After 1803, batch file no longer works


 Share

Recommended Posts

cd C:\PSTools\
psexec \\%%a -u ###### -p ##### cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_active_x.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_plugin.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_ppapi.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171_64.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\AcroRdrDC1500720033_en_US.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /p "\\computer\c$\temp\AcroRdrDCUpd1801120055.msp" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\googlechromestandaloneenterprise64.msi" /quiet /norestart"

md "\\%%a\c$\temp"
copy "\\computer\c$\temp\Firefox Setup 61.0.1_64.exe" "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe"
psexec \\%%a -u user -p password "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe" -ms

copy "\\computer\c$\temp\TeamViewer_.exe" "\\%%a\c$\temp\TeamViewer_.exe"
psexec \\%%a -u user -p password "\\%%a\c$\temp\TeamViewer_.exe" /S

I'm having a problem with the above code on computers that have Windows 10 1803. This script works fine on Windows 10 1709 and earlier as well as Windows 7. The only error I get when I run this on 1803 is Error 1603. I've tried the various fixes online with no success (sorry, don't remember the exact links to link to them all). Checking event viewer, I see error 1719 for each application ("The windows installer service could not be accessed"). Services shows the service running. I've restarted the service with same results.

 

%%a is the target computer and read from a txt file containing a list of computers. The user is also an administrator on both the source and target computers. This portion is not the problem.

 

Does anybody have any ideas as to what gives?

Link to comment
Share on other sites

On 7/18/2018 at 9:32 AM, storalta said:

cd C:\PSTools\
psexec \\%%a -u ####### -p ######! cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_active_x.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_plugin.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_ppapi.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171_64.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\AcroRdrDC1500720033_en_US.msi" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /p "\\computer\c$\temp\AcroRdrDCUpd1801120055.msp" /quiet /norestart"
psexec \\%%a -u user -p password cmd /c "msiexec.exe /i "\\computer\c$\temp\googlechromestandaloneenterprise64.msi" /quiet /norestart"

md "\\%%a\c$\temp"
copy "\\computer\c$\temp\Firefox Setup 61.0.1_64.exe" "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe"
psexec \\%%a -u user -p password "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe" -ms

copy "\\computer\c$\temp\TeamViewer_.exe" "\\%%a\c$\temp\TeamViewer_.exe"
psexec \\%%a -u user -p password "\\%%a\c$\temp\TeamViewer_.exe" /S

I'm having a problem with the above code on computers that have Windows 10 1803. This script works fine on Windows 10 1709 and earlier as well as Windows 7. The only error I get when I run this on 1803 is Error 1603. I've tried the various fixes online with no success (sorry, don't remember the exact links to link to them all). Checking event viewer, I see error 1719 for each application ("The windows installer service could not be accessed"). Services shows the service running. I've restarted the service with same results.

 

%%a is the target computer and read from a txt file containing a list of computers. The user is also an administrator on both the source and target computers. This portion is not the problem.

 

Does anybody have any ideas as to what gives?

Do you have Active Directory?  If you have MSI's you can easily deploy through group policy and not do any of that, so much easier.

Link to comment
Share on other sites

Unfortunately deploying through GPO is not an option in our environment (long story that involves politics). This was my first choice before I was told to "find another way".

Link to comment
Share on other sites

Try to not run from the temp directory. There is some security software that block running from temp. Also perhaps the system itself is locked a bit. Any chance App locker is on? Are all the files properly digitally signed? msiexec comes up in the %path% (assuming it still does) but have you tried to call it directly? You are using psexec but have you tried running the commands from a remote command prompt individually?

Link to comment
Share on other sites

I wish I had a windows 10 computer to test with and help you.  

 

The best I can suggest is to see if you can execute anything else with psexec on a test computer to determine if it is an issue with psexec running or if there is another issue going one, perhaps with firewall or some sort of application blocker or if it is a path issue.  

 

I strongly suggest moving away from psexec to perform this process or if you are going to script it, have it run in a logon or startup in the computer configuration portion of gpo so that it runs as the system user (no need for elevated or admin creds to install).  I can help you do that if you need proof of concept to show management, you can push to a test computer or a test group so that all computers are not effected, it doesn't need to apply to the entire org or or even an entire OU.  

Link to comment
Share on other sites

1 hour ago, Riva said:

Does it need elevation?

he is supplying an admin user and password in his script so yes it does need elevation.  With my suggestion, the only elevation that would be required is to elevate your self up out of your seat to grab a cup of coffee or maybe you want to elevate your seat a little higher so that you sit taller.   Where you put it in the GPO settings the install runs as a system process that already is at an elevated state.

Link to comment
Share on other sites

On 7/20/2018 at 9:35 AM, eXtermia said:

Try to not run from the temp directory. There is some security software that block running from temp. Also perhaps the system itself is locked a bit. Any chance App locker is on? Are all the files properly digitally signed? msiexec comes up in the %path% (assuming it still does) but have you tried to call it directly? You are using psexec but have you tried running the commands from a remote command prompt individually?

This is before we install our AV or any other software (basically install Windows, add computer to domain, run script). App Locker is not utilized in our environment. Running the commands individually makes no difference.

 

On 7/20/2018 at 11:05 AM, sc302 said:

The best I can suggest is to see if you can execute anything else with psexec on a test computer to determine if it is an issue with psexec running or if there is another issue going one, perhaps with firewall or some sort of application blocker or if it is a path issue.

