By default, applications launched by the Schedule Wizard service module will inherit the security settings of the service module. The ExecuteAs utility has been included so that you may start an application with the privileges of a particular user.
ExecuteAs Utility
Syntax: ExecuteAs logon_parameters command
logon_parameters must be one of the following three options:
-i - Execute the application as the current interactive user.
-s - Execute the application as the local system.
u=”User” p=”Password” d=”Domain” – Execute the application as a specific user. If the domain is left blank (“”), all domains will be searched for a matching user.
NOTE: The user must have the “Log on as a batch job” right (assigned through the Windows NT User Manager).
Examples:
ExecuteAs –s ThisService.EXE
ExecuteAs –i ThisVisibleApp.EXE
ExecuteAs u=”BATCH” p=”BATCHPASSWORD” d=”” \WintNT\System32\ThisApplication.EXE parameter1 parameter2
User Rights
The "-i" switch indicates that the security rights of the current interactive user should be used. ExecuteAs will start the task (if the specified user has the “Log on as a batch job” right), but the task (the batch file or application you are starting) may require the rights of a specific user in order to access network resources. The "u= p= d=" syntax (user, password, domain) makes it possible for the service to start the task as the required user when scheduled.
ExecuteAs does require the “Log on as a batch job” user right in order to run, but when it has been started by the service, it has those rights already. Since the Execute/Test button always starts the task with the security rights of the interactive user, ExecuteAs will fail if the interactive user does not have the “Log on as a batch job” user right. The "Quick Start" option should be used for testing instead.