. If you have SE_TCB_NAME, it should work (or at

least

> give you a different error).
>
> Joe K.
>

First of all, thanks for your time, wether it worked or not.

So i've triple checked every right, for testing i gave se_tcb_name to
everyone. But still no changes.
Do you know another forum or email i could get in contact with microsoft or
something else i could do to find out why this isnt working?

regards Benni

[Joe Kaplan \(MVP - ADSI\)]

You can always go through Microsoft Product Support Services to do a formal
inquiry. Depending on the support arrangements with your organization, this
may or may not cost you money.

Other things you could do would be to inspect the current token you have to
see if it actually contains the required privilege. You could write your
own p/invoke to GetTokenInformation or try out something like the the Win32
security wrapper at GotDotNet.
[url]http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9[/url]

Joe K.

"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:%23xEcakDZEHA.3156@TK2MSFTNGP12.phx.gbl...

> Hallo Joe
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

schrieb

> im Newsbeitrag news:uTlVoJDZEHA.384@TK2MSFTNGP10.phx.gbl...

> > Hi Benjamin,
> >
> > According to the docs for LogonUser, you may also need
> > SE_CHANGE_NOTIFY_NAME, but you probably already have that. I don't know
> > what else to tell you. If you have SE_TCB_NAME, it should work (or at

> least

> > give you a different error).
> >
> > Joe K.
> >

> First of all, thanks for your time, wether it worked or not.
>
> So i've triple checked every right, for testing i gave se_tcb_name to
> everyone. But still no changes.
> Do you know another forum or email i could get in contact with microsoft

or

> something else i could do to find out why this isnt working?
>
> regards Benni
>
>

[Benjamin Bittner]

Hallo Joe
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> schrieb
im Newsbeitrag news:OvMzu8DZEHA.212@TK2MSFTNGP12.phx.gbl...

> You can always go through Microsoft Product Support Services to do a

formal

> inquiry. Depending on the support arrangements with your organization,

this

> may or may not cost you money.
>
> Other things you could do would be to inspect the current token you have

to

> see if it actually contains the required privilege. You could write your
> own p/invoke to GetTokenInformation or try out something like the the

Win32

> security wrapper at GotDotNet.
>

[url]http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9[/url]

>
> Joe K.
>

Ive donwloaded the classes, but i dont know how to use them. If you know how
to use them and would give me a hint, that would be great.

thx in advance
regards benni

[Joe Kaplan \(MVP - ADSI\)]

I haven't really spent much time messing with them, so I can't give you many
pointers. They have an abstract AccessToken with a Privileges property that
will give you the information you want. I think the intent is for you to
call the static AccessTokenThread method on the AccessTokenThread class.

Hopefully that will help get you started. I believe Data Marvel has an API
that you can use for this as well.

GL!

Joe K.

"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:uGQqgtLZEHA.3132@TK2MSFTNGP10.phx.gbl...

> Hallo Joe
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

schrieb

> im Newsbeitrag news:OvMzu8DZEHA.212@TK2MSFTNGP12.phx.gbl...

> > You can always go through Microsoft Product Support Services to do a

> formal

> > inquiry. Depending on the support arrangements with your organization,

> this

> > may or may not cost you money.
> >
> > Other things you could do would be to inspect the current token you have

> to

> > see if it actually contains the required privilege. You could write

your

> > own p/invoke to GetTokenInformation or try out something like the the

> Win32

> > security wrapper at GotDotNet.
> >

>

[url]http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9[/url]

> >
> > Joe K.
> >

> Ive donwloaded the classes, but i dont know how to use them. If you know

how

> to use them and would give me a hint, that would be great.
>
> thx in advance
> regards benni
>
>

[M. Zeeshan Mustafa]

Try using RUNAS shell command:

RUNAS USAGE:

RUNAS [/profile] [/env] [/netonly] /user:<UserName> program

/profile if the user's profile needs to be loaded
/env to use current environment instead of user's.
/netonly use if the credentials specified are for remote access
only.
/user <UserName> should be in form USER@DOMAIN or DOMAIN\USER
program command line for EXE. See below for examples

Examples:

> runas /profile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

NOTE: Enter user's password only when prompted.
NOTE: USER@DOMAIN is not compatible with /netonly.

