DennisPost
asked on
Batch runas help
Hi,
I am trying to install UltraVNC via a batch file run from my machine to all machines.
After configuring it as per:
http://ultravnc.sourceforge.net/
"Semi Automatic Installation" (Sorry couldn't get a direct link)
I have successfully created this batch to add a user to the local power users group on each machine. (Who I want to use to install the program).
ECHO
set MACHINES=c:\temp\machines. txt
set LOGFILE=c:\temp\logfile.tx t
set ERRORLOG=c:\temp\errorlog. txt
FOR /F "eol= tokens=1 " %%a IN (%MACHINES%) DO AT %%a 16:30 net localgroup "Power users" <Domain>\<User> /add >%LOGFILE% 2>%ERRORLOG%
* Machines.txt contains lines like e.g. \\PC1
Now that all machines have the same Power User I can install the program with the same credentials.
So far I've manage this:
set MACHINES=c:\temp\machines. txt
set LOGFILE=c:\temp\logfile.tx t
set ERRORLOG=c:\temp\errorlog. txt
FOR /F "tokens=*" %%a IN (%MACHINES%) DO AT %%a 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT >%LOGFILE% 2>%ERRORLOG%
Which returns:
AT \\PC1 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT 1>c:\temp\logfile.txt 2>c:\temp\errorlog.txt
If I run:
AT \\PC1 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT
or from PC1 as a user with sufficient rights:
AT \\PC1 11:44 O:\IT\InstallUltraVNC.BAT
I get:
Added a new job with job ID = 17
I am not prompted for a password and installation doesn't start.
I have also tried goto :InstallNow to run the actual installation, but the computername is not passed on to the section.
I have found and read many resources here and elsewhere, just can't get it all to come together.
This is my second day working with batch files. A step by step explantation as to how and why, would be very much appreciated.
I am trying to install UltraVNC via a batch file run from my machine to all machines.
After configuring it as per:
http://ultravnc.sourceforge.net/
"Semi Automatic Installation" (Sorry couldn't get a direct link)
I have successfully created this batch to add a user to the local power users group on each machine. (Who I want to use to install the program).
ECHO
set MACHINES=c:\temp\machines.
set LOGFILE=c:\temp\logfile.tx
set ERRORLOG=c:\temp\errorlog.
FOR /F "eol= tokens=1 " %%a IN (%MACHINES%) DO AT %%a 16:30 net localgroup "Power users" <Domain>\<User> /add >%LOGFILE% 2>%ERRORLOG%
* Machines.txt contains lines like e.g. \\PC1
Now that all machines have the same Power User I can install the program with the same credentials.
So far I've manage this:
set MACHINES=c:\temp\machines.
set LOGFILE=c:\temp\logfile.tx
set ERRORLOG=c:\temp\errorlog.
FOR /F "tokens=*" %%a IN (%MACHINES%) DO AT %%a 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT >%LOGFILE% 2>%ERRORLOG%
Which returns:
AT \\PC1 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT 1>c:\temp\logfile.txt 2>c:\temp\errorlog.txt
If I run:
AT \\PC1 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT
or from PC1 as a user with sufficient rights:
AT \\PC1 11:44 O:\IT\InstallUltraVNC.BAT
I get:
Added a new job with job ID = 17
I am not prompted for a password and installation doesn't start.
I have also tried goto :InstallNow to run the actual installation, but the computername is not passed on to the section.
I have found and read many resources here and elsewhere, just can't get it all to come together.
This is my second day working with batch files. A step by step explantation as to how and why, would be very much appreciated.
ASKER
Hi Shift-3,
Thanks for the tip. Just checked it out.
It's a bit complicated for the friday....... 8-P
I'll have a better look at it as soon as priorities and brainresources allow it.
If the AT command runs jobs in the context of local SYSTEM, why then does the program not install??
GPO also asigns msi packages as the local SYSTEM account, does it not?
I have found some examples of RUNAS with passwords using things like sanur and whoami.
But like I mentioned, I am a batch noob and need a breakdown of the how's and why's in laymans terms.
Thanks for the tip. Just checked it out.
It's a bit complicated for the friday....... 8-P
I'll have a better look at it as soon as priorities and brainresources allow it.
If the AT command runs jobs in the context of local SYSTEM, why then does the program not install??
GPO also asigns msi packages as the local SYSTEM account, does it not?
I have found some examples of RUNAS with passwords using things like sanur and whoami.
But like I mentioned, I am a batch noob and need a breakdown of the how's and why's in laymans terms.
