Jump to content

Is this correct...? First time using this Application.


Recommended Posts

Hi - I'm the new guy, nice to meet everyone.

Hope this is the right section for this topic.

I am trying to create an AU3 file which will run a MSI file with given permissions...

Local $sUserName = "administrator"
Local $sPassword = "xxxxxxxxxx"
Local $sDomain = ".\"

RunAsWait($sUserName, $sDomain, $sPassword, 0, "msiexec /i ""144WindowsAgentSetup.msi""")

So I am needing to deploy the N-Central agent to a bunch of remote users who do not have admin access on their accounts.
I am attempting to use the local admin account to run the MSI as I am not keen on giving that info away.

When trying to run the compiled AU3 script using CMD, it doesn't error out etc, which I assume is correct as I have not put any triggers in the script?

Link to post
Share on other sites

1- put some error handling after the run (check for @error)

2- ensure that .msi file is located in the same folder as your script (otherwise add full path)

3- consider running the installer quietly (/q)

4- you may need to add #RequireAdmin

Link to post
Share on other sites

; Script Start - Add your code below here
Local $sUserName = "administrator"
Local $sPassword = "xxxxx"
Local $sDomain = ""
#RequireAdmin
RunAsWait($sUserName, $sDomain, $sPassword, 0, 'msiexec /i "144WindowsAgentSetup.msi"')


So that is the script at the moment, I confirmed it logs into the Admin account successfully looking at the Security Event Logs.
Now need to figure out what is tripping that Windows Installer Error - This installation package could not be opened. Verify the package exists and that you can access it..

The Windows Installer service is running.
Would it be because if the admin profile is running this command but the file is sitting on the Users desktop?

Running this all in a VM to make sure it is working 100% before sending it out.

Link to post
Share on other sites
1 minute ago, Danp2 said:

Where does the file 144WindowsAgentSetup.msi reside on disk? Sounds like misexec can't locate it.

Also, you generally want to put #RequireAdmin at the top of your script.

It is in the same folder as the compiled EXE.
Thanks - I will move that now.

Link to post
Share on other sites

I would suggest that you either set the working directory (this is an additional parameter of RunAsWait and you can use @ScriptDir) or pass the full path to the file like this --

RunAsWait($sUserName, $sDomain, $sPassword, 0, 'msiexec /i "' & @ScriptDir & '\144WindowsAgentSetup.msi"')

P.S. See here for the proper way to post code in the forum

Link to post
Share on other sites

The issue you will probably encounter is UAC, so it will prompt for credentials before actually running the script.  The best way is to use a third party tool to install the software remotely for example:

  • PDQ Deploy - Free version available, (we use the full version for third-party updates, i.e. Adobe products, Chrome etc..  PDQ release these on a monthly basis).
  • Lansweeper - Free version allows up to 100 assets to be managed (we use this mostly for hardware/software inventory but it does allow remote software installations.
  • PSExec - Allows you to execute software remotely with administrative privileges.

My 2 cents.

 

Link to post
Share on other sites

Thanks for the help everyone, really appreciate it.
So I have managed to get this working to a degree but am hitting a snag.

When I run:
 

#RequireAdmin
; Script Start - Add your code below here
Local $sUserName = ""
Local $sPassword = ""
Local $sDomain = ""

RunAs($sUserName, $sDomain, $sPassword, 0, 'msiexec /i "C:\Temp\WindowsAgent.msi" /quiet')

It goes through but then gets the UAC prompt asking for administrator credentials even though I have put them in the script above.

If I remove #RequireAdmin, I get Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine. in the Event Log even though once again, I am running as the local administrator.

These machines are on a domain, but remote users who do not connect to a VPN etc.

Am I missing something or shouldn't having the local admin account details bypass the second UAC prompt?

Security Event Log shows that the account was successfully called when the script is run.

Link to post
Share on other sites

Thanks @Subz - Unfortunately most of these users are working from home so don't have any real direct connection with the domain.  The servers/workstations that are on the domain we have imported into N-Central using a probe which works well.

But now it's these pesky remote users who make up the bulk of them that we need to get imported.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...