Recently developed an application that needs to interface with scripts provided by others. Conditional constraints are relatively strict:
- The app (hereinafter referred to as the app) needs to start with system.
- The script (hereinafter referred to as script) cannot be started with system, but is started with a specific user (hereinafter referred to as UserA).
- The password must be entered automatically.
First, Runas
Running the platform is windows, the first to think of is RunAs, referring to the "runas command use and runas automatic password method" Article, did the following experiments.
Runas/user:usera/savecred "Script.bat"
The first run prompts for a password, then runs the script, and the test succeeds.
Run RunAs again (note to add the/savecred parameter) and find that you do not need to enter the password again.
After restarting the computer, test again, still valid.
I thought it was over, however, after running with the system account, the script would get stuck.
After analysis, the system account is not the same as the direct open cmd run, which belongs to a different session. Therefore, the system has not saved the password, need to re-enter.
Scenario one failed.
Second, Sanur
The Sanur is mentioned in the usage reference, and it is found that the project is no longer maintained and supports only earlier versions such as Windows 2003/XP.
There was no success in the trial under CMD.
Third, Lsrunase
The software was successfully tested under CMD (Windows 2008 supported), but it failed to run properly under system.
Although not successful, but the software is still a little use, the introduction of the use of the steps:
1. Use the Lsencrypt interface program to encrypt the original password (PWDA) to ciphertext (pwdb).
2. Enter the following command under CMD
Lsrunase/user:usera/password:7f1z /command:script.bat/runpath:d:\/domain:
Attention:
- All options are added (/user,/password,/command,/runpath,/domain)
- /domain: Leave blank to indicate native Default domain or workgroup.
- /PASSWORD:7F1Z, using encrypted ciphertext (PWDB), rather than ciphertext before encryption (PWDA)
Iv. Cpau
The software has a very long usage, which is equivalent to a short story ... The specific usage is slightly.
Similar to Lsrunase, run normally under CMD, run failure under System, report error code 0xFFFFFFFB (-5).
It failed again.
V. Scheduled Tasks
After a night of entanglements, finally came up with a planning task.
The planning task has the following characteristics, can meet this demand:
- Support starts with a specific user.
- Supports saving passwords.
- Passwords are stored in ciphertext rather than plaintext.
After testing, it is possible!
The implementation structure is as follows (in square brackets for a program, a script, or a scheduled task, within parentheses for a running user):
[APP] (System)-->[script_intermediate] (System)-->script_task (UserA)-->script (UserA)
Add the Script_intermediate script with the content
schtasks/run/tn/i Script_task
In the scheduled task, create a new script_task that calls script and starts with the UserA user.
Welcome to shoot Bricks.
Windows skillfully uses scheduled tasks to achieve RunAs functionality