"Run As User logged in to console" doesnt work in K1000 5.4 SP1
We have quite a few scripts setup on our K1000 that, for various reasons, need to run as the user currently logged into the PC.
Since the 5.4 SP1 patch, its just stopped working.
When you run a script against a PC on the K1000 the script just sits there running and never ends or does complete "successfully" but just skips over the task that has the need to run as the logged in user.
I did some further investigating and it appears that in the patch they have modified the permissions on the downloads, scripts and kbots_cache folders in C:\ProgramData\Dell\KACE\ (and possibly others) so that the local Users group no longer has write permissions to these folders.
If you try to re-add the permission it appears the K1000 Agent (or something else) simply changes it back.
We even created a Group Policy to change the permissions but this only works 50% of the time as it gets changed back.
So why is this a problem? When you run a script as the logged in user everything the KACE agent does on the local PC is run as the currently logged in user (as with most companies our users dont have local admin rights) including the XML file into kbots_cache (what appears to the be the file that tells the KACE agent what to do) and the actual files that you need to run (normally in the downloads folder) as such the scripts fails with an access denied error as the user doesnt have rights to write to these folders.
Turning on the debug function in the KACE Agent shows exactly that, heres an error from the runkbot.log file:
[Mon Mar 25 09:21:57 2013] Kbot [157-1364174506r4] not found locally, downloading ... [Mon Mar 25 09:21:57 2013] DownloadFile: unable to create destination file: C:\ProgramData\Dell\KACE\kbots_cache\157-1364174506r4.xml.part Error: Permission denied [Mon Mar 25 09:21:57 2013] FetchAndWriteToCache: Kbot[157-1364174506r4] Download failed, error code = 99
Now correct me if I'm wrong, but doesnt this defeat the purpose of the "Run as user logged into Console" option?
The offical response from our local country KACE support is that the way it works now "is a bug fix".
Has anyone else come accross this issue?