Link to home
Start Free TrialLog in
Avatar of DennisPost
DennisPostFlag for Netherlands

asked on

Batch runas help

Hi,

I am trying to install UltraVNC via a batch file run from my machine to all machines.
After configuring it as per:
http://ultravnc.sourceforge.net/
"Semi Automatic Installation" (Sorry couldn't get a direct link)

I have successfully created this batch to add a user to the local power users group on each machine. (Who I want to use to install the program).
ECHO
set MACHINES=c:\temp\machines.txt
set LOGFILE=c:\temp\logfile.txt
set ERRORLOG=c:\temp\errorlog.txt
FOR /F "eol=  tokens=1 " %%a IN (%MACHINES%) DO  AT %%a 16:30 net localgroup "Power users" <Domain>\<User> /add >%LOGFILE% 2>%ERRORLOG%

* Machines.txt contains lines like e.g. \\PC1

Now that all machines have the same Power User I can install the program with the same credentials.

So far I've manage this:
set MACHINES=c:\temp\machines.txt
set LOGFILE=c:\temp\logfile.txt
set ERRORLOG=c:\temp\errorlog.txt

FOR /F "tokens=*" %%a IN (%MACHINES%) DO AT %%a 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT >%LOGFILE% 2>%ERRORLOG%

Which  returns:
AT \\PC1 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT  1>c:\temp\logfile.txt 2>c:\temp\errorlog.txt

If I run:
AT \\PC1 11:44 RUNAS /u:<Domain>\<User> O:\IT\InstallUltraVNC.BAT
or from PC1 as a user with sufficient rights:
AT \\PC1 11:44 O:\IT\InstallUltraVNC.BAT
I get:
Added a new job with job ID = 17
I am not prompted for a password and installation doesn't start.

I have also tried goto :InstallNow to run the actual installation, but the computername is not passed on to the section.

I have found and read many resources here and elsewhere, just can't get it all to come together.

This is my second day working with batch files. A step by step explantation as to how and why, would be very much appreciated.

Avatar of Shift-3
Shift-3
Flag of United States of America image

The AT command runs jobs in the context of the local SYSTEM account.  RUNAS is designed so that you can't supply a password in a script.  This method isn't going to work.

You would probably be better off adapting the FastPush script from here:
http://www.darkage.co.uk/faq/index.htm#whatfp
Avatar of DennisPost

ASKER

Hi Shift-3,

Thanks for the tip. Just checked it out.
It's a bit complicated for the friday....... 8-P
I'll have a better look at it as soon as priorities and brainresources allow it.

If the AT command runs jobs in the context of local SYSTEM, why then does the program not install??
GPO also asigns msi packages as the local SYSTEM account, does it not?

I have found some examples of RUNAS with passwords using things like sanur and whoami.
But like I mentioned, I am a batch noob and need a breakdown of the how's and why's in laymans terms.
Avatar of Nostradamuz
Nostradamuz

I've found some time ago a tool with can do a runas with username and encripted password.

lsrunase.exe
LSencrypt.exe

Great for in scripts.

http://www.freewarefiles.com/program_9_102_14983.html
The SYSTEM account would not have access to the O: drive.
Nostradamuz,
Link doesn't work. http error 404 File not found.

Shift-3,
Is it possible to map the network drive as another user? i.e. the local SYSTEM account?
If not, could I copy the files to a local drive first, then run it?
A system account doen't has any rights on the network. Only on the local system.
I've checked the link and it is working.

But goto www.freewarefiles.com and search for lsrunase.

:)
Thanks Nostradamuz,
This is not exactly what I'm wanting. Must be free and with no limit. (Small company, no IT budget. :-(    )
I'm not keen on installing trail versions on our only server.
Do you think you could offer some advice about the batch info I gave?
ASKER CERTIFIED SOLUTION
Avatar of Nostradamuz
Nostradamuz

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Sorry for the late reply, had to look into other things first.
I've just had a quick look at Psexec. I'll play around with it a bit and let you know.
Thanks for your input !!
Hi  Nostradamuz,
Well, PsExec was a great tip!! Thanks
Progress was good this morning  but on this friday afternoon.........

