Opened 11 months ago
#534 new defect
#131 Runas does not work when NSClient runs under Local System Account
|Reported by:||mopp||Owned by:||mickem|
I didn't find a documentation regarding the new runas function from #131, so I might did something wrong.
My sample entry:
command=cmd /c "dir c:\"
The password is correct, if I use the wrong password I get this error message:
ExternalCommands?: failed to create process (cmd /c dir c:"): 1326: Logon failure: unknown user name or bad password.
But with the correct password the following message is shown.
ExternalCommands?: failed to create process (cmd /c dir c:"): 5: Access is denied.
The problem occurs with every command.
I think it is the same problem as the PSExec return code 5 problem described here: http://forum.sysinternals.com/psexec-error-code-5_topic20674.html ("Windows XP with SP2 and Windows Server 2003: You cannot call CreateProcessWithLogonW from a process that is running under the "LocalSystem?" account, because the function uses the logon SID in the caller token, and the token for the "LocalSystem?" account does not contain this SID. As an alternative, use the CreateProcessAsUser? and LogonUser? functions.")
Everything works if I run "nscp test", because it runs in a different (non system account) user context.