SSH and PowerShell connections can use the command line at will, because they have requried administrator log in to create the connection.  However if command line access is not enabled for the default user you will get the following error for any command you try to run on the command line using the device itself (for instance using the IoTCoreDefaultApp):

Access is denied. (Excep_FromHResult 0x80070005). Your device is not allowed to run the command line processor.

Enabling Command Line For IoT CoreDefaultApp and Other Applicaitons

To get rid of it log in using SSH or PowerShell, or use the web interface 'Processes' page Run Command option.  Run the following command:


reg ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\EmbeddedMode\ProcessLauncher" /v AllowedExecutableFilesList /t REG_MULTI_SZ /d "c:\windows\system32\cmd.exe\0"

Note – If you have enabled 'Windows IoT Remote Server' (web config 'Remote' page), allowing default account to run everything on the command-line is not safe option as every user in your network will be able to connect to the RaspberryPi and see its screen.

Note – The web interface 'Processes' page Run Command option won't tell you if the command succeeded or not (it always says it has), whereas SSH or PowerShell will.

Disabling again

You can check there is just the one entry you added before deleteting it if you want to using this:


reg QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\EmbeddedMode\ProcessLauncher" /v AllowedExecutableFilesList

To delete it use this:


reg DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\EmbeddedMode\ProcessLauncher" /v AllowedExecutableFilesList /f

Giving Your App More Permmissions

You may find that you still run into a brick wall with the command line from your app due to permissions.  For instance trying to get an app to copy a package file into "C:\Windows\Provisioning\Packages\" will get an access is denied error.  One solution that seemed worth a try was to simply elevate the user account that runs the app to be an administrator.

This command let you see all of the current users


net user

This command adds the default user to the Administrators group:


net localgroup Administrators DefaultAccount /add

However once you reboot you discover that the default IoTCoreDefaultApp wont' startup fully and also your own app wont either.  So another solution is needed….

 

 

Feel free to comment if you can add help to this page or point out issues and solutions you have found. I do not provide support on this site, if you need help with a problem head over to stack overflow.

Comments

Your email address will not be published. Required fields are marked *