Elevated program automation via PSExec?

[DaleMahalko]

I am trying to make a rather simple script that does exactly what AutoIT was originally meant to do: Automate an IT program via Send(), ControlGetText(), and so forth.

 

It works perfectly fine if I start a Windows 7 remote desktop session to the remote computer, and then from within the remote desktop session:

 - Open an elevated (UAC) command prompt

 - Run the program

 

 

 

However, for the life o' me, I simply can not get it to work when launched on a remote computer. Apparently the program I am trying to automate is being launched on the remote machine in a manner that AutoIT cannot interact with the program window.

 

It is exasperating that it works great if I run it from an elevated command prompt via remote desktop. I suppose I could open 400 remote desktop sessions and run it that way on each remote machine, but good lord that's not the way automation is supposed to work.

 

If I try to launch the program remotely, and I also have a remote desktop session open to the remote computer, I can see the program I'm trying to automate that it launches in the "All Users" Task Manager, and I have to kill the process via Task Manager when the automation fails.

 

I have no idea if there's anything that can be "improved" in my source code to fix this, or if the problem is with the command line parameters I'm using with PSExec, or maybe something weird about remote UAC sessions that I don't know about.

expandcollapse popup

#AutoIt3Wrapper_Change2CUI=y
#pragma compile(Console, true)
#RequireAdmin
#include <File.au3>
;
; CleanWipe automation script by Dale Mahalko
; Email: dmahalko@gmail.com  - Apr 9, 2015
; Free to redistribute
;
; Compile this into an EXE, using AutoIT:
;     https://www.autoitscript.com/site/autoit/
;
; Run: ScriptName.exe \\pathto\share\for\cleanwipe
;           C:\Path\To\Temp\Dir  domain\user
;           password
;
; Command parameters are optional.
; You must run this script elevated, as Admin.
;
;=======================================================

; Check for valid source path and files
Global $MappedDrive = False, $MDrive, $logfile
IF $CmdLine[0] > 0 Then
    $WkDir = $CmdLine[1]
Else
    LogIt("Using working dir as source path. Otherwise" _
        & " provide source path as 1st")
    LogIt("parameter. (use quotes around path, if there" _
        & " are spaces)")
    $WkDir = @WorkingDir
EndIf

IF $CmdLine[0] > 1 Then
    $tmpdir = _TempFile($CmdLine[2])
Else
    LogIt("Using C:\Windows\Temp as temp path. Otherwise" _
        & " provide temp path as 2nd")
    LogIt("parameter. (use quotes around path, if there" _
        & " are spaces)")
    $tmpdir = _TempFile("C:\windows\temp")
EndIf
LogIt("Work dir: " & $WkDir)
LogIt("Temp dir: " & $tmpdir)

IF $CmdLine[0] > 2 Then
    LogIt("Creating temporary drive mapping using " _
    & "parameters 3 and 4 for username and password.")
    $MDrive = DriveMapAdd ("*", $WkDir, 0, _
        $CmdLine[3], $CmdLine[4])
    LogIt("Mapped temp drive letter: " & $MDrive)
    LogIt("Using: " & $CmdLine[3] & " - " & $CmdLine[4])
    IF (StringLeft($MDrive,1) < "A" Or _
        StringLeft($MDrive,1) > "Z") Then
        LogIt("Error mapping drive letter.")
        Die(@error)
    EndIf
    $MappedDrive = True
EndIf

IF Not FileExists($WkDir) Then
    LogIt("Can't find source directory.")
    Die(0)
EndIf
IF Not FileExists($WkDir & "\cleanwipe.exe") Then
    LogIt("cleanwipe.exe not in source dir." )
    Die(0)
EndIf
IF Not FileExists($WkDir & "\cleanwipe.db") Then
    LogIt("cleanwipe.db not in source dir.")
    Die(0)
EndIf

; Copy CleanWipe to temp directory on Windows PC.
$logfile = $tmpdir & "\results.log"
DirCreate ($tmpdir)
;
LogIt ("Copying cleanwipe files.")
FileCopy($WkDir & "\cleanwipe.exe", $tmpdir)
FileCopy($WkDir & "\cleanwipe.db", $tmpdir)