--
Hope this helps,
Zeeshan Mustafa, MCSD


"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:%23YSjasmYEHA.3012@tk2msftngp13.phx.gbl...

> Hallo Joe and Zeeshan
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

schrieb

> im Newsbeitrag news:eBgwocGYEHA.264@TK2MSFTNGP10.phx.gbl...

> > Under Win2K, you need the Act As Part of the Operating System privilege

to

> > call LogonUser or CreateProcessWithLogon. You only have this by default

> if

> > you are the SYSTEM account. This may be part of the problem.
> >
> > Joe K.
> >

> I think i tried everything. Im impersonating already. But starting a

process

> from an asp.net app, starts the process in the user context of the parent
> process, which is the asp.net worker process, so impersonating wont help.
> The Adminstrator account im tryin to start my process in has the rights

act

> as part of the os, increase quotas, replace a process level token. Ive

found

> a comment in a script that calls CreateProcessWithLogonW:
>
> ' WARNING:
> ' Do not use "." (local computer) for RUNAS_DOMAIN. I got some errors when

I

> ' used this class with "." on ASP.NET Aplications (0xc0000142)
> ' Instead, use the computer name or the domain associated with the user.
> ' CreateProcessAsUser() requires that the caller has the following
> permissions
> ' Permission Display Name
> ' ---------------------------------------------------------------
> ' SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token
> ' SE_INCREASE_QUOTA_NAME Increase quotas
>
> 0xc0000142 is the exact error im getting. But i dont call the function

with

> "." for local, i call it with "TEST", which is the computers name. Ive
> searched google a lot for that error code, but theres just too much that

can

> cause this error. I found a possible solution that said that you have to

do

> "sfc /scannow" at cmd prompt to scan all protected system files. So i did
> this, but the error stays. But by doing this, i found out something else,
> that might be interesting for my problem. I couldnt do "/sfc /scannow", if

i

> was logged in on this server with the terminal service client (i dont
> exactly know wether it is called this way in the us version, i just tried

to

> translate it), although i was logged in as Administrator. But sitting in
> front of the machine, executing this command was no problem. Maybe there

are

> some restriction on rights with external connections, but i didnt find
> something.
>
> Regars Benni
>
>
>

[Benjamin Bittner]

Hallo Zeeshan
"M. Zeeshan Mustafa" <zeeshan@no-spm.please.zeeshan.net> schrieb im
Newsbeitrag news:OypoBnBaEHA.384@TK2MSFTNGP10.phx.gbl...

> Try using RUNAS shell command:
>
> RUNAS USAGE:
>
> RUNAS [/profile] [/env] [/netonly] /user:<UserName> program
>
> /profile if the user's profile needs to be loaded
> /env to use current environment instead of user's.
> /netonly use if the credentials specified are for remote access
> only.
> /user <UserName> should be in form USER@DOMAIN or DOMAIN\USER
> program command line for EXE. See below for examples
>
> Examples:

> > runas /profile /user:mymachine\administrator cmd
> > runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> > runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

>
> NOTE: Enter user's password only when prompted.
> NOTE: USER@DOMAIN is not compatible with /netonly.
>
> --
> Hope this helps,
> Zeeshan Mustafa, MCSD
>
>

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Dim psCscript As Process = New Process()
With psCscript
.StartInfo.FileName = "cmd.exe /C runas /user:TEST\Administrator
""cmd.exe /C C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"""
.StartInfo.Arguments = ""
End With
psCscript.Start()
psCscript.WaitForExit()
lblTest.Text = "Prozess beendet um: " & psCscript.ExitTime & "<br>"
& _
"Exit Code: " & psCscript.ExitCode
psCscript.Close()

lblTest.Text &= "<br> File Name: " & psCscript.StartInfo.FileName
lblTest.Text &= "<br> Arguments: " & psCscript.StartInfo.Arguments
End Sub

But i dont know how to react on the password prompt.
I executed this:
runas /user:TEST\Administrator "cmd.exe /C
C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"
and it prompted for the password. Then i entered the password, and the vb
script gets executed correctly. So is there a way to react on the password
prompt?

regards Benni

[Joe Kaplan \(MVP - ADSI\)]

You will need to redirect the input and output streams of the Process class
so that you can send and receive text using them. This might work better if
you call runas directly instead of calling it from a VBScript, but either
might work.

