Good day,
We have downloaded latest version 14.28 for evaluation. Everything runs fine, except action "Execute external program" when running host monitor as a service and connecting using RCC. In HM system log we can see following error:
"A required privilege is not held by the client"
We setup as follows:
- Hostmon is started as service using local system
- In hostmon "Options / Startup / Service" we set a local admin account
- When we start the service we can see that account is used for login in application eventlog
- We added the service account in "Replace process level token"
- We set "Change User Account Control settings" to Never notify
- In the action for "Execute External program" we have enabled "run in active console session (if HM started as service)
We tested on Windows 10 and Windows Server 2022. Are there anymore requirements with latest Windows Updates?
Thanks for any suggestions.
Best regards
Michael
RCC action "A required privilege is not held by the cli
Hi Alex,
Thank you. We have created a new local user hostmon. This user is added to the local administrator group and set in Windows Services applet as well as in HM Options service account. Now we get a different error. On executing any external program the HM system log shows "Cannot execute command: Access is denied". The external command we use is just a simple msg command and it works fine when using HM without started as service. So it looks like something more is missing. Do you have any further suggestions to check?
Thanks.
Best regards
Michael
Thank you. We have created a new local user hostmon. This user is added to the local administrator group and set in Windows Services applet as well as in HM Options service account. Now we get a different error. On executing any external program the HM system log shows "Cannot execute command: Access is denied". The external command we use is just a simple msg command and it works fine when using HM without started as service. So it looks like something more is missing. Do you have any further suggestions to check?
Thanks.
Best regards
Michael
I think simple msg command is not that simple.
E.g. sometimes it would not start if you use path like C:\WINDOWS\System32\msg.exe while just "msg.exe" will launch program (problem relates to C:\Windows\Sysnative\ folder).
Also it uses remote RPC calls and I think gets data from AD..
If you really need msg.exe, try to modify registry:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
Name : AllowRemoteRPC
Type : REG_DWORD
Value : 1
If you are using msg.exe just for testing, I would suggest to use some other command
Regards
Alex
E.g. sometimes it would not start if you use path like C:\WINDOWS\System32\msg.exe while just "msg.exe" will launch program (problem relates to C:\Windows\Sysnative\ folder).
Also it uses remote RPC calls and I think gets data from AD..
If you really need msg.exe, try to modify registry:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
Name : AllowRemoteRPC
Type : REG_DWORD
Value : 1
If you are using msg.exe just for testing, I would suggest to use some other command
Regards
Alex
Thanks again. AllowRemoteRPC was already set. It doesn't matter what command we are using, e.g. c:\batch\test.cmd, iisreset, dir >1.txt, etc... Everything returns access denied. "Execute by" is always set to "Hostmonitor".
We have also tried using a domain admin account with same result.
Do you have another example how to launch an external program?
We have also tried using a domain admin account with same result.
Do you have another example how to launch an external program?
Thanks Alex. I also think so. Just notice 2 things:
- when using the built-in administrator account we get again "A required privilege is not held by the client" even the account is added in ""Replace process level token"
- when we disable "User Account Control: Run all administrators in Admin Approval Mode" and reboot we get again "A required privilege is not held by the client" for both local admin accounts.
I will also try to check with a new OS installation and no domain join.
- when using the built-in administrator account we get again "A required privilege is not held by the client" even the account is added in ""Replace process level token"
- when we disable "User Account Control: Run all administrators in Admin Approval Mode" and reboot we get again "A required privilege is not held by the client" for both local admin accounts.
I will also try to check with a new OS installation and no domain join.
Oh, my mistake 
You said you are using this option in your 1st post and I missed this.
Yes, by default and normally it should be disabled. When it is enabled HostMonitor tries to start program using current user credentials. And this requires some extra permissions when system belongs to domain..
Regards
Alex
You said you are using this option in your 1st post and I missed this.
Yes, by default and normally it should be disabled. When it is enabled HostMonitor tries to start program using current user credentials. And this requires some extra permissions when system belongs to domain..
Regards
Alex