Runas user failed

mail2vij 2022-07-28 08:48:29 UTC #1

bigfix version 10.0.0

action uses wow64 redirection {not x64 of operating system}

delete __createfile
delete "c:\temp\service.bat"

createfile until eof1
net stop WSearch
net start WSearch
eof1
move __createfile "c:\temp\service.bat"

override wait
hidden=true
runas=currentuser
wait  cmd.exe /c "c:\temp\service.bat"


STATUS: Running action...
Wow64 redirection disabled. action uses wow64 redirection {not x64 of operating system}
Command succeeded delete No 'C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__FixletDebugger\__createfile' exists to delete, no failure reported
Command succeeded delete "c:\temp\service.bat"
Command succeeded createfile until 
Command succeeded move __createfile "c:\temp\service.bat"
Command succeeded override wait
Command succeeded override hidden=true
Command succeeded override runas=currentuser
Command failed (RunAsCurrentUser: No current user session) wait  cmd.exe /c "c:\temp\service.bat"

--- Result ---
Evaluation failed!

trn 2022-07-28 09:06:59 UTC #2

change

move __createfile "c:\temp\service.bat"

copy __createfile "c:\temp\service.bat"

The source file is not accessible to non-admins, and ‘move’ just moves the file, complete with ACL. Copy creates a new file with permissions inherited from the new parent folder.

mail2vij 2022-07-28 10:02:14 UTC #3

it works for currentuser session but did not work for domain user

Command failed (Override value is unknown for this keyword.) override runas=domain\user1 (action:20353)

JasonWalker 2022-07-28 11:33:10 UTC #4

Sorry “sent” too soon.

Runas=currentuser only picks up “at the keyboard” users, not RDP sessions. Check the tip to find other methods for RunAs that will work with RDP sessions.

akira 2022-07-28 22:45:32 UTC #5

To run command with specified user, you need to specify

    runas=localuser
    user=domain\user1
    password=required