SMA on Windows 7 with local system account
Hello,
I use SMA on Windows 7.
When I launch the wizard (sma.exe) to capture the profiles with an admin account : it works, i have myfile.sma and myfile.sma.DriveC, which contains all profiles.
But if I launch the same wizard (sma.exe) with Local System account, none of profiles are saves, so I don't have a myfile.sma.DriveC, juste myfile.sma one.
(i must use Local System account)
(to launch sma.exe as a local system account on Windows vista/7, you have to run cmd.exe as an admin, then launch "psexec -i -s cmd.exe" (so you have to dl psexec))
Thanks
When I launch SMA under the "SYSTEM" account, it seems the problem is that the user folders are not selected by default (even if you select the user accounts to migrate). So you have to select the files and folders that you want to migrate (e.g. the "c:\users" folder). When I did this, then I got both the .sma file and the .DriveC file in the location that I specified.
The way I run as "SYSTEM" is by replacing c:\windows\system32\magnify.exe with c:\windows\system32\cmd.exe and then choosing the Magnifer option at the windows logon screen (note that you have to take ownership of magnify.exe in order to replace it). This gives me a command prompt at the logon screen to do whatever I want to.
I don't think SMA was really designed to be run this way (under the "SYSTEM" account), so if you're still having problems after trying the above, then you're going to need to change your process to run SMA under an actual user account or else find some other tool to use.
Similar Messages
-
Environment:
OS: Windows 7 32/64 bit, Windows 2008 Server 64
bit/ Windows 2012 Server 64 bit
Priority:
- Critical
Requirement: - Since
the Windows Service is running under the Local System Account, we would like to emulate this same behaviour.
Basically, we would like to run CMD.EXE under the Local System Account. So that we can map a network drive to be used by a service using following
command
net use z: \\servername\sharedfolder /persistent:yes.
Already Attempt:
We tried to launch the CMD.exe using the DOS Task Scheduler AT command. Here’s a sample command:
AT 10:36 /interactive cmd.exe
But I received a warning that “due
to security enhancements, this task will run at the time excepted but not interactively.”
It turns out that this approach will work for XP, 2000 and Server 2003 but due to session isolation
Interactive services no longer work on Windows 7, Windows Server 2008 and above.
2. We
tried to create a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.
<Drive>:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interact <Drive>:\sc
start RunCMDAsLSA
In this case the service fails to start and results it the following error message:
FAILED 1053: The service did not respond to the start or control request in a timely fashion.
3. One
suggestion, we found to launch CMD.exe via a Scheduled Task, but
it is not giving any option to launch CMD.exe in interactive mode; so that I can map network drive using net command.
4. I read an article, which
demonstrates the use of PSTools from SysInternals. I launched the command line and executed following command
psexec -i -s cmd.exe
PSTools worked fine, but It seems that in scope of Sysinternals Software License
Terms. You may not "use the software for commercial software hosting services."
Application will deploy on client, which will be like commercial,
so we are not able to use PSTools.
Kindly assist us for achieving the requirement. We have tried all the ways, but nothing is working for us. Kindly suggest.
I will be really thankful.Hi Sir,
Nothing worked from above for us. You can see our remarks on posted query.
That’s why, we posted on forum.
And there will not be any vulnerability, because, if we will use "net
use ..."
in network domain; definitely,
we will provide username and password of mapped drive system.
And, that system, itself is given by client; so that, there must not be any vulnerability; they are ready to provide user name and password.
We need a way; by which we can complete the requirement. Kindly assist.
Regards,
S. P. Singh -
Running 10G as a non local system account on Windows Server 2003
Hi,
I have an Oracle 10G database running on Windows Server 2003, SP2. I have created the database and it all works fine while the service is running as the default local system account. However, when I change the user that the service runs as to a different account the database starts and opens, and I can log on as SYS using a bequeath connection but I am unable to log on as any other user going through the listener. The listener responds to TNSpings, and all seems to be OK. When I switch it back to the local system user again it all works fine.