Local $Why, $What
;
LogIt("Launching " & $tmpdir & "\Cleanwipe.exe")
$Err = Run($tmpdir & "\Cleanwipe.exe")
If $Err = 0 THEN Die(@error)
;
LogIt("Waiting 60 seconds for launch")
Local $hWnd = WinWait("[TITLE:CleanWipe]", "", 60)
If $hWnd = 0 Then Die(@error)
;SendKeepActive("[TITLE:CleanWipe]"
;
LogIt("1st window: Click Next")
$Err = Send("{Space}")
If $Err = 0 Then Die(@error)
;
LogIt("2nd window: Click EULA / Next")
$Err = Send("{Space}{Tab}{Tab}{Space}")
If $Err = 0 Then Die(@error)
;
LogIt("3rd window: Click Client software" _
   & " / Liveupdate / Next ")
$Err = Send("{Space}{Tab}{Tab}{Space}{Tab}{Tab}{Space}")
If $Err = 0 Then Die(@error)
;
LogIt("4th window: Click don't prompt to reboot / Next")
$Err = Send("{Space}{Tab}{Tab}{Tab}{Tab}{Space}")
If $Err = 0 Then Die(@error)
;
; Check for any CleanWipe error messages.
$WTitle = WinGetTitle("[ACTIVE]")
LogIt("Found output window named: " & $WTitle)
If $WTitle <> "CleanWipe" Then
    LogIt("Error message: " & ControlGetText ( _
        $WTitle, "", "[Class:Static; Instance:2]" ))
    LogIt("Closing error window, exit CleanWipe.")
    ;SendKeepActive($WTitle)
    $Err = Send("{Space}")
    If $Err = 0 Then Die(@error)
    sleep(500)
    $Err = Send("{tab}{Space}")
    If $Err = 0 Then Die(@error)
    sleep(500)
    $Err = Send("{Space}")
    If $Err = 0 Then Die(@error)
    ;
    LogIt("Temp dir name left behind: " & $tmpdir)
    Die(0)
EndIf
;
;   Next> button is inactive during the task.
;   Wait for it to become active.
LogIt("Waiting 15 minutes for tasks to complete.")
$SleepTimer = 0
Do
    Sleep (1000)
    $SleepTimer = $SleepTimer + 1
    IF $SleepTimer > 900 Then
        Die("Waited 900 sec, but it didn't finish.")
    EndIf
Until (ControlCommand("CleanWipe", '', "[ID:12324]", _
    'IsEnabled'))
;
LogIt("Job results: ")
LogIt(ControlGetText ( "CleanWipe", "", _
    "[Class:RichEdit20W; Instance:1]" ) )
;SendKeepActive("[TITLE:CleanWipe]"
LogIt("GUI: Click Next" )
$Err = Send("{Tab}{Space}")
If $Err = 0 Then Die(@error)
sleep(500)
;
LogIt("GUI: Click Finish" )
$Err = Send("{Space}")
If $Err = 0 Then Die(@error)
sleep(500)
;
LogIt("Completed successfully." )
LogIt("Temp dir name left behind: " & $tmpdir)
If $MappedDrive = True Then
    DriveMapDel($MDrive)
    LogIt("Removed temp drive letter: " & $MDrive)
EndIf
Exit
;
Func Die($Why)
    LogIt("Error, code: " & $Why )
    If $MappedDrive = True Then
        DriveMapDel($MDrive)
        LogIt("Removed temp drive letter: " & $MDrive)
    EndIf
    Exit
EndFunc
Func LogIt($Who)
    If $logfile <> "" Then _FileWriteLog($logfile, $Who)
    ConsoleWrite($Who & @CRLF)
EndFunc

 

Typical successful logged output:

 

C:WindowsTempps_tools>cw-auto-rev5.exe "XXXXXXXXXXNetAdminStuffSEP_Clean-Wipe" "C:Windowstempps_tools"  YYYYYYYYY  ZZZZZZZZZ

Work dir: XXXXXXXXXXNetAdminStuffSEP_Clean-Wipe

Temp dir: C:Windowstempps_tools~hljlzgj.tmp

Creating temporary drive mapping using parameters 3 and 4 for username and password.

Mapped temp drive letter: Z:

Using: YYYYYYY - ZZZZZZZZZ

Copying cleanwipe files.

Launching C:Windowstempps_tools~hljlzgj.tmpCleanwipe.exe

Waiting 60 seconds for launch

1st window: Click Next

2nd window: Click EULA / Next

3rd window: Click Client software / Liveupdate / Next

4th window: Click don't prompt to reboot / Next

Found output window named: CleanWipe

Waiting 15 minutes for tasks to complete.

Job results:

22:23:06        INFO    Initializing removal engine...

22:23:06        INFO    Engine version: 12.1.5337.5000

22:23:07        INFO    Engine initalized succesfully.

22:23:07        INFO    [1/22]: Scanning Windows Installer cache

22:23:07        INFO    [2/22]: Collecting product information

22:23:07        INFO    [3/22]: Processing collected information

22:23:07        INFO    [4/22]: Preparing to remove products

22:23:07        INFO    [5/22]: Unregistering products from Windows Installer database

22:23:07        INFO    [6/22]: Stopping LiveUpdate

22:23:07        INFO    [7/22]: Stopping and removing services

22:23:10        INFO    [8/22]: Unregistering EventLog sources

22:23:10        INFO    [9/22]: Disabling startup items

22:23:10        INFO    [10/22]: Verifying whether a reboot is required

22:23:13        INFO    [11/22]: Reboot

22:23:13        INFO    Task skipped because reboot was not required.

