Batch file failing on Windows 7 due to administrative privileges

We still use an old terminal emulator called MiniSoft92 to access our HP3000. The program is pretty simple and I've used a batch file to "install" it on WinXP systems. Basically, it just copies files to the local drive off the network, puts a font into the Windows fonts folder, and a shortcut to the executable on the shared desktop. I modified the batch to run on Win7, but the batch fails. Specifically when trying to install the font, and placing the shortcut on the shared desktop.

It seems to be an administrative rights issue. And it doesn't matter if the user running the batch is a member of the local administrators group, if you run it while logged in as the local admin, or if you r-click the batch file and Run As Administrator. In fact, if you do the last, the batch doesn't run at all, where at least it will copy all the files under the other methods.

What am I missing, or what can I add to the batch to get this to run correctly on Win7?

Here's a copy of the batch:

@echo off
cls
c:
cd\
md ms9232
net use x: \\swik-s-fs01\winapps

COPY /Y x:\HPMANMAN\ms9232\*.* c:\ms9232
mkdir C:\MS9232\WS92
COPY /Y x:\HPMANMAN\ms9232\WS92\*.* c:\ms9232\WS92
COPY /Y c:\ms9232\W92.FON C:\WINDOWS\FONTS
COPY /Y c:\ms9232\HPMANMAN.LNK "C:\Users\Public\Public Desktop"

net use x: /d
Eric JackIT ManagerAsked:
Who is Participating?
 
McKnifeCommented:
Don't play, make it a startup script. That's the way one writes to protected locations.
0
 
William FulksSystems Analyst & WebmasterCommented:
I don't think you can straight copy a font into the Fonts folder and make it work. There are other ways, though. Check out this article:

https://social.technet.microsoft.com/Forums/scriptcenter/fr-FR/228ca988-6673-49f5-be73-a6a6f83c489d/install-fonts-using-a-batch-file-need-help-getting-the-coding-correct?forum=ITCG
0
 
Eric JackIT ManagerAuthor Commented:
Interesting. The batch worked fine in WinXP. Anyway, should I be able to create a 4-line vbs script and have the batch file call/launch it?

What about getting the link copied to the shared desktop?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
NVITCommented:
0
 
William FulksSystems Analyst & WebmasterCommented:
To copy to the desktop, try this:

copy /Y c:\ms9232\HPMANMAN.LNK %public%\Desktop\HPMANMAN.LNK

http://www.itninja.com/question/copy-a-shortcut-to-all-users
0
 
Steve KnightIT ConsultancyCommented:
Have you tried right click, run as administrator on the batch file?  By default UAC means that although Administrator has rights to a directory in NTFS permissions it only gets the rights assigned to normal "users" group unless you do this.

If you have a domain you can easily push down fonts using a group policy and while you are at it the app too if wanted.

If you use these paths too they should work regardless of the settings on a PC:

"%public%\desktop" instead of c:\users\public\ etc.
"%windir%\fonts" instead of c:\windows\fonts

Steve
0
 
McKnifeCommented:
Use that script as a startup script - that works with system rights and cannot be stopped by UAC since UAC is off for system. By the way: your script would fail for xp, too. But since it works, we can be sure that you had added your users to the dangerous "power user" group on xp... remember that power users may transform themselves into admins without much know-how.
0
 
Eric JackIT ManagerAuthor Commented:
When I r-click and run the batch as administrator, it doesn't work at all. The only thing I get is the command window flashes up and disappears and it doesn't even copy the files.

For the record, here's the original batch that was used on XP, which worked without problems:

@echo off
cls
c:
cd\
md ms9232
net use x: \\swiks01\winapps

COPY /Y x:\HPMANMAN\ms9232\*.* c:\ms9232
mkdir C:\MS9232\WS92
COPY /Y x:\HPMANMAN\ms9232\WS92\*.* c:\ms9232\WS92
COPY /Y x:\HPMANMAN\ms9232\W92.FON C:\WINDOWS\FONTS
COPY /Y x:\HPMANMAN\ms9232\HPMANMAN.LNK "C:\Documents and Settings\All Users\DESKTOP"

net use x: /d

As part of my IT/company policy, I allow each user to be a member of their own computer's local Administrators group. It just saves a lot of headaches. They don't have to bother me for any little thing they want to do on the PC, and they're pretty well trained not to hose their systems.

I'll give the suggestions listed above a try on Tuesday when I'm back in the office.
0
 
NVITCommented:
Try running it in a CMD prompt. This way you can see any errors. You may want to temporarily remove the @echo off, also.
0
 
Steve KnightIT ConsultancyCommented:
The right click run-as-admin not working will be because you don't have group policy set to link user and admin access and the users are local admins, will dig it out...  The run-as-admin will not see the network drive, the non run-as-admin will not be able to write to the fonts dir unless "Users" group is given rights to that dir.

