Sign in to follow this  
Followers 0
bungle

RunAsSet with Domain Shares

7 posts in this topic

Hi,

I'm getting

"Error: Unable to execute the external program. Access is denied" from the script below.

The plan is to install/update Office 2003 on locked down machine where the user does not have admin rights. The script is compiled to an exe. Psexec is used to copy the exe to a remote desktop and run the exe.

RunAsSet is a domain admin account - it has correct permissions.

If the exe is run manually at the desktop it works for domain admin or local (non-admin) user without error, the RunAsSet works.

I've tried

using \\server\share instead of DFS share

using DriveMapAdd to map the share

but get the same. Any ideas?

TIA, Paul C

Script:

RunAsSet ( "username", "domain", "password}",2 )

Runwait ("\\dfs_share_name\folder\off2003instalNOUI.cmd", "C:\", @SW_MINIMIZE)

RunAsSet()

Share this post


Link to post
Share on other sites



Any time that you Run under RunAsSet there's no pre-existing network connectivity for the RunAs user. My experience in this is with NetWare, but it's also the case for Windows as evidenced by numerous threads in these forums.

My recommended remedy (that is assuming you don't want to copy the file locally before the RunAs) is to create a script that makes a network connection with credentials provided using DriveMapAdd (which despite the name doesn't have to map a drive letter), then simply Runs the desired file using a UNC path. Compile this script, then create another script that calls your first script with RunAsSet to the desired admin credentials. You can FileInstall the first compiled script within the second if you wish.

This link is from an aforementioned thread and and has an example which recursively calls itself with admin credentials, avoiding the need for two scripts, and connects to a network share and runs a file on the share. Example is tested on NetWare, but the concepts work for Windows networks, as well.


Yes yes yes, there it was. Youth must go, ah yes. But youth is only being in a way like it might be an animal. No, it is not just being an animal so much as being like one of these malenky toys you viddy being sold in the streets, like little chellovecks made out of tin and with a spring inside and then a winding handle on the outside and you wind it up grrr grrr grrr and off it itties, like walking, O my brothers. But it itties in a straight line and bangs straight into things bang bang and it cannot help what it is doing. Being young is like being like one of these malenky machines.

Share this post


Link to post
Share on other sites

Hi,

I'm getting

"Error: Unable to execute the external program. Access is denied" from the script below.

The plan is to install/update Office 2003 on locked down machine where the user does not have admin rights. The script is compiled to an exe. Psexec is used to copy the exe to a remote desktop and run the exe.

RunAsSet is a domain admin account - it has correct permissions.

If the exe is run manually at the desktop it works for domain admin or local (non-admin) user without error, the RunAsSet works.

I've tried

using \\server\share instead of DFS share

using DriveMapAdd to map the share

but get the same. Any ideas?

TIA, Paul C

Script:

RunAsSet ( "username", "domain", "password}",2 )

Runwait ("\\dfs_share_name\folder\off2003instalNOUI.cmd", "C:\", @SW_MINIMIZE)

RunAsSet()

Psexec runs a process on a remote PC as Local System. You might have to take off that option from the RunAsSet.

I would push a bat file to the remote user and do it straight from PSEXEC as opposed to pushing from PSEXEC to an Autoit to the cmd file. just Push the CMD file out.


---"Educate the Mind, Make Savage the Body" -Mao Tse Tung

Share this post


Link to post
Share on other sites

Psexec runs a process on a remote PC as Local System. You might have to take off that option from the RunAsSet.

I would push a bat file to the remote user and do it straight from PSEXEC as opposed to pushing from PSEXEC to an Autoit to the cmd file. just Push the CMD file out.

-----------------------------------------------------------

Thanks for the help, I've tried several variants but I can't get anything to work using RunAsSet, always get access denied errors from RunWait though the DriveMapAdd statement succeeds.

This however does work.

DriveMapAdd("","\\domain_fqdn\dfs_share\dfs_folder",0,"domain\dom_admin_user","dom_admin_pass")

Runwait ("\\domain_fqdn\dfs_share\dfs_folder\utils\my.cmd", "C:\", @SW_MINIMIZE)

NOTES:

My.cmd contains an msiexec command to install Office 2003 with the source files stored on the DFS tree;

"\\domain_fqdn\dfs_share\dfs_folder\o2003cd1\setup.exe TRANSFORMS=\\domain_fqdn\dfs_share\dfs_folder\O2003CD1\mansys4.MST /qn /l c:\off2003.log"

Copying the Office install to 750 machines is not an option.

