Has anyone had issues getting scripting to run as a specific user? I’ve tried both PowerShell scripts using “Run Powershell Script” and batch files using the “Run…” task types, and in both situations my scripts are still being run as the service user, despite “Local (as specific user)” being selected and Credentials being correctly set up and selected. I’ve resorted to changing user the service runs as, but this isn’t ideal.
Hi, the local system user does indeed run the script but if impersonation credentials are provided then these are used to wrap the logon context that the process uses.
Are you using a local windows user account or a domain user?
Also can you specify what type of thing is failing (file access, process access etc) and what technique you are using to identify the user. Different techniques will report different things while running under an impersonation context.
I’m trying to use a a local windows user account.
I first noticed when trying to launch a program using a batch file (notepad used as example & for testing):
start “” “C:\Windows\System32\notepad.exe”
It launches the program, but it’s running as SYSTEM when I look it up in Task Manager, but I need it to run as the specified local user. I also tried the following Powershell script but got the same result.
Start-Process -FilePath “C:\Windows\System32\notepad.exe”
To simplify testing, I wrote both a batch and powershell script that log the username to file. I setup a Deployment Task of Task Type “Run…” for the following cmd file:
set date=%date%
set time=%time%
echo %date% %time% >> %~dp0%UserLogCmd.txt
echo %USERNAME% >> %~dp0%UserLogCmd.txt
echo. >> %~dp0%UserLogCmd.txt
I also setup a Deployment Task of Task Type “Run Powershell Script” for the following ps1 file:
Add-Content -Path .\UserLogPowershell.txt -Value (Get-Date)
Add-Content -Path .\UserLogPowershell.txt -Value $env:UserName
Add-Content -Path .\UserLogPowershell.txt -Value “”
For both Deployment Tasks, I have Authentication set to “Local (as specific user)” and select credentials. But when I test these deployment tasks, it always writes MYMACHINENAME$ to the respective log file.
I’ve tried pretty much everything with the credentials, too. For Domain I’ve tried leaving it blank, using the machine name, using the workgroup name, using a single period, etc. I’ve also tried everything with the Username field: MyUsername, MYMACHINENAME\MyUsername, MYWORKGROUPNAME\MyUsername, .\MyUsername. I’ve also tried all the Impersonation LogonType for the Powershell script.
Even with all these permutations, it always logs MYMACHINENAME$ as the running user, and/or the target process is run as SYSTEM when viewed in Task Manager.
It’s also worth noting that I don’t get any errors when using an intentionally incorrect credential when using “Run…” to execute my cmd file. The deployment task completes with no errors.
I do get errors with “Run Powershell Script” using incorrect credentials, though.
The impersonation doesn’t load the user profile, so environment variables will be as Local System
Try these:
$env:UserName
[System.Security.Principal.WindowsIdentity]::GetCurrent().Name