Run GPO Logon Script as another user / admin / elevated permission

Hello all,

We have a massive upgrade happening to one of our servers and it is causing us to have to uninstall all java versions from all of our machines (~1200) and then install a new version.  Now I have a script to uninstall the old versions but I am having issues running it with permissions.

I cannot run this as a startup script because of network issues, this needs to be run though the logon script area.  The script I have works if an admin logs in, however it does not work if a normal domain user logs in.  Is there any way to run a logon script with elevated permissions?  I see that I can add parameters to my GPO and powershell scripts, but I do not know what syntax I would use.

Any thoughts welcome, thanks!
PDGPAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DonNetwork AdministratorCommented:
Try this script as startup script VBS be sure to modify the paths to the share

 


'# Galen Dobbs - 13:20 23/03/2009
'# Uninstalls all but the chosen version of Java Runtime.
'# If the current version is not installed, it installs it from the specified path.
'# Based on a script by 'Daz' from Appdeploy.com message boards.
'# http://www.appdeploy.com/messageboards/tm.asp?m=29809


Option Explicit

Dim wshShell, fso, strLogFile, ts, strTempDir, strTempISS, strUnString, tsIn
Dim strUninstLine, CLSID, search5, search6, search7, strJRE1, strDisplayName, strDisplayVersion
Dim strPublisher, strUninstallString, strJREUninstallString, strJREDisplayName
Dim search1, search2, search3, search4, strJREUninstallStringNEW, ret, strUninstCMD
Dim tsISS, strSetupexe, qVal, strComputername, strCurrentVersion, strInstallMST
Dim searchCurVer, CurVerFound, strArrayCount, strLogPath, strInstallCMD, strInstallMSI, strInstallLog

Dim arrayJREDisplayName()
Dim arrayJREUninstallString()

'# Change this to match the version that you don't want to have it uninstall
strCurrentVersion = "Java 7 Update 25"

'# Set these to the desired log path and current version installer location
strLogPath = "\\yourserver\JAVALOG\"
strInstallMSI = "\\yourserver\java\jre1.7.0_25\jre1.7.0_25-c.msi"
strInstallMST = "\\\\yourserver\java\jre1.7.0_25\sp1033.mst"

qVal = 0
strArrayCount = 0
ReDim arrayJREDisplayName(strArrayCount)
ReDim arrayJREUninstallString(strArrayCount)

Set wshShell = CreateObject("WScript.Shell") 
Set fso = CreateObject("Scripting.FileSystemObject") 

strComputername = wshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")

'# Set this to the appropriate command line settings to do a silent MSI install
strInstallLog = strLogPath & "Java_Install_" & strComputername & ".log"
strInstallCMD = "msiexec /I """ & strInstallMSI & """ /t """ & strInstallMST & """ /QN /Lime """ & strInstallLog & """"

If Not fso.FolderExists(strLogPath) Then fso.CreateFolder(strLogPath)
strLogFile = strLogPath & "Java_Uninstall_" & strComputername & ".log"
Set ts = fso.OpenTextFile(strLogFile, 8, True)

ts.WriteLine String(120, "_") 
ts.WriteLine String(120, "¯") 
ts.WriteLine Now() & " - Java Runtime(s) uninstallation started..."
ts.WriteLine String(120, "_") & vbCrlf

'# Generate Registry extracts from 'Uninstall' keys.
PreFlight()

'# Kill Java Processes
KillProc()

strTempDir = wshShell.ExpandEnvironmentStrings("%temp%")
strTempISS = strTempDir & "\iss" 
strUnString = " -s -a /s /f1" 
Set tsIn = fso.OpenTextFile(strTempDir & "\uninstall.tmp", 1) 

If Not fso.FolderExists(strTempISS) Then fso.CreateFolder(strTempISS)

Do While Not tsIn.AtEndOfStream
   strUninstLine = tsIn.ReadLine 
   CLSID = Mid(strUninstLine, 73, 38) 
   search5 = Instr(strUninstLine, "JRE 1") 
   search6 = Instr(strUninstLine, "]") 
   If search5 > 0 AND search6 > 0 Then 
       strJRE1 = Replace(Mid(strUninstLine, search5, search6),"]","")   
   End If 

