C# Permissions Headaches... Cant run an external EXE or BAT file due to permissions

This may be in the wrong subforum but i didnt see a C# one so here it lays.

I have a program that i originally wrote in VB in SharpDevelop, it works perfectly in debug mode, and perfectly on my local machine. The only errors in the debugger are that some invalid options are sent to the compiler which i could easily delete from the build properties but cant be bothered to.

Now, the problem comes when running it on a remote machine. Let me explain... The purpose of this program is that it will be scheduled by Novell to run at about 8pm and probably again at 10pm on the local machine (so the machine receives the instruction then contacts the server's shared folder and executes the EXE file) the program itself then displays a window warning of imminent shutdown and a timer of about 30 mins, thats fine and works a treat, when the timer expires it is supposed to use the Shell() command to run "shutdown -s -t 0" and hence the machine is forcibly shutdown.

But it doesnt do it! I keep getting errors about the permissions being wrong, EG not high enough for the EXE to launch any other file/app/whatever

I ported it over to C# using the converter in the IDE program, just because i thought it would remove the dependency for the .net framework, alas it does not, however, i still get the same errors with the C# version RE permissions.

I dont code in VB or C but i do code in PHP so i have a good understanding of general programming, i also have a basic understanding of the permissions system in use here and that i need the system shutdown permission to use the built in C# shutdown function. I have copied code snippets left right and center and pasted them in, changed a few bits but not a single one has compiled properly, they all throw out critical errors before compiling fully and hence i cant even test them.

ITs doing my head in, can someone *please* help me with this. They are running on school computers so the students/staff cant be required to input anything or interact in any way other than to cancel the shutdown if they are still using the machine. The computers will all be on the network if that makes any difference and i am reluctant to use impersonation as an admin in case the rights somehow leak and give them admin access to things they shouldnt have access to.

My code is as follows:

using Microsoft.VisualBasic;using System;using System.Collections;using System.Collections.Generic;using System.Diagnostics;using System.Drawing;using System.Windows.Forms;namespace timeout{	public partial class MainForm	{		public MainForm()		{			// The Me.InitializeComponent call is required for Windows Forms designer support.			this.InitializeComponent();			timer1.Start();			timer_update.Start();		}		public void MainFormLoad(object sender, EventArgs e)		{			lbl_text.Text = "If you are currently using this computer click the button below and the shutdown will be aborted." + Constants.vbNewLine + Constants.vbNewLine + "This program will run periodically overnight to ensure electricity isnt wasted. Please ensure you save you work and shutdown all computers at the end of the day.";		}		public void Lbl_textClick(object sender, EventArgs e)		{			timer1.Stop();									System.Environment.Exit(0);		}		public void Button1Click(object sender, EventArgs e)		{			timer1.Stop();			System.Environment.Exit(0);		}		public void Timer1Tick(object sender, EventArgs e)		{	[b]		timer1.Stop();			//Interaction.Shell("Shutdown /s  /t 5");			//Process.Start("CMD.exe");// Start the process.Process.Start("notepad.exe");			System.Environment.Exit(0);		}[/b]		public void Timer_updateTick(object sender, EventArgs e)		{			int time = 0;			string time_text = "";			time = timer1.Interval / 1000;			time = time / 60;			time_text = "" + time;			lbl_time.Text = time_text;		}		public void Lbl_timeClick(object sender, EventArgs e)		{		}	}}

I have bolded the section that deals with the timer expiration and what not, as you can see im making it launch notepad so i know its loaded rather than have my machine shut down everytime i want to test something....

I just cant get this to work, itd be really, really helpful if someone could write a little code for me, i know its being cheeky but if someone could write the code to give the right permissions i would be eternally grateful, either in VB or C# or at least help me out!!

Or if there is another way to shut the machine down then do tell! Ive tried the C# shutdown command with no luck, need the permissions again...

A quick search found me two ways to shut down the computer without the shell.

Method 1 (http://www.dreamincode.net/forums/topic/33948-how-to-shut-down-your-computer-in-c%23/)
Call Win32Shutdown for each WMI instance.  The full shutdown method is posted in the first reply.  It does give itself the right security privileges before starting the shutdown, so that might be what you are looking for.


Method 2 (https://msdn.microsoft.com/en-us/library/aa376874(VS.85).aspx)
Call InitiateSystemShutdown from the Win32 API.


I found another example of both methods on this page: http://www.pinvoke.net/wikiedit.aspx?topic=advapiemShutdown.html.  I don't have a C# IDE on this computer, so I can't test these out, but bypassing the shell entirely is probably the way to go.

Hope that helps!

Thanks

I shall give those a try, its not strictly necessary now as we are setting up some lesson monitoring software which has a shutdown function built in, whether or not the staff use it it s a different matter, at least 100 machines were left powered fully on over the weekend, not on standby but fully on. Ridiculous waste of money and energy!!

EDIT: I wonder if there is a way to force apps to save their data if its not been saved (eg word documents) from VB/C... I could probably cycle through the open windows and send a key combo of CTRL+S and then enter to save as default but its effort! And there are too many variables to think about such as multiple documents of the same name, the ways different programs save etc....

But thats just a thought!

EDIT EDIT:

The first linky seems down, but ill check that later, the second one still requires the shutdown privilege:

To shut down the local computer, the calling thread must have the SE_SHUTDOWN_NAME privilege. To shut down a remote computer, the calling thread must have the SE_REMOTE_SHUTDOWN_NAME privilege on the remote computer. By default, users can enable the SE_SHUTDOWN_NAME privilege on the computer they are logged onto, and administrators can enable the SE_REMOTE_SHUTDOWN_NAME privilege on remote computers. For more information, see Running with Special Privileges.

Which is where my problems lay, ill give the third link a go though, havent tried that yet but i fear it will still need the privileges. I was thinking of simply crashing the lsass.exe process the way the sasser worm did but that seems somewhat brutish!
Edited June 22, 2009 by shadowx (see edit history)

If all the methods require special privileges, then your best bet would be to be a system administrator to enable that SE_REMOTE_SHUTDOWN_NAME. Initiating a normal shutdown should prompt the user to save unsaved documents with most programs, but it won't automatically save them. In fact, that may become another problem as most computer are configured so they won't continue the shutdown until those programs have closed. The shutdown may never complete because a program asked the user to save documents. There's a registry option that would fix that, but it would probably be bothersome to set it on every computer manually. There might be a "no, really, shut down now" function, but I don't know what it is.

I obviously have admin rights, but even i cant run it on a second machine im using even with my admin rights. I beleive this has something to do with the .net framework config, it is seeing the program as belonging to the intranet group (which in fairness it does, it comes from a server on our network) and the permissions for that group are too low, i can change that manually of course but on perhaps 200 machines thats not feasible.Though i havent tried copying the file locally and running it locally... that might just do the trick. But if i do that then ill need to make a batch file or something to send out the EXE file at every logon... or do it once and use a central text file on the central server to control things like the timeout period etc... Because if i push it out to all workstations and dont have a central way of configging it then id have to replace the EXE every time...

Here's another method, but it probably requires the same privileges: http://forums.xisto.com/no_longer_exists/

Otherwise, you will probably have to run the program locally.  Installing it as an automatic service could save you some trouble, especially if you set up the service to look at a global config file.  You could even have it look for a new version in said config file, pull down the new program, and update itself so you wouldn't have to replace the programs manually.