just FYI I was able to launch the app into the active desktop using the tool http://developex.com/custom-software/devxexec.html which is probably just an implementation of the article you posted. The only caveat is that I still had to run the service under the logged in user, which so far is showing no negative side effects.
thanks for the info On Friday, October 26, 2012 2:40:20 PM UTC-4, Josh Cooper wrote: > > Hi Lucas, > > On Fri, Oct 26, 2012 at 8:10 AM, Lucas Vickers > <lucasv...@gmail.com<javascript:>> > wrote: > > Hello, > > > > I'm controlling 180 windows machines for an art project. I am using > > puppet to configure the machines, push out an app as a zip, unzip it, > > change permissions, then launch it. > > If you do not need LocalSystem permissions, then you could simply > configure the puppet service to run as an unprivileged (domain or > local) user: > > sc config puppet obj= <username> password= <password> > > and allow the service to interact with the desktop: > > sc config puppet type= interact > > > Everything works perfectly, > > except the app is being launched in a hidden desktop due to windows > > security. > > This page describes some of the issues. > > http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx > > > "If the service opens a command window and runs a batch file, the user > could hit CTRL+C to terminate the batch file and gain access to a > command window with LocalSystem permissions." So privilege escalation. > > > From what I'm told since puppet runs as a service it is not allowed to > > launch an app on the logged in desktop. I confirmed that when running > > the puppet agent manually the app launches correctly. > > It is possible to allow services running under LocalSystem to interact > with the desktop in older versions of Windows. If you don't care about > the security implications, you could investigate that, though I > wouldn't recommend it. > > Alternatively, you could do something like this: > > http://chabster.blogspot.com/2008/01/run-as-interactive-user-from-service.html. > > > Compile it and distribute it with your module. > > Josh > > -- > Josh Cooper > Developer, Puppet Labs > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/zTUvy2vrKKkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
