jsnyder213 Posted April 30, 2015 Posted April 30, 2015 I am new...so please execuse me in this process.I am trying to run a MSI file with switchs as an admin account. Basically, I am deploying a software package to users on the domain, and I need them to be able to click on the .exe I created. They will need admin rights to run the .exe, which in turn installs the MSI files.So far I have created a .exe file that runs the MSI file. Using the following codeRunwait('msiexec /i CiscoJabberSetup.msi /qn ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=sitedomain')RunWait('msiexec /i ptools.msi /qn ALLUSERS=2 SITEURL="siteURL" OI=1 OC=1 OFFICE=1 FIREFOX=1 RMENU=1')RunWait('msiexec /i atmcie.msi /qn ALLUSERS=2')This works. So now I need to give my .exe admin rights, so I have tried this:$sUserName = 'adminname'$sPassword = 'adminpassword'$sDomain = 'domain'RunAs("$sUserName", "$sDomain", "$sPassword", 2, "CiscoJabberSetup", @SystemDir, @SW_HIDE)Runwait('msiexec /i CiscoJabberSetup.msi /qn ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=sitedomain')1. If I remove the switches /qn ALLUSERS ... I can run the .exe as I should, but the install is not silent and the user has to interact with it. - this is a no go.2. If I leave it as it is, I can see the msi execute in taskmanager... but it instantly closes. - thus it does not work.So, my question is. What am I missing?Thanks for any help!
jguinch Posted April 30, 2015 Posted April 30, 2015 (edited) In you RunAs call, what is CiscoJabberSetup ?Also, you should use RunAsWait for msiexec, no ?RunAsWait($sUserName, $sDomain, $sPassword, 2, 'msiexec /i CiscoJabberSetup.msi /qn ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=sitedomain', @SystemDir, @SW_HIDE)Edit : and quotes are not needed around variables Edited April 30, 2015 by jguinch Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF
water Posted April 30, 2015 Posted April 30, 2015 Cisco Jabber "lets you access presence, instant messaging (IM), voice, video, voice messaging, desktop sharing, and conferencing." My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
Moderators JLogan3o13 Posted April 30, 2015 Moderators Posted April 30, 2015 Jabber is an IM product, as Water mentions. You have my sympathy for having to deploy it Personally, when I do MSI installs (which is a lot), I will resort to two scripts. One that has just the MSI piece in it, and another (the "Setup") to call the install with the credentials I want to supply (most of my customers have non-admin users, so we often install as System). I can then use the "Setup" script to run the MSI from a network share against a remote machine, if necessary. Works a lot better than trying to do RunAsWait against msiexec, in my experience. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
jguinch Posted April 30, 2015 Posted April 30, 2015 @water & JLogan3o13 : when I asked what is CiscoJabberSetup, I wanted to know why he used RunAs with CiscoJabberSetup and just Run with the MSI. I thought that CiscoJabberSetup was the AutoIt script name... Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF
jsnyder213 Posted April 30, 2015 Author Posted April 30, 2015 @jguinchHonestly, I was just trying to replicate the script as the "example" showed in the helpfile for RunAs. It just had the "program name" in that location, so I tried to duplicate what I thought that meant. as well as a combination of various Forum postings about RunAS.Do you have to specifically use RunAsWait with MSI's?My understanding was that the "Wait", just delayed the script until the MSI (exe, bat, whatever) opened... am I wrong in my understanding?So in your provided code... are you suggesting I Change it to "RunAsWait" and then fill it in with my line ('msiexec /i CiscoJabberSetup.msi /qn ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=sitedomain')... and avoid the second line with the "RunWait"The only reason I ask for clarification is based on a post I read, that showed the RunAS basically giving the credentials and then RunWait actually executing the install file.Also, Thanks for the edit on the variables...
jsnyder213 Posted April 30, 2015 Author Posted April 30, 2015 Jabber is an IM product, as Water mentions. You have my sympathy for having to deploy it Personally, when I do MSI installs (which is a lot), I will resort to two scripts. One that has just the MSI piece in it, and another (the "Setup") to call the install with the credentials I want to supply (most of my customers have non-admin users, so we often install as System). I can then use the "Setup" script to run the MSI from a network share against a remote machine, if necessary. Works a lot better than trying to do RunAsWait against msiexec, in my experience.JLogan3o13... Would this work on a disc? I have the package deployed through a package pushing solution (deployed over the network to connected users)... I am trying to figure out a solution for users who would not get the package install via the network. AKA manually shipping them a disc with the install files on it. The only thing is they ar enot local admins, so I have to use network credentials to install the package.And of course make it as easy for them as possible!