Can anyone offer any advice or help?
Thanks,
RobThat's probably because the listener is still running as the local system account. Have you tried to change the listener service to run as the same account as the Oracle service?
-
FMS Developer Ed & Local System account
Is it only possible to run the FMS service as the Local
System account in Windows Server 2003? I tried to change the Log On
params to a user with privileges to another server's share but the
service won't start up afterward. And in the info box in the FMS
Admin app there is a little tiny tooltip within the popup message
that says something about "License info". I changed the user back
to Local System account and the service started up right away. I'm
trying to test an app's ability to access a different path that's
set in the application.xml <VirtualDirectory><Streams>
node.
So, is it a limitation of the FMS Developer edition or is it
something on our end? I thought the only limitation was 10
conncections.... i have unchecked that from there and again after some minutes say 10 -15 minutes it gets locked ...
Hi,
Perhaps you can look into these areas for stored (and expired) password:
Check to see if there are any Services that is running using the affected administrator account.
Check to see if there are any Scheduled Tasks running using the affected administrator account.
Hope that helps.
Cheers,
Tas Chew -
Hello,
I have a WScript File that includes an external resource (js file).
It works on one computer and it does not work on another computer.
If I run this file from a normal admin command prompt everything runs fine on both computers.
If I run this file from the Local System account using PsExec it runs fine on one of the computers and throws an error "Cannot Retrieve referenced URL" on the other computer.
The reason I want it to run from the Local System account is that it is executed from a Windows Service.
Is there some setting or some way for the IE cache to get corrupt on the Local System account or something like that?JRV,
You are by far the worst 'support' person I've ever seen. If you aren't going to be thoughtful in providing support, don't pretend. If you're going to pretend, leave your condescension on the shelf. You have provided no thoughtfulness whatsoever to his issue,
and have in no way improved the discourse. You are arrogant and condescending without exhibiting any intelligence whatsoever. I'm impressed Matt kept calm through your demeaning, counterproductive diatribes.
Matt,
First I'd check UAC settings, because I believe that can change how elevation works substantially.
Second, I would check the versions of wscript.exe on both machines, both in System32 and SysWow, and I'd check for updates bypassing WSUS to make sure there's not something silly going on there (totally a shot in the dark, catch-all theory).
Have you made any headway in the last few weeks?
-John
This is not a support forum and it is not for assistance in fixing broken configurations. It is a scripting forum. The OP proved that the issue is not the script but the environment it is running in. You should not get mad just because you are
not getting satisfaction.
¯\_(ツ)_/¯ -
Ifweb60 processes run as local system account on w2k- how do i change?
i am running forms 6i on an 2000 box using
the forms servlet config and oc4j with 9ias.
this runs fine except that the ifweb60 processes
are owned by the local system account. this in
turn means i can't map the forms60_path to a
network drive because i can't give network
privileges to a local system account. so,
how do i change the account that spawns the
ifweb60 processes?
thanks,
martaNever mind, resolved this myself by using the netbios name to substitute the value I need on each individual domain.
$domain = Get-ADDomain | Select-Object -expandproperty netbiosname
Set-Location "dc=$domain,dc=dom,dc=co,dc=uk'
Sets location as:
PS AD:\dc=a,dc=dom,dc=co,dc=uk>
ON another domain same script results
PS AD:\dc=b,dc=dom,dc=co,dc=uk>
Exactly what I needed! -
So, I'm having some problems getting a logon script to work. I need a way to deploy the agent that we use via login/startup scripts and what I have works fine if the user has admin rights, or if UAC is disabled. I've tried to convert the .exe
to an .msi to make it easier, but the .msi never works and it's only distributed as an .exe. We deploy this to different clients, I can't disable UAC in their environment unless they specifically tell us to. Can anyone think of a way around this?