To redirect the streams, you need to set UseShellExecute to False and set
RedirectStandardInput and RedirectStandardOutput to true. Then, you read
and write to the streams on the Process instance.

Joe K.

"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:eDx3uCNaEHA.3352@TK2MSFTNGP12.phx.gbl...

> Hallo Zeeshan
> "M. Zeeshan Mustafa" <zeeshan@no-spm.please.zeeshan.net> schrieb im
> Newsbeitrag news:OypoBnBaEHA.384@TK2MSFTNGP10.phx.gbl...

> > Try using RUNAS shell command:
> >
> > RUNAS USAGE:
> >
> > RUNAS [/profile] [/env] [/netonly] /user:<UserName> program
> >
> > /profile if the user's profile needs to be loaded
> > /env to use current environment instead of user's.
> > /netonly use if the credentials specified are for remote

access

> > only.
> > /user <UserName> should be in form USER@DOMAIN or

DOMAIN\USER

> > program command line for EXE. See below for examples
> >
> > Examples:

> > > runas /profile /user:mymachine\administrator cmd
> > > runas /profile /env /user:mydomain\admin "mmc

%windir%\system32\dsa.msc"

> > > runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

> >
> > NOTE: Enter user's password only when prompted.
> > NOTE: USER@DOMAIN is not compatible with /netonly.
> >
> > --
> > Hope this helps,
> > Zeeshan Mustafa, MCSD
> >
> >

> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Load
> Dim psCscript As Process = New Process()
> With psCscript
> .StartInfo.FileName = "cmd.exe /C runas

/user:TEST\Administrator

> ""cmd.exe /C C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
> C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"""
> .StartInfo.Arguments = ""
> End With
> psCscript.Start()
> psCscript.WaitForExit()
> lblTest.Text = "Prozess beendet um: " & psCscript.ExitTime &

"<br>"

> & _
> "Exit Code: " & psCscript.ExitCode
> psCscript.Close()
>
> lblTest.Text &= "<br> File Name: " & psCscript.StartInfo.FileName
> lblTest.Text &= "<br> Arguments: " & psCscript.StartInfo.Arguments
> End Sub
>
> But i dont know how to react on the password prompt.
> I executed this:
> runas /user:TEST\Administrator "cmd.exe /C
> C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
> C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"
> and it prompted for the password. Then i entered the password, and the vb
> script gets executed correctly. So is there a way to react on the password
> prompt?
>
> regards Benni
>
>

[Benjamin Bittner]

Hallo Joe,
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> schrieb
im Newsbeitrag news:uSGEWIOaEHA.3988@tk2msftngp13.phx.gbl...

> You will need to redirect the input and output streams of the Process

class

> so that you can send and receive text using them. This might work better

if

> you call runas directly instead of calling it from a VBScript, but either
> might work.
>
> To redirect the streams, you need to set UseShellExecute to False and set
> RedirectStandardInput and RedirectStandardOutput to true. Then, you read
> and write to the streams on the Process instance.
>
> Joe K.
>

Okay this is what i got so far:

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
Dim psCscript As Process = New Process()
With psCscript
.StartInfo.RedirectStandardInput = True
.StartInfo.RedirectStandardOutput = True
.StartInfo.UseShellExecute = False
.StartInfo.FileName = "cmd"
.StartInfo.Arguments = " /C runas /user:TEST\Administrator ""cmd.exe
/C C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"""
End With
psCscript.Start()
Dim myStreamWriter As StreamWriter = psCscript.StandardInput
myStreamWriter.WriteLine("myPassword")
myStreamWriter.Close()
psCscript.WaitForExit()
lblTest.Text = "Process ended: " & psCscript.ExitTime & "<br>" & _
"Exit Code: " & psCscript.ExitCode
lblTest.Text &= "<br> File Name: " & psCscript.StartInfo.FileName
lblTest.Text &= "<br> Arguments: " & psCscript.StartInfo.Arguments
psCscript.Close()
End Sub

The result page displays:

Process ended: 15.07.2004 09:42:12
Exit Code: 0
File Name: cmd
Arguments: /C runas /user:TEST\Administrator "cmd.exe /C
C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"

But nothing happens. If i use this line:

cmd /C runas /user:TEST\Administrator "cmd.exe /C
C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"

with Start > Execute on the TEST machine, it works.
So i know there isnt much to track down the error, but maybe someone has an
idea how it could be tracked down.

regards benni

[Joe Kaplan \(MVP - ADSI\)]

I have no idea why that isn't working. I'd suggest trying it from a console
application where you can set it to create a window and add some
thread.sleep statements to see if you can actually see what's going on.
Maybe it will be obvious.

