Re: Triggered task "run custom command" doesn't wo...

Thaulow · ‎06-17-2019

Hi Community!

I'm trying to make an .exe run at logon and, also trigger the same .exe with a "Workstation unlocked", but without luck.

Right now i'm trying to make this run at "Workstation unlocked":

\\Server\Share\Program.exe

But without luck.

Application blocking is disabled so that is not the root cause.

I've also tried to do the following as a custom command, but nothing happens at logon.

C:\Windows\System32\notepad.exe

Is there a log or somewhere i can start my troubleshooting?

Regards,

Victor

DEMdev · ‎06-17-2019

Hi Thaulow,

Logon tasks (and logoff tasks, for that matter) run "invisibly" so they cannot be used to start applications and do not support user interaction. That's why you don't see your notepad.exe.

Triggered task custom commands don't have that limitation, so let's try to figure out what's going on there. At logoff, we log which triggered tasks we launched (or tried to launch) during the session, so that would be the first place to look.

Thaulow · ‎06-17-2019

Hi UEMdev,

We are experiencing this on every level, both Logon Tasks and Triggered Tasks.

The following is a test where i want notepad to open at every logon, but this doesn't work neither

Where can we find these logs that you stated lastly?

DEMdev · ‎06-17-2019

Hi Thaulow,

Sorry, I wasn't very clear in my previous response: the log messages I referred to are logged to the standard UEM log file.

Thaulow · ‎06-17-2019

Hi again,

Checking the logs i'm getting the following error:

2019-06-17 15:56:22.650 [ERROR] At 15:55:08.638: Error 5 running custom command '"\\server\share\program.exe"' ('popup.xml')

DEMdev · ‎06-17-2019

Hi Thaulow,

Error 5 means "access denied". Does the user have permission to access that executable?

Thaulow · ‎06-17-2019

Domain Users does have the permission "Read and execute" in the folder where the program is executed:

Thaulow · ‎06-17-2019

Also to mention, the program runs fine if the command \\server\share\program.exe is run in "Run"

No problems at all regarding security or applocker. It's only when run by triggered task

DEMdev · ‎06-17-2019

Hi Thaulow,

I noticed that you also have an ACL for Domain Computers. Are there any denies in there, maybe?

FlexService is responsible for launching triggered tasks, and that runs as LocalSystem. Although FlexService will launch the process in the context of the logged-on user, it looks like it first tries to access the executable as SYSTEM.

Thaulow · ‎06-18-2019

Hi again,

Domain computers does also have the right to read from the folder where the program is present.

Another error - I dont know if it's connected in any way whatsoever, but we are also expereincing Access denied on importfile:

2019-06-18 08:36:49.297 [ERROR] ImportFiles::ImportFile: Access denied on 'LocalAppData/Microsoft/OneNote/16.0/cache/0000016T.bin'

2019-06-17 15:59:28.751 [ERROR] ImportFiles::ImportFile: Access denied on 'LocalAppData/Google/Chrome/User Data/Default/Web Data'

Is the solution then to give system read access, or will that help at all?

DEMdev · ‎06-18-2019

Hi Thaulow,

For the triggered task problem, the next step would be to run ProcMon in the user's session. Hopefully that provides a bit more insight into what's going on there.

For the access denied in ImportFiles: no permission changes should be required there. Are those imports happening at logon, or using DirectFlex? How is UEM configured to run at logon? As a Group Policy client-side extension, in NoAD mode, or as a logon script?

All

Triggered task "run custom command" doesn't work