DEVHIDE
Login Or Sign up

Powershell: Send a toast notification to logged user when running as Local System

15.9k Views Asked by At

I have a script running as Local System which does some stuff, including checking if it's a user logged on, and if yes, it runs a PowerShell snippet to show a toast notification, such as below.

If the PS runs as current user, it works ok. If it runs as LocalSystem, the current user does not see the toast because the output is sent Session 0 (for local system account).

Is it possible to display a toast notification to logged on user, if running as Local System and without requesting user's credentials?

Add-Type -AssemblyName System.Windows.Forms 
$global:balloon = New-Object System.Windows.Forms.NotifyIcon
$path = (Get-Process -id $pid).Path
$balloon.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon($path) 
$balloon.BalloonTipIcon = [System.Windows.Forms.ToolTipIcon]::Info 
$balloon.BalloonTipText = "$Text"
$balloon.BalloonTipTitle = "$Title" 
$balloon.Visible = $true 
$balloon.ShowBalloonTip($Miliseconds)
powershell toast local-system-account
Original Q&A
2

There are 2 best solutions below

0
On BEST ANSWER

Intro

It is possible to display a toast notification to the current active logged on user using PowerShell if running as the SYSTEM user in Session 0 without requesting the user's credentials.

Two solutions to do this follow the "Background Notes"

Background Notes

Please note that this section is written for all viewers of this post, rather than just the original questioner.

SYSTEM refers to the synonyms NT Authority\SYSTEM and Local System.

Many Windows services run as the SYSTEM user although others run as users with less privileges such as LOCAL SERVICE and NETWORK SERVICE.

For each logged in user a Windows session is created numbered from 1 which contains the user's windows.

An additional background session called Session 0 is also created which the Windows services and User Mode Drivers run in. More info at the following link.

Sessions, Desktops, and Windows Stations

All services except the Per-User Services run in Session 0.

If you are using a service for such a script I recommend looking at using one of the two alternatives below:

  1. Create a Session 1 sub-process as already done by some services.

  2. Use the Windows Task Scheduler instead to run your main script or notification script in the same session as the current active user. This schedule task can be set to trigger on an event.

Note the following security caveat. Scripts in Powershell 5 can be interrupted giving control to a user. For Powershell 6 and later this behaviour is disabled by use of the noninteractive option.

Solution Notes

Two solutions are presented below to solve the original problem. Both use an intervening program to move from Session 0 to Session 1.

Both will flash briefly a PowerShell window which is disconcerting for users and is hard to hide. Some hiding tips are provided in the link below.

How To Run A PowerShell Script Without Display a Window

The following solutions as typed require paths without spaces. Full paths must be used if given. You will have to edit these paths to suit.

Test methodology is included.

The first solution requires the PSExec.exe program. It is part of PSTools available at the following link. It is also used to test both solutions.

PSTools

The second solution requires the ServiceUI.exe program. It is part of the Microsoft Deployment Toolkit (MDT) available at the following link.

Microsoft Deployment Toolkit (MDT)

The ServiceUI.exe program is buried in the MDT install directory as follows.

Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64\ServiceUI.exe

I copied it to E:\Programs\MDT\ServiceUI.exe to make it simpler to use in PowerShell

Scripts needed

BalloonTest.ps1

$Miliseconds=50000
$Text="Hi"
$Title="Test"

Add-Type -AssemblyName System.Windows.Forms 
$global:balloon = New-Object System.Windows.Forms.NotifyIcon
$path = (Get-Process -id $pid).Path
$balloon.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon($path) 
$balloon.BalloonTipIcon = [System.Windows.Forms.ToolTipIcon]::Info 
$balloon.BalloonTipText = "$Text"
$balloon.BalloonTipTitle = "$Title" 
$balloon.Visible = $true 
$balloon.ShowBalloonTip($Miliseconds)

WhoAmISession.ps1

whoami
$Session=(Get-Process -PID $pid).SessionID
echo "Session=$Session"

Test Setup

Start a cmd.exe window as the Administrator.

The following command will provide a SYSTEM user Session 0 PowerShell execution environment as shown in the image.

