Logon Properties

Allows you to set the task to run under a particular user as well as specify how the task should depending on the current state of the workstation, whether it is currently logged on, logged off or locked. You can set AutoMate to logon a specified user if the workstation is logged off or unlock the workstation if it is currently locked before performing the steps of the task. Additionally, you can set AutoMate to run the task in the background, whether the workstation is currently logged on, locked or logged off.

User Impersonation Support           


The Logon properties in AutoMate allow the user to specify under which user context a task should run when it is triggered (started automatically). By default, a task will run under the context of the currently logged in user. This means that if an AutoMate task were to launch an application, the registry, mapped drives external application preferences and other settings will map to the current user. By specifying an alternate user account, AutoMate can optionally map all user specific settings (including external application preferences and layouts) to the alternate user while the task is running.

Running Tasks While System is Locked or Logged Off


When a Windows machine is logged off there is no current user, thus an option is also available to control how this condition is handled. The default behavior is to logon as the default user (specified in the Task Administrator under System -> Options -> Default User tab) and run the task. You may also specify not to run the task at all, or to run as a specific alternate user.  

 

The Windows security architecture prevents "interactive" events from being sent to applications while a machine is locked or logged off. Because of this, it is important to set the task to automatically log on if the task contains interactive actions such as Send Keystrokes or Click Mouse. However, running applications, FTP, and other background processes are allowed to be performed in the background. When in an unattended back-office environment, for security reasons, it is preferable for a task to run completely in the background without needing to perform a log on; however this is only possible if the task does not simulate user interaction. If unsure it is advisable to test the task both ways.

Parameters


When workstation is logged on:

If the task is triggered while a user is logged onto the workstation, AutoMate can run the task in one of three ways:

 

Logged on user

AutoMate runs the task as the currently logged on user. For example, if the user currently logged onto the workstation is joe@networkautomation.com, the task will use Joe’s registry and application settings. This default option is adequate for most situations.

 

Background user

AutoMate runs the task under the user credentials as set in the Specified User section (accessible via the Specified User button near the bottom of the page). When this option is selected, tasks will run in the background in the context of the specified user and act as if the task had been started by that user. This option should be used when you need a task to run regardless of whether or not a user is currently logged on, and do not want the task to end when the workstation is logged off.

 

Specified user

AutoMate runs the task as the specified user as set in the Specified User section (accessible via the Specified User button). When this option is selected, tasks will run in the context of the specified user and act as if the task had been started by that user. For example, if joe@networkautomation.com is currently logged on, you can use this option to run the task as sally@networkautomation.com. When the task runs, the registry and applications used by the task will act as if Sally had started them, even though the task is running on Joe’s display. This option should only be used when you need to run a task that uses applications or performs background tasks that require elevated security privileges or settings different from the user currently logged on.

 

 

When workstation is logged off:

If the workstation is logged off and waiting for a user to log in when the task triggers, AutoMate can attempt to do one of three things:

 

Don’t run

The task will not run when the workstation is logged off. Since tasks may require interaction with the desktop, and such interaction can only be performed when a workstation is logged on, this default option provides greatest compatibility with various scenarios.

 

Run as background user

AutoMate will attempt to run the task behind the logon screen after silently logging on the "Specified User". AutoMate does not display a desktop, and therefore tasks that interact with application interfaces or windows will not function correctly. This option is, however, recommended for non-interactive tasks that require elevated rights, such as copying files from secure areas or automating secure FTP transactions, without user knowledge or intervention.

 

NOTE: Tasks set to run as Background User while the workstation is logged off may fail if any part of the task is required to access the registry. This is due to the fact that the HKEY_CURRENT_USER section of the registry is not available when a user is logged out. In such cases, select the Logon specified user option instead to allow AutoMate to logon before running the task.

 

Logon specified user

This is accomplished by emulating a user logon attempt at the keyboard (see the How AutoMate Logs On A User topic for more information on how AutoMate does this). If AutoMate determines that the logon attempt is successful, the task runs as specified by the "When workstation is logged on" options.

 

 

When a workstation is locked:

If the workstation has been locked, either by a user, the Lock Workstation action in AutoMate, or a screen saver, AutoMate can attempt one of three things:

 

Don’t run

AutoMate will not attempt run the task if the workstation is locked.

 

Run as current user

The task will run behind the locked workstation screen using the currently logged on user’s account. This will cause tasks that require interaction with the desktop to operate incorrectly or to fail, but does provides an excellent and secure way to run tasks that do not require user interaction, such as unattended file copies or FTP transfers.

 

Run in background as specified user

This is similar to the Run as current user option stated above, however, the task will run behind the locked workstation screen using the "Specified User" account instead.

 

Unlock using specified user

AutoMate will attempt to unlock the workstation using the “Specified User” account (see How AutoMate Unlocks a Workstation for more information on how AutoMate does this). Note that the specified user must be the same user that is logged onto the workstation when the task attempts to run. AutoMate cannot forcibly log off a user if an attempt is made to unlock the workstation with a user other than the current logged on account.

 

 

Specified User

When you choose to logon or unlock the workstation using a specified user, you must define exactly what user AutoMate is to use. To do this, click the Specified User button. In the dialog that appears (illustrated below) you can choose one of two options:

 

Use default user account

This will use the user account specified in the System -> Options of the Task Administrator under the Default User tab. The Default User tab should be set to the user that uses AutoMate most frequently.  

 

Use specified user account

When selected, this option allows you to enter in a user specific for this task. This account will always override the default account. The available options are as follows:

 

Default user name

The default user name can be either a plain user name (e.g. "sparky"), or a username/domain combination (e.g. "sparky@networkautomation.com"). When the latter form is used, the domain field is disabled.

 

Default password

The password to be used with the default user name specified above. This option can be blank if no password is associated with the selected user.

 

Default domain/machine name

The domain or machine name the user is a member of. This option can be left blank if the user is not a member of a domain or if there is only one workgroup for the machine.

These values are also used to replace the special fields of the Logon and Unlock Keystrokes used when logging on or unlocking a workstation. See the "See Also" section for more information.

 

 

Run with highest privileges

In Windows Vista, when User Access Control (UAC) is enabled, a task requires administrator privileges in order to run. Enabling this option automatically sets the task to run with elevated privileges. (This parameter is disabled by default).

 

NOTE: All new tasks can be automatically set to run with highest privileges by enabling the option New tasks use elevated privileges located in System -> Options -> General tab.

See Also

About Automatic Logon and Unlock

Setting Task Logon Properties

Editing Task Properties

About Creating Tasks

Creating a Task Using the Wizard

Creating a Task Without the Wizard