KACE Product Support Question

Run script as user at login

09/09/2015 3852 views
Is there any way to have a script run as the user at login? Using an offline kscript runs at login time, but as the system user. Running on online script allows it to run as logged in user, but has no option to run at login.
0 Comments   [ + ] Show comments


Community Chosen Answer

My thinking is that you utilise the scheduler on the machine to run your script once a month when the user is logged in.  I don't know whether it is vital to run your script as the user logs in or whether you could set a runtime such as 10am.  If it is important to run the script as the user logs in then it could be accomplished by using the scheduler to write a file somewhere where the user has full rights, and then having a task run at every login which does the following:

1. Check for flag file - if it does not exist then terminate script
2. If flag file exists, run script then delete flag file.
Answered 09/09/2015 by: EdT
Red Belt

  • You mean the Windows Task Scheduler, and use kbox to push the batch file with the flag file and job run info to where the user has rights, then add the HKLM key for the task scheduler task to run at "any user logon"? That might be pretty slick.
    • This content is currently hidden from public view.
      Reason: Spam For more information, visit our FAQ's.
  • good idea! you can create a task in task scheduler via a kscript with triggers to run at log on and run daily with a recur of every 30 days
    • Hmmm ... new wrinkle with Windows task scheduler. If I set up the task as admin, I can set the trigger to begin the task at log on of any user. However, in the General tab under Security Options, I have to choose a specific account. I may be able to use the %username% variable in the task file under C:\Windows\System32\Tasks, but I'm not sure if that will be recognized. Will test ...
      • Argh. I've exported the reg settings and the file in the tasks folder, then added them to my script. When I push the script, it gets stuck in the "running" status.

All Answers

The only way I think you could do this easily is use a script to modify the users HKCU\...\run or runonce registry key to add the command you want to run so the next time they login the run key will execute.
Answered 09/09/2015 by: SMal.tmcc
Red Belt

  • the big problem I see if you only want this to run once a month you would need sort sort of a check like file modified after a certain date or some fake registry key you can read but you would have to update this monthly to look for something like that so it only runs once a month
It's not clear whether you want to run the script EVERY TIME the user logs in, or just the first time the user logs in.  The answer above caters for running the script every time - as would inserting the script as a logon script centrally.  If you want just a single run, then active setup would be a better choice.
The one issue I see with SMal.tmcc's suggestion is that you have to be able to target the user registry of the user logging in, and this is tricky to achieve, but possible if the user profiles are held locally. With roaming profiles, it gets much trickier.
Answered 09/09/2015 by: EdT
Red Belt

  • OK. In this case, I want to have it run one time monthly per user. User schedules are vastly different here, so selected times won't work well. It requires user interaction, so that's why it needs to run as user. As far as the HKCU reg key, I don't know of a way to use environment variables like I can for Windows Explorer.
  • By the way, we're in AD, so a gpo login script is possible, but it will require it's own type of babysitting to run at the schedule I want.
  • to target the users registry you run a kscript as all logged in users with a monthly cron setting. also since you did not give enough detail. You can target the runonce key to make it run only once. This only works with local users profiles not roaming.
The once a month requirement was not mentioned in your original posting, so in order to make sure we are fully briefed, what exactly does your script do?
Answered 09/09/2015 by: EdT
Red Belt

  • The script opens Identity Finder and runs a scan. At the end of the scan, a results window pops up so users can remediate results.

    The monthly schedule is kind of a side issue (I think). Did that schedule catch your eye for some reason?
    • yes the schedule makes a big difference on the approach.
See how much time could be saved if all the necessary information was provided up front......:-)
Answered 09/09/2015 by: EdT
Red Belt

  • Wellllll ... I submitted the level of detail that I thought was necessary because I thought there might be an option in the kbox scripting page that I was missing. If that had been the case, the first response something like "Do you see this checkbox" probably would have been the end of the thread. But after we were able to rule that out, the followup questions helped lead us toward a solution, so I appreciate the time and effort that you all put into your responses.

