Run script / alert as User

Is there any way to run a script or an alert check as a User? Either the currently logged in user, variable, or specified would be very helpful. There are certain applications and scripts that can’t or shouldn’t run under System. I know when we evaluated Syncro they had this option, although imo SimpleHelp is a much better product it sure is a very handy feature.

Thank You,

Yes we had problems with that when installing fonts for some reason

You can , but you would need to know the username and password of the user, or just the password.
Then use runas or use powershell and impersonate that user.

You can get the currently logged in user via powershell
query user /server:$SERVER

An example:
$username = ‘user’
$password = ‘password’

$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Process Notepad.exe -Credential $credential

If I am not understanding the problem correctly please let me know. Otherwise hopefully that will help or give you an idea.

This would be a really great feature, and I’d request this.

It would be extremely useful to present pop ups to a specific user and get them to agree to some automated action.

Onedrive is an increasingly important thing for me, and being able to reset and restart OneDrive when it goes wrong would be great.

Some RMMs do this (I also use CW Automate and NinjaRMM) - but I’m not actually sure how they achieve this. One idea would be to get the current user, create a scheduled task for that user and run it, then remove the scheduled task. This sounds a bit convoluted.

Or maybe the agent runs in the system context and also in the user space, so the agent can easily decide under which context to run a particular command?

I re-read this and also wanted to note that you can prompt the user using the Toolbox scripting API:

1 Like

So i finally got around to testing this and have ran into an issue because the SYSTEM account can not initiate impersonation

Start-Process : This command cannot be run due to the error: Access is denied.

I have set a field for localuser and localuser.password in my SH console settings (the pencil) and it pulls the username and password from those fields

Here’s the toolbox:

$username = “ServerUtilsGetMachineProperty(@ThisMachine(),localuser)”
$password = “ServerUtilsGetMachineProperty(@ThisMachine(),localuser.password)”

$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
Start-Process %windir%\system32\notepad.exe -Credential $credential

References I found to this error:
Powershell Start-Process : This command cannot be executed due to the error: Access is denied - Stack Overflow

active directory - Which AD permission is required to allow impersonation of an account? - Server Fault

[Aside] Ohh that’s telling…Microsoft locked this topic even though none of the “hates” discussed have been resolved :wink:

How do I properly express that I hate OneDrive

So i was never able to figure out a way to do this as SYSTEM can not impersonate a user, I tried doing it via Psexec but that too can’t run as a user from system. The only kinda work around is to use psexec with the -i (interactive flag) That runs the script as the current logged in user. Really clunky, not ideal and requires psexec (and that to be whitelisted by AV) but it does work. Hopefully someone can do better or maybe add this as a native feature in SH as several other RMM’s have a checkbox that does this. Either way till then maybe this will help someone out:

So I have it set to pull from the Machine Properies (pencil) the runfile. I just put ex c:\scripts\runmeasuser.bat in that field.

You could also set $runfile =“c:\temp\script.exe”

New Toolbox -> Script -> Powershell

$runfile = “ServerUtilsGetMachineProperty(@ThisMachine(),runfile)”
Start-Process “.\PsExec64.exe -accepteula -i $runfile”

You could also have it pop-up and ask what file to run in SH interactively

Display form

ServerUtilsAskTech(Run file as current logged on user,title)
$runfile = “ServerUtilsAskTech(App or Apps to install or update,text,c:\temp\file.exe ,required)”
Start-Process “.\PsExec64.exe -accepteula -i $runfile”

To make sure the Devs see this, make sure to submit this as a feature request to Simple-Help support as they don’t actively monitor the forums.