The Core Technologies Blog

Professional Software for Windows Services / 24×7 Operation

Q&A: How can a Non-Admin User Start my AlwaysUp Service?

How can a Non-Admin User Start my AlwaysUp Service?
  Hi — long time user of AlwaysUp here!

I followed your suggestion in the FAQ to allow my non-admin user to control the Windows Service that AlwaysUp created. Now he can run the NET command to start and stop our application in Session 0 whenever he likes, which is great. But we’re still having one problem.

Sometimes the user needs to start the application in the current session to make changes. The user manual says that running AlwaysUp.exe with the “-restart-in-current-session” parameter will do the trick.

And that command works fine for me (I’m an admin). However, the non-admin user is prompted for admin credentials because his account doesn’t have the rights to run AlwaysUp.

Is there any way to start AlwaysUp.exe without needing admin credentials?

— Steve

Hi Steve. Thanks for getting in touch — and for being a loyal customer!

Permissions is always a thorny topic but we can help you. Let’s start by reviewing why there is no direct remedy from the AlwaysUp executable (AlwaysUp.exe).

AlwaysUp needs admin rights to do its work

Unfortunately it’s not possible to launch AlwaysUp without elevated rights. That’s because AlwaysUp needs to:

  1. Read, create and update your Windows Services

  2. Interrogate the Windows Event logs for errors and warnings

  3. Carefully monitor your important applications and react quickly when they use too much memory, hog the CPU, hang or crash.

Typically only administrators — with broad access to low-level systems — can perform those actions.

So your non-admin user won’t be able to run AlwaysUp.exe. But as you know, there are other ways to start or stop the Windows Service created by AlwaysUp. Let’s explore the NET command since you’re already familiar with how it works.

Use NET to start your application in a given session

To recap, you’re already using the NET command to start your application. If your application is called “MyServer” in AlwaysUp, then this command will do the trick:

NET START "MyServer (managed by AlwaysUpService)"

Notice that you must add the "(managed by AlwaysUpService)" suffix as that is how the service is named in the Service Control Manager.

In any case, running that command instructs AlwaysUp to start your application in Session 0 — the background desktop hosting Windows Services. You won’t see the application on your normal desktop.

Fortunately slight variants of the NET command will enable you to launch your application in a specific session.

Provide a Session ID

To start in a specific session, add the session’s numeric identifier (the Session ID) to the command. The format is:

NET START "<ApplicationName> (managed by AlwaysUpService)" /<SessionID>

For example, to start “MyServer” in Session 2, run:

NET START "MyServer (managed by AlwaysUpService)" /2

That will launch your application in Session 2, regardless of who is logged in there.

Provide a Windows username

Alternately, you can pass a username to start the application in the session occupied by that Windows user. The format of that command is:

NET START "<ApplicationName> (managed by AlwaysUpService)" /"user:<UserName>"

For example, to start “MyServer” in the session where “psmith” is logged in, run:

NET START "MyServer (managed by AlwaysUpService)" /"user:psmith"

Note that if the given user is not logged in, AlwaysUp will start the application in Session 0.

How to use NET to start your application in the current session

To achieve what you’re trying to do, we recommend going with the username variant of the NET command.

This command — which features the USERNAME environment variable — will start your application on the current user’s desktop:

NET START "<ApplicationName> (managed by AlwaysUpService)" /"user:%USERNAME%"

Again, if your application is called “MyServer”, the precise syntax is:

NET START "MyServer (managed by AlwaysUpService)" /"user:%USERNAME%"

When you run the command, %USERNAME% expands to the username of the account invoking the command. In that way, the command works for whoever runs it.

We recommend saving the command to a batch file and placing the file on the user’s desktop, for easy access. With that, your application will only be a double-click away.


Posted in AlwaysUp | Tagged , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *