Tuesday, November 27, 2012

Run exe using NetworkService account

Sometime back we had a requirement of running an exe in the context of network user. Initially it looked very easy. But when I tried to impersonate the execution, I realized the difficulty. It is easy to impersonate as a standard user .But cannot impersonate as NetworkService. So what are the alternatives.

  1. Run a windows service and start the process/executable from that service.
  2. Schedule a task and specify target as our exe and use NetworkService to initiate execution. Delete the task after execution.

Run exe through windows service

This is a simple matter or creating a windows service and executing a exe when we start the service. Immediately after completion of exe stop the service.This can be summarized as

  1. Create a simple windows service
    1. This should accept an exe path through the OnStart() method.
    2. Execute the exe.
    3. Stop the service by calling Stop() method.
  2. Use the sc start command to start the service and pass path as param.

You may download the program from here.

Schedule task on behalf of NetworkService

This too simple. The steps are

  1. Create a scheduled task pointing to your application using ‘schtasks’ command.
    1. Use “NT AUTHORITY\NETWORK SERVICE" as user profile
    2. Give the run frequency as onlogon. This is to ensure that, it will never run before we trigger.
    3. eg: <drive>:\<folder>>schtasks /create /tn testser /sc onlogon /ru "NT AUTHORITY\NETWORK SERVICE" /tr d:\Temp\HelloWorld.exe (No way to reduce params)
  2. Run the task
    1. schtasks /run /tn "testser"
  3. Delete the task
    1. schtasks /delete /tn testser /f (/f is to delete forcefully.Else it will ask a confirmation)

Better wrap this into a single batch file which accepts the exe name and run the same in the context of ‘NetworkService’. ie you can use like RunAsNetworkService <file path>

NB: If you simply create the task using command, it will not run, it is in a portable system such as laptop and it is in battery during invocation. To resolve that, you need to create an xml file where you can specify to enable task running in batteries and point the same xml in the task creation command.Below links explains how to create task with xml file option.

http://stackoverflow.com/questions/9075564/change-settings-for-power-for-windows-scheduled-task
http://msdn.microsoft.com/en-us/library/windows/desktop/bb736357(v=vs.85).aspx

No comments: