This script doesn't work i don't know why

Discussion in 'Scripting' started by mosquito_hippy, Dec 20, 2008.

  1. I wrote this machine script to apply a patch to the computers of a OU in a
    Windows 2003 Server Domain.

    if exist C:\patchs\kbxxxxxx.dat goto end
    if exist C:\patchs\. goto label1
    md c:\patchs
    :label1
    \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart /log:C:\patchs\
    echo "patch applyed" > c:\patchs\kbxxxxxx.dat
    :end

    I gave to the group "Domain Computers" read and write rights over the share
    where the patch is located.

    I know the script was actually executed because it creates the folder and
    the flag file.

    Any idea

    Thanks in advance.
     
    mosquito_hippy, Dec 20, 2008
    #1
    1. Advertisements

  2. mosquito_hippy

    Al Dunbar Guest

    If run as a logon script, perhaps the user lacks the privs necessary to run
    the patch executable.

    /Al
     
    Al Dunbar, Dec 20, 2008
    #2
    1. Advertisements

  3. You might want to deploy the patch remotely. I have an example VBScript that
    deploys any executable (if it runs silently with no user interaction) to all
    computers in a domain group linked here:

    http://www.rlmueller.net/Deploy.htm

    The program uses WMI to connect to each computer in the group and run the
    specified executable (with parameters). The program pings each computer
    first to check if they are available. The program logs everything to a log
    file. The person running the script must be a member of the local
    Administrators group. By default the group "Domain Admins" is added to the
    local Administrators group when the computer is joined to the domain, so if
    you are member of that group you should be fine. No one needs to be logged
    into the remote computers, but they must be connected to the network and
    running.
     
    Richard Mueller [MVP], Dec 20, 2008
    #3
  4. I ran it as a machine startup script.

     
    mosquito_hippy, Dec 21, 2008
    #4
  5. I'll try your script but just for curiosity, what's the problem with the
    script, why it doesn't run as supposed?
     
    mosquito_hippy, Dec 21, 2008
    #5
  6. mosquito_hippy

    Al Dunbar Guest

    I'm not sure, then, but perhaps you can get some status info from the patch
    executable itself:

    :label1
    (
    \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart
    /log:C:\patchs\
    echo "patch applyed"
    ) > c:\patchs\kbxxxxxx.dat 2>@
    :end

    You might find, for example, that the account that runs machine startup
    scripts does not have access to the patchs share on server mcse-01. Or that
    you have mis-spelt the share name (might it be "patches") or the executable
    (which likely has numbers instead of x's).

    /Al
     
    Al Dunbar, Dec 21, 2008
    #6
  7. Thanks for take the time to answer Al.

    First. The user that execute the script when it is an startup script is the
    "System" user, at least that's i concluded from my research on the subject,
    in theory it would be enough to give to the group "Domain Computers" read
    access to the share. If i'm wrong please let me know.

    Second. I rule out any miss spelling due to the fact the script runs when it
    is executed from the command line for any given user.

    Any idea

    Thankis in advance
     
    mosquito_hippy, Dec 21, 2008
    #7
  8. mosquito_hippy

    \RemS Guest

    Check the value of "RunStartupScriptSync" (search the registry), and ensure
    that startup scripts are running asynchronously (NOT synchronously) on the
    clients.
    http://www.petri.co.il/forums/showpost.php?p=135667&postcount=3
    You can set the behavior of startup scripts (or logonscripts) via a policy
    also.

    If that doesn't help, it is a good plan to capture all output and errors of
    the startup batch to a file;
    http://www.petri.co.il/forums/showpost.php?p=137063&postcount=4
    and have a look at that logfile.


    \Rems
     
    \RemS, Dec 23, 2008
    #8
  9. mosquito_hippy

    Al Dunbar Guest

    That was just a suggestion about one possible problem. I think you are right
    about the required permission - just beware of any DENY permissions that
    might be set. I'm not sure if you could verify this with properties -
    advanced - effective permissions, but alternately, you could create a test
    startup script that attempts to access one of the shares in question.
    Good point.
    I second \RemS's suggestion to log information to a file.

    /Al
     
    Al Dunbar, Dec 29, 2008
    #9
  10. Thank you BJ, executing from the local folder instead the UNC locations did
    the trick.

    The working script looks like this:

    if exist C:\patchs\kbxxxxxx.dat goto end
    if exist C:\patchs\. goto label1
    md c:\patchs
    :label1
    copy \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe c:\patchs
    cd C:\patchs
    mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart /log:C:\patchs\
    echo "patch applyed" > c:\patchs\kbxxxxxx.dat
    :end
     
    mosquito_hippy, Jan 11, 2009
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.