   On Error Resume Next

   strDisplayName = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & CLSID & "\DisplayName") 
   strDisplayVersion = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & CLSID & "\DisplayVersion") 
   strPublisher = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & CLSID & "\Publisher") 
   strUninstallString = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & CLSID & "\UninstallString") 

   strJREUninstallString = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & strJRE1 & "\UninstallString") 
   strJREDisplayName = wshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & strJRE1 & "\DisplayName") 

   On Error Goto 0

   'Search for presence of Java and Sun in DisplayName and Publisher 
   search1 = Instr(1, strDisplayName, "Java", 1) 
   search2 = Instr(1, strPublisher, "Sun", 1) 
   search3 = Instr(1, strDisplayName, "J2SE", 1) 
   search4 = Instr(1, strUninstallString, "setup.exe", 1)
   search7 = InStr(1, strDisplayName, "Development", 1) + InStr(1, strDisplayName, "Java DB", 1)

   'See if it is the current version
   searchCurVer = InStr(1, strDisplayName, strCurrentVersion, 1)

   'If it is, Show that the current version is found
   If searchCurVer > 0 Then
   CurVerFound = True

   ElseIf strJREUninstallString <> "" Then
       '# JRE 1 found
       strJREUninstallStringNEW = Replace(strJREUninstallString," -f"," -s -a /s /f") 
   redim Preserve arrayJREDisplayName(strArrayCount)
   redim Preserve arrayJREUninstallString(strArrayCount)
       arrayJREDisplayName(strArrayCount) = " - Found Old JRE: " & strDisplayName & "  - Version: " & strDisplayVersion & ", Uninstalling..."
   arrayJREUninstallString(strArrayCount) = strJREUninstallStringNEW 
   strArrayCount = strArrayCount + 1

   ElseIf search7 = 0 And search1 > 0 Or search3 > 0 And search2 > 0 Then
       strUninstCMD = "msiexec.exe /x " & CLSID & " /norestart /qn"

       If search4 > 0 Then
           '# Old InstallShield setup found
           Set tsISS = fso.OpenTextFile(strTempISS & "\" & CLSID & ".iss", 2, True)
 
           'Create Response file for any Java Version 
           tsISS.WriteLine "[InstallShield Silent]" 
           tsISS.WriteLine "Version=v6.00.000" 
           tsISS.WriteLine "File=Response File" 
           tsISS.WriteLine "[File Transfer]" 
           tsISS.WriteLine "OverwrittenReadOnly=NoToAll" 
           tsISS.WriteLine "[" & CLSID & "-DlgOrder]" 
           tsISS.WriteLine "Dlg0=" & CLSID & "-SprintfBox-0" 
           tsISS.WriteLine "Count=2" 
           tsISS.WriteLine "Dlg1=" & CLSID & "-File Transfer" 
           tsISS.WriteLine "[" & CLSID & "-SprintfBox-0]" 
           tsISS.WriteLine "Result=1" 
           tsISS.WriteLine "[Application]" 
           tsISS.WriteLine "Name=Java 2 Runtime Environment, SE v1.4.0_01"
           tsISS.WriteLine "Version=1.4.0_01"
           tsISS.WriteLine "Company=JavaSoft"
           tsISS.WriteLine "Lang=0009"
           tsISS.WriteLine "[" & CLSID & "-File Transfer]"
           tsISS.WriteLine "SharedFile=YesToAll"
           tsISS.Close

           strSetupexe = Left(strUninstallString, search4 + 9) 
           strUninstCMD =  strSetupexe & strUnString & Chr(34) & strTempISS & "\" & CLSID & ".iss" & Chr(34) 
       End If

   redim Preserve arrayJREDisplayName(strArrayCount)
   redim Preserve arrayJREUninstallString(strArrayCount)
   arrayJREDisplayName(strArrayCount) = " - Found Old JRE: " & strDisplayName & "    - Version: " & strDisplayVersion & ", Uninstalling..."
   arrayJREUninstallString(strArrayCount) = strUninstCMD
   strArrayCount = strArrayCount + 1
       
