We converted our .NET desktop application with the Desktop App Converter Tool.
The app needs to run from the scheduled task whether user is logged on or not. We first tried to run the app from the scheduled task when the user is logged on. We created a protocol for the app and using that protocol we successfully invoked the app from the task scheduler with some arguments. Using this approach when we tried to invoke the app from the task scheduler by selecting the option "Run whether user is logged on or not" i.e. session 0, the app failed to launch.
How can we invoke the UWP desktop bridge app from the task scheduler when the user is logged on or not i.e. session 0 / non-interactive session?
I think what you need is a startup task. The article linked in my answer has an example and more details.
Here are more docs from Microsoft on startup tasks. From what I can see in these docs you are allowed to execute a startup task only after the user logs in.
Your Desktop Bridge app can not run code without the user being logged in. Running in session 0 / non-interactive session is not supported.
Related
I am building a dashboard for one of our departments that is going to monitor the status of several VBA scripts/macros. One of the features I want is to be able to start the script/macro remotely via my Blazor application. I have so far managed to start the process on the server with the following line.
Process.Start("notepad.exe","", uname, Password, domain);
I can see the process started in the task manager but the application itself never starts (cannot physically see the application).
One of the requirements is that the user (service account) will always be logged on to the server (could this be the issue that the service account is logged in?). The Blazor application is running with the same identity in the application pool as the service account that is logged in
I'd like to run an application from a trusted intranet site. I'd like to run the application as a certain user, not the IIS user. I tried an approach using impersonation, but it looks like ASP.NET doesn't let you spin off a real process as a totally different user.
I was wondering if I could instead set up a scheduled task with the saved credentials of the user I want to run this application as, and then run the task on demand from ASP.NET?
I have windows service which is written on Qt. How to get desktop path for current user?
QStandardPaths will give you standart paths for system and current user.
But don't forget what your service are running under system user by default and not under your local user profile if you didn't set it so. Just check it in services.msc On the second tab in your service preferences you can also change the user under which your service will be executed.
EDIT: Also you can use standard MSDN API to get system and user paths. This code for example will give you Documents folder for current user under which the service is running. With fromWCharArray you can convert it then to QString
#include "Shlobj.h"
QString path;
wchar_t* localAppData = nullptr;
if (SHGetKnownFolderPath(FOLDERID_Documents, 0, nullptr, &localAppData) == S_OK)
{
path = QString::fromWCharArray(localAppData);
CoTaskMemFree(reinterpret_cast<void*>(localAppData));
}
Services do have limited access. usually they can't access anything desktop-related. Qt is supposed to be used for desktop apps.
Linux daemon and windows service are completely different in principle of function. Windows maintains life cycle of a service and there are service-specific subsystems in API. Linux daemon is just another process running in background, nothing special in comparison to other processes otherwise.
Services run under system account, network account or some superuser account, with no access to desktop function. Services not meant to interact with current logged-in user, it's background processes for interaction with OS and hardware (drivers are kind of service too).
It is possible to enable access to current user but such is a security risk and involves Windows API, as well as action to be taken to configure service. Running service as local user that got a profile is a security risk too.
Usual setup is to create service and GUI app that interacts with that service and runs under current user.
Services use different entry points from standard application, just like windows .dll got its own entry points.
https://msdn.microsoft.com/en-us/library/9k985bc9(v=vs.100).aspx
Complete example of service:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb540476(v=vs.85).aspx
There was component called QtService, but it is no longer maintained, probably because of security changes. Unless service support for Qt as project type would be added, at best it would be not a fully functional service.
I am trying to call an old VB6 dll (no source code available) from an ASP.NET project. The dll connects to a server using windows authentication, so I need to call functions as a specific user, not NETWORKSERVICE as it is now.
This would preferably be determined at call time, not load time because I am impersonating the remote user and would like for this to be the user calling the functions, not the application user and not NETWORKSERVICE as it is now.
So, theres the browser running as USER, connecting to the application impersonating USER, calling the dll as USER, but the dll is trying to connect to a remote server as NETWORKSERVICE, not USER.
Is it possible to make this dll connect to the remote server as USER? Or, if nothing else, connect as the application user?
Edit:
Impersonation is done in code by calling Impersonate() on the remote user's WindowsIdentity. The company I work for has a custom SecurityPrincipal and SecurityIdentity so it's kind of weird how I have to go about getting the WindowsIdentity (it's a little more in depth than User.Identity), but I have used this method before successfully and have verified that System.Security.Principal.WindowsIdentity.GetCurrent().Name
is the correct user during the impersonation.
I would first try to find out how the DLL is connecting as a different user (Process Explorer can help with this). Is it possible that the DLL is communicating with a service (or some other process) which is running on the box which is logged in as NETWORKSERVICE? If so, you can change that service to run as a different user. Just grasping at straws, hope you figure it out!
I did eventually find the problem (which just lead to other problems, but anyway) it turned out to be I was missing an AspCompat="true" on my page. Actually the problem was that I was using a "Handler" and not a "Page". Handlers do not have the STA abilities that Pages have. What was happening was every time I tried to access the COM component, there would be a thread switch (impersonation lost) since the application is running in an MTA and the COM component must run in an STA.
Small question, was anyone able to control iTunes through any local webdeployment?
Most preferable through a hosted IIS WCF service?
I've tried on my Windos 7 with IIS7.5 and when I set the Process Model - Identity to 'Local System' on the IIS apppool containing the WCF service, I see the iTunes.exe popping up in the Task Manager.
But iTunes doesn't come 'alive' - no visual shell and even though the iTunesApp object is initialized in my WCF Service code, perfomring any actions on it won't work.
Side not, running the same service through Visual Studio 2010 debug mode, everything works just great!
UPDATE *
I was trying to communicate to iTunes through my windows phone and I thought of going round that with a website/service... but with the new Mango update we can do TCP sockets native on the phone! SO I'll try that route.
The reason service does not show any UI windows is becuase of Session Isolation. Your service (IIS application pool process) is running in session 0. Your desktop is attached to session 1 (or some other number if more than one user is logged on on this machine).
There are couple of workarounds to allow services to show UI to user:
1. You can mark service with option "Allow service to interact with desktop". This only works for services that are running as local system. This option is deprecated, should only be used for compatibility with legacy services.
2. Service can launch an intermediate process in user session and communicate to it.
If you don't want to interact with iTunes, and only want to lanch it in user session, what you need to do is:
Obtain name of windows station the user is running. You can use windows terminal services API for that. You will have to be creative to figure out which user session is currently active (if there is more than one). You probably also want to query user security token, so that process is run as a user, and not as a local system.
Call CreateProcessAsUser and pass STARTUPINFO structure. Set lpDesktop field in STARTUPINFO to point to window station you identified.
The reason this works when debugging in Visual Studio 2010 is because you're running VS under your login and your login has a visible desktop that iTunes can interact with.
If you launch from a process running under a service account then yes you'll see the executable in task manager but the iTunes won't have a visible desktop to interact with.