7 Replies Latest reply on Sep 5, 2009 12:55 AM by ecoidan

    How to use startasuser.exe


      My environment is  management suit 8.7 sp6, and want to retrieve the members of local admin group. Though VBS and Powershell can do it, but maybe some client run personal firewall,and the wmi or ADSI failed, so I want to use LANDesk to do it, and I think startasuser.exe call a command line is the best method. I write a batch named test.cmd like below:

      startasuser.exe net localgroup administrators>c:\%computername%.txt

      Then create a task,call the batch file, but the task always failed,it's result is "Incorrect function", the log indicate that "processing of package is complete, result -2147024895 (0x80070001 - code 1)"

      why it failed? Is it right fotmat for startasuser.exe?

        • 1. Re: How to use startasuser.exe
          ahe Expert



          do you know this document?

          Running Commands as the Logged on User Using StartAsUser.exe




          1 of 1 people found this helpful
          • 2. Re: How to use startasuser.exe

            Yes,I followed the instruction in this document, it let me build a batch file to distribute,but failed yet.Is the batch file format right?

            • 3. Re: How to use startasuser.exe
              Jason SupportEmployee

              Run the batch file by hand from the directory it was copied to on the client.It should be ...program files\landesk\ldclient\your share\...\your cmdfile.cmd. Does it work? My guess is it is failing to run startasuser. There are 2 ways around this.


              1)  include startasuser as an additional file so that it is copied into the same directory as your batch file.

              2)   hard code the path to startasuser - by default it should be in %programfiles%\landesk\ldclient  (at least in 8.8 don't have an currently have 8.7 client up to verify path)


              Message was edited by: Jason

              • 4. Re: How to use startasuser.exe

                I found if I delete the output path, just execute startasusers.exe net localgroup administrators, it works. But I must collect the information of local administrators members. How to output the file contains the information?

                • 5. Re: How to use startasuser.exe
                  ahe Expert



                  this works for me on command line and as batch: "C:\Program Files\LANDesk\LDClient":


                  "%programfiles%\LANDesk\LDClient\startasuser.exe" net localgroup administrators >%temp%\%computername%.txt


                  I tried it as normal user and as local system... in batch and on command line...




                  • 6. Re: How to use startasuser.exe

                    I tested your script and it worked well, it seemed that must specify the explict path for startasuser.exe, but one question, the cmd can only store the result in local, not network location,can I use the LANDesk to transfer local file to a network location?

                    • 7. Re: How to use startasuser.exe
                      ecoidan Specialist

                      The end result of the info below will create a registry key called "Administrators" under the "Custom Fields" section. As you know anything under that sections goes into your inventory. You then can build queries and whatever you want against that data. All users listed in the Administrators group will be listed in that registry key called Administrators. Also, this key updates everytime someone logs in. Below are the steps to make that happen.


                      1. Users must be able to write to the "Custom Fields" registry, you'll need to grant them rights. Get a copy of setacl.exe and drop it into the Windows folder. Then push this script to the machine.



                      Set WSHShell = CreateObject("Wscript.Shell")
                      WINDIR = WSHShell.ExpandEnvironmentStrings("%WINDIR%")

                      WSHShell.run WINDIR & "\setacl.exe "&chr(34)&"MACHINE\SOFTWARE\INTEL\LANDesk\Inventory\Custom Fields"&chr(34)&" /registry /grant Users /full",0,True

                      Now the user has rights.



                      2. You need a script to gather the members from the local Administrators group. take the script below and save it in the windows directory, call it syschk.vbs. Please note that there is a xSkipUser section and any username listed there will be filtered out of the Administrators registry key.



                      On Error Resume Next

                      Dim xSkipUser(6)
                      xSkipUser(6)="domain admins"

                      Set WshNetwork = WScript.CreateObject("WScript.Network")
                      Set WSHShell = CreateObject("WScript.Shell")
                      xstrComputer = WshNetwork.ComputerName

                      Set AMembers = GetObject("WinNT://" & xstrComputer & "/Administrators,group")
                      For Each M In Amembers.Members
                        For N = 1 to 6
                         If LCase(M.name) = xSkipuser(N) then
                          exit for
                          end if
                      If Z=false then xUsersA = xUsersA & "," & M.name
                      xCountA = Len(xUsersA)
                      xUsersA1 = Right(xUsersA, (xCountA-1))
                      WshShell.RegWrite "HKLM\Software\Intel\LANDesk\Inventory\Custom Fields\Administrators", xUsersA1, "REG_SZ"



                      3.  Add it to the RUN section of the registry so it runs at every login Just create the key below


                      Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

                      Key: !SYSCHK  (whatever you want to call it)

                      Value: c:\windows\system32\wscript.exe c:\windows\syschk.vbs

                      Type: REG_SZ



                      Thats it... Enjoy...