AutoIt Logon Script Execution Hangs XP Workstations with SEP 12.1.2 AutoProtect Enabled

book

Article ID: 157877

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

A Logon Script created with AutoIT causes XP Workstations to hang during Windows Logon. The problem does not occur if AutoProtect is disabled.

The problem can also occur after a succesful logon. Executing the script either from the network share or locally, may also cause the XP Workstation to become unresponsive.

No Error messages will be logged, but typical symptoms are that the Workstation no longer responds to mouse or keyboard input.

Cause

This is caused by a known AutoIt limitation (for details, see www.autoitscript.com/autoit3/docs/functions/RunAsWait.htm)

When using the RunAsWait function, Registry profile issues can happen when the script causes a user profile to be loaded.
 
When using this function, the following logon_flags related to profile loading are possible:
 
logon_flag:
0 - Interactive logon with no profile.
1 - Interactive logon with profile.
 
As the AutoIt article continues to explain:
It is recommended that you only load the user's profile is you are sure you need it. There is a small chance a profile can be stuck in memory under the right conditions
 
 
Here is an AutoIt script example that uses a logon_flag value of "1":
ret1 = RunAsWait("User","Domain","Password",1,@SystemDir & "\net.exe localgroup "& $administrators & " " & chr(34) & $add[$x] & chr(34) & " /add",@SystemDir,@SW_HIDE
 
The problem can occur when running the script from witin the AutoIT script editor, or when the script is compiled into a standalone executable.

Resolution

Use RunAsWait with the logon_flag set to "0" to avoid loading the profile and thus the problem. 

Example:

ret1 = RunAsWait("User","Domain","Password",0,@SystemDir & "\net.exe localgroup "& $administrators & " " & chr(34) & $add[$x] & chr(34) & " /add",@SystemDir,@SW_HIDE


Applies To

The issue appears to occur on XP Workstations with SEP 12.1.2 only.