snapin script running on a samba share

lebrun78 · Dec 4, 2020, 4:08 PM

Hello
Do you have any suggestions or examples of snapins running powershell scripts for installing programs hosted on an authenticated share?
I am unable to do an authenticated samba mount with the system account used by the fog client.

Sebastian Roth · Dec 4, 2020, 4:29 PM

@lebrun78 You might want to share the script you have so far so we know more about what exactly you are trying to do.

george1421 · Dec 4, 2020, 4:32 PM

@lebrun78 If I remember right, the fog client runs as SYSTEM which has not rights outside the local box its running on. So you will need to map a drive in your script and provide new credential to connect to that external share. This is the same for a samba or cifs share. SYSTEM only has local rights.

lebrun78 · Dec 7, 2020, 2:47 AM

@sebastian-roth

Here is the content of the fog_snapin_inst.ps1 script which mounts the share and which launches either a batch script or a powershell script

param (
    [String] $programme
)
$user = "fog"
$pwd = "EncriptpasswordwBiADEAZA="

$serveur = "\\wolala.univ-rennes1.fr\snapins$"
[Byte[]] $key = (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
$password = ConvertTo-SecureString -key $key -string $pwd
$credential = New-Object -TypeName system.management.Automation.PSCredential -ArgumentList $user, $password

if (!(Test-Path -Path Q:)){
    $net = new-object -ComObject WScript.Network
    $net.MapNetworkDrive("p:", $serveur, $false, $credential.GetNetworkCredential().UserName,$credential.GetNetworkCredential().password)
   
}

#lorsque l'on lance un script powershell, si il y avait des espaces dans le nom, cela ne passait pas 
#lorsque l'on faisait un start-process et ce nom en argument. Donc on utilise plutot le nom court
$prog_court = (New-Object -ComObject Scripting.FileSystemObject).GetFile($programme).ShortPath

					
    write-host "$(hostname):Dossier de l'installer $($dossier_installer)"
	write-host ""
	write-host "$(hostname):lancement de $($programme)"
    write-host "$(hostname):lancement de $($prog_court)"

#start-process -FilePath $programme -wait -NoNewWindow
$dossier_installer = $((get-item -path $programme).DirectoryName)

if (!(Test-Path -Path "$dossier_installer\logs_fog_install")){New-Item -ItemType directory -Path "$dossier_installer\logs_fog_install"}
$extension = (get-item -path $programme).Extension
if ($extension -eq ".bat" -or $extension -eq ".cmd") {
	write-host "$env:COMPUTERNAME:C'est un script bat"
	start-process -FilePath $prog_court -wait -NoNewWindow -RedirectStandardOutput ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_log.txt -RedirectStandardError ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_error.txt
    
}
if ($extension -eq ".ps1") {
	write-host "$env:COMPUTERNAME:C'est un script powershell"
	$policy = Get-ExecutionPolicy
	Set-ExecutionPolicy AllSigned
	start-process -FilePath PowerShell -Arg $prog_court -wait -NoNewWindow -RedirectStandardOutput ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_log.txt -RedirectStandardError ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_error.txt
    Set-ExecutionPolicy $policy
}


$net.RemoveNetworkDrive("p:")
Remove-SmbMapping -RemotePath $serveur -Force


# SIG # Begin signature block
# MIIECAYJKoZIhvcNAQcCoIID+TCCA/UCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB

So I get this Snapin Command read-only:

powershell.exe -ExecutionPolicy Bypass -NoProfile -File fog_snapin_inst.ps1 -programme P:\officepro2010\inst_office2010.bat

Sebastian Roth · Dec 7, 2020, 11:47 AM

@lebrun78 Can you run this exact script in the SYSTEM context (as described below through PsExec) and see where exactly it fails?

174

12.0k

17.3k

155.1k