snapin script running on a samba share


  • Hello
    Do you have any suggestions or examples of snapins running powershell scripts for installing programs hosted on an authenticated share?
    I am unable to do an authenticated samba mount with the system account used by the fog client.

  • Senior Developer

    @lebrun78 Can you run this exact script in the SYSTEM context (as described below through PsExec) and see where exactly it fails?


  • @sebastian-roth

    Here is the content of the fog_snapin_inst.ps1 script which mounts the share and which launches either a batch script or a powershell script

    param (
        [String] $programme
    )
    $user = "fog"
    $pwd = "EncriptpasswordwBiADEAZA="
    
    $serveur = "\\wolala.univ-rennes1.fr\snapins$"
    [Byte[]] $key = (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
    $password = ConvertTo-SecureString -key $key -string $pwd
    $credential = New-Object -TypeName system.management.Automation.PSCredential -ArgumentList $user, $password
    
    if (!(Test-Path -Path Q:)){
        $net = new-object -ComObject WScript.Network
        $net.MapNetworkDrive("p:", $serveur, $false, $credential.GetNetworkCredential().UserName,$credential.GetNetworkCredential().password)
       
    }
    
    #lorsque l'on lance un script powershell, si il y avait des espaces dans le nom, cela ne passait pas 
    #lorsque l'on faisait un start-process et ce nom en argument. Donc on utilise plutot le nom court
    $prog_court = (New-Object -ComObject Scripting.FileSystemObject).GetFile($programme).ShortPath
    
    					
        write-host "$(hostname):Dossier de l'installer $($dossier_installer)"
    	write-host ""
    	write-host "$(hostname):lancement de $($programme)"
        write-host "$(hostname):lancement de $($prog_court)"
    
    #start-process -FilePath $programme -wait -NoNewWindow
    $dossier_installer = $((get-item -path $programme).DirectoryName)
    
    if (!(Test-Path -Path "$dossier_installer\logs_fog_install")){New-Item -ItemType directory -Path "$dossier_installer\logs_fog_install"}
    $extension = (get-item -path $programme).Extension
    if ($extension -eq ".bat" -or $extension -eq ".cmd") {
    	write-host "$env:COMPUTERNAME:C'est un script bat"
    	start-process -FilePath $prog_court -wait -NoNewWindow -RedirectStandardOutput ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_log.txt -RedirectStandardError ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_error.txt
        
    }
    if ($extension -eq ".ps1") {
    	write-host "$env:COMPUTERNAME:C'est un script powershell"
    	$policy = Get-ExecutionPolicy
    	Set-ExecutionPolicy AllSigned
    	start-process -FilePath PowerShell -Arg $prog_court -wait -NoNewWindow -RedirectStandardOutput ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_log.txt -RedirectStandardError ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_error.txt
        Set-ExecutionPolicy $policy
    }
    
    
    $net.RemoveNetworkDrive("p:")
    Remove-SmbMapping -RemotePath $serveur -Force
    
    
    # SIG # Begin signature block
    # MIIECAYJKoZIhvcNAQcCoIID+TCCA/UCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
    

    So I get this Snapin Command read-only:

    powershell.exe -ExecutionPolicy Bypass -NoProfile -File fog_snapin_inst.ps1 -programme P:\officepro2010\inst_office2010.bat
    
  • Moderator

    @lebrun78 If I remember right, the fog client runs as SYSTEM which has not rights outside the local box its running on. So you will need to map a drive in your script and provide new credential to connect to that external share. This is the same for a samba or cifs share. SYSTEM only has local rights.

  • Senior Developer

    @lebrun78 You might want to share the script you have so far so we know more about what exactly you are trying to do.

360
Online

8.1k
Users

15.0k
Topics

141.4k
Posts