snapin and batch script
Running Version 1.3.5
SVN Revision: 6067
here is a piece of code which doesn’t works from snapin :
net use * /delete /y >> %tmp%\Update_Windows7.log 2>&1 call net use z: \\samba\wsus$ "my'password" /user:samba\administrateur >> %tmp%\Update_Windows7.log 2>&1
(note the " ’ " into the password)
This code works fine from the command line, but from snapin, the drive is displayed with a red cross as it was disconnected, and when i click on it, it says that the name or password is wrong. As i said before this code works fine from command line.
An idea for this problem ?
Thanks for your help
It seams that the problem is because the script is launched as system user.
Is there a solution to solve that ?
@plegrand psexec already has the ability to send commands to remote machines, I’m not sure why you would try to make psexec commands into fog snapins.
This whole thread seems really over-complicated.
Why not just bake-in some run-once functionality into your image? Windows already does this natively via the registry. Doing it for Linux images is trivial because SystemD is amazing.
Just for information :
I found this tool :
There is this script inside : “psexec.py”
The package exist for debian : Package python-impacket
psexec.py works fine from the linux command line (very long command line )
And i think i will be able to use it on several remote windows computers with tmux.
@Wayne-Workman Not sure i want to use Amazon service
@Wayne-Workman I understand that
I already said it, Systems Manager from Amazon Web Services.
I think the problem is that snapin is launched as SYSTEM user
This is not a problem, this is by design. Not only is it by design in the FOG Client, it is by design from Microsoft. This is how deployments are made safe, anything less is a breach of security.
So, the overall objective here, is it just to get Windows updated? Does it have it be offline using wsusoffline?
There are PowerShell modules for Windows Update that may be able to trigger updates.
We use this tool instead of FOG Snapins to deploy applications in our offices. They have a free version that should do what you need, but the paid for version is reasonable in cost and well worth the price because of the additional functionality.
I think the problem is that snapin is launched as SYSTEM user, then even i use psexec or runas to run command as local user, snapin is launched as SYSTEM and then it does not works. I try with -accepteula but …
Psexec needs the EULA to be accepted on first use (I’m guessing per user basis even)
So add -accepteula maybe.
edit: But given you only to execute commands on the local system as a different user, runas is likely the easier/better tool for the job.
edit2: Just remembered you can’t pipe passwords to it, nvm
It seams that i have to create the zip file on windows , on linux i have this error.
After that the snapin pack is launched but i think it’s waiting interaction with user and even i use psexec the script is launch by system. Then it doesn’t works.
I have to find an other solution
I cant make it works for the moment with snapinpack, I’ve got an error that i don’t understand :
17/05/2017 08:42 Client-Info Client Version: 0.11.11 17/05/2017 08:42 Client-Info Client OS: Windows 17/05/2017 08:42 Client-Info Server Version: 1.3.5 17/05/2017 08:42 Middleware::Response Success 17/05/2017 08:42 SnapinClient Snapin Found: 17/05/2017 08:42 SnapinClient ID: 103 17/05/2017 08:42 SnapinClient Name: Update Windows 7 17/05/2017 08:42 SnapinClient Created: 2017-05-17 08:41:24 17/05/2017 08:42 SnapinClient Action: 17/05/2017 08:42 SnapinClient Pack: True 17/05/2017 08:42 SnapinClient Hide: False 17/05/2017 08:42 SnapinClient Server: 17/05/2017 08:42 SnapinClient TimeOut: 0 17/05/2017 08:42 SnapinClient SnapinPack File: cmd.exe 17/05/2017 08:42 SnapinClient SnapinPack Args: /c "[FOG_SNAPIN_PATH]\test.bat" >> %tmp%\test.log 2>&1 17/05/2017 08:42 SnapinClient File: test.zip 17/05/2017 08:42 Middleware::Communication Download: http://192.168.39.243/fog/service/snapins.file.php?mac=D0:67:E5:0C:6A:1A||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&taskid=103 17/05/2017 08:42 SnapinClient C:\Program Files\FOG\tmp\test.zip 17/05/2017 08:42 SnapinClient Processing SnapinPack test.zip 17/05/2017 08:42 SnapinClient Extracting SnapinPack 17/05/2017 08:42 SnapinClient ERROR: Compressed size mismatch between central header(161385) and local header(0) 17/05/2017 08:42 Middleware::Communication URL: http://192.168.39.243/fog/service/snapins.checkin.php?taskid=103&exitcode=-1&mac=D0:67:E5:0C:6A:1A||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
An idea ?
@plegrand You know, most people just keep their images updated so they don’t have to worry about this so much. I know some of the community do quarterly images while others do annual images.
You’d probably have better luck just opening an Amazon Web Services account and installing Systems Manager into your image so you can control patching through AWS. This tool is specifically built for this, among a few other things.
Or, just a WSUS server and some group policy to control how updates work.
but for the moment nothing happen
I’m trying snapin pack
with this command :
psexec \\%computername% -u %computername%\Administrateur -p password -e cmd /c "net use y: \\samba\wsus$ "my'password" /User:samba\Administrateur & y:\wsusoffline\client\cmd\DoUpdate.cmd /verify /updatecpp /updatetsc /instdotnet4 /autoreboot"
i made a zip with my batch script (test.bat) and psexec
Snapin Type Snapin Pack
Snapin Pack Template Batch Script
Snapin Pack File cmd.exe
Snapin Pack Arguments /c "[FOG_SNAPIN_PATH]\MyScript.bat"
Snapin File Max Size:1900M test.zip
Snapin Command cmd.exe /c “[FOG_SNAPIN_PATH]\MyScript.bat”
here is the command :
psexec \\%computername% -u %computername%\Administrateur -p password -e cmd /c "net use y: \\samba\wsus$ "my'password" /User:samba\Administrateur & y:\wsusoffline\client\UpdateInstaller.exe"
UpdateInstaller.exe open a windows and wait for user input.
For the moment i dont if it will works with snapin
@plegrand So have you tried with using the DoUpdate.cmd instead of trying with UpdateInstaller.exe?
It works alone without waiting something from the user
@plegrand Does the “DoUpdate.cmd” script call UpdateInstaller.exe?