Much better if this is a domain look at pushing font down with group policy?

The local admin user issue --> https://technet.microsoft.com/en-us/library/ee844140%28v=WS.10%29

Steve
0
 
Eric JackIT ManagerAuthor Commented:
Ugh! This is more complex than I was hoping. I'd prefer to avoid making it a group policy as not everyone uses this old software and we'll be phasing it out later this year anyway. I've been super hectic at work, so I'll play around with a few suggestions posted when I have a moment later this week or next.
0
 
Steve KnightIT ConsultancyCommented:
And easy enough to push down a group policy to a specific OU, or to a certain security group for the relevent people.
0
 
Eric JackIT ManagerAuthor Commented:
Doing this in a group policy or startup script is probably the best answer, given how Win7's UAC has neutered the ability of the script since XP. But I have to admit I pretty much suck at startup scripts. I'd want the script to run only once when a new PC was deployed; copy the folder(s) from the network to the local drive, copy the font to the font folder, and copy the link to the public desktop. I want to make sure it doesn't run every time, and also if they delete the link from the desktop or move it somewhere else, not to keep cluttering the desktop with new links. (I'm one of the people who's picky about how my desktop is organized, and I know others are too.)
0
 
McKnifeCommented:
1st: UAC hasn't neutered it. Look, as I told you, your xp users were set to be power users - that's why it worked. For standard users, it would not have worked on xp either. Using power users is a bad practice (since they could promote themselves to admins at any time) that's why that group no longer exists on vista/win7/8.x

2nd: to make it run only one, have the batch create a folder and check for its existance like in:
if exist %Windir%\admin\mybatchhasrun goto end
md %Windir%\admin\mybatchhasrun
---yourscripthere---
:end

Open in new window

0
 
Eric JackIT ManagerAuthor Commented:
McKnife, I didn't mean to sound whiny. My comment about UAC is from my point of view. I'm a 1-man IT department in a company with 50-75 systems, plus I'm forced to be a jack of all trades, master of none with PCs, servers, networks, ERP, software, phones, printers, A/V equipment and anything with a power plug or battery under my jurisdiction.

To make my life easier, I have to make everyone a member of the local administrators group on their PC. On XP, that meant they could do everything they needed to, including running this batch file. Sure... every now and then someone was a bonehead and I had to fix the PC, but they're pretty well trained and usually avoid that. With 7, even though I make the users members of the local admin group, they can't run this batch file. They can do most other stuff after getting nagged by those admin rights pop-ups. So from my point of view, the functionality of the local admin has been reduced.

I'll need to refresh myself on setting up a script as you're suggesting. I haven't touched it in years. In fact, the current script is placing obsolete shortcuts on the desktop so this would be a good time to fix that too. If I can only remember how I did it...
0
 
McKnifeCommented:
You can still use your very script.
0
 
Eric JackIT ManagerAuthor Commented:
Sorry, I should have said setting up the script to run automatically. I'd add the line you suggested to make it run just once.
0
 
McKnifeCommented:
Ok...
To set that batch as a startup script, follow this guide: https://technet.microsoft.com/en-us/library/cc779329%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
0
 
Eric JackIT ManagerAuthor Commented:
This has been a lower priority than some of my other projects, so apologies for the delay in responding with results.

Ok...
To set that batch as a startup script, follow this guide: https://technet.microsoft.com/en-us/library/cc779329%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

These instructions are outdated due to the fact that my DC is Windows 2008 R2. But I was able to set my batch file to run on logon within the Group Policy Management tool anyway. Problem is... batch IS running because I see that it creates the folder and copies the files. However, it is still failing to copy the shortcut to the desktop and the font to the font folder.

I've included a screenshot showing the group policy in place, and here's the current version of the batch file:

if exist C:\MS9232 goto end
::@echo off
::cls
c:
cd\
md ms9232
net use x: \\swik-s-fs01\winapps

COPY /Y x:\HPMANMAN\ms9232\*.* c:\ms9232
mkdir C:\MS9232\WS92
COPY /Y x:\HPMANMAN\ms9232\WS92\*.* c:\ms9232\WS92
COPY /Y c:\ms9232\W92.FON C:\WINDOWS\FONTS
COPY /Y c:\ms9232\HPMANMAN.LNK "C:\Users\Public\Public Desktop"

net use x: /d
:end

NOTE: Even though I've commented out the echo off and cls commands, there's no on-screen indication that the batch runs/ran so I can't see what the errors are, if any. So what am I doing wrong?

