Re: Wired error of get-credential for non-privilege user

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: lee.holmes@xxxxxxxxxxxxxxxxxxxx
• Date: 27 Jan 2006 12:50:55 -0800

---

Thanks, Tony.

The difference in behaviour (between CredUI and the console prompting) is that CredUI returns us a username with "\" prepended. As in "\testac". This is another valid form of the same username.

When we pass that to the Process.Start method, it has intermittent difficulty dealing with that form of a username. You'll see the same effect if you prepend your username with a "\" from the Console prompting.

Interestingly enough, you won't see the problem happen if you keep the first successful console window open.

--
Lee Holmes [MSFT]
Microsoft Command Shell Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.

-----Original Message-----
From: /\\/\\o\\/\\/ [MVP]
Posted At: Friday, January 27, 2006 10:43 AM
Posted To: microsoft.public.windows.server.scripting
Conversation: Wired error of get-credential for non-privilege user
Subject: Re: Wired error of get-credential for non-privilege user

No, I think this is a new one, try setting the ConsolePrompting to True :

new-property HKLM:\SOFTWARE\Microsoft\MSH\1\ShellIds -property
ConsolePrompting -value "True" -force

and try you script again, If I use the GUI I have the same effect.
as you have.

MSH>$cred = get-credential

Cmdlet get-credential at command pipeline position 1
Supply values for the following parameters:
Credential
User: test
Password for user test: *******

MSH>$PSI = new-object System.Diagnostics.ProcessStartInfo
MSH>$psi.LoadUserProfile = $true
MSH>$psi.filename = "MSH.exe"
MSH>$psi.UseShellExecute = $false
MSH>
MSH>$psi.Username = $cred.userName
MSH>$psi.Password = $cred.Password
MSH>
MSH>[System.Diagnostics.Process]::start($PSI)

Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
12 1 324 1032 14 0,03 5916 msh


MSH>[System.Diagnostics.Process]::start($PSI)

Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
5 1 132 428 5 0,02 5972 msh


MSH>[System.Diagnostics.Process]::start($PSI)

Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
5 1 132 428 5 0,02 628 msh


MSH>[System.Diagnostics.Process]::start($PSI)

Handles NPM(K) PM(K) WS(K) VS(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
5 1 132 428 5 0,03 3420 msh

So, I think this is a bug in the CredUI.

gr /\/\o\/\/

/\/\o\/\/ [MVP] wrote:
> Did you fill the credentials ?
>
> Otherwise you get in a loop between the Shell's(bug filed)
>
> See, also :
>
> http://mow001.blogspot.com/2005/10/do-msh-cmd-msh-loop-runas-in-msh.html
> http://mow001.blogspot.com/2005/10/runas-with-loading-profile-script-in.html
>
>
> think this is happening here also.
> try changing a dir and then do a LS to test this.
>
> gr /\/\o\/\/
>
> TonyDeSweet wrote:
>
>> Not sure if it is right place, but I discovered this while using monad.
>>
>> System: Windows XP Home, .NET Framework SDK 2.0, Monad beta3
>>
>> If login as a member of Administrators group, MSH.exe runs perfectly.
>> I am writing "su.msh" script (go to http://mshforfun.blogspot.com/
>> for detail)
>>
>> There is a non-privilege user "testac" who belong to Users and
>> Everyone group. When login as "testac", msh.exe launched OK. If
>> you login as a member of Administrators group and try to launch msh.exe
>> (within a msh window of course) using RUNAS.exe (runas /profile
>> /User:testac msh.exe), msh.exe launched OK.
>>
>> Problem really come out when you using get-credential cmdlet and pass
>> Username and Password to Process.Start() method.
>>
>> $SuAccount = get-credential
>> $StartInfo = new-object System.Diagnostics.ProcessStartInfo
>> $StartInfo.FileName = "msh.exe"
>> $StartInfo.Arguments = "-nologo -noprofile"
>> $StartInfo.UserName = $SuAccount.UserName
>> $StartInfo.Password = $SuAccount.Password
>> $StartInfo.LoadUserProfile = $true
>> $StartInfo.UseShellExecute = $false
>> $StartInfo.WorkingDirectory = (get-location).Path
>> [System.Diagnostics.Process]::Start($StartInfo)
>>
>> First time you run script:
>> Cmdlet get-credential at command pipeline position 1
>> Supply values for the following parameters:
>> Credential
>> Exception calling "Start" with "1" argument(s): "Logon failure: unknown
>> user name or bad password"
>> At D:\msh\su.msh:11 char:36
>> + [System.Diagnostics.Process]::Start( <<<< $StartInfo)
>>
>> Second time you run script:
>> No error, works like runas
>>
>> Third time you run script:
>> Cmdlet get-credential at command pipeline position 1
>> Supply values for the following parameters:
>> Credential
>> Exception calling "Start" with "1" argument(s): "Logon failure: unknown
>> user name or bad password"
>> At D:\msh\su.msh:11 char:36
>> + [System.Diagnostics.Process]::Start( <<<< $StartInfo)
>>
>> Fourth time you run script:
>> No error, works like runas
>>
>> Fifth time you run script:
>> Cmdlet get-credential at command pipeline position 1
>> Supply values for the following parameters:
>> Credential
>> Exception calling "Start" with "1" argument(s): "Logon failure: unknown
>> user name or bad password"
>> At D:\msh\su.msh:11 char:36
>> + [System.Diagnostics.Process]::Start( <<<< $StartInfo)
>>
>> So you see patterns here? I don't have detailed trace information,
>> but I am pretty sure there is something wrong with get-credential
>> cmdlet (or maybe it is Process.Start() method). Or it is simply a bug?
>>
>>
>> Tony
>> http://mshforfun.blogspot.com/
>>

.

---

• Follow-Ups:
  • Re: Wired error of get-credential for non-privilege user
    • From: TonyDeSweet

• References:
  • Re: Wired error of get-credential for non-privilege user
    • From: /\\/\\o\\/\\/ [MVP]

• Prev by Date: Robocopy Question?
• Next by Date: RE: Multiple folder delete
• Previous by thread: Re: Wired error of get-credential for non-privilege user
• Next by thread: Re: Wired error of get-credential for non-privilege user
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: "Run As," Adding Names to Drop-Down Box ... credentials. ... username you specified to start the program. ... Second one, I see a window flash, then nothing. ... On the second one, the script, make sure you have the quotations ... (microsoft.public.windowsxp.help_and_support) Re: HTTP Authentication with LWP ... I use the credentials() function of LWP::UserAgent to setup ... the username and password for this site but my script makes no use of ... passing the login data - whatever the login form wants - then do the ... (comp.lang.perl.misc) Re: [Full-disclosure] SSH brute force blocking tool ... And just what on God's earth does "SOMEONE LOGGING IN WITH USERNAME SET ... TO A VALID PASSWORD ENTRY" have to do with this script. ... the classic attack is the symlink attack. ... (Full-Disclosure) PHP Access Script (free guide) ... he keys in his username and password ... in this case, if John Davis correctly log in, the script ... kick out the user. ... Browser agent to act as an invisible session ID. ... (alt.php) Running a script in Windows2000 Server ... I am running Windows 2000 server from which this scrip t needs to be run. ... batch file I write a shuttdown.exe file I am recieving a (Loading script ... dim conn, rs, strsql, username, dbline, flag, errdesc ... (microsoft.public.windows.server.scripting)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.scripting  > 2006-01