1

I never really found an answer to this other than you can't do it (with runas).

What 'this' is, is, programmatically on a remote machine under a different AD account, stop, remove, create, and start a Windows service. We use trusted accounts not our personal user account to access servers (personal user accounts cannot have access).

Instead of remoting into the server and running the installer, or typing commands manually on the command line, I would like to programmatically accomplish this from an application running on my local machine (that I’m logged into) without having to enter the password.

Summary:

  1. Execute a Windows service stop, remove, create, and start on a remote system (Windows server 2012 R2) from Windows 10 local system.

  2. Trusted account (not personal login) has such permissions on the server (except remote login).

  3. The installer app has access to the trusted account password via login form on start up.

  4. Want to do this programmatically in C# or by spawning a process or command line with no user interaction (such as entering password manually).

Runas works fine (with the /netonly option) if I want to enter the password manually (an update means I have to enter the password each time for stop, remove, create, and start).

Otherwise, redirection, piping, or inserting into stdin fails with runas - even on the command line (assuming it bypasses stdin somehow.

I’ve also tried PsExec, but that works via remote login, which is a permission this trusted account doesn’t have. So far I don’t see the PsExec equivalent parameter of runas /netonly.

I’ve played with impersonation and calling sc, but that didn’t work either (no, sc doesn’t have a password command line parameter). I am willing to use Win32/pinvoke but am hoping I don’t have to.

Any ideas greatly appreciated.

  • Have you looked into `ServiceController` and `ServiceInstaller`? – NetMage Feb 24 '18 at 00:22
  • @NetMage: Thanks for the suggestion. ServiceInstaller is for local machine, and ServiceController is a p/invoke, which I hope not to have to use (team policy) but I suspect it uses remote login (wouldn't work). I'm hoping for a way around the runas password prompt/input barrier. At present I'm working on a solution where the app calls itself via runas, so you only enter password once, but it isn't elegant. –  Feb 25 '18 at 16:19
  • Why do you think `ServiceController` is p/invoke? It is a standard .Net class? – NetMage Feb 26 '18 at 20:00
  • I see an answer for another question on using P/Invoke for installation: https://stackoverflow.com/a/28288061/2557128 – NetMage Feb 26 '18 at 20:01
  • The .NET class ServiceController is for controlling already installed services not installing/creating them. At the time I wrote the comment I had a reference to a Win32 call, but have long lost it. I could have been mistaken. My issue was not being able to pass the password programmatically. It has to be manually entered. –  Apr 26 '18 at 20:17

0 Answers0