RunAsEx

Execute program under other logon as

Related Topics Link IconRelated Topics

Definition

Executes an application using an account other than the currently logged on user account. This ensures, for example, that an application can be executed with more permissions than the current logon allows.
In contrast to RunAs the command RunAsEx additionally allows you to specify a return value which can be processed subsequently in the eScript.

Settings

Input

  • Executable
    Name of the application to be executed.

    Without specifying a path, DSM can only find the file, if it is located in the package directory, or if the path is included in the Windows PATH environment variable.
    Therefore, always enter the path to avoid problems when executing the script.

  • Parameters
    These parameters are transferred to the application
  • Variable name for returncode
    Enter a variable name if you want to continue processing the result of the executable file. This entry is optional.

Account

  • Use this account
    The application is executed using the account information entered.
    User name: The user account under which the application is to be executed.
    Data can be input as follows:
    <Username>
    <Domain>\<Username>
    Password: The password for the selected user account
  • Use DSM account
    The application is executed using one of the configured DSM accounts. The account will be automatically determined according to the following rules:
    • If the option Log on for network only is selected (see below), the User Account for Depot Access will be used. If this account is not configured, the logged-in user's account is used instead.
    • In all other cases, the user account for the DSM Runtime Service will be used. If this account is not configured, the account is used instead under which the ServiceInstaller is running..
  • Use local system account
    The application is executed under the local system account.
  • Use the logged on user
    The application is executed under the account of the currently logged-on user.

    If this option is used in the context of the Service (i.e. a DSM service account is currently logged on), the execution is different from the interactive logon via the option Use DSM account: When running in the context of the Service the user always has full rights, while an interactive logon is controlled by the User Account Control (UAC).

Do not run as administrator 
With the User Account Control (UAC) activated, RunAsEx always executes the application as an administrator, unless this option is enabled.
Activating this option can be useful, for example, if a certain website is to be opened and you want to prevent that this happens with administrator privileges.

If this option is activated, it is always applied, even if the logged on user is actually an administrator. This behavior is different to previous versions of the command without this option.

Logon options

  • Log on without profile

    The user profile is not loaded. No changes are written into the user profile after the application has been executed.
  • Log on with profile

    The user profile is loaded. Changes are written into the user profile.
  • Log on for network only
    The application is executed using the current user account. The specified user account will only be used for access to the network, i.e. a logon session is opened under the specified user account.

Options

Wait options

  • Wait for execution
    The package is only resumed when the application has been terminated.
  • Max wait time [min]
    The package is resumed after the amount of time entered, even if the application has not yet been terminated.
    The minimum wait time is one minute (even if "0" is specified).

Create Application Window

  • Normal mode/ Minimized Hidden
    The application window of the executed program is displayed (Normal mode), is visible only in the task bar (Minimized) or is not visible at all (Hidden).
  • Disable file direction on x64 machines
    For reasons of compatibilty, Ivanti DSM maps file and registry access to the default storage location for 32 bit applications (provided that the storage location differs from that of 64-bit applications). File access: whenever a 32-bit application attempts to access %windir%\System32, the access is redirected to %windir%\SysWOW64. Registry commands: when accessing HKEY_LOCAL_MACHINE\SOFTWARE the calls are redirected to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node. The x64-switch stops this redirection of file and registry accesses when running the script command on a x64 computer; the eScript command runs on the specified path. CallScript command: the script runs in a 64-bit process.
  • Do not log command line parameters
    The command or the variable will not be written in the log file. This option prohibits e.g. an installation parameter or the password from being displayed in the log file.

Action on Error

  • Continue execution of package
    Package is resumed with the next command.
  • Abort execution of package and calling package
    Package execution is canceled. If the package was launched as a component of a Software Set or with the command CallNIProc, the calling package will also be canceled.
  • Abort execution of package, continue calling package
    Package execution is canceled. If the package was launched as a component of a Software Set or with the command CallNIProc, these packages will be continued.
  • Stop execution of package, and notify as 'failed'
    Package execution is canceled. The compliance status of the associated policy instance turns red.