I've been searching for days and I'm just lost. If we could execute the file as the system account, or connect to shares using a startup script instead of logon, that would be perfect. Basically what it does is check to see if the process for the
agent is running (agentmon.exe) so we don't attempt to install it if it is already installed, if it's not, then it calls on a different agent installer depending on the IP address of the system (for clients that have more than one location). Here's what
I've got written that works for me in my test environment:
Const strAgent1 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup1.exe"
Const strAgent2 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup2.exe"
Const strAgent3 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup3.exe"
Const strFolder = "C:\Temp\"
Const Overwrite = True
dim objFSO, objNIC1, arrNIC, strIP, strMask, objShell, objWMIService
dim
'Checks for Kaseya agent process, AgentMon.exe, exits if running
Set objWMIService = GetObject ("winmgmts:")
Set proc = objWMIService.ExecQuery("select * from Win32_Process Where Name='agentmon.exe'")
If proc.count > 0 Then
WScript.Quit
End If
'Instantiate a NIC configuration object
Set objNIC1 = GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
'Instantiate a shell object
Set objShell = CreateObject("wscript.shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Create Temp Dir if it doesn't exist
If Not objFSO.FolderExists(strFolder) Then
objFSO.CreateFolder strFolder
End If
For Each arrNIC in objNIC1
if arrNIC.IPEnabled then
StrIP = arrNIC.IPAddress(i)
strMask = arrNIC.IPSubnet(i)
Set WshNetwork = WScript.CreateObject("WScript.Network")
end if
next
Function NetworkID(Address, Mask)
Dim AddressOctets, MaskOctets, Result, N
AddressOctets = Split(Address, ".")
MaskOctets = Split(Mask, ".")
ReDim Result(UBound(AddressOctets))
For N = 0 To UBound(AddressOctets)
Result(N) = AddressOctets(N) And MaskOctets(N)
Next
NetworkID = Join(Result, ".")
End Function
Select Case NetworkID(strIP,strMask)
Case "192.168.0.0"
' Kaseya install commands for 192.168.0.0 subnet
objFSO.CopyFile strAgent1, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup1.exe"
Case "192.168.1.0"
' Kaseya install commands for 192.168.1.0 subnet
objFSO.CopyFile strAgent2, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup2.exe"
Case "192.168.2.0"
' Kaseya install commands for 192.168.2.0 subnet
objFSO.CopyFile strAgent3, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup3.exe"
Case Else
' Some sort of error checking. Maybe a BLAT SMTP command to send an email
End Select
Set objWMIService = Nothing
Set objNIC1 = Nothing
Set objShell = Nothing
Set WshNetwork = Nothing
Wscript.quitYou need to read the documentation carefully:
The Deploy Agents install package is created using a Configure Automatic Account Creation wizard. The wizard copies agent settings from an existing machine ID or machine ID template and generates an install package called
KcsSetup.All settings and pending agent procedures from the machine ID you copy from—except the machine ID, group ID, and organization ID—are applied to every new machine ID created with the package.
Including Credentials in Agent Install Packages
If necessary, an agent install package can be created that includes an administrator
credentialto access a customer network. Credentials are only necessary if users are installing
packages on machines and do not have administrator access to their network. The administrator credential is encrypted, never available in clear text form, and bound to the install package.
¯\_(ツ)_/¯ -
Firefox with multiple system accounts: solutions or alternatives?
The subject isn't exactly clear but I couldn't think of a good way to summarize the issue.
I want to share a subset of Firefox bookmarks, extensions, settings and search plugins across different system accounts.
For example, I have a bookmark hierarchy with directories named foo, bar and baz. I want to keep bar and baz synchronized across multiple accounts but I want foo to remain private for a given account. I want to have extensions x, y and z installed on all accounts with the same settings, but I want extension w only on one account.
General and plugin settings are easy enough to do with user.js.
Interface settings, extensions and search plugins can be shared with some scripting and rsyncing but that's a minor pain.
Sharing a subset of bookmarks is major pain. Either I have to automatically export HTML bookmarks files, write a parser, copy the subset around, import it manually with each account, and finally arrange the imported bookmarks in the hierarchy or I have to open each account in the same X session and copy+paste bookmarks between accounts.