Psexec is used to copy the compiled autoit script to the remote desktop, then run it as the local system account.

The plan is to push install/upgrade Office to 750 machines overnight.

The master CMD script checks that the remote machine is online, no-one is logged in, Office is not up-to-date already, etc.

Cheers, Paul C B)

Share this post


Link to post
Share on other sites

-----------------------------------------------------------

Thanks for the help, I've tried several variants but I can't get anything to work using RunAsSet, always get access denied errors from RunWait though the DriveMapAdd statement succeeds.

This however does work.

DriveMapAdd("","\\domain_fqdn\dfs_share\dfs_folder",0,"domain\dom_admin_user","dom_admin_pass")

Runwait ("\\domain_fqdn\dfs_share\dfs_folder\utils\my.cmd", "C:\", @SW_MINIMIZE)

NOTES:

My.cmd contains an msiexec command to install Office 2003 with the source files stored on the DFS tree;

"\\domain_fqdn\dfs_share\dfs_folder\o2003cd1\setup.exe TRANSFORMS=\\domain_fqdn\dfs_share\dfs_folder\O2003CD1\mansys4.MST /qn /l c:\off2003.log"

Copying the Office install to 750 machines is not an option.

Psexec is used to copy the compiled autoit script to the remote desktop, then run it as the local system account.

The plan is to push install/upgrade Office to 750 machines overnight.

The master CMD script checks that the remote machine is online, no-one is logged in, Office is not up-to-date already, etc.

Cheers, Paul C B)

If you put your install point on the network, you dont have to copy it to each machine.

you can PSEXEC a bat file while includes the netuse command (where you can pass out the username and password to map as) and launch a silent install of Office.

as for checking if a user is logged in or not, that's not necessary unless the user is using office programs.

Again, I think you can do it all with just a Batch file and PSEXEC. I say this because that is how i do it. But if you're looking to just learn how to do it in AutoIT, that's a different story.

I have found that Runas Commands in autoit are most useful for giving the user an encrypted Executable that they can run(in my environment). It facilitates scheduling and gives them a illusion or control, something that most users like to think they have.

I am interested in your CMD/BAT script. Please post the contents if you're willing. I can try to help if you want, I'm a big DOS Dork.

-Blademonkey


---"Educate the Mind, Make Savage the Body" -Mao Tse Tung

Share this post


Link to post
Share on other sites

If you put your install point on the network, you dont have to copy it to each machine.

you can PSEXEC a bat file while includes the netuse command (where you can pass out the username and password to map as) and launch a silent install of Office.

as for checking if a user is logged in or not, that's not necessary unless the user is using office programs.

Again, I think you can do it all with just a Batch file and PSEXEC. I say this because that is how i do it. But if you're looking to just learn how to do it in AutoIT, that's a different story.

I have found that Runas Commands in autoit are most useful for giving the user an encrypted Executable that they can run(in my environment). It facilitates scheduling and gives them a illusion or control, something that most users like to think they have.

I am interested in your CMD/BAT script. Please post the contents if you're willing. I can try to help if you want, I'm a big DOS Dork.

-Blademonkey

Hi Blademonkey,

DOS script is below.

Login check is 'cos user will be using an Office prog if still logged in...

I could have used a BAT/CMD file and just psexec but need to run the install with local admin rights and Autoit does let me hide the un/pwd.

Agreed re your RunAs comment, shame there is somthing wrong with it. I suspect that this is XP changing rather than AutoIt tho', had similar problems where a VBS login script drive mapping would fail but calling a 'DOS' net use command from the same VBS script would map fine - this after XP SP1.

Still, it's working tho running as system is not ideal.

PC

Crude Script for Pilot Test:

@echo off

rem Office2003Push.cmd

rem Unattended Push Office 2003 to multiple machines

rem as install or upgrade of Office xp

rem

rem PC: Updated 23/11/05

rem after problems with the RunAsSet command in

rem AutoIt not mapping drives correctly.

