snappin doesn't work
-
@lebrun78 There is a Powershell template. Pick the template, upload the powershell file. That’s all you have to do when creating a snapin.
-
@Wayne-Workman
that’s what I did, I think ?
-
could I make log more verbose ?
-
@lebrun78 It’s not verbosity that will get you an answer.
Can you actually upload the ps1 script here? From what I can see your client is restarting after a period of time.
It get’s the point of displaying the Snapin, the client appears to restart, then it get’s back to the same point and ends on “Snapin starting”.
This leads me to think there’s something in the snapin causing issues. Maybe from the PS1 script?
-
@Tom-Elliott
I manually restart it while the task is still marked as running -
@lebrun78 Well, if it’s “installing MS Office, as the file kind of suggests” I’m guessing the PS1 has to either download the installer files and/or start the installer files across a network share. Are you setting the installation in a “silent” mode? Does running it manually on the command line cause you to do user inputs or not?
-
Should it be a path problem ? Should fog client install the script from c:\program file x86\fog\tmp ?
-
@Tom-Elliott
No because it was not working with office2010, I try it with a script to install videolan player which is very lighter -
So what is the point of the fog_instoffice2010.ps1 file?
-
fog_inst_office2010.ps1 is a script to mount p: with authentication and call a bat script
-
here is this extract of windows powershell log in windows events viewer
1st run by snap in:
2nd by manual command line that works:
I don’t understand !
Witch trigger mark snapin task ended in web console ?
-
@lebrun78 snapins run as SYSTEM (this is like a limited root on unix). If a script works when run manually but not as a snapin, then your script is not SYSTEM compliant. Usually its an issue when someone tries to use network shares, which it appears you are doing. SYSTEM is an non domain user, so if your network share requires someone to be domained user to access it, that’s one potential issue. Ultimately this is a network share issue, and without see exactly how you are mounting / using it, we cannot help.
-
@Joe-Schmitt he’s using the powershell script to mount & then call another script. But yes, how it’s being done matters and we need to know.
@lebrun78 said in snappin doesn't work:
hello
-programme is an option of the script fog_inst_office2010.ps1fog_inst_office2010.ps1 is a script to mount p: with authentication and call a bat script
-
Here is the power shell code.
We have no domainparam ( [String] $programme ) $user = "install" $pwd = "1234500000000000000000000000000000000000000000000000000000AAAA=" $serveur = "\\fileserver.istic.univ-rennes1.fr\partage" $cert = $(Get-ChildItem cert:\CurrentUser\TrustedPublisher | where {$_.Subject -eq "CN=ISTIC/ESIR Signature"}) $tab_key = @() foreach ($i in $cert.SerialNumber.ToCharArray()){$tab_key += [convert]::ToInt16($i,16)} $password = ConvertTo-SecureString -key $tab_key -string $pwd $credential = New-Object -TypeName system.management.Automation.PSCredential -ArgumentList $user, $password #net use p: $dossier_partage /p:n /u:$($credential.GetNetworkCredential().username) $($credential.GetNetworkCredential().password) if (!(Test-Path -Path p:)){ $net = new-object -ComObject WScript.Network $net.MapNetworkDrive("p:", $serveur, $false, $credential.GetNetworkCredential().UserName,$credential.GetNetworkCredential().password) } #lorsque l'on lance un script powershell, si il y avait des espaces dans le nom, cela ne passait pas #lorsque l'on faisait un start-process et ce nom en argument. Donc on utilise plutot le nom court $prog_court = (New-Object -ComObject Scripting.FileSystemObject).GetFile($programme).ShortPath write-host "$(hostname):Dossier de l'installer $($dossier_installer)" write-host "" write-host "$(hostname):lancement de $($programme)" write-host "$(hostname):lancement de $($prog_court)" #start-process -FilePath $programme -wait -NoNewWindow $dossier_installer = $((get-item -path $programme).DirectoryName) if (!(Test-Path -Path "$dossier_installer\logs_fog_install")){New-Item -ItemType directory -Path "$dossier_installer\logs_fog_install"} $extension = (get-item -path $programme).Extension if ($extension -eq ".bat" -or $extension -eq ".cmd") { #write-host "$env:COMPUTERNAME:C'est un script bat" start-process -FilePath $prog_court -wait -NoNewWindow -RedirectStandardOutput ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_log.txt -RedirectStandardError ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_error.txt } if ($extension -eq ".ps1") { #write-host "$env:COMPUTERNAME:C'est un script powershell" $policy = Get-ExecutionPolicy Set-ExecutionPolicy AllSigned start-process -FilePath PowerShell -Arg $prog_court -wait -NoNewWindow -RedirectStandardOutput ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_log.txt -RedirectStandardError ${dossier_installer}\logs_fog_install\${env:COMPUTERNAME}_error.txt Set-ExecutionPolicy $policy } #net use p: /delete $net.RemoveNetworkDrive("p:") # SIG # Begin signature block # MIIECAYJKoZIhvcNAQcCoIID+TCCA/UCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZM888888888888888888888888888888888888888sITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUtCNKzTzpJy5lu9elxjbUrgg6 # IN6gggIiMIICHjCCAYugAwIBAgIQ1lzBhsDQvaJIVRttke8WMjAJBgUrDgMCHQUA # MBwxGjAYBgNVBA0000000000000000000000000000000MDEyMDE0NDkzMloX # DTM5MTIzMTIzNTk1OVowHzEdMBsGA1UEAxMUSVNUSUMvRVNJUiBTaWduYXR1cmUw # gZ8wDQY555555555555555555555555555555555555555555555555555555eWWBCfR # uEdEBxWynlykfLTyteMRiJO3TywGgvhoGX0V+hZpUBeqQLD7q3Qs0npuhWr9COSt Insert Code Here
-
@Joe-Schmitt ght.
I changed the user account joined to fogservice and it works now.
Install is now the user account used by fogserviceThanks
-
@lebrun78 said in snappin doesn't work:
I changed the user account joined to fogservice and it works now.
Install is now the user account used by fogserviceSo you changed the user account to
SYSTEM
? -
@Wayne-Workman
I changed the account associated to fogesevrvice from local system account to install
-
@lebrun78 that indicates it’s a network share permission issue or a script issue, as we have been saying. While that may work, you have to alter every machine and is a work-a-round for the underlying issue. If its a network share permission, fixing the network share permissions to allow for SYSTEM access (even if just to a single public folder) is the route we recommend. If its an issue with how you mount/decrypt your share, then it just needs to be made SYSTEM compatible. The client was built with SYSTEM permissions in mind, and therefore I cannot vouch for the security, or functionality, of the client running as a different user.
-
@Joe-Schmitt
My cisf server is a samba server.
How could it be accessible by a client system account ? -
@lebrun78 We had no idea this wasn’t a windows network share (if you already mentioned that, I overlooked it, sorry). Most people use them, so we assume that by default. I may be wrong here, but that would point to more of a script issue. I think @JJ-Fullmer is working on a post in this thread about mounting a share in powershell using SYSTEM. It could also be how you get your Certificate from the cert store (
cert:\CurrentUser\TrustedPublisher
).SYSTEM
is sometimes not considered a user, and is instead considered theLocalMachine
in the cert store. Basically I would recommend adding some debugging statements to your script and see where its failing (e.g. if its getting the cert correctly, or if its just the mounting code thats going wrong).