AdamUL Posted April 30, 2015 Posted April 30, 2015 For your remote users, are you going to store the network credentials in the install script? Also, RunAs does not give you full admin rights (Admin Token), even if the user has admin right on the PC. You have to use a workaround of re-execution. Here is an example script. expandcollapse popupGlobal $sAdminUser = "USERNAME" Global $sAdminPassword = "PASSWORD" Global $sDomain = "AD" Global $iLogOnFlag = 0 Global $sParameters = "" ;Elevate with the Admin account. If @UserName <> $sAdminUser And Not IsAdmin() Then $sParameters = "" If Not @Compiled Then $sParameters = ' "' & @ScriptFullPath & '"' EndIf If RunAs($sAdminUser, $sDomain, $sAdminPassword, $iLogOnFlag, @AutoItExe & $sParameters) Then Exit Else Exit MsgBox(16 + 262144, "ERROR!", "Unable to run under administrator account.") EndIf EndIf ;Run with Admin Token in Windows Vista and Higher. If @UserName = $sAdminUser And Not IsAdmin() And Not StringRegExp(@OSVersion, "_(XP|200(0|3))") Then $sParameters = "" If Not @Compiled Then $sParameters = '"' & @ScriptFullPath & '"' EndIf If ShellExecute(@AutoItExe, $sParameters, "", "runas") Then Exit Else Exit MsgBox(16 + 262144, "ERROR!", "Unable to elevate to Admin due to UAC.") EndIf EndIf ;Put rest of the script here. MsgBox(16, $sAdminUser, IsAdmin()) ;ExampleAdam hudsonhock 1
Moderators JLogan3o13 Posted April 30, 2015 Moderators Posted April 30, 2015 jsnyder, what do you use for your delivery system (SCCM, Altiris, etc.)?If they are not connected to the network so you can push the package to them, how are you going to use network credentials to authenticate? Better to use a local administrator account if you have a uniform account on all machines. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
jsnyder213 Posted May 1, 2015 Author Posted May 1, 2015 jsnyder, what do you use for your delivery system (SCCM, Altiris, etc.)?If they are not connected to the network so you can push the package to them, how are you going to use network credentials to authenticate? Better to use a local administrator account if you have a uniform account on all machines.We use Altiris. They are not connected to the network, because they work from home. They have the ability to connect to the network via VPN, but their connection speed is terrible (rural areas, and even some cell phone wireless cards). using VPN I could use Altiris to push the package... but depending on their connection we have had issues with time outs. They ultimately could come into a local office (depending on where they are located, this could be a 2 hour drive) to connect to the network...and thus get the push from AltirisAll our machines have been imaged with the same image, and all have a local department admin account. I am wanting to basically create a script, with that admin account (because it works universally on all computers, even if they are not connected to the network at that very moment) so the user can run it under that account. The every day user is not set up as a local admin, so without the elevated privileges, they can not install the package.Long story short. I have the package working. I just need to create a simple .exe file with elevated privileges that points to the MSI and uses the switches needed... put it on a disc and send it to some one and say "double click on "INSTALL.exe" and you will have the package".