I could probably write a script to extract and insert what I want in places.sqlite3, but I don't want to rely on the stability of the database format with the new release plan.
Does anyone have any suggestions? Firefox Sync is not an option because I do not want to share everything.
At this point I'm open to alternatives, but there is some functionality that I'm not willing to give up:
* NoScript (per-site Javascript and Flash blocking)
* RequestPolicy (per-site permissions for loading content from other sites)
* Cookie Monster (per-site cookie permissions)
* Add to Search Bar (easily add any search form to the search bar)
* Organize Search Engines (create hierarchical structures of aforementioned search engines)
I've started considering Chrome but the matching extensions don't seem to be mature enough yet (e.g. Request Maker is based on RequestPolicy, but the author admits it lacks features). Besides, I don't really want to rely on the Google apps store if I can avoid it.
I looked at uzbl too, but the script-blocking scripts apparently fail sometimes because uzbl lacks hooks. An unreliable script-blocker is a no-go for me.
tl:dr; need suggestions for something that lets me:
* control outgoing requests from browser
* control code execution in browser
* synchronize subsets of bookmarks, extensions, search engines
* organize bookmarks and search engines
p.s. Life would be so much easier if Firefox didn't pack shit into SQLite databases like it was playing Tetris. Just give me some decent command-line options and simple configuration file formats ffs.ngoonee wrote: I don't use bookmarks AT ALL.
oO
What do you use instead? Memory and auto-completion?
This did give me an idea... I could just as well write a basic server to host my bookmarks and run that as a daemon.
As for the suggestions so far:
* Pentadactyl: I'll look into it, but installing it would be a bit like buying a car just for the seat.
* Xmarks: that might do what I want, but I don't like the idea of storing all of my bookmarks on a third-party server and I definitely don't want to let them collect data about me as per their ToS.
* xxxterm etc.: I'll look into those.
Thanks!
I'll post an update as soon as I decide on a solution.
Last edited by Xyne (2012-05-09 16:08:30) -
Is possible to import the TR using TP.EXE with local system user
Hi ,
Currently I am trying to import the TR using the TP.exe. Could please let me know is mandatory to use <SID>adm user. If yes could please let me know the procedures.
Because I try with local user but it was failed. Even though I set same environment variable (Both User and System).
Regards,
VivekHi ,
Please find the log below
I am using the correct commend. if i try in SIDADM user it working fine.when i try with local user is not working.So i was confused.
This is tp version 372.04.40 (release 701, unicode enabled)
TRACE-INFO: 1: [dev trc ,00000] Thu May 12 00:09:50 2011 1042 0.001042
TRACE-INFO: 2: [dev trc ,00000] load shared library (dbsdbslib.dll), hdl 0, addr 0000000186C80000
TRACE-INFO: 3: 5 0.001047
TRACE-INFO: 4: [dev trc ,00000] using "E:\usr\sap\EC6\SYS\exe\uc\NTAMD64\dbsdbslib.dll"
TRACE-INFO: 5: 5 0.001052
TRACE-INFO: 6: [dev trc ,00000] } DbSlSdbControl(rc=0) 81 0.001133
TRACE-INFO: 7: [dev trc ,00000] { DbSlSdbControl(con_hdl=-1,command=39,arg_p=0000000000000000)
TRACE-INFO: 8: 8 0.001141
TRACE-INFO: 9: [dev trc ,00000] } DbSlSdbControl(rc=0) 8 0.001149
TRACE-INFO: 10: [dev trc ,00000] { DbSlSdbControl(con_hdl=-1,command=10,arg_p=000000000202EBE0)
