• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

After 1803, batch file no longer works

Recommended Posts

storalta    2
cd C:\PSTools\
psexec \\%%a -u ###### -p ##### cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_active_x.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_plugin.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_ppapi.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171_64.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\AcroRdrDC1500720033_en_US.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /p "\\computer\c$\temp\AcroRdrDCUpd1801120055.msp" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\googlechromestandaloneenterprise64.msi" /quiet /norestart"

md "\\%%a\c$\temp"
copy "\\computer\c$\temp\Firefox Setup 61.0.1_64.exe" "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe"
psexec \\%%a -u user -p password "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe" -ms

copy "\\computer\c$\temp\TeamViewer_.exe" "\\%%a\c$\temp\TeamViewer_.exe"
psexec \\%%a -u user -p password "\\%%a\c$\temp\TeamViewer_.exe" /S

I'm having a problem with the above code on computers that have Windows 10 1803. This script works fine on Windows 10 1709 and earlier as well as Windows 7. The only error I get when I run this on 1803 is Error 1603. I've tried the various fixes online with no success (sorry, don't remember the exact links to link to them all). Checking event viewer, I see error 1719 for each application ("The windows installer service could not be accessed"). Services shows the service running. I've restarted the service with same results.

 

%%a is the target computer and read from a txt file containing a list of computers. The user is also an administrator on both the source and target computers. This portion is not the problem.

 

Does anybody have any ideas as to what gives?

Share this post


Link to post
Share on other sites
sc302    1,527
On 7/18/2018 at 9:32 AM, storalta said:

cd C:\PSTools\
psexec \\%%a -u ####### -p ######! cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_active_x.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_plugin.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_ppapi.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171_64.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\AcroRdrDC1500720033_en_US.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /p "\\computer\c$\temp\AcroRdrDCUpd1801120055.msp" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\googlechromestandaloneenterprise64.msi" /quiet /norestart"

md "\\%%a\c$\temp"
copy "\\computer\c$\temp\Firefox Setup 61.0.1_64.exe" "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe"
psexec \\%%a -u user -p password "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe" -ms

copy "\\computer\c$\temp\TeamViewer_.exe" "\\%%a\c$\temp\TeamViewer_.exe"
psexec \\%%a -u user -p password "\\%%a\c$\temp\TeamViewer_.exe" /S

I'm having a problem with the above code on computers that have Windows 10 1803. This script works fine on Windows 10 1709 and earlier as well as Windows 7. The only error I get when I run this on 1803 is Error 1603. I've tried the various fixes online with no success (sorry, don't remember the exact links to link to them all). Checking event viewer, I see error 1719 for each application ("The windows installer service could not be accessed"). Services shows the service running. I've restarted the service with same results.

 

%%a is the target computer and read from a txt file containing a list of computers. The user is also an administrator on both the source and target computers. This portion is not the problem.

 

Does anybody have any ideas as to what gives?

Do you have Active Directory?  If you have MSI's you can easily deploy through group policy and not do any of that, so much easier.

Share this post


Link to post
Share on other sites
storalta    2

Unfortunately deploying through GPO is not an option in our environment (long story that involves politics). This was my first choice before I was told to "find another way".

Share this post


Link to post
Share on other sites
storalta    2

Anybody? This script works fine on 1709, just not 1803.

Share this post


Link to post
Share on other sites
Riva    912

Is your windows installer service running?

I think the new behaviour is stopped by default, windows somehow decides to start it when needed, dont know the exact details.  If thats the case just add net start msiserver at the top of your batch

Share this post


Link to post
Share on other sites
storalta    2

Yes, the service is running. I even set it up to automatically start on boot, no dice.

Share this post


Link to post
Share on other sites
eXtermia    19
Posted (edited)

Try to not run from the temp directory. There is some security software that block running from temp. Also perhaps the system itself is locked a bit. Any chance App locker is on? Are all the files properly digitally signed? msiexec comes up in the %path% (assuming it still does) but have you tried to call it directly? You are using psexec but have you tried running the commands from a remote command prompt individually?

