Solved

Batch runas help

Posted on 2006-10-26
12
1,432 Views
Last Modified: 2010-05-18
Hi,

I am trying to install UltraVNC via a batch file run from my machine to all machines.
After configuring it as per:
http://ultravnc.sourceforge.net/
"Semi Automatic Installation" (Sorry couldn't get a direct link)

I have successfully created this batch to add a user to the local power users group on each machine. (Who I want to use to install the program).
ECHO
set MACHINES=c:\temp\machines.txt
set LOGFILE=c:\temp\logfile.txt
set ERRORLOG=c:\temp\errorlog.txt
FOR /F "eol=  tokens=1 " %%a IN (%MACHINES%) DO  AT %%a 16:30 net localgroup "Power users" <Domain>\<User> /add >%LOGFILE% 2>%ERRORLOG%

* Machines.txt contains lines like e.g. \\PC1

Now that all machines have the same Power User I can install the program with the same credentials.

So far I've manage this:
set MACHINES=c:\temp\machines.txt
set LOGFILE=c:\temp\logfile.txt
set ERRORLOG=c:\temp\errorlog.txt

FOR /F "tokens=*" %%a IN (%MACHINES%) DO AT %%a 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT >%LOGFILE% 2>%ERRORLOG%

Which  returns:
AT \\PC1 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT  1>c:\temp\logfile.txt 2>c:\temp\errorlog.txt

If I run:
AT \\PC1 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT
or from PC1 as a user with sufficient rights:
AT \\PC1 11:44 O:\IT\InstallUltraVNC.BAT
I get:
Added a new job with job ID = 17
I am not prompted for a password and installation doesn't start.

I have also tried goto :InstallNow to run the actual installation, but the computername is not passed on to the section.

I have found and read many resources here and elsewhere, just can't get it all to come together.

This is my second day working with batch files. A step by step explantation as to how and why, would be very much appreciated.

0
Comment
Question by:DennisPost
  • 6
  • 4
  • 2
12 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 17811918
The AT command runs jobs in the context of the local SYSTEM account.  RUNAS is designed so that you can't supply a password in a script.  This method isn't going to work.

You would probably be better off adapting the FastPush script from here:
http://www.darkage.co.uk/faq/index.htm#whatfp
0
 
LVL 2

Author Comment

by:DennisPost
ID: 17817840
Hi Shift-3,

Thanks for the tip. Just checked it out.
It's a bit complicated for the friday....... 8-P
I'll have a better look at it as soon as priorities and brainresources allow it.

If the AT command runs jobs in the context of local SYSTEM, why then does the program not install??
GPO also asigns msi packages as the local SYSTEM account, does it not?

I have found some examples of RUNAS with passwords using things like sanur and whoami.
But like I mentioned, I am a batch noob and need a breakdown of the how's and why's in laymans terms.
0
 
LVL 2

Expert Comment

by:Nostradamuz
ID: 17818207
I've found some time ago a tool with can do a runas with username and encripted password.

lsrunase.exe
LSencrypt.exe

Great for in scripts.

http://www.freewarefiles.com/program_9_102_14983.html
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 17818535
The SYSTEM account would not have access to the O: drive.
0
 
LVL 2

Author Comment

by:DennisPost
ID: 17832141
Nostradamuz,
Link doesn't work. http error 404 File not found.

Shift-3,
Is it possible to map the network drive as another user? i.e. the local SYSTEM account?
If not, could I copy the files to a local drive first, then run it?
0
 
LVL 2

Expert Comment

by:Nostradamuz
ID: 17832992
A system account doen't has any rights on the network. Only on the local system.
I've checked the link and it is working.

But goto www.freewarefiles.com and search for lsrunase.

:)
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Expert Comment

by:Nostradamuz
ID: 17833007
0
 
LVL 2

Author Comment

by:DennisPost
ID: 17833416
Thanks Nostradamuz,
This is not exactly what I'm wanting. Must be free and with no limit. (Small company, no IT budget. :-(    )
I'm not keen on installing trail versions on our only server.
Do you think you could offer some advice about the batch info I gave?
0
 
LVL 2

Accepted Solution

by:
Nostradamuz earned 500 total points
ID: 17833650
I've read your question somewat better..

What I alway's do:

Put vnc on a network path.
start psexec with a test hostname and commandline
then make a loop for in a batch and with a file (with the hostnames) as input.
then run!!!