TRACE-INFO: 11: 8 0.001157
TRACE-INFO: 12: [dev trc ,00000] } DbSlSdbControl(rc=0) 4 0.001161
TRACE-INFO: 13: [dev trc ,00000] { DbSlSdbControl(con_hdl=-1,command=10,arg_p=0000000140E5A1E8)
TRACE-INFO: 14: 15 0.001176
TRACE-INFO: 15: [dev trc ,00000] } DbSlSdbControl(rc=0) 5 0.001181
TRACE-INFO: 16: [dev trc ,00000] { DbSlSdbConnect(con_info_p=0000000000000000) 18 0.001199
TRACE-INFO: 17: [dev trc ,00000] DBSDBSLIB : version 700.08, patch 0.024 (Make PL 0.32) 18 0.001217
TRACE-INFO: 18: [dev trc ,00000] MAXDB shared library (dbsdbslib) patchlevels (last 10) 7 0.001224
TRACE-INFO: 19: [dev trc ,00000] (0.024) Default value for max. input variables is 2000 (note 655018)
TRACE-INFO: 20: 9 0.001233
TRACE-INFO: 21: [dev trc ,00000] (0.024) Profile parameter to define max. input variables (note 655018)
TRACE-INFO: 22: 9 0.001242
TRACE-INFO: 23: [dev trc ,00000] (0.024) Switch SQLMODE after CREATE INDEX SERIAL (note 1267841)
TRACE-INFO: 24: 8 0.001250
TRACE-INFO: 25: [dev trc ,00000] (0.024) Input parameters for SQL statements increased (note 655018)
TRACE-INFO: 26: 7 0.001257
TRACE-INFO: 27: [dev trc ,00000] (0.018) Create index serial for MaxDB 7.6 (note 1267841)
TRACE-INFO: 28: 8 0.001265
TRACE-INFO: 29: [dev trc ,00000] (0.018) More trace in case of packed to string conversion error (note 1262799)
TRACE-INFO: 30: 13 0.001278
TRACE-INFO: 31: [dev trc ,00000] (0.016) R3trans export aborts with signal 6 (note 1262245)
TRACE-INFO: 32: 7 0.001285
TRACE-INFO: 33: [dev trc ,00000] (0.009) IA64 alignment errors (note 1245982) 7 0.001292
TRACE-INFO: 34: [dev trc ,00000] (0.007) Support DB-Type 'SAP DB' by UPDSTAT (note 1225668)
TRACE-INFO: 35: 7 0.001299
TRACE-INFO: 36: [dev trc ,00000] 4 0.001303
TRACE-INFO: 37: [dev trc ,00000] -> init() 6 0.001309
TRACE-INFO: 38: [dev trc ,00000] -> sdb_malloc(size=18) : 0000000002810EB0 (34 bytes allocated)
TRACE-INFO: 39: 18 0.001327
TRACE-INFO: 40: [dev trc ,00000] STATEMENT_CACHE_SIZE = 1000 46 0.001373
TRACE-INFO: 41: [dev trc ,00000] -> sdb_malloc(size=152000) : 00000000028B9FA0 (152050 bytes allocated)
TRACE-INFO: 42: 16 0.001389
TRACE-INFO: 43: [dev trc ,00000] -> sdb_malloc(size=656000) : 0000000002C200B0 (808066 bytes allocated)
TRACE-INFO: 44: 13 0.001402
TRACE-INFO: 45: [dev trc ,00000] -> sdb_malloc(size=288000) : 0000000002CC10B0 (1096082 bytes allocated)
TRACE-INFO: 46: 11 0.001413
TRACE-INFO: 47: [dev trc ,00000] -> sdb_malloc(size=16144) : 0000000002D080B0 (1112242 bytes allocated)
TRACE-INFO: 48: 11 0.001424
TRACE-INFO: 49: [dev trc ,00000] -> sdb_malloc(size=32048) : 0000000002D0C020 (1144306 bytes allocated)
TRACE-INFO: 50: 11 0.001435
TRACE-INFO: 51: [dev trc ,00000] -> loadClientRuntime() 358 0.001793
TRACE-INFO: 52: [dev trc ,00000] Loading SQLDBC client runtime ... 7 0.001800
TRACE-INFO: 53: [dev trc ,00000] SQLDBC SDK Version : SQLDBC.H 7.6.0 BUILD 007-123-091-175
TRACE-INFO: 54: 339 0.002139
TRACE-INFO: 55: [dev trc ,00000] SQLDBC Library Version : libSQLDBC 7.6.5 BUILD 011-123-196-300
TRACE-INFO: 56: 8 0.002147
TRACE-INFO: 57: [dev trc ,00000] SQLDBC client runtime is MaxDB 7.6.5.011 CL 196300 21 0.002168
Regards,
vivek -
MDT 2012 - Litetouch deploy windows 8 with different administrator account
I have created and captured a custom image of Windows 8 using MDT2012 update 1 and Windows ADK (without SCCM). In the image, I have set an account called DeployUser, with password XXX, adding it to the Administrators group, and I have disabled the User
Account Control.
