Support Request: Can't run Shell in restricted user

Description

Hello,

I'm trying to achieve the following:
Running a local node server which will serve my website locally, so SiteKiosk can access it via "localhost:5000". My setup works fine during "Start Once" Mode but it appears that my script won't run correctly in the restricted user.

This is my script:

Set oShell = CreateObject("WScript.Shell")
oShell.Run "serve -s C://PROGRA~2/SiteKiosk/Html/build", 2


This script lies in "C://PROGRA~2/SiteKiosk/Html/" as is recommend in the docs.
I have added "cmd" (with the path: C://windows/system32/cmd.exe to the list of allowed applications.

I also removed the "ConsoleWindowClass" entry from the list of blocked windows & dialog boxes under "Access/Security-->Block system critical windows & dialog boxes-->Settings"

The only hint of something going wrong I can find is this line in the logs when running in "Auto" (restricted user):
"... [SiteKiosk] (null): "(null)" at line 1, char 0"
which is not really helpful.

Am I missing something? Thank you.

Answer: (3)

Re: Can't run Shell in restricted user 10/28/2021 8:56 AM
Hello,

There is no free support for custom scripts, but here are a few tips:

SiteKiosk has 2 security mechanisms to block the start of an application. One is the window and dialog management and the other is the access rights of the SiteKiosk user, which take effect in Auto Start mode.
According to your description, the problem lies with the access rights for the SiteKiosk user.
First, make sure that the external script you added to the SiteKiosk configuration under >Start Page & Browser>Advanced is located in a folder that the SiteKiosk user has access to.
We recommend the folder "C:\Program Files (x86)\SiteKiosk\Html".

Then, in the Admin account, use the System Security Wizard (installed with SiteKiosk) to check the SiteKiosk user's access rights to the folder where the "serve.exe" is located (give e.g. read & execute rights or full access, depending on what the program needs.
https://www.sitekiosk.com/helpconsole/SiteKiosk%20Help/en-US/default.htm?advanced.htm

Here is some more information:
- about SiteKiosk external programs: https://www.sitekiosk.com/eu/web/CustomerSupportCenter/ArticleDetails.aspx?ArticleID=25533

- to automatically start programs via script:
https://devblog.provisio.com/post/2012/09/18/How-to-Build-a-Script-Watchdog-for-External-Applications.aspx
https://www.sitekiosk.com/eu/web/CustomerSupportCenter/ArticleDetails.aspx?ArticleID=441



Otherwise I would recommend to start the node server not by script, but for example with the Windows Task Scheduler or as a Windows service.
This has the advantage that it is user-independent and that you can start the node server before SiteKiosk.


In general, you can also contact us in German.

Regards,
Michael Olbrich
Re: Can't run Shell in restricted user 10/28/2021 12:49 PM
Hey,

thank you for your response. I used the System Security Wizard to allow access to the cmd.exe as well as running scripts from it.

You can mark this ticked as closed.
Re: Can't run Shell in restricted user 10/28/2021 1:15 PM
Thank you for your feedback.
My Account
Login
Language (Tickets):