    I hope that doesn't sound rude. It's just that hindsight is 20/20, so it isn't always easy to know which information is relevant until the thread gets going.
    • I was mostly making the point for the benefit of the many who will read this thread and may post in the future. I'm sure all of us who respond to user questions will agree that too much information is never a bad thing, and we encourage all posters to include as much information as possible. There are many very experienced people who post here, who are often able to come up with a totally different solution to a specific problem if the details are known. In your case, the key differentiator to a "run of the mill" problem was the monthly scheduling requirement, which is not a standard feature in the distribution systems I am familiar with. Doing something to a user profile at login or application startup is a very common requirement for which there are several solutions with different benefits. Doing it every month, however, is a long way from the standard solutions.
      • I agree with the general philosophy, but in this case I posted this as a question specifically about the K1000 device and hoped to get an answer about a K1000-specific feature. If there had been a checkbox or other option on the K1000, that would have been my answer. There wasn't one, so you asked the next relevant question and that helped lead (hopefully) to a fix.

        It's nice to think that we could post the perfect question that would receive the one perfect answer, but everyone has a different level of experience with different equipment/services/etc. Sometimes there has to be some back and forth.
>Argh. I've exported the reg settings and the file in the tasks folder, then added them to my script. When I push the script, it gets stuck in the "running" status.

Can you share the script with us?  My guess would be that the script additions you have made are not "silent" and a dialog box is being displayed in the context of the system account but as it cannot be seen, it is "stuck" awaiting a response.
Looking in Task Manager for system tasks appearing when your script runs, and not disappearing might point to exactly where the problem lies.
Answered 09/10/2015 by: EdT
Red Belt

  • Thanks, Ed. I've started to test a gpo with item level targeting, so if that works I'll probably go that route since it may be easier to maintain than I thought before. In short, if nothing below jumps out at you, please don't spend much time on it.

    But just in case, the script is below. It's just adding reg entries and unzipping the task file to the system Tasks folder. It's set to run as system, and I've tried as both Online and Offline kscripts. Those don't require a prompt and I have other scripts with reg keys or unzip that work as they should, although none with this many entries in a single task. I'm not getting any event viewer errors and the kbox agent scripts folder is empty. The kbox user log does contain this error:
    [2015-09-10.17:01:17][KDeploy:GetIdOfActiveUser ] GetIdOfActiveUser: SECURITY_LOGON_TYPE: 11(183) Cannot create a file when that file already exists.

    On Success

    Set “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C525FFC6-9C44-4675-B277-DB242309CF90}!Path” to “\Identity Finder Scan”.
    Set “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C525FFC6-9C44-4675-B277-DB242309CF90}!Hash” to “hex:a6,e5,d8,f3,84,ce,eb,e5,e6,10,0a,c7,fe,4d,3d,a7,22,77,7d,c3,1b,1b,\ 88,39,62,9d,e1,9d,63,9f,4a,67”.
    Set “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C525FFC6-9C44-4675-B277-DB242309CF90}!Triggers” to “hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,38,21,41,00,48,48,48,48,25,16,fd,25,48,48,48,48,00,48,48,48,48,48,48,48,00,48,48,48,48,48,48,48,01,00,00,00,48,48,48,48,1c,00,00,00,48,48,48,48,01,05,00,00,00,00,00,05,15,00,00,00,16,38,86,14,d8,f9,7a,fd,30,a8,7a,8e,ff,7d,12,00,48,48,48,48,10,00,00,00,48,48,48,48,41,00,44,00,5c,00,72,00,61,00,74,00,68,00,00,00,38,00,00,00,48,48,48,48,00,00,00,00,ff,ff,ff,ff,80,f4,03,00,ff,ff,ff,ff,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,aa,aa,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,69,00,63,00,65,00,3a,00,00,00,00,00,00,00,01,48,48,48,48,48,48,48”.
    Set “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C525FFC6-9C44-4675-B277-DB242309CF90}!DynamicInfo” to “hex:03,00,00,00,6c,e7,38,79,ce,eb,d0,01,fd,ff,02,bc,ce,eb,d0,01,01,13,04,00,00,00,00,00”.
    Set “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Identity Finder Scan!Id” to “{C525FFC6-9C44-4675-B277-DB242309CF90}”.
    Set “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Identity Finder Scan!Index” to “00000002”.
    Unzip “$(KACE_DEPENDENCY_DIR)\Identity Finder Scan.zip” to “C:\Windows\System32\Tasks”.
At first glance, it looks to me that the format of the registry data you are using might be incorrect.
You should export an existing key from under \Tasks\...   and have a look at the exported file.
For example, single backslashes become double backslashes when exported as a .reg file
Also, hex values are not expressed in double quotes.
So I suspect that the script is throwing up error messages and halting execution.
I don't know if the GPO scripting allows piping of any messages to a text file, but that would give you a clue if any error messages are being raised.
Answered 09/11/2015 by: EdT
Red Belt

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