rem

rem Psexec command to run the install now runs as local System

rem on the remote desktop

rem

rem Office exists? check now looks for winword.exe in Office11 folder

rem as folder still exists when Office 2003 is removed

rem

rem If Office 2003 install proceeds box name is logged to fpboxes.txt

rem so that second script can install FrontPage

rem

rem Psexec output for individual box is logged to

rem timestamp\box.log

rem -------------------------------------------------

rem

SET PsLoggedOnLocation=\\dfs\shares\workssoftware\utils\psloggedon.exe

SET PsExecLocation=\\dfs\shares\workssoftware\utils\psexec.exe

SET PsListLocation=\\dfs\shares\workssoftware\utils\pslist.exe

SET BoxesFileLocation=\\admin_server\commands$\boxes.txt

SET LogFileLocation=\\admin_server\commands$\Office2003push\Off2003Upgrd.log

SET FpageBoxesLocation=\\admin_server\commands$\fpboxes.txt

D:\COMMANDS\timelog.vbs

for /f %%t in (D:\Commands\timestamp.txt) do set TimeLog=%%t

echo %TimeLog%

SET BoxLogsLocation=\\admin_server\commands$\Office2003Push\%TimeLog%

Mkdir %BoxLogsLocation%

if exist %LogFileLocation% del %LogFileLocation%

SET counter=0

Set Countertotal=0

FOR /F %%i in (%BoxesFileLocation%) do (SET box=%%i) & (call:ping)

goto :EOF

:ping

SET response=

FOR /F "tokens=1" %%i in ('PING -n 1 %box%^| find "Reply"') do (SET response=%%i)

IF DEFINED response (goto :GetUser) & (Goto :next)

SET /A countertotal+=1

SET /A counter+=1

ECHO (%countertotal%) - %box% - Offline!>>"%LogFileLocation%"

:next

GOTO :eof

:GetUser

FOR /F "tokens=*" %%i in ('%PsLoggedOnLocation% -l \\%box% ^| find "/"') DO (SET User=%%i) & (GOTO :LogUser)

GOTO :Chk_2003

:LOgUser

SET /A countertotal+=1

SET /A counter+=1

ECHO (%countertotal%) -- %box% : %User% : Logged in. Aborting. >>"%LogFileLocation%"

GOTO :eof

:Chk_2003

if exist "\\%box%\d$\Program Files\Microsoft Office\Office11\winword.exe" goto LogOffice

GOTO :Inst_2003

:LogOffice

SET /A countertotal+=1

SET /A counter+=1

ECHO (%countertotal%) --- %box% : Office 2003 Word found. Aborting. >> "%LogFileLocation%"

goto :eof

:Inst_2003

SET /A countertotal+=1

SET /A counter+=1

ECHO (%countertotal%) ---- %box% ---------- Installing Office 2003 >> "%LogFileLocation%"

copy /Y \\dfs\shares\workssoftware\utils\off2003inst.exe \\%box%\c$

@echo on

%PsExecLocation% \\%box% -i -s -w c:\ c:\off2003inst.exe 1>> "%LogFileLocation%" 2> %BoxLogsLocation%\%Box%.log

@echo off

ECHO %box% >> %FpageBoxesLocation%

goto :eof

Share this post


Link to post
Share on other sites

Bungle,

First of all nice script. I especially like the use of the for loops, something i am trying to use more myself.

I could have used a BAT/CMD file and just psexec but need to run the install with local admin rights and Autoit does let me hide the un/pwd.

I think you mean that PSEXEC does not let you hide the window. The reason is because you're specifying -i in the PSEXEC run line. That will make any PSEXEC command appear in front of the user. Take it out and you can rewrite the following sections into a external BAT that you can make a call to.

copy /Y \\dfs\shares\workssoftware\utils\off2003inst.exe \\%box%\c$
@echo on
%PsExecLocation% \\%box% -i -s -w c:\ c:\off2003inst.exe 1>> "%LogFileLocation%" 2> %BoxLogsLocation%\%Box%.log
@echo off

Like so:

REM External Net use command bat file
REM NetUseMe.bat
if exists g: net use g: /d
REM We'll assume that your password is "pass", your domain is "dom" and username is "user"
net use g: \\dfs\shares pass /User:dom\user /Y
\\domain_fqdn\dfs_share\dfs_folder\o2003cd1\setup.exe TRANSFORMS=\\domain_fqdn\dfs_share\dfs_folder\O2003CD1\mansys4.MST /qn /l c:\off2003.log" >> "%LogFileLocation%" 2> %BoxLogsLocation%\%Box%.log
net use g: /d

and now your :inst_2003 section would be :

%PsExecLocation% \\%box% -c NetUseMe.bat

it may be sloppier, but it will allow you to refrain from copying that setup file to each machine.

hope that helps.

-Blademonkey


---"Educate the Mind, Make Savage the Body" -Mao Tse Tung

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0