snapin script running on a samba share

  • Hello
    Do you have any suggestions or examples of snapins running powershell scripts for installing programs hosted on an authenticated share?
    I am unable to do an authenticated samba mount with the system account used by the fog client.

  • Senior Developer

    @lebrun78 Can you run this exact script in the SYSTEM context (as described below through PsExec) and see where exactly it fails?

  • @sebastian-roth

    Here is the content of the fog_snapin_inst.ps1 script which mounts the share and which launches either a batch script or a powershell script

    param (
        [String] $programme
    $user = "fog"
    $pwd = "EncriptpasswordwBiADEAZA="
    $serveur = "\\\snapins$"
    [Byte[]] $key = (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
    $password = ConvertTo-SecureString -key $key -string $pwd
    $credential = New-Object -TypeName -ArgumentList $user, $password
    if (!(Test-Path -Path Q:)){
        $net = new-object -ComObject WScript.Network
        $net.MapNetworkDrive("p:", $serveur, $false, $credential.GetNetworkCredential().UserName,$credential.GetNetworkCredential().password)
    #lorsque l'on lance un script powershell, si il y avait des espaces dans le nom, cela ne passait pas 
    #lorsque l'on faisait un start-process et ce nom en argument. Donc on utilise plutot le nom court
    $prog_court = (New-Object -ComObject Scripting.FileSystemObject).GetFile($programme).ShortPath
        write-host "$(hostname):Dossier de l'installer $($dossier_installer)"
    	write-host ""
    	write-host "$(hostname):lancement de $($programme)"
        write-host "$(hostname):lancement de $($prog_court)"
    #start-process -FilePath $programme -wait -NoNewWindow
    $dossier_installer = $((get-item -path $programme).DirectoryName)
    if (!(Test-Path -Path "$dossier_installer\logs_fog_install")){New-Item -ItemType directory -Path "$dossier_installer\logs_fog_install"}
    $extension = (get-item -path $programme).Extension
    if ($extension -eq ".bat" -or $extension -eq ".cmd") {
    	write-host "$env:COMPUTERNAME:C'est un script bat"
    	start-process -FilePath $prog_court -wait -NoNewWindow -RedirectStandardOutput ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_log.txt -RedirectStandardError ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_error.txt
    if ($extension -eq ".ps1") {
    	write-host "$env:COMPUTERNAME:C'est un script powershell"
    	$policy = Get-ExecutionPolicy
    	Set-ExecutionPolicy AllSigned
    	start-process -FilePath PowerShell -Arg $prog_court -wait -NoNewWindow -RedirectStandardOutput ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_log.txt -RedirectStandardError ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_error.txt
        Set-ExecutionPolicy $policy
    Remove-SmbMapping -RemotePath $serveur -Force
    # SIG # Begin signature block

    So I get this Snapin Command read-only:

    powershell.exe -ExecutionPolicy Bypass -NoProfile -File fog_snapin_inst.ps1 -programme P:\officepro2010\inst_office2010.bat
  • Moderator

    @lebrun78 If I remember right, the fog client runs as SYSTEM which has not rights outside the local box its running on. So you will need to map a drive in your script and provide new credential to connect to that external share. This is the same for a samba or cifs share. SYSTEM only has local rights.

  • Senior Developer

    @lebrun78 You might want to share the script you have so far so we know more about what exactly you are trying to do.