Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

Powershell script help

I'm trying to push out UltraVNC and specific settings.  What I have now is:

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))

{   
$arguments = "& '" + $myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}
$strFileName="%programfiles%\UltraVNC\119x64.txt"
If (Test-Path $strFileName){
  # // File exists
}Else{
  SETUP
}
:SETUP
mkdir %programfiles%\UltraVNC
copy \\domain\netlogon\uvnc\install_server.inf
"\\domain\netlogon\uvnc\UltraVNC_1_1_9_X64_Setup.exe /verysilent loadinf=install_server.inf"
"%programfiles%\UltraVNC\winvnc.exe -install"
"\\domain\netlogon\uvnc\uvncdriver\install_silent.bat"
copy \\domain\netlogon\uvnc\ultravnc.ini "%programfiles%\UltraVNC\ultravnc.ini"
copy \\domain\netlogon\uvnc\119x64.txt "%programfiles%\UltraVNC\119x64.txt"

Open in new window


I copied the first half from a repo because I'm wanting the ps1 to be ran with elevated rights.  Basically the second half makes the new folder on the local machine, copies some files runs an install and an exe with switches.  The problem I have is it's making the new folder inside netlogon versus on the local host.

What cmdlet am I missing to make this run similarly to a batch file?
0
Ben Hart
Asked:
Ben Hart
  • 9
  • 7
1 Solution
 
footechCommented:
You can't do something like this.
}Else{
  SETUP
}
:SETUP

Open in new window

That'll just give errors.

You also can't use variables like %programfiles%.  That will be interpreted literally.  So it would create "%programfiles%\UltraVNC" in the current folder.  If you want to use the environment variable it would be $env:programfiles
Line 16 will copy to the current folder.  I would make the destination explicit.
Lines 17, 18, 19 are just strings, they won't do anything.

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{   
    $arguments = "& '" + $myinvocation.mycommand.definition + "'"
    Start-Process powershell -Verb runAs -ArgumentList $arguments
    Break
}
$strFileName="$env:ProgramFiles\UltraVNC\119x64.txt"
If (Test-Path $strFileName){
    # // File exists
}Else{
    mkdir $env:ProgramFiles\UltraVNC
    copy \\domain\netlogon\uvnc\install_server.inf $env:ProgramFiles\UltraVNC
    # etc
}

Open in new window

I don't really know what commands you need to run to perform the install.  See this link for methods of calling third party executables.
http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx
Methods 5 and 10 are what I'll usually use.  10 is the best, but is only available with PS 3.0+.
0
 
Ben HartAuthor Commented:
gotcha Foo.. it's been a whie since I crafted a new .ps1 so I'm a bit rusty.  Here's what ive got so far.

Set-ExecutionPolicy -ExecutionPolicy Unrestricted
$vnc_source = "\\domain\netlogon\uVNC"
$vnc_install = "\\domain\netlogon\uvnc\UltraVNC_1_1_9_X64_Setup.exe"
$vnc_destination = "c:\program files\UltraVNC"
$vnc_version = "c:\program files\UltraVNC\119x64.txt"
$vnc_ini = "\\domain\netlogon\uvnc\ultravnc.ini"
$vnc_driver = "\\domain\netlogon\uvnc\driver"
new-item -itemtype directory -path $vnc_destination
copy-item -Path $vnc_install -Destination $vnc_destination
cd $vnc_destination
.\UltraVNC_1_1_9_X64_Setup.exe /verysilent loadinf=install_server.inf
start-sleep -Seconds 20
.\winvnc.exe -install
copy-item -path $vnc_ini -Destination $vnc_destination
copy-item -path $vnc_driver -Destination $vnc_destination
cd "c:\program files\UltraVNC\driver"
.\driver\devcon.exe install mv2.inf mv_hoook_display_driver2

Open in new window


My Win7 test VM is updating right now so I can't test it.. yet.  I'm having trouble running the commands individually because I get access denied creating the new folder.  From what I understand a powershell script in a GPO for Startup Scripts are processed as the SYSTEM context so the access should not be a problem then.,
0
 
footechCommented:
For testing you should be able to run in an elevated prompt.  When you get to testing running it as a startup script, if there's any problem I would have it write some messages out to a location that has relaxed permissions.

