Execute program at user login as admin automatically - how?

[Hombre]

I'm looking for options to run a program *automatically* after a user
logs in, *with admin rights*.
The same as putting a shortcut to Startup folder or adding a registry
entry under HKLM/Software/Microsoft.../run or a few similar places that
are usually used for this purpose.
****but the program has to run under account with admin privileges****.

This program can't be started at computer boot time (too early),
so using group policy wouldn't work for me, either using startup or
logon scripts.

So far the only option I see is to set up a scheduled task to execute at
logon time, but it doesn't quite work the way I want.

Are there any other options for Windows 2000?
Are there any other options for Windows XP?

TIA!

 

[KenW]

I'm looking for options to run a program *automatically* after a user
logs in, *with admin rights*.
The same as putting a shortcut to Startup folder or adding a registry
entry under HKLM/Software/Microsoft.../run or a few similar places that
are usually used for this purpose.
****but the program has to run under account with admin privileges****.

This program can't be started at computer boot time (too early),
so using group policy wouldn't work for me, either using startup or
logon scripts.

So far the only option I see is to set up a scheduled task to execute at
logon time, but it doesn't quite work the way I want.

Are there any other options for Windows 2000?
Are there any other options for Windows XP?

TIA!

You can use Run these programs at user logon policy located in User
Configuration\Administrative Templates\System\Logon/Logoff, see
http://msdn2.microsoft.com/en-us/library/ms811978.aspx for details. To
run program under local administrative context you can use run as
command, see http://support.microsoft.com/kb/225035

 

[Herb Martin]

I'm looking for options to run a program *automatically* after a user
logs in, *with admin rights*.
The same as putting a shortcut to Startup folder or adding a registry
entry under HKLM/Software/Microsoft.../run or a few similar places that
are usually used for this purpose.
****but the program has to run under account with admin privileges****.

This program can't be started at computer boot time (too early),

Too early for what? How about delaying it to run AFTER boot time?

What are you really trying to accomplish? (Rather than how you think
to do it.)

so using group policy wouldn't work for me, either using startup or
logon scripts.

Sure it will. Run a logon script that first checks for "group" membership,
such as with "IFMember".

http://www.microsoft.com/downloads/...d7-815e-4fa0-9043-4e4635ccd417&displaylang=en

So far the only option I see is to set up a scheduled task to execute at
logon time, but it doesn't quite work the way I want.

What is the problem with that?

Are there any other options for Windows 2000?
Are there any other options for Windows XP?

Again, it might be best to explain the real goals and let us try to find a
direct
solution -- or at least understand the constraints from the start...

 

[Hombre]

Too early for what? How about delaying it to run AFTER boot time?

What are you really trying to accomplish? (Rather than how you think
to do it.)


Sure it will. Run a logon script that first checks for "group" membership,
such as with "IFMember".

http://www.microsoft.com/downloads/details.aspx?FamilyID=07c2f6d7-815e-4fa0-
9043-4e4635ccd417&displaylang=en

What is the problem with that?


Again, it might be best to explain the real goals and let us try to find a
direct
solution -- or at least understand the constraints from the start...

Thank you for the two replies.
I did not state that the user account is not a member of Administrators
group (i.e. used for day-to-day work)
(obviously, otherwise Startup or Run registry key would work with no
problem).
The program I'm trying to execute is a hardware monitor (monitor cpu
temperature and so on).
It needs some rights that members of User group do not have in Windows 2000.
Maybe there is an easy way to add these rights to Users group, and that will
solve the immediate problem.
But even in that case, I guess the question I asked is useful for other
purposes.

The suggestions so far will not work for me.

Run As will not work because it does not achieve *automatic* execution.
I'd have to manually type in the password in that case (I know the password
BTW).

System-wide logon script does not work because the program does not start
correctly.
It needs to interact with user desktop and I guess that can only happen
after the user logs in.

User logon script doesn't work because the user is not a member of
Administrators group.

Any other suggestions?

TIA!

 

[Herb Martin]

Thank you for the two replies.
I did not state that the user account is not a member of Administrators
group (i.e. used for day-to-day work)
(obviously, otherwise Startup or Run registry key would work with no
problem).

Then what identifies this account? What about it is distinctive? You said
logs in with "admin rights" -- which rights specifically?

You could always check for the ACTUAL user name if it is only one
account and it wouldn't matter what groups it was contained within.

Or you could make up an "artificial group" and place this (and other
users') account in this group so that checking is possible based on a
group.

The program I'm trying to execute is a hardware monitor (monitor cpu
temperature and so on).
It needs some rights that members of User group do not have in Windows
2000.
Maybe there is an easy way to add these rights to Users group, and that
will
solve the immediate problem.
But even in that case, I guess the question I asked is useful for other
purposes.

IFMember or checking the user name explicitly are both trivial solutions to
everything you have asked so far. Running it as part of the system should
as a logon script should work too based on what you have so far offered.

The suggestions so far will not work for me.

Why not? IfMember GroupThatChecksHardware works just fine.
Or If %username%==UserForHardwareCheck

Run As will not work because it does not achieve *automatic* execution.
I'd have to manually type in the password in that case (I know the
password
BTW).

Batch files can be submitted under arbitrary user names (by actual admins)
with the
credentials securely stored in the registry of the machine.

System-wide logon script does not work because the program does not start
correctly.

Why not? Does it interact with the Desktop? That can be overcome usually
or
perhaps a different (command line) program used.

It needs to interact with user desktop and I guess that can only happen
after the user logs in.

Not necessarily. Even services can interact with desktop under some
situations
if properly set up.

User logon script doesn't work because the user is not a member of
Administrators group.

Scheduled task with a particular user and the flags set to interact with
desktop.

It sounds like what you are REALLY trying to do is to run an interactive
task
while one user is logged on, but run it as another particular user.

You can save a lot of your time (and ours) if you specify the actual goals
rather
than some partially complete intermediate idea....

 

[Pegasus \(MVP\)]

http://www.microsoft.com/downloads/details.aspx?FamilyID=07c2f6d7-815e-4fa0-

Thank you for the two replies.
I did not state that the user account is not a member of Administrators
group (i.e. used for day-to-day work)
(obviously, otherwise Startup or Run registry key would work with no
problem).
The program I'm trying to execute is a hardware monitor (monitor cpu
temperature and so on).
It needs some rights that members of User group do not have in Windows 2000.
Maybe there is an easy way to add these rights to Users group, and that will
solve the immediate problem.
But even in that case, I guess the question I asked is useful for other
purposes.

The suggestions so far will not work for me.

Run As will not work because it does not achieve *automatic* execution.
I'd have to manually type in the password in that case (I know the password
BTW).

System-wide logon script does not work because the program does not start
correctly.
It needs to interact with user desktop and I guess that can only happen
after the user logs in.

User logon script doesn't work because the user is not a member of
Administrators group.

Any other suggestions?

TIA!

You can use KenW's runas option if you use a variant that allows
you to supply the password:
http://www.joeware.net/win/free/tools/cpau.htm
www.robotronic.de/runasspcEn.html (takes the password from an encrypted
file)

You need to be very careful to prevent an obervant user from
hijacking your script and using it for his own ends.