Unable to run external program exe's

15 Feb 2007 4:50 PM

Taps

Hi,
Wanted to deploy a console application and give it the least amount of
privileges to run successfully.

It calls some other 3rd party programs like gpg.exe, wsftppro.exe.
These programs are all installed on the machine. The console app
calls these programs fine if I use my credentials (Admin). However if
I use another userid (which is not an admin), these exe's fail to
run. I am running this console app. with this new userid.

Even a power user did not help. So the question is what security
permissions does this userid need to have to be able to run these
installed programs.

Thanks.

Taps.

15 Feb 2007 7:13 PM

CynicalIrony@gmail.com

Taps, you may want to try giving the "everybody" group specific
permission to run these exe's. However, there could be a lot of
security variations for this. The key questions I would have to ask
are, what OS are you running? How is your app running? (I.E., you can
specify if you want it to run from a system account (Local System,
Etc.) or use the current credentials of the person) You said this is a
console app, by console are you stating it is a command line, or is
this a WinForm app? I know there are some security deviations when
running from the console when running from XP or Server 2003. I can't
pinpoint what those are at this time though.

I would personally start by giving the user in question full privs to
the folder and apply them to all items & subfolders, then slowly
remove privs until you can narrow down what is exactly needed to
execute the applications needed.

Randy

15 Feb 2007 8:42 PM

Taps

The present OS is windows 2000. But the production is windows 2003.
The app. is a console app - just a plain exe. In the end, this will
run as a scheduled task from the task manager (there you can set the
user you want to run this exe as). This is not a winforms exe.

16 Feb 2007 2:48 PM

CynicalIrony@gmail.com

If you're going to have a schedule on it, why not make it a system
service? From that level you can have it run what ever you need to
running as the system account, just make sure you specify it can
interact with the desktop. ;)

Luckily the security schemas, to my understanding and experience, are
pretty similar on 2K and 2K3. Are you testing this from scheduled
tasks or are you running it directly? If you are running it directly,
try setting it up like you would have it in production. I know you are
trying to find the reason things are not executing, but if you can
narrow down when and where this happens (Running Directly, running on
Scheduled Tasks, or both) it may shed some light on the cause of the
permission issues.

Randy

1 Mar 2007 8:36 PM

Taps

Thanks Randy for your input. I ended up by making the EXE run under a
scheduled task. The good thing about that is, when you create a
scheduled task, the system asks you for the userid you want to run
this job as. In regards to the other problem of successfully calling
the 3rd party programs, initially I was assigning a userid/password to
the Process object. I removed that code, and I am letting the system
handle that. I am guessing the system will run these outside exe's to
run with the given userid. Or it may be running with the SYSTEM acct,
I don't know.

Taps.