   End If 

Loop

tsIn.Close

Dim I
If CurVerFound AND strArrayCount > 0 Then
   ts.Writeline Now() & " - Current Version: " & strCurrentVersion & " found, continuing with uninstalls..."
   For I = LBOUND(arrayJREDisplayName) to UBOUND(arrayJREDisplayName) 
       ts.WriteLine Now() & arrayJREDisplayName(I)
       ts.WriteLine Now() & " - Uninstall String sent: " & arrayJREUninstallString(I)
       ret = wshShell.Run(arrayJREUninstallString(I) , 0, True) 
       ts.WriteLine Now() & " - Return: " & ret
       If ret <> 0 And ret <> 3010 Then qVal = 1
   Next

ElseIf CurVerFound AND strArrayCount = 0 Then
   ts.WriteLine Now() & " - Current version, " & strCurrentVersion & ", found."  
   ts.WriteLine Now() & " - No Old Java Runtime versions are installed."
   qVal = 99

ElseIf Not CurVerFound Then
   
   ts.WriteLine Now() & " - Current Java version, " & strCurrentVersion & ", not found, installing it."
   ts.WriteLine Now() & " - Running Command: " & strInstallCMD
   ret = wshShell.Run(strInstallCMD , 0, True) 
   If ret <> 0 AND ret<> 3010 Then 
       ts.WriteLine Now() & " - Failed to Install Java, see " & strInstallLog & " for more details.  Exiting Script."
       qVal = 1
   ElseIf strArrayCount > 0 Then
       ts.WriteLine Now() & " - Successfully installed " & strCurrentVersion & ", and logged to " & strInstallLog & "." 
       For I = LBOUND(arrayJREDisplayName) to UBOUND(arrayJREDisplayName) 
       ts.WriteLine Now() & arrayJREDisplayName(I)
       ts.WriteLine Now() & " - Uninstall String sent: " & arrayJREUninstallString(I)
       ret = wshShell.Run(arrayJREUninstallString(I) , 0, True) 
       ts.WriteLine Now() & " - Return: " & ret
       If ret <> 0 And ret <> 3010 Then qVal = 1
   Next
   ElseIf strArrayCount = 0 Then
      ts.WriteLine Now() & " - Successfully installed " & strCurrentVersion & ", and logged to " & strInstallLog & "."
   ts.WriteLine Now() & " - No Old Java Runtime versions are installed."
       qVal = 99
   End If
End If

ts.WriteLine String(120, "_") 
ts.WriteLine String(120, "¯") 
ts.Close
fso.DeleteFolder(strTempISS)
fso.DeleteFile(strTempDir & "\uninstall.tmp")

WScript.Quit(qVal)

Sub PreFlight()
   '# Creates temp files containing extracts from registry 'Uninstall' keys.
   Dim wshShell, fso, sTemp
   Set wshShell = CreateObject("WScript.Shell")
   Set fso = CreateObject("Scripting.FileSystemObject")
   sTemp = wshShell.ExpandEnvironmentStrings("%temp%")
   wshShell.Run "REGEDIT /E %temp%\registry.tmp HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\uninstall", 0, True
   wshShell.Run "cmd /c type %temp%\registry.tmp | find /i ""{"" | find /i ""}]"" > %temp%\uninstall.tmp ", 0, True
   wshShell.Run "cmd /c type %temp%\registry.tmp | find /i ""JRE 1"" >> %temp%\uninstall.tmp ", 0, True
   If Not fso.FileExists(sTemp & "\uninstall.tmp") Then
       ts.WriteLine Now() & " - No input - %temp%\uninstall.tmp Reg extract not created."
       ts.WriteLine String(120, "_") 
       ts.WriteLine String(120, "¯") 
       ts.Close
       WScript.Quit(1)
   End If
End Sub

Sub KillProc()
   '# kills jusched.exe and jqs.exe if they are running.  These processes will cause the installer to fail.
   Dim wshShell
   Set wshShell = CreateObject("WScript.Shell")
   wshShell.Run "Taskkill /F /IM jusched.exe /T", 0, True
   wshShell.Run "Taskkill /F /IM jqs.exe /T", 0, True
End Sub

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PDGPAAuthor Commented:
Edited:

Looked into the log files and it states "Needs permissions"  So how can I elevate the permissions / run as admin with this script?  Its a nice script but I have the same issue as my script
0
DonNetwork AdministratorCommented:
Are your permissions on the share correct ?
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

PDGPAAuthor Commented:
Yes I set the folder to full access for everyone.  Again my issue is that the user that is logging in is not an admin.  I want to execute these scripts as an admin without using the Startup script folder.

