• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    PDQ Deploy run as logged on user, how the hell? :)

    Scheduled Pinned Locked Moved Unsolved
    Windows Problems
    3
    3
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • x23piracyX
      x23piracy
      last edited by x23piracy

      Hi,

      @bob-henderson @PDQ guys how do you realize with your lovely pdq deploy to run a process as logged on user?
      Is it possible to show me the magic?

      I have the following problem, printserver with pdfcreator 1.7.3 running as service, when someone prints a pdf it will directly placed on a client computers share, after this i like to run acrobat reader under the users context with the current created pdf file.

      Therefore i need to run the process under the current logged on user context, how can i realize this?

      Regards X23

      ║▌║█║▌│║▌║▌█

      1 Reply Last reply Reply Quote 1
      • B
        Bob Henderson
        last edited by

        @x23piracy USually you’d need to have PDQ fire off a powershell that then calls the installer and such and use the runas option there. PDQ runs as the deployment account to my knowledge

        1 Reply Last reply Reply Quote 0
        • J
          Joe Schmitt Senior Developer
          last edited by Joe Schmitt

          @x23piracy a windows service can impersonate one of the logged in users without their password. Essentially the service grabs a process running as the user you wish to impersonate, and obtains a handle on the process’s access token (OpenProcessToken). The service then needs to duplicate the token so it can “impersonate” the user without affecting the process we lifted the token from (DuplicateToken), activate that token, and then perform the work. Finally the token handle must be closed.

          Its a pretty win32 api heavy approach. The client does not use this technique as there is no guarantee a user is logged in at any given point.

          TL;DR: grab an existing process running as that user, and perform multiple win32 API calls to impersonate that user.

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          1 Reply Last reply Reply Quote 1
          • 1 / 1
          • First post
            Last post

          218

          Online

          12.0k

          Users

          17.3k

          Topics

          155.2k

          Posts
          Copyright © 2012-2024 FOG Project