We have a Windows Server 2008 machine running Terminal Services. When users login, a custom program is launched and resides in the system tray that gives them some customized hotkeys for our company.
When we need to update this program, we have to close all copies of the program from all sessions before the new version will actually take effect (more info here). I can end the process for all sessions easily with Taskkill
, but I want to know if there's an easy way to restart the process for all sessions afterwards.
I do have access to the administrator account, but I do not have access to any other user passwords.
Is it possible to start a program from command line for another logged in user?
No. Windows does not offer the type of user impersonation capability you're asking about here. There's no
sudo
equivalent, or even approximation in Windows.I can't find the document or article at the moment, but not allowing
sudo
-style user impersonation functionality in Windows was a deliberate design decision way back in the earliest days of the NT kernel, and as a result, we're very much stick with it. (There aren't even any clever workarounds or hacks to circumvent it as there usually are - this one's just far too deeply rooted to get around.)In the Windows world, in order to perform [practically] any action as a user (whether it's running a program, authenticating against AD or anything else), you require an access token, which is used to identify and authenticate the user's access/privileges. This access token is only created when the user's account name and password are supplied (at login, for
RunAs
, and so on).The potentially important caveat (for your purposes) is that an existing access token can be duplicated into an impersonation token, which can be passed on to the ImpersonateLoggedOnUser function, which can be used to impersonate the security context of a logged-on user.
Seeing as how you're one of those developer/programmers who might know how to work with the arcane magiks of .NET, this may be useful to you in writing a small application to achieve what you want to do.
However, to be precisely clear, there is no command you can run or process to follow to impersonate a Windows user, short of coding one up (or finding one someone else coded up), and even then, it's limited to users whose access tokens are available (logged on users).
If the users are logged on, you can use something like
owexec
to launch processes as them. It doesn't require their password. We use it for something very similar to what you describe, except for the Terminal Services part.You may need to add some scripting to gather all active sessions, then target them each, individually, with the
-u
option.If you are talking about a local software and not a RemoteApp, then I guess the most usefull in your case would be using PsExec:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
For some more examples an usage, you can go to http://windowsitpro.com/systems-management/psexec