Share this post


Link to post
Share on other sites
sc302    1,527

I wish I had a windows 10 computer to test with and help you.  

 

The best I can suggest is to see if you can execute anything else with psexec on a test computer to determine if it is an issue with psexec running or if there is another issue going one, perhaps with firewall or some sort of application blocker or if it is a path issue.  

 

I strongly suggest moving away from psexec to perform this process or if you are going to script it, have it run in a logon or startup in the computer configuration portion of gpo so that it runs as the system user (no need for elevated or admin creds to install).  I can help you do that if you need proof of concept to show management, you can push to a test computer or a test group so that all computers are not effected, it doesn't need to apply to the entire org or or even an entire OU.  

Share this post


Link to post
Share on other sites
Riva    912

Does it need elevation?

Share this post


Link to post
Share on other sites
sc302    1,527
1 hour ago, Riva said:

Does it need elevation?

he is supplying an admin user and password in his script so yes it does need elevation.  With my suggestion, the only elevation that would be required is to elevate your self up out of your seat to grab a cup of coffee or maybe you want to elevate your seat a little higher so that you sit taller.   Where you put it in the GPO settings the install runs as a system process that already is at an elevated state.

Share this post


Link to post
Share on other sites
storalta    2
On 7/20/2018 at 9:35 AM, eXtermia said:

Try to not run from the temp directory. There is some security software that block running from temp. Also perhaps the system itself is locked a bit. Any chance App locker is on? Are all the files properly digitally signed? msiexec comes up in the %path% (assuming it still does) but have you tried to call it directly? You are using psexec but have you tried running the commands from a remote command prompt individually?

This is before we install our AV or any other software (basically install Windows, add computer to domain, run script). App Locker is not utilized in our environment. Running the commands individually makes no difference.

 

On 7/20/2018 at 11:05 AM, sc302 said:

The best I can suggest is to see if you can execute anything else with psexec on a test computer to determine if it is an issue with psexec running or if there is another issue going one, perhaps with firewall or some sort of application blocker or if it is a path issue.

 

I strongly suggest moving away from psexec to perform this process or if you are going to script it, have it run in a logon or startup in the computer configuration portion of gpo so that it runs as the system user (no need for elevated or admin creds to install).  I can help you do that if you need proof of concept to show management, you can push to a test computer or a test group so that all computers are not effected, it doesn't need to apply to the entire org or or even an entire OU.  

As soon as my manager gets off her ass and approves my suggestion of moving to GPOs for software installation, I am definitely dumping it. Until then, I unfortunately have to make do. Also, I've tried switching out the supplied user/password with -s to force it to run as the system account. No dice.

 

23 hours ago, Riva said:

Does it need elevation?

I've right-clicked and "Run as administrator". Also tried a domain admin account to make sure it wasn't user permissions.

 

22 hours ago, sc302 said:

he is supplying an admin user and password in his script so yes it does need elevation.

I'm female. 😉

Share this post


Link to post
Share on other sites
sc302    1,527

What does the event log say on the remote machine?

Share this post


Link to post
Share on other sites
storalta    2

I'll have to post that Monday. I'm not in the office right now.

Share this post


Link to post
Share on other sites
storalta    2
Posted (edited)

Doesn't matter what application, error is the same. Hope this helps.

 

error.png

Share this post


Link to post
Share on other sites
sc302    1,527

It might be a problem with the user or the user format in the command.  Have you switched between netbiosdomainnane\userid to userid@adfqdn?

 

 

it needs to be a user that has admin rights to the local machine. Verify that they do to be in the safe side as well as changing the logon id in the script. 

 

 

essentially, the user doesn’t have the rights to invoke the install mode or that the installer service is broken. 

 

I now have a test machine to play with. I don’t have your full script to play with, I will use what you posted to see if there are issues with that. It will take some time. 