You might also try calling runas directly instead of calling it through cmd.

Joe K.

"Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
news:eoyqMDkaEHA.3684@TK2MSFTNGP09.phx.gbl...

> Hallo Joe,
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

schrieb

> im Newsbeitrag news:uSGEWIOaEHA.3988@tk2msftngp13.phx.gbl...

> > You will need to redirect the input and output streams of the Process

> class

> > so that you can send and receive text using them. This might work

better

> if

> > you call runas directly instead of calling it from a VBScript, but

either

> > might work.
> >
> > To redirect the streams, you need to set UseShellExecute to False and

set

> > RedirectStandardInput and RedirectStandardOutput to true. Then, you

read

> > and write to the streams on the Process instance.
> >
> > Joe K.
> >

>
> Okay this is what i got so far:
>
> Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
> System.EventArgs) Handles MyBase.Load
> Dim psCscript As Process = New Process()
> With psCscript
> .StartInfo.RedirectStandardInput = True
> .StartInfo.RedirectStandardOutput = True
> .StartInfo.UseShellExecute = False
> .StartInfo.FileName = "cmd"
> .StartInfo.Arguments = " /C runas /user:TEST\Administrator

""cmd.exe

> /C C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
> C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"""
> End With
> psCscript.Start()
> Dim myStreamWriter As StreamWriter = psCscript.StandardInput
> myStreamWriter.WriteLine("myPassword")
> myStreamWriter.Close()
> psCscript.WaitForExit()
> lblTest.Text = "Process ended: " & psCscript.ExitTime & "<br>" & _
> "Exit Code: " & psCscript.ExitCode
> lblTest.Text &= "<br> File Name: " & psCscript.StartInfo.FileName
> lblTest.Text &= "<br> Arguments: " & psCscript.StartInfo.Arguments
> psCscript.Close()
> End Sub
>
> The result page displays:
>
> Process ended: 15.07.2004 09:42:12
> Exit Code: 0
> File Name: cmd
> Arguments: /C runas /user:TEST\Administrator "cmd.exe /C
> C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
> C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"
>
> But nothing happens. If i use this line:
>
> cmd /C runas /user:TEST\Administrator "cmd.exe /C
> C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
> C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"
>
> with Start > Execute on the TEST machine, it works.
> So i know there isnt much to track down the error, but maybe someone has

an

> idea how it could be tracked down.
>
> regards benni
>
>

[Alstersjo]

Hi Benjamin.
I solved this problem in a totally different way. I used WMI to create the process. I don't know if it will do it for you but here is my code anyway.
I wish you good luck in your quest for a soloution.

Don't forget to:
<code>
Imports System.Management
fnStartProcess()
' Create Connections options
Dim options As New ConnectionOptions()
Dim servername as String = "ServerName"
options.Username = "RD\" & Session("User")
options.Password = Session("Passw")
'Create a scope to work in
Dim WmiScope As New ManagementScope("\\" & Servernamn & "\root\cimv2", options)
WmiScope.Connect()

'Put user code to initialize the page here
'Get the object on which the method will be invoked
Dim processClass As New ManagementClass("Win32_Process")
processClass.Scope = WmiScope


'Get an input parameters object for this method
Dim inParams As ManagementBaseObject = processClass.GetMethodParameters("Create")

'Fill in input parameter values
inParams("CommandLine") = "calc.exe"' Or whatever application you want

'Execute the method
Dim outParams As ManagementBaseObject = processClass.InvokeMethod("Create", inParams, Nothing)

'Display results
'Note: The return code of the method is provided in the "returnValue" property of the outParams object
Response.Write(("Creation of calculator process returned: " & outParams("returnValue").ToString))
Response.Write(("Process ID: " & outParams("processId").ToString))
end function
</code>