22:23:13        INFO    [12/22]: Stopping LiveUpdate

22:23:13        INFO    Task skipped because reboot was not required.

22:23:13        INFO    [13/22]: Removing unused definitions

22:23:13        INFO    [14/22]: Unregistering LiveUpdate content

22:23:13        INFO    [15/22]: Removing symbolic links

22:23:13        INFO    [16/22]: Removing files and directories

22:23:17        INFO    [17/22]: Unregistering applications from InstalledApps database

22:23:17        INFO    [18/22]: Uninstalling unused LiveUpdate

22:23:17        INFO    [19/22]: Searching registry for product related data

22:23:29        INFO    [20/22]: Removing registry keys

22:23:29        INFO    [21/22]: Removing Windows Firewall exceptions

22:23:30        INFO    [22/22]: Unregistering products from Windows Security Center

22:23:32        INFO    Saving state...

22:23:32        INFO    Removal completed successfully.

 

GUI: Click Next

GUI: Click Finish

Completed successfully.

Temp dir name left behind: C:Windowstempps_tools~hljlzgj.tmp

Removed temp drive letter: Z:

 

 

However, if I try to launch via PSExec from an elevated local command prompt, it ends up doing dumb things like this:

psexec -i -h -u YYYYYYYY -p ZZZZZZZZ FFFFFF cmd /c c:windowstempps_toolscw-auto-rev5.exe "XXXXXXXXNetAdminStuffSEP_Clean-Wipe" "C:WindowsTemp" YYYYYYYY ZZZZZZZZ

 

Failed PSExec remote elevated launch:

 

 

2015-04-09 21:44:29 : Copying cleanwipe files.

2015-04-09 21:44:30 : Launching C:WindowsTemp~bfwdsai.tmpCleanwipe.exe

2015-04-09 21:44:30 : Waiting 60 seconds for launch

2015-04-09 21:44:31 : 1st window: Click Next

2015-04-09 21:44:31 : 2nd window: Click EULA / Next

2015-04-09 21:44:31 : 3rd window: Click Client software / Liveupdate / Next 

2015-04-09 21:44:31 : 4th window: Click don't prompt to reboot / Next

2015-04-09 21:44:31 : Found output window named: 

2015-04-09 21:44:31 : Error message: 

2015-04-09 21:44:31 : Closing error window, exit CleanWipe.

2015-04-09 21:44:32 : Temp dir name left behind: C:WindowsTemp~bfwdsai.tmp

2015-04-09 21:44:32 : Error, code: 0

2015-04-09 21:44:32 : Removed temp drive letter: Z:

 

 

I'm specifying the network username and password twice in my PSExec command line. Once to logon remotely via PSExec and once to map a temporary network drive via my script.

 

I'm making this script map its own temporary network drive to the server, because it seems I usually get Access Denied errors trying to access network shares remotely via PSExec, regardless of what PSExec username password or PSExec command line options I use.

 

Help?

[computergroove]

I dug around and found this - http://www.symantec.com/connect/forums/automating-symantec-cleanwipe-remove-sep-client-silently-upgradeI do not have a symantec program to test it on so youll have to try yourself. Can you reproduce the problem locally so you can debug why your script wont interact with the command window? It wouldnt suprise me if that was implemented by symantec for this program so hackers couldn't remotely uninstall protection. You could bypass this if you added an arduino board to each machine and program it to send mouse clicks and send commands as a keyboard emulator. The Arduino boards are arounf $7.00 each on ebay.

[DaleMahalko]

The script works fine elevated on my own desktop, if I go to any organizational desktop directly and run it elevated, and on a remote desktop elevated.

I think it is probably some strange interaction between PSExec and UAC. 

Symantec Endpoint Protection 11 is end of life, and our organization is going with Avast Enterprise now. Except I discovered after installing Avast that SEP11 doesn't really completely remove itself via the Programs list, and there are lurking components that only CleanWipe and SEPPrep can remove.

The SEPPrep tool does have a remote-run ability directly built into it, but it has an atom bomb approach as it removes everything including Avast, so then I would have to redo all the Avast installs again. 

[Jos]

Don't think the Send() commands will work as you are running it in the "background" as service without an actual screen session when shelled with PSEXEC on a remote computer.

Either use Controlxxx() commands or preferably only commandline arguments in case the programs can run silently.

Jos

Edited April 10, 2015 by Jos