Share this post


Link to post
Share on other sites
sc302    1,527

I figured out what your issue is.  you are missing the -h switch.    

 

Per "psexec /?"  

Quote

-h         If the target system is Vista or higher, has the process
           run with the account's elevated token, if available.

 

Essentially it is a permission issue, due to you not running it in an elevated "token"

 

Try this in this specific location:

 

cd C:\PSTools\
psexec \\%%a -u ###### -p ##### -h cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_active_x.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_plugin.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_ppapi.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171_64.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\AcroRdrDC1500720033_en_US.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /p "\\computer\c$\temp\AcroRdrDCUpd1801120055.msp" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\googlechromestandaloneenterprise64.msi" /quiet /norestart"

md "\\%%a\c$\temp"
copy "\\computer\c$\temp\Firefox Setup 61.0.1_64.exe" "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe"
psexec \\%%a -u user -p password -h "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe" -ms

copy "\\computer\c$\temp\TeamViewer_.exe" "\\%%a\c$\temp\TeamViewer_.exe"
psexec \\%%a -u user -p password -h "\\%%a\c$\temp\TeamViewer_.exe" /S

 

 

I have tested and it functions correctly with -h

 

without it, it does not like NetbiosDOMAIN\adminuserid, it does like .\LocalAdminID but does not run the install.  It does not like userid@localfdqn at all.

 

 

FWIW, It should have always needed the -h...I don't know why it didn't in the first place as it is supposedly a requirement for vista and above to be able to do certain things like "installs".  

 

 

 

 

 

 

  • Like 1

Share this post


Link to post
Share on other sites
storalta    2

You sir, are a god! Thank you! 😀

 

cmd exited on 3b38pq2 with error code 0

 

  • Like 2

Share this post


Link to post
Share on other sites
sc302    1,527
25 minutes ago, storalta said:

You sir, are a god! Thank you! 😀

 


cmd exited on 3b38pq2 with error code 0

 

na...just really good at reading and deciphering meanings.  it isn't all straight forward.  The answers are out there, if you know how to ask "the google" the right questions/have the right search terms also /? helps with most commands ;) .  Also, having things to test with helps.  

 

The event logs helped get the party started though.  Without it, it really was a guessing game.  They really are the single most important tool of your arsenal of getting things figured out.  

 

Key search terms with your issue so you can see how I think:

 

psexec "windows 10" "Windows Installer Service could not be accessed"

 

Then the permissions thing got me thinking...let see if there is a way to elevate the command being pushed.... lets start with /? and read through.  

 

Edit:  I also don't do a lot of things with psexec.   GPO is a really powerful tool that takes care of a lot of administrative things like installs.  

 

 

  • Like 1

Share this post


Link to post
Share on other sites
+John.    1,367

I took the lazy way out and treated myself to PDQ Deploy.

 

I would highly recommend it. The free version does amazingly well, and is probably way more than what you need for simple rollouts.

Share this post


Link to post
Share on other sites
sc302    1,527
31 minutes ago, John. said:

I took the lazy way out and treated myself to PDQ Deploy.

 

I would highly recommend it. The free version does amazingly well, and is probably way more than what you need for simple rollouts.

doing it through gpo is just as simple, if not more simple, and no need for 3rd party installers or psexec....if you know how to utilize gpo's for your needs.   It will automatically retire older versions, if done with an msi.  you could also set the uninstall attribute.  

Share this post


Link to post
Share on other sites
+John.    1,367
13 hours ago, sc302 said:

doing it through gpo is just as simple, if not more simple, and no need for 3rd party installers or psexec....if you know how to utilize gpo's for your needs.   It will automatically retire older versions, if done with an msi.  you could also set the uninstall attribute.  

We used to do it through a GPO, but once we found that you can run several steps, run .ps1s before and after etc we were set as it cut our deployment time down by half. 

 

You are right though, doing it through GPO was surprisingly good, it's just PDQ has more features.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.