 

I strongly suggest moving away from psexec to perform this process or if you are going to script it, have it run in a logon or startup in the computer configuration portion of gpo so that it runs as the system user (no need for elevated or admin creds to install).  I can help you do that if you need proof of concept to show management, you can push to a test computer or a test group so that all computers are not effected, it doesn't need to apply to the entire org or or even an entire OU.  

As soon as my manager gets off her ass and approves my suggestion of moving to GPOs for software installation, I am definitely dumping it. Until then, I unfortunately have to make do. Also, I've tried switching out the supplied user/password with -s to force it to run as the system account. No dice.

 

23 hours ago, Riva said:

Does it need elevation?

I've right-clicked and "Run as administrator". Also tried a domain admin account to make sure it wasn't user permissions.

 

22 hours ago, sc302 said:

he is supplying an admin user and password in his script so yes it does need elevation.

I'm female. ?

Link to comment
Share on other sites

It might be a problem with the user or the user format in the command.  Have you switched between netbiosdomainnane\userid to userid@adfqdn?

 

 

it needs to be a user that has admin rights to the local machine. Verify that they do to be in the safe side as well as changing the logon id in the script. 

 

 

essentially, the user doesn’t have the rights to invoke the install mode or that the installer service is broken. 

 

I now have a test machine to play with. I don’t have your full script to play with, I will use what you posted to see if there are issues with that. It will take some time. 

Link to comment
Share on other sites

I figured out what your issue is.  you are missing the -h switch.    

 

Per "psexec /?"  

Quote

-h         If the target system is Vista or higher, has the process
           run with the account's elevated token, if available.

 

Essentially it is a permission issue, due to you not running it in an elevated "token"

 

Try this in this specific location:

 

cd C:\PSTools\
psexec \\%%a -u ###### -p ##### -h cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_active_x.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_plugin.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\install_flash_player_30_ppapi.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\jre1.8.0_171_64.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\AcroRdrDC1500720033_en_US.msi" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /p "\\computer\c$\temp\AcroRdrDCUpd1801120055.msp" /quiet /norestart"
psexec \\%%a -u user -p password -h cmd /c "msiexec.exe /i "\\computer\c$\temp\googlechromestandaloneenterprise64.msi" /quiet /norestart"

md "\\%%a\c$\temp"
copy "\\computer\c$\temp\Firefox Setup 61.0.1_64.exe" "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe"
psexec \\%%a -u user -p password -h "\\%%a\c$\temp\Firefox Setup 61.0.1_64.exe" -ms

copy "\\computer\c$\temp\TeamViewer_.exe" "\\%%a\c$\temp\TeamViewer_.exe"
psexec \\%%a -u user -p password -h "\\%%a\c$\temp\TeamViewer_.exe" /S

 

 

I have tested and it functions correctly with -h

 

without it, it does not like NetbiosDOMAIN\adminuserid, it does like .\LocalAdminID but does not run the install.  It does not like userid@localfdqn at all.

 

 

FWIW, It should have always needed the -h...I don't know why it didn't in the first place as it is supposedly a requirement for vista and above to be able to do certain things like "installs".  

 

 

 

 

 

 

Link to comment
Share on other sites

25 minutes ago, storalta said:

You sir, are a god! Thank you! ?

 


cmd exited on 3b38pq2 with error code 0

 

na...just really good at reading and deciphering meanings.  it isn't all straight forward.  The answers are out there, if you know how to ask "the google" the right questions/have the right search terms also /? helps with most commands ;) .  Also, having things to test with helps.  

 

The event logs helped get the party started though.  Without it, it really was a guessing game.  They really are the single most important tool of your arsenal of getting things figured out.  

 

Key search terms with your issue so you can see how I think:

 

psexec "windows 10" "Windows Installer Service could not be accessed"

 

Then the permissions thing got me thinking...let see if there is a way to elevate the command being pushed.... lets start with /? and read through.  

 

Edit:  I also don't do a lot of things with psexec.   GPO is a really powerful tool that takes care of a lot of administrative things like installs.  

 

 

Link to comment
Share on other sites

I took the lazy way out and treated myself to PDQ Deploy.

 

I would highly recommend it. The free version does amazingly well, and is probably way more than what you need for simple rollouts.

Link to comment
Share on other sites

31 minutes ago, John. said:

I took the lazy way out and treated myself to PDQ Deploy.

 

I would highly recommend it. The free version does amazingly well, and is probably way more than what you need for simple rollouts.

doing it through gpo is just as simple, if not more simple, and no need for 3rd party installers or psexec....if you know how to utilize gpo's for your needs.   It will automatically retire older versions, if done with an msi.  you could also set the uninstall attribute.  

Link to comment
Share on other sites

13 hours ago, sc302 said:

doing it through gpo is just as simple, if not more simple, and no need for 3rd party installers or psexec....if you know how to utilize gpo's for your needs.   It will automatically retire older versions, if done with an msi.  you could also set the uninstall attribute.  

We used to do it through a GPO, but once we found that you can run several steps, run .ps1s before and after etc we were set as it cut our deployment time down by half. 

 

You are right though, doing it through GPO was surprisingly good, it's just PDQ has more features.

Link to comment
Share on other sites

This topic is now closed to further replies.
 Share