snapin and batch script
-
@plegrand yes
but for the moment nothing happen
I’m trying snapin pack
with this command :psexec \\%computername% -u %computername%\Administrateur -p password -e cmd /c "net use y: \\samba\wsus$ "my'password" /User:samba\Administrateur & y:\wsusoffline\client\cmd\DoUpdate.cmd /verify /updatecpp /updatetsc /instdotnet4 /autoreboot"
i made a zip with my batch script (test.bat) and psexec
Snapin Type Snapin Pack
Snapin Pack Template Batch Script
Snapin Pack File cmd.exe
Snapin Pack Arguments /c “[FOG_SNAPIN_PATH]\MyScript.bat”
Snapin File Max Size:1900M test.zip
Snapin Command cmd.exe /c “[FOG_SNAPIN_PATH]\MyScript.bat” -
@plegrand You know, most people just keep their images updated so they don’t have to worry about this so much. I know some of the community do quarterly images while others do annual images.
You’d probably have better luck just opening an Amazon Web Services account and installing Systems Manager into your image so you can control patching through AWS. This tool is specifically built for this, among a few other things.
Or, just a WSUS server and some group policy to control how updates work.
-
@Tom-Elliott
I cant make it works for the moment with snapinpack, I’ve got an error that i don’t understand :17/05/2017 08:42 Client-Info Client Version: 0.11.11 17/05/2017 08:42 Client-Info Client OS: Windows 17/05/2017 08:42 Client-Info Server Version: 1.3.5 17/05/2017 08:42 Middleware::Response Success 17/05/2017 08:42 SnapinClient Snapin Found: 17/05/2017 08:42 SnapinClient ID: 103 17/05/2017 08:42 SnapinClient Name: Update Windows 7 17/05/2017 08:42 SnapinClient Created: 2017-05-17 08:41:24 17/05/2017 08:42 SnapinClient Action: 17/05/2017 08:42 SnapinClient Pack: True 17/05/2017 08:42 SnapinClient Hide: False 17/05/2017 08:42 SnapinClient Server: 17/05/2017 08:42 SnapinClient TimeOut: 0 17/05/2017 08:42 SnapinClient SnapinPack File: cmd.exe 17/05/2017 08:42 SnapinClient SnapinPack Args: /c "[FOG_SNAPIN_PATH]\test.bat" >> %tmp%\test.log 2>&1 17/05/2017 08:42 SnapinClient File: test.zip 17/05/2017 08:42 Middleware::Communication Download: http://192.168.39.243/fog/service/snapins.file.php?mac=D0:67:E5:0C:6A:1A||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&taskid=103 17/05/2017 08:42 SnapinClient C:\Program Files\FOG\tmp\test.zip 17/05/2017 08:42 SnapinClient Processing SnapinPack test.zip 17/05/2017 08:42 SnapinClient Extracting SnapinPack 17/05/2017 08:42 SnapinClient ERROR: Compressed size mismatch between central header(161385) and local header(0) 17/05/2017 08:42 Middleware::Communication URL: http://192.168.39.243/fog/service/snapins.checkin.php?taskid=103&exitcode=-1&mac=D0:67:E5:0C:6A:1A||00:00:00:00:00:00:00:E0|00:00:00:00:00:00:00:E0&newService&json
An idea ?
-
@plegrand
It seams that i have to create the zip file on windows , on linux i have this error.
After that the snapin pack is launched but i think it’s waiting interaction with user and even i use psexec the script is launch by system. Then it doesn’t works.
I have to find an other solution -
Psexec needs the EULA to be accepted on first use (I’m guessing per user basis even)
So add -accepteula maybe.
edit: But given you only to execute commands on the local system as a different user, runas is likely the easier/better tool for the job.
edit2: Just remembered you can’t pipe passwords to it, nvm
-
@Quazz
I think the problem is that snapin is launched as SYSTEM user, then even i use psexec or runas to run command as local user, snapin is launched as SYSTEM and then it does not works. I try with -accepteula but … -
@Avaryan @Tom-Elliott @Quazz @Wayne-Workman
May be someone know a solution to launch remote command on mulitple computers without GPO’s ? -
@plegrand PDQ Deploy?? https://www.pdq.com/pdq-deploy/
We use this tool instead of FOG Snapins to deploy applications in our offices. They have a free version that should do what you need, but the paid for version is reasonable in cost and well worth the price because of the additional functionality.
-
So, the overall objective here, is it just to get Windows updated? Does it have it be offline using wsusoffline?
There are PowerShell modules for Windows Update that may be able to trigger updates.
-
@plegrand said in snapin and batch script:
I think the problem is that snapin is launched as SYSTEM user
This is not a problem, this is by design. Not only is it by design in the FOG Client, it is by design from Microsoft. This is how deployments are made safe, anything less is a breach of security.
-
@plegrand said in snapin and batch script:
@Avaryan @Tom-Elliott @Quazz @Wayne-Workman
May be someone know a solution to launch remote command on mulitple computers without GPO’s ?I already said it, Systems Manager from Amazon Web Services.
-
@Wayne-Workman I understand that
-
@Wayne-Workman Not sure i want to use Amazon service
-
@Wayne-Workman @Avaryan @george1421 @Quazz @Tom-Elliott
Just for information :
I found this tool :
https://github.com/CoreSecurity/impacket/tree/impacket_0_9_13There is this script inside : “psexec.py”
The package exist for debian : Package python-impacket
psexec.py works fine from the linux command line (very long command line )And i think i will be able to use it on several remote windows computers with tmux.
-
@plegrand psexec already has the ability to send commands to remote machines, I’m not sure why you would try to make psexec commands into fog snapins.
This whole thread seems really over-complicated.
Why not just bake-in some run-once functionality into your image? Windows already does this natively via the registry. Doing it for Linux images is trivial because SystemD is amazing.