E:\Programs\PSTools\psexec -s powershell.exe -file e:\test\WhoAmISession.ps1

PSExec Session

Solution 1: PSExec.exe

To show the Toast notification in PowerShell if running as the SYSTEM user in Session 0 use the following command. This will show the Toast notification if the current active logged in user is using Session 1. Some modification will be needed for other sessions. 

E:\Programs\PSTools\psexec -s -i 1 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file e:\test\BalloonTest.ps1

To test start a "cmd.exe" window as the "Administrator" and enter the following command. This will show the Toast notification if the current active logged in user is using Session 1 as shown in the image. 

E:\Programs\PSTools\psexec -s powershell.exe E:\Programs\PSTools\psexec -s -i 1 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file e:\test\BalloonTest.ps1

PSExec Balloon Test

Solution 2: ServiceUI.exe

To show the Toast notification in PowerShell if running as the SYSTEM user in Session 0 use the following command. This will show the Toast notification to the current active logged in user. 

E:\Programs\MDK\ServiceUI.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file e:\test\BalloonTest.ps1

To test start a "cmd.exe" window as the "Administrator" and enter the following command. This will show the Toast notification to the current active logged in user as shown in the image. 

E:\Programs\PSTools\psexec -s powershell.exe E:\Programs\MDK\ServiceUI.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file e:\test\BalloonTest.ps1

enter image description here

1
On

To expand on the very good accepted answer:

Alternative solutions to run as another user

The following scripts can be used as alternatives to psexec and ServiceUI.exe mentioned in said answer, in a similar fashion, when called from SYSTEM:

Note that I haven't extensively tested these options and there may be restrictions, e.g. wrt executing user (if other than SYSTEM) or execution policies, depending on what context you use them in. I nevertheless think they are worth mentioning, as they can be good solutions for certain use cases.

Using scheduled tasks

The accepted answer mentioned the possibility of using scheduled tasks, but didn't expand on it.

This solution has the following advantages (some shared with other solutions):

  • it doesn't require the installation/import of any external tool or script
  • it can be run outside of SYSTEM (e.g. by a different user with administrative rights)
  • it can be automatized (it isn't needed for the user to manually register a dedicated task)
  • it can be atomized (only the toast-displaying code can be deferred to a dedicated task, leaving the main script to run separately on its own terms).

The idea is to register a scheduled task that will execute PowerShell, telling it to run a toast-displaying script. The task is registered so as to run as the currently logged-in user, is manually and immediately triggered (by the script-running, not-logged-in user -- e.g. SYSTEM), and finally deleted.

This is the basic code to achieve this, supposing the toast display logic is contained in a toast-showing-script.ps1 file1 which, as an example, expects one ToastScriptParam parameter:

$LoggedInUser = Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName

$TaskAction = New-ScheduledTaskAction -Execute “powershell.exe” -Argument "-NoLogo -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -File .\path\to\toast-showing-script.ps1 -ToastScriptParam ""$ToastContent"""  # clearly, you will want to adapt the arguments to fit your use case
$TaskPrincipal = New-ScheduledTaskPrincipal -UserId $LoggedInUser
$Task = New-ScheduledTask -Action $TaskAction -Principal $TaskPrincipal

$ScheduledTask = $null
try {
    $ScheduledTask = Register-ScheduledTask -TaskName 'TempToast' -TaskPath '\TempToast' -InputObject $Task
    Start-ScheduledTask -InputObject $ScheduledTask
} finally {
    if ($ScheduledTask) {
        Unregister-ScheduledTask -InputObject $ScheduledTask -Confirm:$false
    }
}

As a further example, you can refer to (or use) this ToastNotification PS module I have written that does just that, but offers a few more options. It allows any user to simply call Show-NotificationToLoggedInUser -Title "A title" -Message "Longer message" to display a toast notification to the user currently logged in. It is part of another unrelated project but the module itself can be used as stand-alone.

1 You could, of course, just as well put this logic in a script block instead. Just keep in mind that in the case of a scheduled task, powershell.exe isn't "run from another PowerShell host" so you can't pass it a ScriptBlock, only a string. Refer to Microsoft documentation on the -Command option for details.

Related Questions in POWERSHELL

Related Questions in TOAST

Related Questions in LOCAL-SYSTEM-ACCOUNT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.