jsnyder213 Posted May 1, 2015 Author Posted May 1, 2015 For your remote users, are you going to store the network credentials in the install script? Also, RunAs does not give you full admin rights (Admin Token), even if the user has admin right on the PC. You have to use a workaround of re-execution. Here is an example script. expandcollapse popupGlobal $sAdminUser = "USERNAME" Global $sAdminPassword = "PASSWORD" Global $sDomain = "AD" Global $iLogOnFlag = 0 Global $sParameters = "" ;Elevate with the Admin account. If @UserName <> $sAdminUser And Not IsAdmin() Then $sParameters = "" If Not @Compiled Then $sParameters = ' "' & @ScriptFullPath & '"' EndIf If RunAs($sAdminUser, $sDomain, $sAdminPassword, $iLogOnFlag, @AutoItExe & $sParameters) Then Exit Else Exit MsgBox(16 + 262144, "ERROR!", "Unable to run under administrator account.") EndIf EndIf ;Run with Admin Token in Windows Vista and Higher. If @UserName = $sAdminUser And Not IsAdmin() And Not StringRegExp(@OSVersion, "_(XP|200(0|3))") Then $sParameters = "" If Not @Compiled Then $sParameters = '"' & @ScriptFullPath & '"' EndIf If ShellExecute(@AutoItExe, $sParameters, "", "runas") Then Exit Else Exit MsgBox(16 + 262144, "ERROR!", "Unable to elevate to Admin due to UAC.") EndIf EndIf ;Put rest of the script here. MsgBox(16, $sAdminUser, IsAdmin()) ;ExampleAdamwhoa. this is intense. I was hoping to store the local admin in the .exe. The users that will be getting this deployment, do not have local admin rights to their machine... so they are prevented from installing anything on their machines. I need a package that stores the local admin account, and runs the MSI files (preferably silent) to install the software. revertex 1
AdamUL Posted May 1, 2015 Posted May 1, 2015 Change the domain to Global $sDomain = @ComputerNamefor a local admin account. This will allow a normal user to run the script with full admin rights using the local admin account. Use RunWait or ShellExecuteWait commands to run the MSI's silently after the code I posted. You can replace the MsgBox calls with what ever error catching you would like. You might want to put in a progress box (See functions ProgressOn, ProgressSet, and ProgressOff.), so the user knows what is installing and the script is running, or call each MSI with the "/qb-" switch. Adam revertex 1
jsnyder213 Posted May 1, 2015 Author Posted May 1, 2015 Change the domain toGlobal $sDomain = @ComputerNamefor a local admin account. This will allow a normal user to run the script with full admin rights using the local admin account. Use RunWait or ShellExecuteWait commands to run the MSI's silently after the code I posted. You can replace the MsgBox calls with what ever error catching you would like. You might want to put in a progress box (See functions ProgressOn, ProgressSet, and ProgressOff.), so the user knows what is installing and the script is running, or call each MSI with the "/qb-" switch. AdamSo... I tried your example, added the MSI at the end of the script and it worked perfectly!! Thanks so much!!Now, in an attempt to learn. Can you (in simple terms) explain what/why your example worked better than what I had? Techincally, I had my script working... if I removed the extra switches on the Runwait('msiexec /i CiscoJabberSetup.msi /qn ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=mdc.mo.gov') (Part in bold)... The MSI would open, but Users would have to interact (which is not what we want). So I guess my script worked like 50%?? What is it about your given script that allows the MSI to work with all the needed switches?
jsnyder213 Posted May 1, 2015 Author Posted May 1, 2015 OK, so Thanks to @AdamnUL, I have my script working for a user that does nto have admin rights to the machine. They can double click on the .exe file and the MSI's run as needed. However, now, if I put it on a CD/DVD I get the error stating that the MSI can not be found.Code:Global $sAdminUser = "ADMIN"Global $sAdminPassword = "PASSWORD"Global $sDomain = @ComputerNameGlobal $iLogOnFlag = 0Global $sParameters = "";Elevate with Admin account.If @UserName <> $sAdminUser And Not IsAdmin() Then $sParameters = "" If Not @Compiled Then $sParameters = ' "' & @ScriptFullPath & '"' EndIf If RunAs($sAdminUser, $sDomain, $sAdminPassword, $iLogOnFlag, @AutoItExe & $sParameters) Then Exit Else Exit MsgBox(16 + 262144, "ERROR!", "Unable to run under administrator account.") EndIf EndIf ; Run with Admin Token in Windows Vista and Higher. If @UserName = $sAdminUser And Not IsAdmin() And Not StringRegExp(@OSVersion, "_(XP|200(0|3))") Then $sParameters = "" If Not @Compiled Then $sParameters = '"' & @ScriptFullPath & '"' EndIf If ShellExecute(@AutoITExe, $sParameters, "", "runas") Then Exit Else Exit MsgBox(16+262144, "ERROR!", "Unable to elevate to Admin due to UAC.") EndIf EndIf ; Script for MSI Runwait('msiexec /i CiscoJabberSetup.msi /qb ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=DOMAIN') MsgBox(0, "Complete", "You are done! Click OK")I converted this file to an .exe and saved it to a disc. When I run it, it can't find the file path. I can do Nameofdrive\subfolder\CiscoJabberSetup... (and it works!) but not every machine is going to have the CD drive as the same drive letter (machine I burned it on was E:\ but test machine's CD drive is D:\... so this won't work).*note: the .exe is in the same subfolder as the MSI files.What excatly am I missing here? revertex 1
jguinch Posted May 1, 2015 Posted May 1, 2015 Use DriveGetDrive to list all CDROM drives, and check if each of these drives contains the msi file. Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF
jsnyder213 Posted May 1, 2015 Author Posted May 1, 2015 Use DriveGetDrive to list all CDROM drives, and check if each of these drives contains the msi file. @jguinchI just looked at this in the helpfile. How would it relate to my issue?Does it run a check for the name of the CD drive (E:\, D:\, F:\... whatever) and then would input it into my RunWait statement? Therefore allowing the script to find the MSI on the disc and run it as "commanded"?
