0

I'm trying to create a scheduled task with privileges in my NSIS script.

Using this command:

schtasks /create /ru "NT AUTHORITY\SYSTEM" /SC ONSTART /RL "HIGHEST" /TR "C:\Program Files (x86)\MyProgram\MyProgram.exe" /tn MyProgram.Kickstart

From cmd.exe with privileges I managed to do it, but now I need to let the NSIS script doing it. Reading the documentation and the internet I've found this command:

;   ........
Section
    ExecShell "runas" "myprogram.bat"
SectionEnd
;   ........

where "myprogram.bat" is the bat containing the command, but I've also tried to put the schtasks in it. Currently it seems that no batch runs, even if I have this log:

Processing script file: "C:\Foo\prova.nsis"
OutFile: "C:\Foo\testnsis.exe"
Section: "TestFST"
ExecShell: runas: "C:\Foo\kickstart.bat" "" 
SectionEnd

if I add 2> kickstart.log in bat and I execute it outside NSIS, i get the log filled as expected, but nothing from the script.

Also consider that, for sake of simplicity and testing purposes, I've wrote a very basic script launched from powershell:

# Powershell
makensis.exe /O"C:\Foo\prova.log" "C:\Foo\prova.nsis"

; NSIS
OutFile "C:\Foo\testnsis.exe"

Section TestFST
    ExecShell "runas" "C:\Foo\kickstart.bat"
SectionEnd

and I might missing something, since I'm completely new to this. What am I missing?

IssamTP
  • 2,408
  • 1
  • 25
  • 48

1 Answers1

0

You should use full paths everywhere. When elevating the current directory is often set to the system32 directory and 2> kickstart.log would write there.

ExecShell works fine for me:

Section
InitPluginsDir
FileOpen $0 "$PluginsDir\Test.cmd" w
FileWrite $0 "@echo off$\r$\n"
FileWrite $0 "echo Hello World$\r$\n"
FileWrite $0 'call whoami /groups | find "1-5-32-544"$\r$\n'
FileWrite $0 'echo Log test string > "%temp%\test.log"$\r$\n'
FileWrite $0 "ping -n 42 localhost > nul$\r$\n"
FileClose $0
ExecShell "runas" "$PluginsDir\Test.cmd"
SectionEnd

That being said, the runas verb has some issues and if you know you are always going to perform elevated tasks then your installer should also request elevation (RequestExecutionLevel Admin).

Anders
  • 97,548
  • 12
  • 110
  • 164
  • I'm not completely sure about it, but I think that the main installer has full privileges. – IssamTP Jun 23 '21 at 14:54
  • If the installer is elevated (UAC dialog) then you don't need "runas" at all in the script. – Anders Jun 23 '21 at 14:55
  • Well, I added the function as mentioned in the question that you linked, modified the 2> path, but I still get no error and no result. Thi is little disappointing (BTW I've already read your answers) – IssamTP Jun 23 '21 at 15:08
  • What happens if you copy my code from this answer, do you see Hello World in the terminal? – Anders Jun 23 '21 at 15:11
  • You know, sometimes one simply needs some (long) vacations... Accepted. – IssamTP Jun 23 '21 at 15:22