03-08-2011 02:06 AM
Hi
Ive made a custom ressource with a script. This Script trigger another script which needs Runas Admin rights.
The Cluster cannot not start the second script as admin how can i manage this? I dont want to deactivate the UAC on the Server.
Environment: Windows 2008 R2 with SFHA 5.2 Sp2
Thanks for any suggestion.
Solved! Go to Solution.
03-08-2011 06:22 AM
Hi Sigi,
All resource agents get started in the Local System user context the same as the HAD service. It is not supported to start HAD with a different user account than Local System. However, there are some agents which have Username, Domain and Password attributes so that they can run their entry points with a different user. The process agent is one of these agents. You might try switching your customer agent to a process agent and take advantage of this feature.
Otherwise, you might want to try the runas.exe command in your first script to call the second one with elevated user rights. The only problem with this is that the username and password are passed to runas.exe in plain text format.
I think there are also some other windows commands that will allow for the change of the executing user account.
Thanks,
Wally
03-08-2011 06:22 AM
Hi Sigi,
All resource agents get started in the Local System user context the same as the HAD service. It is not supported to start HAD with a different user account than Local System. However, there are some agents which have Username, Domain and Password attributes so that they can run their entry points with a different user. The process agent is one of these agents. You might try switching your customer agent to a process agent and take advantage of this feature.
Otherwise, you might want to try the runas.exe command in your first script to call the second one with elevated user rights. The only problem with this is that the username and password are passed to runas.exe in plain text format.
I think there are also some other windows commands that will allow for the change of the executing user account.
Thanks,
Wally
03-08-2011 09:57 AM
You might want to turn off UAC: http://technet.microsoft.com/en-us/library/cc709691%28WS.10%29.aspx
03-10-2011 12:12 AM
Well thanks for the suggestion, but disable UAC is not an option for us.