Start a program from command line for another logged in user

command-line-interfacewindows-server-2008windows-terminal-services

We have a Windows Server 2008 machine running Terminal Services. When users login, a custom program is launched and resides in the system tray that gives them some customized hotkeys for our company.

When we need to update this program, we have to close all copies of the program from all sessions before the new version will actually take effect (more info here). I can end the process for all sessions easily with Taskkill, but I want to know if there's an easy way to restart the process for all sessions afterwards.

I do have access to the administrator account, but I do not have access to any other user passwords.

Is it possible to start a program from command line for another logged in user?

Best Answer

No. Windows does not offer the type of user impersonation capability you're asking about here. There's no sudo equivalent, or even approximation in Windows.

I can't find the document or article at the moment, but not allowing sudo-style user impersonation functionality in Windows was a deliberate design decision way back in the earliest days of the NT kernel, and as a result, we're very much stick with it. (There aren't even any clever workarounds or hacks to circumvent it as there usually are - this one's just far too deeply rooted to get around.)

In the Windows world, in order to perform [practically] any action as a user (whether it's running a program, authenticating against AD or anything else), you require an access token, which is used to identify and authenticate the user's access/privileges. This access token is only created when the user's account name and password are supplied (at login, for RunAs, and so on).

The potentially important caveat (for your purposes) is that an existing access token can be duplicated into an impersonation token, which can be passed on to the ImpersonateLoggedOnUser function, which can be used to impersonate the security context of a logged-on user.

Seeing as how you're one of those developer/programmers who might know how to work with the arcane magiks of .NET, this may be useful to you in writing a small application to achieve what you want to do.

However, to be precisely clear, there is no command you can run or process to follow to impersonate a Windows user, short of coding one up (or finding one someone else coded up), and even then, it's limited to users whose access tokens are available (logged on users).

Related Solutions

Windows – Useful Command-line Commands on Windows

A little known one is

getmac

It shows the MAC address(es) of your network adapter(s).

Screenshot of running getmac from a Windows commandline window.

Terminal Server 2008 (32 bit) fails to load profile (sometimes)

I got exactly the same problem. Only my setup is a win2008r2 x64 On Vmware Esxi. Everytime the number of users logged on reached 40, any user that logged on from that moment gets an temporary profile.

Workaround:
Move some of the users to other virtualized Terminal Server instances.

Cause And Fix: The registry on our Server was bloated to over 2gb. Some printer drivers (Kyocera, Sharp) are malfunctioning, and copy some registry keys every time a user logs on to the Terminal Server bloating it in the process. Once we cleaned the registry the server went back to normal.

Best Answer

Related Solutions

Windows – Useful Command-line Commands on Windows

Terminal Server 2008 (32 bit) fails to load profile (sometimes)

Related Topic