Author Topic: Administrator rights when running using a schedule  (Read 976 times)

Offline JLukins

  • Newbie
  • *
  • Posts: 5
    • View Profile
Administrator rights when running using a schedule
« on: March 18, 2021, 08:11:27 AM »
I am using PatchMyPC and my account is a standard user. When ever I start the UI it asks me for an administrative account (via UAC) and runs normally. This is not a problem.

I have also set up a schedule with "Task Visibility" set to Silent and "Run Whether or Not Logged In" set to True. This works fine but it obviously does not raise a dialgue asking for an adminsitrative account. How does it avoid this? Is this not a security hole in itself?

Does the scheduled task maintain a token?

Thanks.

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2142
    • View Profile
    • Patch My PC Support
Re: Administrator rights when running using a schedule
« Reply #1 on: March 19, 2021, 07:56:49 AM »
UAC is required due to the nature of what we do (install apps).

Offline JLukins

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Administrator rights when running using a schedule
« Reply #2 on: March 19, 2021, 08:13:37 AM »
Hi,

I understand that UAC is required, my question is how does PatchMyPC get administrative rights when running silently as part of a schedule?

Thanks

Jeremy

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2142
    • View Profile
    • Patch My PC Support
Re: Administrator rights when running using a schedule
« Reply #3 on: March 19, 2021, 08:16:05 AM »
You can control that in the scheduled task. There is an option to run with the highest privileges.

Offline JLukins

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Administrator rights when running using a schedule
« Reply #4 on: March 19, 2021, 08:48:16 AM »
Again, I understand that the scheduled task runs with administrator privileges. I rely on this to update even though I run as a standard user.

The question is how does the silent task elevate privileges without any user interaction.

With the GUI running and depending on UAC settings, a dialogue will appear. How does the silent task bypass the need for a dialogue but still updates with administrator rights?

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2142
    • View Profile
    • Patch My PC Support
Re: Administrator rights when running using a schedule
« Reply #5 on: March 19, 2021, 09:15:24 AM »
The question is how does the silent task elevate privileges without any user interaction.

It would not unless the scheduled task is running as SYSTEM or if your run as a user and the user is an admin, and the option to run with the highest privileges is set.

Offline JLukins

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Administrator rights when running using a schedule
« Reply #6 on: March 19, 2021, 09:41:59 AM »
Hi,

Then something doesn't make sense. I am a standard user and have a schedule set within PatchMyPC to run everyday at 9am. The task is enabled, "Task Visibility" is Silent and "Run Whether or Not Logged In" is true. As the log below shows, updates are being installed but I never see a UAC dialogue so PatchMyPC MUST be running with administrator privileges. My question I think therefore is how is the schedule implemented as I cannot see anything in Task Scheduler in Windows and if it is doing it itself, how does it gain administrator rights?

Here is a log entry from yesterday morning showing updates installing without issue.
18/03/2021 09:00:03 - Patch My PC Started
18/03/2021 09:00:03 - Patch My PC running with command line option: /silent
18/03/2021 09:00:03 - Checking connection to patchmypc.com
18/03/2021 09:00:03 - Verified connection to patchmypc.com. Status Code: 200
18/03/2021 09:00:03 - Getting latest definitions from patchmypc.com
18/03/2021 09:00:03 - Definition load completed in: 0.17 seconds
18/03/2021 09:00:03 - Patch My PC version 4.2.0.2 is running. The latest is 4.2.0.2
18/03/2021 09:00:03 - Performing scan of installed applications
18/03/2021 09:00:04 - Scan completed in: 0.57 seconds
18/03/2021 09:00:04 - Starting to perform updates silently since /silent switch used
18/03/2021 09:00:05 - Patch My PC 4.2.0.2 | Definitions: 17-Mar-2021 | 18/03/2021 09:00:05

18/03/2021 09:00:05 - Run With /SILENT Switch
18/03/2021 09:00:05 - OS: Microsoft Windows 10 Pro x64

18/03/2021 09:00:05 - 2 App(s) to install or update...
18/03/2021 09:00:05 - Download URL: https://patchmypc.com/freeupdater/applications/audacity-win-3.0.0.exe
18/03/2021 09:00:05 - Download Path: C:\PatchMyPCUpdates\Audacity 3.0.0.exe
18/03/2021 09:00:05 - Download size: 28.02 MB
18/03/2021 09:00:05 - Download Starting for: https://patchmypc.com/freeupdater/applications/audacity-win-3.0.0.exe
18/03/2021 09:00:11 - Total download time in seconds: 6.14
18/03/2021 09:00:11 - Install Command: /VERYSILENT /SP- /NOCLOSEAPPLICATIONS /NORESTARTAPPLICATIONS /NORESTART
18/03/2021 09:00:11 - Audacity 3.0.0 Downloaded Successfully
18/03/2021 09:00:11 - Installing Audacity 3.0.0 Silently
18/03/2021 09:00:19 - Install Successful for Audacity 3.0.0

18/03/2021 09:00:19 - Deleted file: C:\PatchMyPCUpdates\Audacity 3.0.0.exe
18/03/2021 09:00:19 - Download URL: https://patchmypc.com/freeupdater/applications/FileZilla_3.53.0_win64-setup.exe
18/03/2021 09:00:20 - Download Path: C:\PatchMyPCUpdates\FileZilla Client 3.53.0 (x64).exe
18/03/2021 09:00:20 - Download size: 10.86 MB
18/03/2021 09:00:20 - Download Starting for: https://patchmypc.com/freeupdater/applications/FileZilla_3.53.0_win64-setup.exe
18/03/2021 09:00:20 - Downloading FileZilla Client 3.53.0 (x64) (10.86 MB)
18/03/2021 09:00:21 - Total download time in seconds: 1.90
18/03/2021 09:00:21 - Install Command: /S
18/03/2021 09:00:21 - FileZilla Client 3.53.0 (x64) Downloaded Successfully
18/03/2021 09:00:21 - Installing FileZilla Client 3.53.0 (x64) Silently
18/03/2021 09:00:30 - Install Successful for FileZilla Client 3.53.0 (x64)

18/03/2021 09:00:30 - Deleted file: C:\PatchMyPCUpdates\FileZilla Client 3.53.0 (x64).exe
18/03/2021 09:00:32 -
Patch My PC Update Complete 18/03/2021 09:00:32

Offline Andrew Jimenez

  • Patch My PC - Support Engineer
  • Full Member
  • ***
  • Posts: 101
    • View Profile
Re: Administrator rights when running using a schedule
« Reply #7 on: March 19, 2021, 02:46:06 PM »
I believe you will see the Scheduled Task if you run Task Scheduler as Admin. The task may not be visible to a non-Admin User. The task that Patch My PC creates does indeed run as SYSTEM.


Offline JLukins

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Administrator rights when running using a schedule
« Reply #8 on: March 24, 2021, 03:45:41 AM »
Thank you, that's great. I obviously hadn't accessed the scheduled tasks as an Adminsitrator.