Windows User Impersonation

VOV supports Windows in addition to many UNIX variants. This section describes cross-platform jobs between UNIX/Linux and Windows.

User Accounts that Run Jobs on Windows

The persistent Windows vovtasker runs as the user that started it, but can switch to other accounts if it is supplied with the account credentials by the vovserver. These credentials are supplied with the job over the VOV-protocol connection between the vovserver and the vovtasker.

Every Altair Accelerator project, including Accelerator, is a collection of jobs and files managed by a vovserver. A project may be multi-user, and the vovserver stores information about the users who have jobs in the project. Each user has an account name that is related to a user ID, and possibly to a Windows account name. The vovserver uses the operating system's mechanism to authenticate users. A user must already have authenticated to the OS before being able to start a vovserver, and the vovserver runs in that user's account.

There is no superuser identity such as root that can switch to other accounts without providing any credentials. For Accelerator on Windows, a different method is used to run jobs as the submitter.

The vovtasker calls a Windows API to create a process with a username and password. The username is mapped from the UNIX/Linux username, and the password is stored in encrypted form in the vovserver and passed to the vovtasker. The password is destroyed immediately after use. It is possible for a UNIX/Linux user to run jobs as another Windows user, by logging onto the machine locally with the account name and password.

After the Windows process is running as the correct user, it may need to point to different drive letters as needed, as each user has their own set in recent Windows versions.

Enter the Windows Password - only needed if you want to switch the user running the job

In the vovconsole GUI, you may enter the Windows password using the Tools > Windows Password menu item. From the command line, you can use the vovauxpasswd command.

Batch Files

In the course of running the job, the Accelerator tasker on Windows creates a batch file, and may use an optional pre- and post-job batch file. Batch files cannot be edited by you, but the pre and post job batch files can be used for debugging purposes.

The following is an example of the pre-job batch file that if present, will be called by the vovtasker's job-bootstrap batch file. This example records the variables and drive letters in the file pre-hook.txt.

Example script that you must write and put in a directory that you have to create yourself: vovbtpre.bat that record variables and drive letters into a file for troubleshooting:
set & pre-hook.txt
net use && pre-hook.txt

Must be in C:/tmp directory, so please create this directory

If defined, the batch file vovbtpost.bat is called after the job. Use the same technique as the pre- file to create and use this fiile

The following example uses the choice command to keep the window visible until a key is pressed.

Example script: vovbtpost.bat:
REM Example script: vovbtpost.bat
REM Use choice cmd to make window stay around
choice /M "Press Y to finish"

echo done