PorkTater
asked on
Startup Script GPO Runs But Doesn't Always Work (vbs)
Hi folks--first time poster here and have kind of a wacky question! I've got a VBScript set to run as a Startup Script in Group Policy. This script calls a couple of installers from a wide-open network share. The reason I've got it set as a startup script is that it needs to run elevated and this seemed like the easiest way to do it.
I've gotten it to actually work once, but on other computers in the same Test OU, it's showing that the policy has been applied, but the software update logfile never gets created and the software update is not installed. Can you think of any reason for the inconsistency? Additionally, the user notification that pops up if you run the script directly will not show up when this is run as a Startup script. I assume that's because it's running as BUILTIN\SYSTEM and not as the user who is actually logging into the computer?
I'll post the script here for your perusal.
I've gotten it to actually work once, but on other computers in the same Test OU, it's showing that the policy has been applied, but the software update logfile never gets created and the software update is not installed. Can you think of any reason for the inconsistency? Additionally, the user notification that pops up if you run the script directly will not show up when this is run as a Startup script. I assume that's because it's running as BUILTIN\SYSTEM and not as the user who is actually logging into the computer?
I'll post the script here for your perusal.
option explicit
'On error resume next
Dim IE, Return, oShell, baseFolder, CPCMD, verbose, wShell, wExec, oFso, xmlhttp, xmldata, version, cmpName, url, progfiles
verbose = False ' If verbose then display user message console else only display error msgbox
baseFolder = left(Wscript.ScriptFullName, instrrev(Wscript.ScriptFullName, "\") - 1)
Set oShell = CreateObject("Shell.Application") ' ShellExecute
Set wShell = CreateObject("Wscript.Shell") ' Exec and Run
Set oFso = CreateObject("Scripting.FileSystemObject")
If Is64Bit() then
progFiles = "C:\Program Files (x86)"
Else
progFiles = "C:\Program Files"
End If
If verbose Then ' if not verbose - we must assume run as admin
If UACEnabled() Then
Return = MsgBox("This installer must run with Administrator privileges." & vbcrlf & _
"Did you select ""run as administrator""?", vbyesno, "Run as Administrator")
If Return = vbno then
Return = oShell.ShellExecute("wscript.exe", Wscript.ScriptFullName,,"runas",1)
WScript.quit
End If
End If
End if
If verbose Then ' setup IE as user message console
Set IE = CreateObject("InternetExplorer.Application")
IE.Navigate "about:blank"
IE.ToolBar = 0
IE.StatusBar = 0
IE.Width=700
IE.Height = 600
IE.Left = 50
IE.Top = 50
Do While (IE.Busy)
Wscript.Sleep 200
Loop
IE.Visible = 1
IE.Document.Body.InnerHTML = "<html><font face=arial size=4>Welcome to the VUMC 2010 Epic Hyperspace Client Pack 8 Installer!<br><br><font face=arial size=3>" _
& "This installer will run each install step and report<br>the final result to a remote auditing server.<br><br>No interaction is necessary.<br>" _
& "<br>This process will take about 10 minutes to complete.<br><br><u>Please do not use this computer while this process is running.</u><br>" _
& "<br>This window will automatically close when the process has completed.<br><br>Process Steps:<br>"
DisplayMsg(Now & " Begin Installation.")
End If
'Install Client Pack
DisplayMsg(Now & " Begin Client Pack Installation.")
CPCMD = "/ICP \\MYNETWORKSHARE\public\IT\EPIC\RA1386_HYPERSPACE_1161.msp /VCP /lec+ C:\temp\ClientPack8Install.log /qn /P SKIPDEPLOYMENTCHECK=1 IE8FOUND=1 /s"
If UACEnabled() then
Set wExec = wShell.Exec("\\MYNETWORKSHARE\public\IT\EPIC\InstallMSP.exe " & CPCMD,,"runas",1)
Else
Set wExec = wShell.Exec("\\MYNETWORKSHARE\public\IT\EPIC\InstallMSP.exe " & CPCMD)
End If
Do ' wait for it to finish
WScript.Sleep 10000
If wExec.Status=1 Then Exit Do
Loop
If wExec.ExitCode <> 0 Then
DisplayMsg(Now & " Hyperspace Client Pack Install failed with return code: " & wExec.ExitCode & ". Please contact Epic Support.")
MsgBox (Now & " Hyperspace Client Pack Install failed with return code: " & wExec.ExitCode & ". Please contact Epic Support.")
WScript.Quit
End If
Return = InstallForms(baseFolder)
If Return <> 0 then
DisplayMsg(Now & " Form registration failed with error code: " & Return & ". Please contact Epic Support.")
End if
DisplayMsg(Now & " Reporting Installation.")
' check version after install
version = oFso.GetFileVersion(progFiles & "\EpicSys\v7.8\Shared Files\" & "EpicACRuleEditor78.ocx")' Base IU5 = 78.01.3639, CP3 = 78.1.65.4785
cmpName = wShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
' Report back
url = "http://m3.mc.vanderbilt.edu/CP3^HS2010"
'url = "http://m3alpha.mc.vanderbilt.edu:8080/CP3^HS2010"
xmlData = cmpName & "*" & version
xmlData = Replace(xmlData, " ", "")
set xmlHttp = CreateObject("Microsoft.XMLHTTP")
xmlHttp.Open "POST", url & "?" & xmlData, false
xmlHttp.Send ""
xmlHttp = Null
DisplayMsg(Now & " 2010 Epic Hyperspace Client Pack 8 Install complete. This window will close in 20 seconds.")