I've found some time ago a tool with can do a runas with username and encripted password.
lsrunase.exe
LSencrypt.exe
Great for in scripts.
http://www.freewarefiles.com/program_9_102_14983.html
lsrunase.exe
LSencrypt.exe
Great for in scripts.
http://www.freewarefiles.com/program_9_102_14983.html
The SYSTEM account would not have access to the O: drive.
ASKER
Nostradamuz,
Link doesn't work. http error 404 File not found.
Shift-3,
Is it possible to map the network drive as another user? i.e. the local SYSTEM account?
If not, could I copy the files to a local drive first, then run it?
Link doesn't work. http error 404 File not found.
Shift-3,
Is it possible to map the network drive as another user? i.e. the local SYSTEM account?
If not, could I copy the files to a local drive first, then run it?
A system account doen't has any rights on the network. Only on the local system.
I've checked the link and it is working.
But goto www.freewarefiles.com and search for lsrunase.
:)
I've checked the link and it is working.
But goto www.freewarefiles.com and search for lsrunase.
:)
Sorry I see.. try this one..
http://www.linkselection.com/download.aspx?item=lsrunase
http://www.linkselection.com/download.aspx?item=lsrunase
ASKER
Thanks Nostradamuz,
This is not exactly what I'm wanting. Must be free and with no limit. (Small company, no IT budget. :-( )
I'm not keen on installing trail versions on our only server.
Do you think you could offer some advice about the batch info I gave?
This is not exactly what I'm wanting. Must be free and with no limit. (Small company, no IT budget. :-( )
I'm not keen on installing trail versions on our only server.
Do you think you could offer some advice about the batch info I gave?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the late reply, had to look into other things first.
I've just had a quick look at Psexec. I'll play around with it a bit and let you know.
Thanks for your input !!
I've just had a quick look at Psexec. I'll play around with it a bit and let you know.
Thanks for your input !!
ASKER
Hi Nostradamuz,
Well, PsExec was a great tip!! Thanks
Progress was good this morning but on this friday afternoon.........
OK i've gotten this far.
========================== ========== ========== ========== ========== ==========
Run:
C:\Temp>psexec \\PC1 -u <Domain>\Administrator -p Password -c C:\Temp\UltraVNC.BAT
========================== ========== ========== ========== ========== ==========
Contents of UltraVNC.BAT:
:: Check if it is already installed.
IF EXIST "C:\Program Files\UltraVNC\repeater.ex e" goto end_batch
:: Change directory.
IF EXIST "C:\Temp" goto CopyFiles
cd\
md temp
::Copy the necessary files.
:CopyFiles
cd\
cd temp
copy \\Server1\Setup$\Programs\ UltraVNC\* .* C:\Temp /y
copy \\Server1\Setup$\Programs\ PsExec\PsE xec.exe C:\Temp /y
::Import the pre-configured registry key with the password.
psexec \\PC1 -s -i -d %windir%\regedit /s C:\Temp\vncdmp.txt *************
::Install the program.
UltraVNC-102-Setup.exe /SInstall /verysilent /loadinf=C:\Temp\UltraVNCC nfg.inf
::Start the service
Net Start WinVNC
::Delete the temporary files.
Del /F /Q C:\Temp\UltraVNC*.*
Del /F /Q C:\Temp\vncdmp.txt
Del /F /Q C:\Temp\psexec.exe
:end_batch
========================== ========== ========== ========== ========== ==========
Which returns:
PsExec v1.72 - Execute processes remotely
Copyright (C) 2001-2006 Mark Russinovich
Sysinternals - www.sysinternals.com
C:\WINDOWS\system32>IF EXIST "C:\Program Files\UltraVNC\repeater.ex e" goto end_batch
C:\WINDOWS\system32>IF EXIST "C:\Temp" goto CopyFiles
C:\WINDOWS\system32>cd\
C:\>cd temp
C:\Temp>copy \\Server1\Setup$\Programs\ UltraVNC\* .* C:\Temp /y
\\Server1\Setup$\Programs\ UltraVNC\U ltraVNC-10 2-Setup.ex e
\\Server1\Setup$\Programs\ UltraVNC\U ltraVNCACL .txt
\\Server1\Setup$\Programs\ UltraVNC\U ltraVNCCnf g.inf
\\Server1\Setup$\Programs\ UltraVNC\U ltraVNCReg .reg
\\Server1\Setup$\Programs\ UltraVNC\v ncdmp.txt
5 file(s) copied.
C:\Temp>copy \\Server1\Setup$\Programs\ PsExec\PsE xec.exe C:\Temp /y
1 file(s) copied.