I did this because the Administrator account is renamed from GPO and the password is changed every 30 days (for security reasons, the password is not disclosed to any IT support).
Next, I created a TS to deploy this image, adding the installation of some software.
In the Unattend.xml, I also added DeployUser to perform the autologon.
After the first logon with DeployUser, the TS stops and does not return any error message.
If I manually run C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Start-up \ LiteTouch.lnk nothing happens, however, if I run it with "Run as Administrator", the TS continues normally.
Somebody who knows a solution for this?I believe MDT LiteTouch deployments only recognize the Administrator account name for processing task sequences.
Are you joining the domain during an MDT Litetouch deployment? If so, you may want to delay joining to a domain or GPO processing. Take a look at these recommendations:
Domain Policies that break MDT 2010
It may also be possible to disable GPO processing until the end of the taks sequence via a reghack or disabling a service. Take a look at this:
How to Disable/Enable Group Policy
BTW, the task sequence engine in ConfigMgr prevents GPO processing during an OSD.
V/R, Darrick West - Senior Systems Engineer, ConfigMgr: OSD -
Can't reinstall Windows 7 with Operating System Recovery Disk x120e
Hi,
I dabbled with Ubuntu on my Thinkpad x120e, but found that the dual-boot was unneccessary. I (likely foolishly) followed directions online to use EasyBCD (http://www.makeuseof.com/tag/nongeeks-guide-safely-uninstall-ubuntu-dualbooting-machine/) to overwrite GRUB.
Of course, now Windows won't load! I get an error
Windows failed to start...
1. Insert your Windows installation disc...
2. Choose your language..
3. Click "Repair your computer"
If you do not have the disc, ...
File: \Boot\BCD
Status: 0xc0000098
Info: The Windows Boot Configuration Data file does not contain a valid OS entry.
I got the Operating System Recovery Disc from lenovo (thanks Lenovo for sending it) and copied it to a USB as the computer has no DVD drive. When I start the computer from the USB and select run from USB, it begins to load Windows, then Lenovo Rescue and Recovery 4...but then it crashes and restarts. When I hit f8 and startup in SafeMode, it begins to load the safemode screen, but then also crashes.
Any advice on what to do?? Many thanks.Hello,
If you are okay with erasing the contents of the hard disk drive, you can try booting to a Windows Command Prompt, running DISKPART.EXE, selecting the hard disk drive, and issuing a "clean" command, which will erase the disk so that the operating system can be reloaded.
Regards,
Aryeh Goretsky
I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
S230u (3347-4HU) • X220 (4286-CTO) • W510 (4318-CTO) • W530 (2441-4R3) • X100e (3508-CTO) • X120e (0596-CTO) • T61p (6459-CTO) • T43p (2678-H7U) • T42 (2378-R4U) • T23 (2648-LU7)
Deutsche Community Comunidad en Español Русскоязычное Сообщество -
When running a cscript.exe wsf file that references a script that retrieved from the internet is it possible that some sort of IE cache corruption or permissions issue in
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows will cause the script to fail to retrieve the external resource?
Also, is there some sort of known condition that will cause the permissions on C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows to not be set to any valid user?The system profile is set to be protected. It should not be modified.