jguinch Posted May 1, 2015 Posted May 1, 2015 Local $sDrive Local $aCDROM = DriveGetDrive ( "CDROM" ) If NOT @error Then For $i = 1 To $aCDROM[0] If FileExists($aCDROM[$i] & "\CiscoJabberSetup.msi" Then $sDrive = $aCDROM[$i] ExitLoop EndIf Next EndIf If $sDrive <> "" Then Runwait('msiexec /i ' & $sDrive & ' \CiscoJabberSetup.msi /qb ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=DOMAIN') Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF
jsnyder213 Posted May 1, 2015 Author Posted May 1, 2015 Local $sDrive Local $aCDROM = DriveGetDrive ( "CDROM" ) If NOT @error Then For $i = 1 To $aCDROM[0] If FileExists($aCDROM[$i] & "\CiscoJabberSetup.msi" Then $sDrive = $aCDROM[$i] ExitLoop EndIf Next EndIf If $sDrive <> "" Then Runwait('msiexec /i ' & $sDrive & ' \CiscoJabberSetup.msi /qb ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=DOMAIN') Thanks for this!It worked, but I had to modify it. where you had If $sDrive <> "" Then Runwait('msiexec /i ' & $sDrive & ' \CiscoJabberSetup.msi /qb ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=DOMAIN') The program was skipping this step... becasue I believe it was comparing it to a blank statment. I removed the "IF/THEN" altogether RunWait('msiexec /i ' & $sDrive & "\JabberWebEx\CiscoJabberSetup.msi /qb ALLUSERS=2 CLEAR=1 SERVICES_DOMAIN=DOMAIN") I also had to add double quotes around the file path and switches.You got the ball rolling... so thanks for the input!
jguinch Posted May 2, 2015 Posted May 2, 2015 $sDrive is blank when no CDROM media containing CiscoJabberSetup.msi is found. So in this case your code will run the MSI from the script directory (or from a folder defined in the PATH environment variable) Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF
AdamUL Posted May 4, 2015 Posted May 4, 2015 jsnyder213,Sorry for the late reply. Now to answer one of your questions.What is it about your given script that allows the MSI to work with all the needed switches?The reason my the script I gave you executes correctly, and your's didn't is due to UAC (User Account Control). A process will not execute with full admin rights unless it is requested from the user executing the process, and that user has to have the rights to request elevation. This is why you see "Run as administrator" in the context menu, when you right click on some file types. In the script, the ShellExecuteWait with the "runas" verb, request the elevation. Since we are running it in a non-admin user context, we have to re-execute the script as the admin user. Now that the script is running by a user that can request elevation, the script re-executes itself again, requesting the admin token. There are other ways of doing this, but for me I believe this is the simplest in turns of scripting. There is one thing I should of mentioned that may be related to your CD issue. After the script has re-executed itself as a different user, the user that it is running as must have rights to access to the file locations of the other files that may be used in the script. Also, I try to use full paths when calling file, like the MSIs. I'm glad that jguinch was able to help you. Adam revertex and Skysnake 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now