GPO.JPG
0
 
McKnifeCommented:
Welcome back.
"These instructions are outdated due to the fact that my DC is Windows 2008 R2" - not outdated. The process remains exactly the same.
"I was able to set my batch file to run on logon..." - which cannot succeed. Again: logoon scripts run with user rights. Startup scripts run with full system rights.
0
 
Eric JackIT ManagerAuthor Commented:
Well, i never really "left", just was busy with other things. It's fun being a 1-man IT department with no support contracts or managed service providers to back me up. Don't ask me about my vacation days... ;-)

"Outdated" insofar as the GP Management tools have a different look and feel from 2003 to 2008. I was scratching my head trying to figure out why I couldn't find the exact place to add the script until I realized the link you gave applied to 2003. No worries, I looked up where to find it on 2008 and you can see my results.

Doh! Looks like I put the batch file in the wrong place. Let me change that and I'll let you know how it turns out. I'm assuming that if I apply the change to the Startup under Computer Config, I'll need to link it to the Desktops/Laptops part of the OU instead of to the People...
0
 
McKnifeCommented:
"I'm assuming that if I apply the change to the Startup under Computer Config, I'll need to link it to the Desktops/Laptops part of the OU instead of to the People... " - right!
0
 
Steve KnightIT ConsultancyCommented:
Correct.  Or you can link it at the domain level if easier but then would trigger for any servers in different ou's etc.

Startup script will have rights to that directory BUT you may need to add "Domain Computers" or "Everyone" as rights at NTFS and the share for your mapped drive details with at least Read access if it doesn't already.

Steve
0
 
Eric JackIT ManagerAuthor Commented:
Well, I'm still missing something. I think I'm aggravated and it's making me miss something simple I shouldn't be missing. I changed the GP to call upon the batch in the Computer Config Startup and linked it to the Laptops OU. But even after doing a gpupdate on the laptop and then rebooting it, the batch did not run. No directory was created, no files copied, etc.

GPO.JPG
0
 
McKnifeCommented:
And you read and followed the advice about the permissions of your share that holds the batch? Authenticated users OR domain computers OR Everyone would need read permissions (skip the "at least" - don't make it anything else but read at any cost).
0
 
Eric JackIT ManagerAuthor Commented:
I was composing and posting my last reply when Steve posted his.

Yes, I failed to add that permission to the folder holding the batch file. So I have now done so: I've given Everyone read access to the folder \\swik-s-fs01\winapps\hpmanman and after doing a gpupdate and rebooting the laptop again, the batch ran. (gpupdate was probably unnecessary now that I think about it.)

But... still no desktop icon or font in the font folder. So at this point, no improvement over when I was just running it as a batch file myself.
0
 
McKnifeCommented:
Ok, this will soon clear up :)
You can kind of simulate the startup script processing like this:
1 download psexec as part of the MS freeware "pstools"
2 logon to a pc
3 start cmd via rightclick-option "run as administrator"
4 run the command "psexec -s -i cmd"
5 the newly opened shell runs with system rights and now from there, launch your batch \\winapps\...\hpmama_7.bat

Now you will see what is going on.
0
 
Eric JackIT ManagerAuthor Commented:
I'll check that out when I get back to the office next week. Update to follow.
0
 
Steve KnightIT ConsultancyCommented:
BTW you would normally put the script for the startup script on the sysvol, i.e. within group policy add it in the dir. it suggests, though it doesn't matter.   If you want to see what it is doing, Add a ( before the top command, a ) after the last followed by > \\server\share\logfile.txt, i.e. like this.  Don't forget your script if run is skipping all the copying if the directory already exists?

Steve

(if exist C:\MS9232 exit /b
cls
cd /d C:\
md c:\ms9232
net use x: \\swik-s-fs01\winapps

COPY /Y x:\HPMANMAN\ms9232\*.* c:\ms9232
mkdir C:\MS9232\WS92
COPY /Y x:\HPMANMAN\ms9232\WS92\*.* c:\ms9232\WS92
COPY /Y c:\ms9232\W92.FON "%windir%FONTS"
COPY /Y c:\ms9232\HPMANMAN.LNK ""%public%\desktop"

net use x: /d

) > \\server\share\logfile.txt 

Open in new window

0
 
Eric JackIT ManagerAuthor Commented:
Okay, I tried the PsTools trick and saw that the batch file was running without any errors! Yet the desktop shortcut and font files didn't copy, even though the batch said it did. Utterly confused at that, I decided to try using the % variables in Steve's example. So I updated my batch and ran it again. This time the desktop shortcut appeared! But the font did not. So I'm almost there... but without errors I don't know why it's not working!

