Logon

Description

Controls how a task should function if the computer is in a locked or logged off state. Specifies under which user context a task should run when it is triggered (started automatically). By default, a task will run under the context of the user that's currently logged on. This indicates that if an AutoMate task were to launch an external application, the registry, mapped drives, application preferences and other settings would map to the user currently logged on. By specifying an alternate user, AutoMate can optionally map all user specific settings (including application preferences and settings) to the alternate user while the task is running. For more information, see About Task Logon Properties.

To access the Logon properties of a managed task, from Task Administrator's Tasks view, right-click the desired task and select Go to -> Logon.

NOTE: In Windows Vista, Windows 7 and Windows Server 2008 operating systems, Automate will automatically logon or unlock a machine only when User Account Control (UAC) is enabled. UAC is a feature aimed to improve security by limiting application software to standard user privileges until an administrator authorizes an increase or elevation.

Practical Usage

Allows you to set the task to run under a particular user as well as specify how the task should behave depending on the current state of the workstation, whether it is currently logged on, logged off or locked. You can set AutoMate to logon a specified user if the workstation is logged off or unlock the workstation if it is currently locked before performing the steps of the task. Additionally, you can set AutoMate to run the task in the background, whether the workstation is currently logged on, locked or logged off.

Related Topics  

Parameters

Property

Description

When workstation is logged on

If the task is triggered while a user is logged onto the workstation, AutoMate can run the task in one of three ways:

  • Logged on user - AutoMate runs the task as the currently logged on user. For example, if the user currently logged onto the workstation is joe@netauto.com, the task will use Joe’s registry and application settings. This default option is adequate for most situations.

  • Background user - AutoMate runs the task under the user credentials as set in the Specified User section (accessible via the Specified User button near the bottom of the page). When this option is selected, tasks will run in the background under the context of the specified user and act as if the task had been started by that user. This option should be used when you need a task to run regardless of whether or not a user is currently logged on, and do not want the task to end when the workstation is logged off.

NOTE: This option should only be used when you need to run a task that uses applications or performs background tasks that require elevated security privileges or settings different from the user currently logged on. Not supported in Windows Vista and Windows 7.

When workstation is logged off

If the workstation is logged off and waiting for a user to log in when the task triggers, AutoMate can attempt to do one of three things:

  • Don’t run - The task will not run when the workstation is logged off. Since tasks may require interaction with the desktop, and such interaction can only be performed when a workstation is logged on, this default option provides greatest compatibility with various scenarios.

  • Run as background user - AutoMate will attempt to run the task behind the logon screen after silently logging on the "Specified User". AutoMate does not display a desktop, and therefore tasks that interact with application interfaces or windows will not function correctly. This option is, however, recommended for non-interactive tasks that require elevated privileges, such as copying files from secure areas or automating secure FTP transactions, without user knowledge or intervention. Note that tasks set to run as Background User while the workstation is logged off may fail if any part of the task is required to access the registry. This is due to the fact that the HKEY_CURRENT_USER section of the registry is not available when a user is logged out. In such cases, select the Logon specified user option to allow AutoMate to logon before running the task.

  • Logon specified user - This is accomplished by emulating a user logon attempt at the keyboard (see the Automating Logon and Unlock procedures topic for more information on how AutoMate does this). If AutoMate determines that the logon attempt is successful, the task runs as specified by the "When workstation is logged on" options.  

NOTE: Automate will automatically logon or unlock a Windows Vista, Windows 7 or Windows Server 2008 operating system only when User Account Control (UAC) is enabled.

When a workstation is locked:

If the workstation has been locked, either by a user, by the Lock computer activity or by a screen saver, AutoMate can attempt one of four procedures:

  • Don’t run - AutoMate will not attempt to run the task if the workstation is locked.

  • Run as current user - The task will run behind the locked workstation screen using the currently logged on user’s credentials. Since execution happens in the background while the workstation remains in a locked state, tasks that require interaction with the desktop will operate incorrectly or fail, however, this option provides an excellent and secure way to run tasks that do not require user interaction, such as unattended file copies or FTP transfers.

  • Run in background as specified user - This is similar to the Run as current user option, however, the task will run behind the locked workstation screen using the Specified User account instead of the user currently logged on.

  • Unlock using specified user - AutoMate will attempt to unlock the workstation using the Specified user account (see the Automating Logon and Unlock procedures topic for more information on how AutoMate does this). Note that the specified user must be the same user that is logged onto the workstation when the task attempts to run. AutoMate cannot forcibly log off a user if an attempt is made to unlock the workstation with a user other than the current logged on account.

NOTE: AutoMate will automatically logon or unlock a Windows Vista, Windows 7 or Windows Server 2008 computer when User Account Control (UAC) is enabled.

Specified user

When you choose to logon or unlock the workstation using a specified user, you must define exactly what user AutoMate is to use. The available options are:

  • Use 'Default User' account -  AutoMate will use the account specified in Default user properties of the Task Administrator. The default user should be set to the user that uses AutoMate most frequently.  

  • Use this user account - Allows you to enter a user specific for this task. This account will always override the default account entered in the Use 'Default User' account parameter.

Username

The default user name can be either a plain user name (i.e. "sparky"), or a username/domain combination (i.e. "sparky@networkautomation.com"). When the latter form is used, the domain field is disabled. This parameter is active only if the Specified User parameter is set to Use this user account.

Password

The password to be used with the default user name specified above. This option can be blank if no password is associated with the selected user. This parameter is active only if the Specified User parameter is set to Use this user account.

Domain or computer name

The domain or machine name the user is a member of. This option can be left blank if the user is not a member of a domain or if there is only one workgroup for the machine. These values are also used to replace the special fields of the Logon and Unlock Keystrokes used when logging on or unlocking a workstation. See the "See Also" section for more information. This parameter is active only if the Specified User parameter is set to Use this user account.

Run with highest privileges

In Windows Vista, Windows 7 and Windows Server 2008 operating systems, when User Access Control (UAC) is enabled, a task requires administrator privileges in order to run. Enabling this option automatically sets the task to run with elevated privileges. (This parameter is disabled by default).

NOTE: New tasks can be automatically set to run with highest privileges by enabling the option New tasks use elevated privileges located in System Options under the General Options tab.

additional notes

Running Tasks While System is Locked or Logged Off

When a Windows machine is logged off there is no current user, thus an option is also available to control how this condition is handled. The default behavior is to logon as the default user (specified in the Task Administrator under Default User properties) and run the task. You may also specify not to run the task at all, or to run as a specific alternate user.  

The Windows security architecture prevents "interactive" events from being sent to applications while a machine is locked or logged off. Because of this, it is important to set the task to automatically log on if the task contains interactive actions such as Send Keystrokes or Click Mouse. However, running applications, FTP, and other background processes are allowed to be performed in the background. When in an unattended back-office environment, for security reasons, it is preferable for a task to run completely in the background without needing to perform a log on; however this is only possible if the task does not simulate user interaction. If unsure it is advisable to test the task both ways.