I don't see any particular problem with what you just posted.  But if there's errors parsing lines 11, 13, or 17, I would first try putting the call operator at the beginning of the line, like:
& .\UltraVNC_1_1_9_X64_Setup.exe /verysilent loadinf=install_server.inf

Open in new window

What version of PS is installed on the machines where this will run?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Ben HartAuthor Commented:
All the targets are Win7 Pro or Ent with SP1 at least.  So IIRC version 3 mostly.. I can't say for certain because there might be a version 2 lurking somewhere.

Can you give an example of writing a log file out like for example if theres an error creating the folder?
0
 
Ben HartAuthor Commented:
Ok rebooting my test vm.. the folder is not created, ultravnc is not installed.. and none of the files are copied all because the folder isnt created.  I added in a line:

Start-transcript -path "writable_location" -append -noclobber, and teh required Stop-Transcript.  but no txt is generated.
0
 
footechCommented:
Win7 comes with PS 2.0.  So unless you upgraded them...
At this point, are you just running from the console or are you trying it as a startup script?  If not from the console, do that until things are working.  You shouldn't have any problem creating the folder if you're running from an elevated session.

Here's a quick example of writing to a log.
try {new-item -itemtype directory -path 'C:\Program Files\test' -ErrorAction Stop } catch { "Error occurred - $($_.exception.message)" | Add-Content c:\temp\errorlog.txt }

Open in new window

0
 
Ben HartAuthor Commented:
Gotcha.. Ok so they're all PS ver 2.0

I'm trying this as a GPO Startup Script under Computer/Policies/Windows Settings/Scripts/Startup
0
 
Ben HartAuthor Commented:
Ok.. turns out it's the execution policy that's killing me at least in part.

Got on my test vm, opened Powershell as Admin, ran that script and it immediately complained about the Execution Policy.  So I manually set that to unrestricted then re-ran.  The folder was created, file copied, setup was ran however it complained about ./winvnc.exe not being a valid file.

I'm thinking the cd $vnc_destination is not going to work.

Not sure how the syntax would work for a:  "& ./c:\program files\bvbd\ultravnc\winvnc.exe"
0
 
footechCommented:
The dot in .\winvnc.exe just means the current folder.  So if winvnc.exe isn't in "c:\program files\UltraVNC" (which is what you specified with $vnc_destination), then no, that command won't find it.  There's nothing wrong with the cd command (cd is just an alias for Set-Location in case you didn't know).  If you want to specify the full path, it would be
& c:\program files\bvbd\ultravnc\winvnc.exe

Open in new window

0
 
Ben HartAuthor Commented:
Ok here's what I've got so far:

# Get the ID and security principal of the current user account
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)
 
# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
 
# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
   {
   # We are running "as Administrator" - so change the title and background color to indicate this
   $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
   $Host.UI.RawUI.BackgroundColor = "DarkBlue"
   clear-host
   }
else
   {
   # We are not running "as Administrator" - so relaunch as administrator
   
