Login/Register
Runas in another Windows terminal session
Asked Answered
Solved windowsterminal-servicesrunas
O

5

10

For simplicity, let's say the user Administrator is logged in in terminal session 2. Another user Boda is logged in terminal session 3.

Is it possible to runas a program in session 3 from session 2?

For simplicity, let's say I want to start calc.exe in session 3 (in Boda's session). How do I do that? Can it be done with runas?

Oligoclase answered 13/11, 2014 at 14:11 Comment(7)
I strongly believe this is a Super User question as asked. Voting to migrate.Eluvium
Thanks. I can't post to Super User though because of some moderation rules that I've broken by asking stupid questions.Oligoclase
How do I wote to migrate? I have strong karma on this site so I can wote to migrate too.Oligoclase
If you have access to the Close link under your question, go off topic because... -> belongs on another site -> superuser.com. Not sure if the question can be migrated if you have restrictions on the other side, though.Eluvium
FWIW, the answer is "no". You can't use runas across sessions. You can however do this in code, though it's a bit tricky.Gruchot
@HarryJohnston Do you know about any tools that would let you do that? I have seen system administrators start programs in other user's sessions...Oligoclase
I believe psexec (available from the MS web site) has that functionality, though I haven't tried it.Gruchot
T
15

Like Harry Johnston suggested in a comment you can do this using the psexec tool available on TechNet. I've tried it using a Windows 2008 Server running Terminal Services and managed to start various applications in another users session (although not calc.exe - it started but minimized and the window refused to restore), among them cmd.exe.

The command I used was psexec.exe -i 3 cmd.exe where 3 is the session number (that you can get from qwinsta.exe).

Example: Remote session, logged on as Administrator; using qwinsta to enumerate sessions and psexec to start cmd.exe on another session. enter image description here

Another session: logged on as Patrick, with the cmd.exe window on the desktop opened by Administrator (which the window title reveals too). enter image description here

True answered 8/3, 2015 at 22:7 Comment(1)
It opens the program, but the GUI is crippled.Hesse
E
7

There is a commandline tool and it’s called RunInSession. You need to specify at least the SessionId in which you want to launch the process and which process you want to launch. Optional is servername if you want to launch on a remote server. If you run it without parameters a dialog with possible parameters is shown:

RunInSession

Currently supported OS versions are Windows XP, 2003, Vista and 2008.

The program needs to run in the context of the Localsystem user, therefore it temporarily installs itself as service and start itself. With the WTSQueryUserToken it obtains the Primary User token of the requested Terminal Session. Finally the process is launched with CreateProcessAsUser and the service deletes itself.

More details:

Explicable answered 11/3, 2015 at 21:31 Comment(2)
like a charm !!Ulrika
This tool opens the desired program in the session needed with the user credentials but you can't open it with admin rights in the session of a normal user.Hesse
C
6

Its kind of an hack, but its very useful to me. Way more faster than psexec.exe in my environment.

Just create a temporary task in a remote computer, for a specific user or group, run it, than delete the task.

I created a powershell script for it:

param (
    [string]$Computer = ($env:computername),
    [string]$User = "",    
    [string]$Command,
    [string]$Args
 )

$script_task = 
{

    param (
        [string]$User = "",
        [string]$Command,
        [string]$Args
     )

    #Action
    $Action = New-ScheduledTaskAction –Execute $Command
    if($Args.Length > 0) { $Action = New-ScheduledTaskAction –Execute $Command -Argument $Args}

    #Principal
    $P = New-ScheduledTaskPrincipal -UserId $User -LogonType Interactive -ErrorAction Ignore

    #Settings
    $S = New-ScheduledTaskSettingsSet -MultipleInstances Parallel -Hidden

    #Create TEMPTASK
    $TASK = New-ScheduledTask -Action $Action -Settings $S -Principal $P

    #Unregister old TEMPTASK
    Unregister-ScheduledTask -TaskName 'TEMPTASK' -ErrorAction Ignore -Confirm:$false

    #Register TEMPTASK
    Register-ScheduledTask -InputObject $TASK -TaskPath '\KD\' -TaskName 'TEMPTASK'

    #Execute TEMPTASK
    Get-ScheduledTask -TaskName 'TEMPTASK' -TaskPath '\KD\' | Start-ScheduledTask

    #Unregister TEMPTASK
    Unregister-ScheduledTask -TaskName 'TEMPTASK' -ErrorAction Ignore -Confirm:$false

}

#The scriptblock get the same parameters of the .ps1
Invoke-Command -ComputerName $Computer -ScriptBlock $script_task -ArgumentList $User, $Command, $Args

Usage example:

file.ps1 -User USER_NAME -Command notepad.exe -Computer REMOTE_COMPUTER
Cohosh answered 2/11, 2015 at 23:2 Comment(1)
If I try to open it in my own host, it says it's not in among the trusted hosts. You need to change powershell run policy. By default it doesn't allow run files.Hesse
T
1

I don't know of any way you can control another open cmd session. However, you should be able to use runas to run it as another user.

Tijuanatike answered 8/3, 2015 at 23:42 Comment(0)
E
1

This can be archived using Sysinternals tools from Microsoft. Beside running lists of commands and scripts remotely, they are useful for lot of things. As admin they had been my savior on multiple occasions.

#To run a command on single computer remotly
psexec \\RemoteComputerName Path_Of_Executable_On_Remote_Computer Argument_list

#To run a command on list of computers remotely.
psexec @Remote_Computer_list Path_Of_Executable_On_Remote_Computer Argument_list /AcceptEULA

#To run list of commands on list of remote computer. make sure you copy batch file before you run command below.
psexec @Remote_Computer_List Path_Of_Batch_On_Remote_Computer Argument_list
Eichmann answered 9/7, 2016 at 19:35 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.