If verbose Then ' pause before closing message console
WScript.Sleep 20000
IE.Quit
End If
'///////////////////////////////////////////////////////////////////////////////
'Begin Functions
'///////////////////////////////////////////////////////////////////////////////
Function InstallForms(base)
Dim progFiles, oFSO, oShell, intReturn, Q
Q = Chr(34)
If Is64Bit() then
progFiles = "C:\Program Files (x86)"
Else
progFiles = "C:\Program Files"
End if
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oShell = CreateObject("Shell.Application")
If verbose Then DisplayMsg(Now & " Installing Custom Form Update.")
oFSO.CopyFile base & "\VUMCAttendingProvider78.ocx", progFiles & "\EpicSys\v7.8\Shared Files\"
intReturn = RegisterFile("/s " & Q & progFiles & "\EpicSys\v7.8\Shared Files\VUMCAttendingProvider78.ocx" & Q)
If intReturn>0 Then
MsgBox(Now & " Error: VUMCAttendingProvider78.ocx failed to install - error code: " & intReturn)
Else
DisplayMsg(Now & " Installed Form Update.")
End If
InstallForms = intReturn
End Function
Function RegisterFile(params)
Dim oShell, intReturn
Set oShell = CreateObject("Shell.Application")
If UACEnabled() then
intReturn = oShell.ShellExecute("regsvr32.exe", params,,"runas", 1)
Else
intReturn = oShell.ShellExecute("regsvr32.exe", params,,,1)
End if
RegisterFile = intReturn
End Function
Sub DisplayMsg(m)
If verbose Then IE.Document.Body.InnerHTML=IE.Document.Body.InnerHTML & "<font face=arial color=blue>" & m & "<br>"
end sub
Function Is64Bit()
Dim oWMI, colItems, oItem, bnReturn
bnReturn = false
If IsXP() then
bnReturn = false
Else
Set oWMI = GetObject("winmgmts:\\.\root\CIMV2")
Set colItems = oWMI.ExecQuery("SELECT OSArchitecture FROM Win32_OperatingSystem")
For each oItem in colItems
If oItem.OSArchitecture = "64-bit" then
bnReturn = true
End if
Next
End If
Is64Bit = bnReturn
End Function
Function IsXP()
Dim oWMI, colItems, oItem, bnReturn
bnReturn = false
Set oWMI = GetObject("winmgmts:\\.\root\CIMV2")
Set colItems = oWMI.ExecQuery("SELECT BuildNumber FROM Win32_OperatingSystem")
For each oItem in colItems
If oItem.BuildNumber < 4000 then
bnReturn = true
End if
Next
IsXP = bnReturn
End Function
Function UACEnabled()
Dim oShell, bnReturn
bnReturn = false
If not IsXP() then
Set oShell = CreateObject("Wscript.Shell")
If oShell.RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA") then
bnReturn = true
End If
End If
UACEnabled = bnReturn
End Function
ASKER
They do, but this one really needs to run elevated.
mostly the root cause of such behavior, is the access permission
- i mean usually when you run the start up a PC with your username and password (I assume you are admin) the GPO will applied and the script will run fine
- but if you supplied a normal username (no admin permission) the policy will applied as will and script will run BUT if there is any processes required administrative privilege (like installation of software) it will abandoned
to work around [I'm not expert with VBS] i use to ask my colleague to add a line to the script to run the installation process in the admin mode [just like the option RUN AS]
i hope this answer your question
regards,
- i mean usually when you run the start up a PC with your username and password (I assume you are admin) the GPO will applied and the script will run fine
- but if you supplied a normal username (no admin permission) the policy will applied as will and script will run BUT if there is any processes required administrative privilege (like installation of software) it will abandoned
to work around [I'm not expert with VBS] i use to ask my colleague to add a line to the script to run the installation process in the admin mode [just like the option RUN AS]
i hope this answer your question
regards,
First off, "Startup" scripts run under the "System" context....no username or password required.
Are you using the correct command line options
http://managedsurrender.com/wiki/doku.php?id=hyperspace:install
Also looking at your script, my guess would be that your msgbox's are holding up the install during startup---as there is no way to answer them.
Are you using the correct command line options
http://managedsurrender.com/wiki/doku.php?id=hyperspace:install
Also looking at your script, my guess would be that your msgbox's are holding up the install during startup---as there is no way to answer them.
ASKER
Unfortunately, I wasn't provided with an msi package for this installation, just a script file that calls a couple of executables and then runs some reporting (see above). I can't really use the normal software push methods, which is why I'm trying to do this via the Startup or Logon GPOs.
Do you think it might be easier to add some kind of code to my script to elevate it and then run it as a Logon policy instead of a Startup policy?
Do you think it might be easier to add some kind of code to my script to elevate it and then run it as a Logon policy instead of a Startup policy?
If you run it as a login script it will run under the permissions of the user who is logging on. By your specification, the user would need admin permissions on the local machine.
ASKER
Right, unless I were to add some sort of Runas code, as I mentioned in my previous post. I'm just not entirely sure what code I would need to add, exactly.
You could try to shell it from. Vbs. I'm on mobile though so can't test it at the moment. Just an idea
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I've made those changes--script seems to function when run directly, but I'm still having some issues getting it to run when used as a Startup Script. I've also added a sleep function at the beginning--we'll see if that helps.
If I were interested in running this as a LOGON script, can anyone recommend some code that would allow me to elevate it as high as possible?
If I were interested in running this as a LOGON script, can anyone recommend some code that would allow me to elevate it as high as possible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Will try this out first thing Monday and let you know--thanks!
Hi, any idea what the problem ended up being?
It could be due to it running before the necessary windows services are started.
Wscript.Sleep(10000)
..installer scripts normally run better as LOGON scripts rather than startup scripts.