snapin and batch script



  • Running Version 1.3.5
    SVN Revision: 6067
    Client 0.11.11
    Debian stable

    Hello,

    here is a piece of code which doesn’t works from snapin :

    net use * /delete /y >> %tmp%\Update_Windows7.log 2>&1
    call net use z: \\samba\wsus$ "my'password" /user:samba\administrateur >> %tmp%\Update_Windows7.log 2>&1
    

    (note the " ’ " into the password)

    This code works fine from the command line, but from snapin, the drive is displayed with a red cross as it was disconnected, and when i click on it, it says that the name or password is wrong. As i said before this code works fine from command line.

    An idea for this problem ?
    Thanks for your help

    It seams that the problem is because the script is launched as system user.
    Is there a solution to solve that ?



  • @plegrand psexec already has the ability to send commands to remote machines, I’m not sure why you would try to make psexec commands into fog snapins.

    This whole thread seems really over-complicated.

    Why not just bake-in some run-once functionality into your image? Windows already does this natively via the registry. Doing it for Linux images is trivial because SystemD is amazing.



  • @Wayne-Workman @Avaryan @george1421 @Quazz @Tom-Elliott

    Just for information :

    I found this tool :
    https://github.com/CoreSecurity/impacket/tree/impacket_0_9_13

    There is this script inside : “psexec.py

    The package exist for debian : Package python-impacket
    psexec.py works fine from the linux command line (very long command line ;-) )

    And i think i will be able to use it on several remote windows computers with tmux.



  • @Wayne-Workman Not sure i want to use Amazon service



  • @Wayne-Workman I understand that



  • @plegrand said in snapin and batch script:

    @Avaryan @Tom-Elliott @Quazz @Wayne-Workman
    May be someone know a solution to launch remote command on mulitple computers without GPO’s ?

    I already said it, Systems Manager from Amazon Web Services.



  • @plegrand said in snapin and batch script:

    I think the problem is that snapin is launched as SYSTEM user

    This is not a problem, this is by design. Not only is it by design in the FOG Client, it is by design from Microsoft. This is how deployments are made safe, anything less is a breach of security.



  • So, the overall objective here, is it just to get Windows updated? Does it have it be offline using wsusoffline?

    There are PowerShell modules for Windows Update that may be able to trigger updates.


  • Moderator

    @plegrand PDQ Deploy?? https://www.pdq.com/pdq-deploy/

    We use this tool instead of FOG Snapins to deploy applications in our offices. They have a free version that should do what you need, but the paid for version is reasonable in cost and well worth the price because of the additional functionality.



  • @Avaryan @Tom-Elliott @Quazz @Wayne-Workman
    May be someone know a solution to launch remote command on mulitple computers without GPO’s ?



  • @Quazz
    I think the problem is that snapin is launched as SYSTEM user, then even i use psexec or runas to run command as local user, snapin is launched as SYSTEM and then it does not works. I try with -accepteula but …


  • Moderator

    Psexec needs the EULA to be accepted on first use (I’m guessing per user basis even)

    So add -accepteula maybe.

    edit: But given you only to execute commands on the local system as a different user, runas is likely the easier/better tool for the job.

    edit2: Just remembered you can’t pipe passwords to it, nvm



  • @plegrand
    It seams that i have to create the zip file on windows , on linux i have this error.
    After that the snapin pack is launched but i think it’s waiting interaction with user and even i use psexec the script is launch by system. Then it doesn’t works.
    I have to find an other solution



  • @Tom-Elliott
    I cant make it works for the moment with snapinpack, I’ve got an error that i don’t understand :

    17/05/2017 08:42 Client-Info Client Version: 0.11.11
    17/05/2017 08:42 Client-Info Client OS:      Windows
    17/05/2017 08:42 Client-Info Server Version: 1.3.5
    17/05/2017 08:42 Middleware::Response Success
    17/05/2017 08:42 SnapinClient Snapin Found:
    17/05/2017 08:42 SnapinClient     ID: 103
    17/05/2017 08:42 SnapinClient     Name: Update Windows 7
    17/05/2017 08:42 SnapinClient     Created: 2017-05-17 08:41:24
    17/05/2017 08:42 SnapinClient     Action: 
    17/05/2017 08:42 SnapinClient     Pack: True
    17/05/2017 08:42 SnapinClient     Hide: False
    17/05/2017 08:42 SnapinClient     Server: 
    17/05/2017 08:42 SnapinClient     TimeOut: 0
    17/05/2017 08:42 SnapinClient     SnapinPack File: cmd.exe
    17/05/2017 08:42 SnapinClient     SnapinPack Args: /c "[FOG_SNAPIN_PATH]\test.bat" >> %tmp%\test.log 2>&1
    17/05/2017 08:42 SnapinClient     File: test.zip
    17/05/2017 08:42 Middleware::Communication Download: http://192.168.39.243/fog/service/snapins.file.php?mac=D0:67:E5:0C:6A:1A||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&taskid=103
    17/05/2017 08:42 SnapinClient C:\Program Files\FOG\tmp\test.zip
    17/05/2017 08:42 SnapinClient Processing SnapinPack test.zip
    17/05/2017 08:42 SnapinClient Extracting SnapinPack
    17/05/2017 08:42 SnapinClient ERROR: Compressed size mismatch between central header(161385) and local header(0)
    17/05/2017 08:42 Middleware::Communication URL: http://192.168.39.243/fog/service/snapins.checkin.php?taskid=103&exitcode=-1&mac=D0:67:E5:0C:6A:1A||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
    

    An idea ?



  • @plegrand You know, most people just keep their images updated so they don’t have to worry about this so much. I know some of the community do quarterly images while others do annual images.

    You’d probably have better luck just opening an Amazon Web Services account and installing Systems Manager into your image so you can control patching through AWS. This tool is specifically built for this, among a few other things.

    Or, just a WSUS server and some group policy to control how updates work.



  • @plegrand yes
    but for the moment nothing happen ;-)
    I’m trying snapin pack
    with this command :

    psexec \\%computername% -u %computername%\Administrateur -p password -e cmd /c "net use y: \\samba\wsus$ "my'password" /User:samba\Administrateur & y:\wsusoffline\client\cmd\DoUpdate.cmd /verify /updatecpp /updatetsc /instdotnet4 /autoreboot"
    

    i made a zip with my batch script (test.bat) and psexec

    Snapin Type Snapin Pack
    Snapin Pack Template Batch Script
    Snapin Pack File cmd.exe
    Snapin Pack Arguments /c “[FOG_SNAPIN_PATH]\MyScript.bat”
    Snapin File Max Size:1900M test.zip
    Snapin Command cmd.exe /c “[FOG_SNAPIN_PATH]\MyScript.bat”



  • @Tom-Elliott @Avaryan
    It works !!! with psexec
    for the moment from command line, then i need to package my script and psexec ?

    here is the command :

    psexec \\%computername% -u %computername%\Administrateur -p password -e cmd /c "net use y: \\samba\wsus$ "my'password" /User:samba\Administrateur & y:\wsusoffline\client\UpdateInstaller.exe"
    

    UpdateInstaller.exe open a windows and wait for user input.
    For the moment i dont if it will works with snapin


  • Senior Developer

    @plegrand So have you tried with using the DoUpdate.cmd instead of trying with UpdateInstaller.exe?



  • @Tom-Elliott no
    It works alone without waiting something from the user


  • Senior Developer

    @plegrand Does the “DoUpdate.cmd” script call UpdateInstaller.exe?


 

584
Online

5.4k
Users

12.6k
Topics

118.7k
Posts