Capture.PNG
Latest version of batch:

if exist C:\MS9232 goto end
::@echo off
::cls
c:
cd\
md ms9232
net use x: \\swik-s-fs01\winapps

COPY /Y x:\HPMANMAN\ms9232\*.* c:\ms9232
mkdir C:\MS9232\WS92
COPY /Y x:\HPMANMAN\ms9232\WS92\*.* c:\ms9232\WS92
::COPY /Y c:\ms9232\W92.FON C:\WINDOWS\FONTS
COPY /Y c:\ms9232\W92.FON "%windir%\FONTS"
::COPY /Y c:\ms9232\HPMANMAN.LNK "C:\Users\Public\Public Desktop"
COPY /Y c:\ms9232\HPMANMAN.LNK "%public%\desktop"

net use x: /d
:end
0
 
McKnifeCommented:
INstalling a font is not only copying the font but also importing a registry key corresponding to the font. Google "font deployment".
0
 
Eric JackIT ManagerAuthor Commented:
Adding to the mystery: If I use Windows Explorer and look in C:\WIndows\Fonts, I do not see the w92.fon. But if I open a cmd window and do a dir c:\windows\fonts, it shows up! But the program does not see the font and fails to work correctly.
0
 
Eric JackIT ManagerAuthor Commented:
Argh! Why is it I can log into a PC as a local admin and just copy the font file to the fonts folder and be done with it, but if I try to automate it, the process becomes 10x more complex? I appreciate all the help everyone has given, but at this point I'm just going to call it quits and continue to manually install this program.

I don't have any more time to muck around with packaging msi files gpos and whatnot for a font for something that is practically obsolete anyway!

It's a legacy app that will be replaced in a few months. At most I'm looking to deploy 10-20 new computers between now and then. I've wasted far more time trying to automate this process than if I had just manually installed it on all those new comptuers.

But it's been a learning experience, and I've discovered another issue with my group policy/logon script that I need to solve (post coming soon.) At least I'll feel more comfortable working with group policies in the future.
0
 
McKnifeCommented:
Hey... don't quit! Add one line that adds one registry entry for the font and you are done. Don't you know what line that is?
0
 
McKnifeCommented:
regedit /s font.reg

Open in new window


The font.reg would contain the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"fontname (TrueType)"="filename.ttf"

(taken from http://www.sevenforums.com/general-discussion/28817-installing-fonts-via-command-line-script.html )
0
 
Eric JackIT ManagerAuthor Commented:
I think I may have solved it... going back to the first reply by William, he linked a article with a vbs script to install the font. I recreated that vbs and inserted it into my batch file. My test in PsTools worked, and all I need to do it try it as part of the startup process.
0
 
William FulksSystems Analyst & WebmasterCommented:
Cool! I hope that's all you had to do.
0
 
Eric JackIT ManagerAuthor Commented:
Well, the vbs script in the batch file called by the GPO didn't quite work. It would seem to do everything, but when I ran the program, it would fail on the fonts. In the end, I kind of made a mishmash of everything and wound up with a batch file that included a REG ADD command.

But I've applied the GPO that runs the batch to the computer groups, booted a computer that didn't have the software, and it seemed to run fine. The catch is I need to reboot the PC at least once for the fonts to be fully installed/available for use. Then the program runs okay.

Here's the final version of the batch file:

if exist C:\MS9232 goto end
c:
cd\
md ms9232
net use x: \\swik-s-fs01\winapps
COPY /Y x:\HPMANMAN\ms9232\*.* c:\ms9232
mkdir C:\MS9232\WS92
COPY /Y x:\HPMANMAN\ms9232\WS92\*.* c:\ms9232\WS92
COPY /Y c:\ms9232\W92.FON "%windir%\FONTS"
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" /v "Win92 Fonts" /t REG_SZ /d "w92.fon" /f
COPY /Y c:\ms9232\HPMANMAN.LNK "%public%\desktop"
net use x: /d
:end

Thanks for encouraging me to get this working. Yes... I spent more time futzing with this than I would have spent manually installing the program as I had been. But at least I've (hopefully) learned a couple new things.
0
 
Eric JackIT ManagerAuthor Commented:
Well, this one turned out to be quit the project, but it seems to be working in the end. My final result wound up taking advice, suggestions and instructions from several people and several different posts. so there is no ONE answer/resolution to this problem. I tried to provide points to all the posts that helped me. Hopefully nobody gets mad at me for "doing it wrong".
0
 
Steve KnightIT ConsultancyCommented:
Thanks, I don't think most people are that bad at EE but know what you mean!
0
 
William FulksSystems Analyst & WebmasterCommented:
Sometimes it takes a team to figure this stuff out!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.