You cannot run a file downloaded from the Internet. It is tagged (blocked) and cannot be used until it is unblocked.
PowerShell has a CmdLet that does this: Unblock-File <filename>
¯\_(ツ)_/¯ -
Can I install on my MacBook Pro and Windows PC with the same account?
Hello
I have a Mac and a PC(Win), now I am thinking about purchase Creative Cloud, can I install on my OSX and Windows? Or I need to buy 2 license?
Thanks you all.
MichaelCloud License allows 2 activations http://www.adobe.com/legal/licenses-terms.html
-Install on a 2nd computer http://forums.adobe.com/thread/1452292?tstart=0
-Windows or Mac does not matter... 2 on the same operating system, or 1 on each -
Here is the case:
OS environment: Windows 7
There are two user accounts in my system, standard user "S" and administrator account "A", and there is a windows service running with "Local System" privilege.
Now i logged-in with account "S", and i want to launch an application with elevated administrator account "A" from that service program, so here is the code snippet:
int LaunchAppWithElevatedPrivilege (
LPTSTR lpszUsername, // client to log on
LPTSTR lpszDomain, // domain of client's account
LPTSTR lpszPassword, // client's password
LPTSTR lpCommandLine // command line to execute e.g. L"C:\\windows\\regedit.exe"
DWORD dwExitCode = 0;
HANDLE hToken = NULL;
HANDLE hFullToken = NULL;
HANDLE hPrimaryFullToken = NULL;
HANDLE lsa = NULL;
BOOL bResult = FALSE;
LUID luid;
MSV1_0_INTERACTIVE_PROFILE* profile = NULL;
DWORD err;
PTOKEN_GROUPS LocalGroups = NULL;
DWORD dwLength = 0;
DWORD dwSessionId = 0;
LPVOID pEnv = NULL;
DWORD dwCreationFlags = 0;
PROCESS_INFORMATION pi = {0};
STARTUPINFO si = {0};
__try
if (!LogonUser( lpszUsername,
lpszDomain,
lpszPassword,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&hToken))
LOG_FAILED(L"GetTokenInformation failed!");
__leave;
if( !GetTokenInformation(hToken, (TOKEN_INFORMATION_CLASS)19, (VOID*)&hFullToken,
sizeof(HANDLE), &dwLength))
LOG_FAILED(L"GetTokenInformation failed!");
__leave;
if(!DuplicateTokenEx(hFullToken, MAXIMUM_ALLOWED, NULL,
SecurityIdentification, TokenPrimary, &hPrimaryFullToken))
LOG_FAILED(L"DuplicateTokenEx failed!");
__leave;
DWORD dwSessionId = 0;
WTS_SESSION_INFO* sessionInfo = NULL;
DWORD ndSessionInfoCount;
bResult = WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE, 0, 1, &sessionInfo, &ndSessionInfoCount);
if (!bResult)
dwSessionId = WTSGetActiveConsoleSessionId();
else
for(unsigned int i=0; i<ndSessionInfoCount; i++)
if( sessionInfo[i].State == WTSActive )
dwSessionId = sessionInfo[i].SessionId;
if(0 == dwSessionId)
LOG_FAILED(L"Get active session id failed!");
__leave;
if(!SetTokenInformation(hPrimaryFullToken, TokenSessionId, &dwSessionId, sizeof(DWORD)))
LOG_FAILED(L"SetTokenInformation failed!");
__leave;
if(CreateEnvironmentBlock(&pEnv, hPrimaryFullToken, FALSE))
dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
else
pEnv=NULL;
if (! ImpersonateLoggedOnUser(hPrimaryFullToken) )
LOG_FAILED(L"ImpersonateLoggedOnUser failed!");
__leave;
si.cb= sizeof(STARTUPINFO);
si.lpDesktop = L"winsta0\\default";
bResult = CreateProcessAsUser(
hPrimaryFullToken, // client's access token
NULL, // file to execute
lpCommandLine, // command line
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
pEnv, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
RevertToSelf();
if (bResult && pi.hProcess != INVALID_HANDLE_VALUE)
WaitForSingleObject(pi.hProcess, INFINITE);
GetExitCodeProcess(pi.hProcess, &dwExitCode);
else
LOG_FAILED(L"CreateProcessAsUser failed!");
__finally
if (pi.hProcess != INVALID_HANDLE_VALUE)
CloseHandle(pi.hProcess);
if (pi.hThread != INVALID_HANDLE_VALUE)
CloseHandle(pi.hThread);
if(LocalGroups)
LocalFree(LocalGroups);
if(pEnv)
DestroyEnvironmentBlock(pEnv);
if(hToken)
