Dan
asked on
batch file does not run with admin rights
Windows will not run a .bat file.
I have a batch file and an exe file that I'm trying to run from a network location.
Everyone has full access to this network location. When I double click the batch file and run it as the logged in user,
the file works fine. When I right click, and select run as administrator, it fails, it does not run. It's like reversed, I'm trying to use a GP policy to install this file on
all PCs, but it's not working and I think this is why it's not working.
I have a batch file and an exe file that I'm trying to run from a network location.
Everyone has full access to this network location. When I double click the batch file and run it as the logged in user,
the file works fine. When I right click, and select run as administrator, it fails, it does not run. It's like reversed, I'm trying to use a GP policy to install this file on
all PCs, but it's not working and I think this is why it's not working.
That script is intended for the regular endpoint deployment, I am not certain whether the InterceptX deploys through the same methods if downloaded as a standalone package (I could be wrong, I just recall having some issues trying to deploy it separate from the existing AV, but forgot what the issue was unfortuntely).
What I do is I log into the cloud console, and download the complete package.
Once I have that I run a script to uninstall the existing Sophos installation (Set as Run Once) after which I run the script part which you also run utilizing the SophosSetup.exe which contains both AV & InterceptX
Not sure if that helps or is applicable to your environment, but it does the job for me.
Once everyone has the full package deployed you can create a new GPO to check if installed, and if no, deploy full package.
This is however a GPO under computer as mentioned by the expert above my post his comments.
What I do is I log into the cloud console, and download the complete package.
Once I have that I run a script to uninstall the existing Sophos installation (Set as Run Once) after which I run the script part which you also run utilizing the SophosSetup.exe which contains both AV & InterceptX
Not sure if that helps or is applicable to your environment, but it does the job for me.
Once everyone has the full package deployed you can create a new GPO to check if installed, and if no, deploy full package.
This is however a GPO under computer as mentioned by the expert above my post his comments.
The blank that NVIT noted is the 1st problem. The 2nd is the drive s: - it has to be present for any user, and network drives are per-user! So it's better to use \\server\share\... (the UNC notation).
ASKER
I'll check when I get in tomorrow
ASKER
I corrected the spelling in the path, removed the extra space. I also changed the path to the unc, \\server\path, and
I double checked and the script is under the computer config -> policies -> windows settings -> scripts and it's still not working.
I did a gpupdate/force on a the client, and restarted it a few times, I confirmed the computer is in the correct OU as well where the policy would be applied, actually it gets applied to all of the computers.
I did an RSOP, and it looks like there are two references tot eh same batch file, not sure why, or how to clean that up?
I also included a pic of my GP.
I double checked and the script is under the computer config -> policies -> windows settings -> scripts and it's still not working.
I did a gpupdate/force on a the client, and restarted it a few times, I confirmed the computer is in the correct OU as well where the policy would be applied, actually it gets applied to all of the computers.
I did an RSOP, and it looks like there are two references tot eh same batch file, not sure why, or how to clean that up?
I also included a pic of my GP.
ASKER
I ran a gpresult and the report has no data for "computer details", which it should, since this script is under the computer section, not user.
ASKER
I also checked the event log and I couldn't find anything point to a failed GP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If the path cannot be found, then most probably, the system account has no access permissions. Set permissions on the share so the the group authenticated users has read permissions. Do the same at NTFS level.
ASKER
McKnife, sorry for the late response, just been overwhelmed.
I just checked and "authenticated users" does have "read and execute", "List folder contents" and "read" permissions, so that's probably not the issue?
I just checked and "authenticated users" does have "read and execute", "List folder contents" and "read" permissions, so that's probably not the issue?
Did you check both share and NTFS permissions? If so, are denials being used?
ASKER
under file sharing, everyone is listed as read/write
under security tab, everyone has allow and authenticated users have read & execute, list folder contents and read
under security tab, everyone has allow and authenticated users have read & execute, list folder contents and read
ASKER
nothing in the denials section
It can't seem to find SophosSetup.exe.
SophosSetup.exe should be in \\fs1\officefiles\filetran sfer\sopho sintercept x
Assuming your .bat file runs from the Computer Config gpo...
In your .bat file, put a line:
Then, reboot the station.
Then, review the c:\testrun.txt contents
If testrun.txt doesn't
show \\fs1\officefiles\filetran sfer\sopho sintercept x\SophosSe tup.exe as expected, then as mcknife said, it's a permissions issue.
SophosSetup.exe should be in \\fs1\officefiles\filetran
Assuming your .bat file runs from the Computer Config gpo...
In your .bat file, put a line:
dir "\\fs1\officefiles\filetransfer\sophosinterceptx">"c:\testrun.txt"
Then, reboot the station.
Then, review the c:\testrun.txt contents
If testrun.txt doesn't
show \\fs1\officefiles\filetran
ASKER
Thanks guys for your help, I am using PDQ deploy and it works great.
BTW, there seems to be a mis-spelling, i.e. s:\FileTra nsfer