C:\Temp>psexec \\PC1 -s -i -d C:\WINDOWS\regedit /s C:\Temp\vncdmp.txt
PsExec v1.72 - Execute processes remotely
Copyright (C) 2001-2006 Mark Russinovich
Sysinternals - www.sysinternals.com
C:\WINDOWS\regedit started on PC1 with process ID 2368.
C:\Temp>UltraVNC-102-Setup .exe /SInstall /verysilent /loadinf=C:\Temp\UltraVNCC nfg.inf
C:\Temp>Net Start WinVNC
The VNC Server service was started successfully.
C:\Temp>Del /F /Q C:\Temp\UltraVNC*.*
C:\Temp>Del /F /Q C:\Temp\vncdmp.txt
C:\Temp>Del /F /Q C:\Temp\psexec.exe
UltraVNC.BAT exited on traxx14 with error code 0.
========================== ========== ========== ========== ========== ==========
This works if I do it machine by machine altering the **** line beforehand.
But..... I can't get this to work with a loop file (For /f blah blah blah)
I think I have to use a second batch file, though I don't want to include the administrators password and don't know
if the second batch file will be run in the same security context as the original PsExec command.
Awaiting sage advice....
In the meantime a redbull and back to this puzzle.
Well, PsExec was a great tip!! Thanks
Progress was good this morning but on this friday afternoon.........
OK i've gotten this far.
==========================
Run:
C:\Temp>psexec \\PC1 -u <Domain>\Administrator -p Password -c C:\Temp\UltraVNC.BAT
==========================
Contents of UltraVNC.BAT:
:: Check if it is already installed.
IF EXIST "C:\Program Files\UltraVNC\repeater.ex
:: Change directory.
IF EXIST "C:\Temp" goto CopyFiles
cd\
md temp
::Copy the necessary files.
:CopyFiles
cd\
cd temp
copy \\Server1\Setup$\Programs\
copy \\Server1\Setup$\Programs\
::Import the pre-configured registry key with the password.
psexec \\PC1 -s -i -d %windir%\regedit /s C:\Temp\vncdmp.txt *************
::Install the program.
UltraVNC-102-Setup.exe /SInstall /verysilent /loadinf=C:\Temp\UltraVNCC
::Start the service
Net Start WinVNC
::Delete the temporary files.
Del /F /Q C:\Temp\UltraVNC*.*
Del /F /Q C:\Temp\vncdmp.txt
Del /F /Q C:\Temp\psexec.exe
:end_batch
==========================
Which returns:
PsExec v1.72 - Execute processes remotely
Copyright (C) 2001-2006 Mark Russinovich
Sysinternals - www.sysinternals.com
C:\WINDOWS\system32>IF EXIST "C:\Program Files\UltraVNC\repeater.ex
C:\WINDOWS\system32>IF EXIST "C:\Temp" goto CopyFiles
C:\WINDOWS\system32>cd\
C:\>cd temp
C:\Temp>copy \\Server1\Setup$\Programs\
\\Server1\Setup$\Programs\
\\Server1\Setup$\Programs\
\\Server1\Setup$\Programs\
\\Server1\Setup$\Programs\
\\Server1\Setup$\Programs\
5 file(s) copied.
C:\Temp>copy \\Server1\Setup$\Programs\
1 file(s) copied.
C:\Temp>psexec \\PC1 -s -i -d C:\WINDOWS\regedit /s C:\Temp\vncdmp.txt
PsExec v1.72 - Execute processes remotely
Copyright (C) 2001-2006 Mark Russinovich
Sysinternals - www.sysinternals.com
C:\WINDOWS\regedit started on PC1 with process ID 2368.
C:\Temp>UltraVNC-102-Setup
C:\Temp>Net Start WinVNC
The VNC Server service was started successfully.
C:\Temp>Del /F /Q C:\Temp\UltraVNC*.*
C:\Temp>Del /F /Q C:\Temp\vncdmp.txt
C:\Temp>Del /F /Q C:\Temp\psexec.exe
UltraVNC.BAT exited on traxx14 with error code 0.
==========================
This works if I do it machine by machine altering the **** line beforehand.
But..... I can't get this to work with a loop file (For /f blah blah blah)
I think I have to use a second batch file, though I don't want to include the administrators password and don't know
if the second batch file will be run in the same security context as the original PsExec command.
Awaiting sage advice....
In the meantime a redbull and back to this puzzle.
ASKER
Thanks Nostradamuz,
It wasn't quite the answer to my question, but having a small network, this is definitely do-able.
It wasn't quite the answer to my question, but having a small network, this is definitely do-able.
You would probably be better off adapting the FastPush script from here:
http://www.darkage.co.uk/faq/index.htm#whatfp