See error below
"Action start 13:04:50: LaunchConditions.
MSI (s) (94:D8) [13:04:50:082]: Product: Java 7 Update 65 -- This account does not have sufficient privileges to install Java.  Please login to an account with administrative permissions.

This account does not have sufficient privileges to install Java.  Please login to an account with administrative permissions.
Action ended 13:04:50: LaunchConditions. Return value 3."
0
DonNetwork AdministratorCommented:
Is that when being run as a "Login Script" ??
Is that from the script I posted ?? <<< Did you run it as a "Startup" script ??
0
PDGPAAuthor Commented:
Yes that is the log when run as a "Login Script"

Yes this is the script you posted.  Again I CANNOT user start-up scripts.  I know that would make this much easier but this network we are on and the state of our GPO makes us unable to handle start-up scripts.  I could go into the long explanation as to exactly why we cannot but the short version is that we inherited this infrastructure and now need to maintain it while we build a new one in the background.

Any idea how I can run this script with admin privileges?  Or even just a hard coded Domain admin account?  This is not permanent it is a one time upgrade.
0
DonNetwork AdministratorCommented:
Well then I suggest you create a share and deploy with software distribution(MSI)

http://www.java.com/en/download/help/msi_install.xml


Or you could (I have done it this way) use psexec.exe. By first creating a .BAT that points to the .VBS file

like "\\server\javashare\updatejava.vbs" without quotes.

Then open a cmd prompt and run psexec \\* -c -f -s -d \\server\javashare\updatejava.bat

"*" << wildcard for all pc's in the domain (Easiest way)
-c   << Copies file to the remote pc
-f   << Force copy in case it already existed(like a earlier version)
-s  << Run as system context << you want this
-d  << Dont wait before moving onto the next pc
0
PDGPAAuthor Commented:
Is there anyway to hard-code a domain admin into this script?

For example could I have the script run-as me?  This is only a one-time use case and will be done after hours so I am un-concerned about hard-coding a temp password into our GPO.

I am trying to do some searching but I am very unfamiliar with VBS.  Any more assistance would be great, I do like this script!
0
DonNetwork AdministratorCommented:
Since it's like you say a "One time"..use the Psexec method I described above. I have done it many times that way
0
PDGPAAuthor Commented:
I cannot seem to find a working version of PSEXEC online - all the downloads I find are corrupt.  Do you have a perma-link?
0
DonNetwork AdministratorCommented:
0
PDGPAAuthor Commented:
Hey Dstewartjr,

I got it all setup but I am still getting "access denied" - I am not sure how I am denied, I am using a domain admin account with the tool, and the file shares are shared to everyone at full access.

Is there something I am missing here?
0
PDGPAAuthor Commented:
I am still getting "Access Denied" when running this script from startup scripts area.  Listed as a login script this works fine, however I would like to do this over a weekend on machines that will not have a user logging into it.

I have tried adding "Everyone", "System" & "Domain Computers" to full access to my network share and still psexec comes back with "Access Denied".  I checked the UAC, firewalls and all network access and cannot see why the machines are not able to run this script.

Any assistance would be appreciated!
0
DonNetwork AdministratorCommented:
Are you running the command prompt as either "Another User" (Hold shift down and right click) or as "Run as administrator" ??

are you using all four switches "-c -f -s -d " ??

are you using the .bat to call the script ??? <<<You must
0
PDGPAAuthor Commented:
I appreciate this script, it worked well however our deployment was messy.  This was partially due to Java, partially our network and partially the IE plugins.

Either way I appreciate all the effort!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.