0

I have an application on Windows Server 2012 R2 that runs around the clock that shares information with a separate client application. The server app only saves all of its data to files when it is closed, so I've set up a scheduled task that triggers a batch file to close it, make copies of the files, and then restart it.

the batch looks something like this:

taskkill /im myprogram.exe /f

copy "C:\programfiles\myprogram\data.file" "C:\backups\data.file"

runas /savecred /user:Administrator "C:\programfiles\myprogram.exe"

When no one is logged into the server, the app starts under SYSTEM and this creates two problems:

  • 1) The gui is hidden, so when someone logs in to make changes, they have to restart the application as Admin to interact with it.
  • 2) The client side app is unable to communicate properly with it and sometimes doesn't even see it.

I have tried setting up my scheduled task to run both as Admin and as System, and in both cases I leave the box for Run with highest privileges unchecked.

Aside from the regular backup, a similar task is also in place to run on startup and reinstate the most recent backup before starting the application (this prevents the app from starting with a broken database in the event of a system crash). both tasks are set up with the same credentials and permissions.

Are there any other options that need to be set to make sure that the application is always started as Administrator?

Nicko
  • 1

1 Answers1

0

Is there a reason why you leave run with highest privileges unchecked? Because this guarantees that your task actually runs with administrative privileges.

humble.adm1n
  • 151
  • 7
  • I tried running the task with it checked and the application still runs as System, even when the task itself is set to run as Admin. – Nicko Jul 06 '16 at 17:33
  • The only sort of solution I've found so far is to stop using RDP because it logs out of Admin when I leave a session. Right now I'm limited to using VNC so that the Admin account stays logged in but I'd like to stop using VNC due to security reasons. – Nicko Jul 06 '16 at 17:37
  • I tried it. You can set up scheduled task to run as a different user independant from user logon. The prolem is that you don't get a GUI, even if the said user logs on. Maybe a local policy with logon script to restart your process my be an option? Here's my sample bat-code. It kills Internet Explorer, displays sample text, waits 5 sec and starts IE again. I set the scheduled task to run as a local account with admin privs. `@echo off taskkill /im iexplore.exe /f echo Lorem ipsum ping -n 5 127.0.0.1 > NUL start "" "C:\Program Files\Internet Explorer\iexplore.exe" exit` – humble.adm1n Jul 06 '16 at 20:55