we want to integrate a program - which is ALWAYS starts on Windows login.

the function "Add/Remove Scheduled Task" have only

Intervals (Days)

[in] String that specifies Days between running. If not set or 0, the
default value is 1.

^^

Dirk Büchel

Dirk,

>
> we want to integrate a program - which is ALWAYS starts on Windows login.
>

Please see "Add RegistryRun Entry..." script function. This lets you create
a Run key that contains the name of a program to run when the computer
starts.

Friedrich

not when the computer starts - but when login - see screen shot - sorry
is in german ;)

Dirk Büchel

> not when the computer starts - but when login - see screen shot - sorry
> is in german ;)

See MSDN.

Run and RunOnce registry keys cause programs to run each time that a user
logs on.

http://msdn.microsoft.com/en-us/library/aa376977(v=vs.85).aspx

Friedrich

BTW, another option is the Startup folder. To have the application run at
startup for every user who logon to the computer, you can place an Shortcut
in this path instead:

<AllUserProfile>\Start Menu\Programs\Startup

But Microsoft recommends to use the Run registry key.

Friedrich

Thanks for the information.

But the problem is - the program require administrator. My information
said that only a scheduled task can do that.

Dirk Büchel

Dirk,

> Thanks for the information.
>
> But the problem is - the program require administrator. My information
> said that only a scheduled task can do that.

Ouch! In fact, this is a "no-go" today. Why does your program require
administrator execution privileges at all? And to make it even worse, why
does it have to be started elevated behind-the-scenes each time that a user
logs on! Only very specific system tools need requireAdministrator
privileges.

Anyway, this is completely against the rules and against the Windows
development guidelines. So you have to find your own way to support it.
What you can do is to try to develop your own DLL that can handle this
"dirty" trick (but you have to make sure it works on all UAC-aware operating
systems) and then call the library from your installer and uninstaller.

Warning: It is NOT NOT NOT recommended to do this! ;-)

Friedrich

Let us all with "dirty" tricks working. ;)

Dirk Büchel

>
> Let us all with "dirty" tricks working. ;)
>

;-)

But perhaps you can avoid the dirty trick!? Make your application
UAC-compliant and only elevate a process if required. No potential security
hole for your customers, no potential support nightmare for you :-)

Friedrich

Friedrich - But what is this "Run with highest privileges!" - see screen
shot from scheduled task manager.

Dirk Büchel

> Friedrich - But what is this "Run with highest privileges!" - see screen
> shot from scheduled task manager.

If an user enables the "Run with highest privileges" option then Task
Scheduler will run the specific task using an elevated privileges token
rather than a least privileges token. But only tasks that require elevated
privileges to complete their actions should run with elevated privileges.
So do you have a low-level system tool that needs elevated privileges?

It doesn't mean you should try to enable the "Run with highest privileges"
Task Scheduler option for an application that you distribute to your
customers! Sure, you can do it for your own in-house applications, but
never ever open a security hole on your customers' machines.

Friedrich

BTW, if you really have to do this (for whatever unknown reason), you can
try to use something like the following from the Run Command Line function:

schtasks /create /tn mytaskname /tr myapp.exe /SC ONLOGON /RL highest

I do not recommend it! It's just FYI.

Friedrich

Friedrich, Dirk

>But the problem is - the program require administrator. My information said
>that only a scheduled task can do that.

A valid reason to run a scheduled task as Administrator or some specific
user is if the task has to access a network resource available only to that
user.

I've used SB to call the command "schtasks.exe" (available I think in
Windows XP and newer) to create a scheduled task with a particular user and
password. There is an "ONLOGON" option.

Details: http://ss64.com/nt/schtasks.html

Carlos Gutierrez

Question: How can I determine whether a certain task has been already
integrated?

Dirk Büchel

Dirk,

> Question: How can I determine whether a certain task has been already
> integrated?

What you can try to do is to check the Registry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\<YourTaskName>

Friedrich

"highestAvailable" confuses many people.

As I understand it, it means exactly what it says.

Suppose, for example, somebody has permissions as a Backup Operator, Power
User, Server Operator, or whatever (depends on the operating system as to
what are available). But he is not an Administrator.

requireAdministrator will fail unless he gets an over-the-shoulder
authorization from somebody who is an Administrator.

highestAvailable will try the existing user's unrestricted token (with his
Backup Operator or whatever other privileges) and run the application at
that level.

Jane