OK i've gotten this far.
============================================================================
Run:
C:\Temp>psexec \\PC1 -u <Domain>\Administrator -p Password -c C:\Temp\UltraVNC.BAT
============================================================================
Contents of UltraVNC.BAT:
:: Check if it is already installed.
IF EXIST "C:\Program Files\UltraVNC\repeater.exe" goto end_batch

:: Change directory.
IF EXIST "C:\Temp" goto CopyFiles
cd\
md temp

::Copy the necessary files.
:CopyFiles
cd\
cd temp
copy \\Server1\Setup$\Programs\UltraVNC\*.* C:\Temp /y
copy \\Server1\Setup$\Programs\PsExec\PsExec.exe C:\Temp /y

::Import the pre-configured registry key with the password.
psexec \\PC1 -s -i -d %windir%\regedit /s C:\Temp\vncdmp.txt  *************

::Install the program.
UltraVNC-102-Setup.exe /SInstall /verysilent /loadinf=C:\Temp\UltraVNCCnfg.inf

::Start the service
Net Start WinVNC

::Delete the temporary files.
Del /F /Q C:\Temp\UltraVNC*.*
Del /F /Q C:\Temp\vncdmp.txt
Del /F /Q C:\Temp\psexec.exe

:end_batch
============================================================================
Which returns:
PsExec v1.72 - Execute processes remotely
Copyright (C) 2001-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\WINDOWS\system32>IF EXIST "C:\Program Files\UltraVNC\repeater.exe" goto end_batch
C:\WINDOWS\system32>IF EXIST "C:\Temp" goto CopyFiles
C:\WINDOWS\system32>cd\
C:\>cd temp
C:\Temp>copy \\Server1\Setup$\Programs\UltraVNC\*.* C:\Temp /y
\\Server1\Setup$\Programs\UltraVNC\UltraVNC-102-Setup.exe
\\Server1\Setup$\Programs\UltraVNC\UltraVNCACL.txt
\\Server1\Setup$\Programs\UltraVNC\UltraVNCCnfg.inf
\\Server1\Setup$\Programs\UltraVNC\UltraVNCReg.reg
\\Server1\Setup$\Programs\UltraVNC\vncdmp.txt
        5 file(s) copied.

C:\Temp>copy \\Server1\Setup$\Programs\PsExec\PsExec.exe C:\Temp /y
        1 file(s) copied.

C:\Temp>psexec \\PC1 -s -i -d C:\WINDOWS\regedit /s C:\Temp\vncdmp.txt
PsExec v1.72 - Execute processes remotely
Copyright (C) 2001-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\WINDOWS\regedit started on PC1 with process ID 2368.

C:\Temp>UltraVNC-102-Setup.exe /SInstall /verysilent /loadinf=C:\Temp\UltraVNCCnfg.inf

C:\Temp>Net Start WinVNC
The VNC Server service was started successfully.

C:\Temp>Del /F /Q C:\Temp\UltraVNC*.*
C:\Temp>Del /F /Q C:\Temp\vncdmp.txt
C:\Temp>Del /F /Q C:\Temp\psexec.exe

UltraVNC.BAT exited on traxx14 with error code 0.
============================================================================

This works if I do it machine by machine altering the **** line beforehand.

But..... I can't get this to work with a loop file (For /f blah blah blah)

I think I have to use a second batch file, though I don't want to include the administrators password and don't know
if the second batch file will be run in the same security context as the original PsExec command.

Awaiting sage advice....
In the meantime a redbull and back to this puzzle.
Thanks Nostradamuz,

It wasn't quite the answer to my question, but having a small network, this is definitely do-able.