   # Create a new process object that starts PowerShell
   $newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";
   
   # Specify the current script path and name as a parameter
   $newProcess.Arguments = $myInvocation.MyCommand.Definition;
   
   # Indicate that the process should be elevated
   $newProcess.Verb = "runas";
   
   # Start the new process
   [System.Diagnostics.Process]::Start($newProcess);
   
   # Exit from the current, unelevated, process
   exit
   }




$vnc_source = "\\difc\netlogon\uVNC"
$vnc_install = "\\difc\netlogon\uvnc\UltraVNC_1_1_9_X64_Setup.exe"
$vnc_destination = "c:\program files\UltraVNC"
$vnc_version = "c:\program files\UltraVNC\119x64.txt"
$vnc_ini = "\\difc\netlogon\uvnc\ultravnc.ini"
$vnc_driver = "\\difc\netlogon\uvnc\driver\"
$log = "\\netapp\custom\joshua\uvnc.txt"
Start-Transcript -path $log -append -noclobber
Import-Module -name Microsoft.Powershell.Host
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
$objfso = new-object -comobject scripting.filesystemobject
if($objfso.fileexists("C:\program files\UltraVNC\119x64.txt" -eq $TRUE))
{echo "Version file exists"
    exit
    }
else
{
echo "Version files does not exist"
}
new-item -itemtype directory -path $vnc_destination
copy-item -Path $vnc_install -Destination $vnc_destination
cd $vnc_destination
& .\UltraVNC_1_1_9_X64_Setup.exe /verysilent /norestart /loadinf=install_server.inf
start-sleep -Seconds 30
echo "Sleeping 30 seconds"
cd "C:\program files\uvnc bvba\UltraVNC"
& .\winvnc.exe -install
echo "VNC Service Installed"
#copy-item -path $vnc_ini -Destination $vnc_destination
copy-item -path \\difc\netlogon\uvnc\ultravnc.ini -Destination "c:\program files\UltraVNC"
echo "INI Copied"
copy-item -path \\difc\netlogon\uvnc\driver\*.* -Destination "c:\program files\UltraVnc"
echo "Driver files copied"
#copy-item -path $vnc_driver -Destination $vnc_destination
cd "c:\program files\UltraVNC"
& "c:\program files\UltraVNC\devcon.exe" install mv2.inf
echo
 "Devcon ran"

pause
Stop-Transcript

Open in new window


I'd paste the transcript but it had almost nothing in it.. none of the errors were written.

So for some reason it's not being ran during startup, not sure what the deal is there.  When I manually run it UAC prompts, then an elevated window opens



I found the code portion for running elevated from here: http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/09/23/a-self-elevating-powershell-script.aspx

However upon startup it does not attempt to run As far as I can tell.  Browinsg to the netlogon share and manually running it does work


I'm starting to think that I should try a different avenue as all I can find suggests you cannot install the Mirror drivers using Powershell alone.
0
 
footechCommented:
I've seen many a question about running scripts as a startup script that need elevated permissions, but I haven't really followed them because I haven't needed to know the answer.   If the script is working when run from the console, I'm afraid that's as far as I can guide you.  I haven't used Start-Transcript for a couple years so I'm not real familiar with it.

If this isn't something that needs to be run repeatedly, I would just look at pushing out the install via PS Remoting or PsExec.
0
 
Ben HartAuthor Commented:
I sort of agree Foo.. only problem is I've invested a good two weeks into making this work.  Maybe stubbornness is my problem here.
0
 
footechCommented:
Being stubborn in this line of work isn't always a bad thing.  :)
But if it doesn't make sense to have it as a startup script then I wouldn't pursue it any further.  You can still use the scripting approach, but modify how you get it to run on every machine.  Do you need this to run everytime a machine starts up?

I went ahead and tested the script you posted above as a startup script (modified a couple things so no changes would be made, and changed line 75 so it wouldn't hang waiting for input), and I had no problem seeing errors in the transcript.  Perhaps you could post what you have from your transcript and I could see if I spot anything.
0
 
Ben HartAuthor Commented:
This question is not abandoned.. I still dont agree with the 3 day stipulation.

I am still working on testing this
0
 
footechCommented:
It does make it a bit harder to help though when I haven't looked at the question for a few days as I have to go back through everything to refresh myself on where we're at.
0
 
Ben HartAuthor Commented:
I chose to no longer work towards pushing out VNC via GPO.  Footech helped me out a lot so the points go to him.

I'm in the same boat as you Foo.  In the real world most admins cannot dedicate 100% of their time to one problem, EE should take note of that.  The time it's taken to get this far and the script still fails to me it is not worth it.  I've got 6 other projects including normal day-to-day stuff.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now