Psexec
http://www.sysinternals.com/Utilities/PsExec.html

Remote starting installation with your credentials or other.. see website

I dont have the time to wite it out completely but I hope it helped .. (don't use at)
0
 
LVL 2

Author Comment

by:DennisPost
ID: 17904807
Sorry for the late reply, had to look into other things first.
I've just had a quick look at Psexec. I'll play around with it a bit and let you know.
Thanks for your input !!
0
 
LVL 2

Author Comment

by:DennisPost
ID: 17914411
Hi  Nostradamuz,
Well, PsExec was a great tip!! Thanks
Progress was good this morning  but on this friday afternoon.........

OK i've gotten this far.
============================================================================
Run:
C:\Temp>psexec \\PC1 -u <Domain>\Administrator -p Password -c C:\Temp\UltraVNC.BAT
============================================================================
Contents of UltraVNC.BAT:
:: Check if it is already installed.
IF EXIST "C:\Program Files\UltraVNC\repeater.exe" goto end_batch

:: Change directory.
IF EXIST "C:\Temp" goto CopyFiles
cd\
md temp

::Copy the necessary files.
:CopyFiles
cd\
cd temp
copy \\Server1\Setup$\Programs\UltraVNC\*.* C:\Temp /y
copy \\Server1\Setup$\Programs\PsExec\PsExec.exe C:\Temp /y

::Import the pre-configured registry key with the password.
psexec \\PC1 -s -i -d %windir%\regedit /s C:\Temp\vncdmp.txt  *************

::Install the program.
UltraVNC-102-Setup.exe /SInstall /verysilent /loadinf=C:\Temp\UltraVNCCnfg.inf

::Start the service
Net Start WinVNC

::Delete the temporary files.
Del /F /Q C:\Temp\UltraVNC*.*
Del /F /Q C:\Temp\vncdmp.txt
Del /F /Q C:\Temp\psexec.exe

:end_batch
============================================================================
Which returns:
PsExec v1.72 - Execute processes remotely
Copyright (C) 2001-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\WINDOWS\system32>IF EXIST "C:\Program Files\UltraVNC\repeater.exe" goto end_batch
C:\WINDOWS\system32>IF EXIST "C:\Temp" goto CopyFiles
C:\WINDOWS\system32>cd\
C:\>cd temp
C:\Temp>copy \\Server1\Setup$\Programs\UltraVNC\*.* C:\Temp /y
\\Server1\Setup$\Programs\UltraVNC\UltraVNC-102-Setup.exe
\\Server1\Setup$\Programs\UltraVNC\UltraVNCACL.txt
\\Server1\Setup$\Programs\UltraVNC\UltraVNCCnfg.inf
\\Server1\Setup$\Programs\UltraVNC\UltraVNCReg.reg
\\Server1\Setup$\Programs\UltraVNC\vncdmp.txt
        5 file(s) copied.

C:\Temp>copy \\Server1\Setup$\Programs\PsExec\PsExec.exe C:\Temp /y
        1 file(s) copied.

C:\Temp>psexec \\PC1 -s -i -d C:\WINDOWS\regedit /s C:\Temp\vncdmp.txt
PsExec v1.72 - Execute processes remotely
Copyright (C) 2001-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\WINDOWS\regedit started on PC1 with process ID 2368.

C:\Temp>UltraVNC-102-Setup.exe /SInstall /verysilent /loadinf=C:\Temp\UltraVNCCnfg.inf

C:\Temp>Net Start WinVNC
The VNC Server service was started successfully.

C:\Temp>Del /F /Q C:\Temp\UltraVNC*.*
C:\Temp>Del /F /Q C:\Temp\vncdmp.txt
C:\Temp>Del /F /Q C:\Temp\psexec.exe

UltraVNC.BAT exited on traxx14 with error code 0.
============================================================================

This works if I do it machine by machine altering the **** line beforehand.

But..... I can't get this to work with a loop file (For /f blah blah blah)

I think I have to use a second batch file, though I don't want to include the administrators password and don't know
if the second batch file will be run in the same security context as the original PsExec command.

Awaiting sage advice....
In the meantime a redbull and back to this puzzle.
0
 
LVL 2

Author Comment

by:DennisPost
ID: 18044345
Thanks Nostradamuz,

It wasn't quite the answer to my question, but having a small network, this is definitely do-able.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
If you don't know how to downgrade, my instructions below should be helpful.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now