1.8.3 Effect of the executing user on command behavior
If you execute a script file from a service, operation is performed with the user account permissions specified for that service. However, if you execute a script file from Manager, JP1/Script applications run as if executed by a standard user due to User Account Control (UAC) for Windows. This is true even if you have logged on as a member of the Administrators group.
The following commands cause problems when they are executed by a standard user :
-
Commands that might cause an Access Denied error
-
File operation commands
-
Exec and NetExec commands
-
TerminateProcess command
-
GetProcessInfo command
- Organization of this subsection
(1) Commands that cause an Access Denied error
Table 1-3 lists the commands that might cause an Access Denied error.
You must execute script files that execute these commands as a user who has administrator permissions. If you execute one of these commands as a standard user, the following error code is output:
0005: Access was denied. Recheck file attributes or security.
For details about how to execute script files as a user who has administrator permissions, see 1.8.6 Execution as a user who has administrator permissions.
No. |
Command |
Condition on which an Access Denied error occurs |
---|---|---|
1 |
SetEnvironment |
SystemEnv is specified for the first argument (Type). |
2 |
Rename |
Reboot is specified for the third argument (Method). |
3 |
SetVolLabel |
None |
4 |
RegWrite |
A value other than HKEY_CURRENT_USER is specified for the first argument (RegKey).#1 |
5 |
RegDelete |
A value other than HKEY_CURRENT_USER is specified for the first argument (RegKey).#2 |
6 |
RegDeleteKey |
A value other than HKEY_CURRENT_USER is specified for the first argument (RegKey).#3 |
7 |
ServiceCreate |
None |
8 |
ServiceDelete |
None |
9 |
ServiceStart |
None |
10 |
ServiceStop |
None |
11 |
ServicePause |
None |
12 |
ServiceContinue |
None |
13 |
ServiceChange |
None |
14 |
ServiceControl |
None |
15 |
MakeGroup |
Lcl_Program is specified for the second argument (RootType). |
16 |
DeleteGroup |
Lcl_Program is specified for the second argument (RootType). |
17 |
MakeShortcut |
Lcl_Desktop, Lcl_Startmenu, Lcl_Program, or Lcl_Startup is specified for the first argument (RootPath) |
18 |
DeleteShortcut |
Lcl_Desktop, Lcl_Startmenu, Lcl_Program, or Lcl_Startup is specified for the first argument (RootPath). |
19 |
GetProcessCount |
None |
20 |
GetProcessInfo |
None |
21 |
TerminateProcess |
None |
22 |
Copy |
Security is specified for the ninth (Option6) or tenth (Option7) argument. |
(2) File operation commands
Note that if you use a file operation command to output or update files in the folder specified by the ProgramFiles or WinDir environment variable, the files might be redirected to the area allocated for the user. The redirect destination is in the VirtualStore folder whose path is specified in the LocalAppData environment variable. The files are redirected if a script file that executes file operation commands is executed by a standard user. To prevent the files from being redirected, you need to execute the script file as a user who has administrator permissions. For details about how to execute script files as a user who has administrator permissions, see 1.8.6 Execution as a user who has administrator permissions.
If a standard user uses script files to execute file operation commands to input or view data, operations are preferentially performed on the files at the redirect destination.
(3) Exec and NetExec commands
If a standard user executes a script file that executes the Exec or NetExec command to call an executable file, such as Install.exe or Setup.exe, that requires administrator permissions, the following events occur:
-
The following error code is output as a result of the Exec or NetExec command:
0740: The requested action requires elevated privileges.
-
The User Account Control dialog box for elevation of privileges appears.
Normally, the error in 1. occurs first after an Exec or NetExec command, and then the OS program compatibility assistant function is activated and the dialog box in 2. opens.
To prevent the error code and dialog box from appearing, you need to execute the script file as a user who has administrator permissions. For details about how to execute script files as a user who has administrator permissions, see 1.8.6 Execution as a user who has administrator permissions.
If you click the Cancel button in the User Account Control dialog box for elevation of privileges, the following error code might appear:
1223: The operation was canceled by the user.
(4) TerminateProcess command
The TerminateProcess command cannot forcibly terminate the processes being executed by another user (except for script processes). Even if you specify another user's process, the command will terminate normally without causing an error. This is the same operation as when a process specified by the process ID does not exist.
(5) GetProcessInfo command
The GetProcessInfo command can only acquire information about the processes being executed by the local user. If you specify the process ID of a process being executed by another user, an Access Denied error occurs. An Access Denied error also occurs if the process ID of a process being executed in the logon space is specified from a script that is being executed in the service space.