CloseHandle(hToken);
if(hFullToken)
CloseHandle(hFullToken);
if(hPrimaryFullToken)
CloseHandle(hPrimaryFullToken);
return dwExitCode;
I passed in username and password of account "A" to method "LaunchAppWithElevatedPrivilege", and also the application i want to launch, e.g. "C:\windows\regedit.exe", but when i run the service program, i found it do launch
"regedit.exe" with elevated account "A", but the content of regedit.exe is pure back. screenshot as below:
Can anyone help me on this?You code is not dealing with the DACL access to Winsta0\Default. Only the LocalSystem account will have full access and the interactively logged on user which is why regedit is not displaying properly. You'll need to grant access to your user.
You also need to deal with UAC since that code is going to give you a non-elevated token via LogonUser(). You need to get the full token via a call to GetTokenInformation() + TokenLinkedToken.
thanks
Frank K [MSFT]
Follow us on Twitter, www.twitter.com/WindowsSDK. -
Cannot change SQL 2008 R2 Service account from local System to any account
Windows 7 64 Bit Developer Edition of SQL Server 2008 R2
Successfully changed SQL Server Agent, SQL Server Reporting Services, SQL Analysis Services, SQL Server Integeration Services and SQL Full-Text Filter Daemon Launcher from Local System Account to Domain account. Howerver, I cannot change
the SQL Server Account. The SQL Server Configuration Manager generates the below error:
WMI Provider ERROR (in window title bar)
Big red X followed by "The parameter is incorrect. [0x80070057].
I have tried many things with no luck:
Tried using a different local administrator account
Tried putting the Domain account I want to change to in the local admin group
Tried adding the Domain account I want to change to in all of the SQL created local groups
I think im going to have to reinstall to change the account. What up!@!!
-thanks for any help in advance. Its probably something dumb i did or did not do.
scottPlease try:
Open SQL Server service's property dialog in SQL Server Configuration Manager.
Select "This account", and then click "Browser".
Enter you domain account and then click "Check Names"
Back to property dialog and input the password
Please let me know if the issue persists.
Best Regards
Alex Feng | Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Maybe you are looking for
-
Any way to get rid of email contacts mixed in with phone numbers?
Hi. My email contacts and phone numbers are mixed together and I want just my phone numbers to show. This is found by tapping the green phone icon and going to contacts.
-
Using Unix Env variables in your Bursting XML
Hello all, We are going into production bursting invoices using EBS 5.6.2/5.6.3 (we will be upgrading soon) and have come into a issue to do with pathing the files so that we can migrate from dev to prod without altering the XML bursting control file
-
Error while opening the PDF attachment
HI SDN's I have to send order confirmation thru mail as a pdf attachment as soon as order has been saved. I have written the code and assigned to output type. Here I am getting an error opening a converted pdf file with Adobe Reader The error message
-
Not able to use my recently purchased iPhone5c
I recently bought an iPhone 5c from someone, and I went to activate it at the Sprint store and they said it was still connected to the other guy's account. I can't contact the guy. Please help me, I would like to be able to use this phone...
-
List of Open PO with all items open in it
Dear friends, I want to know the open purchase order of which all items are open in it. Even if a single item is partially delivered nor GR done that PO shouldnt be listed. I tried with me2n with selection parameter as we101 but it shows PO with part