Batch file as Postinstallation Task "run as administrator" in Win7?
Hi all,
I have a batch file that I want to run as a postinstallation task with the K2000. This works fine on WinXP, but not on Win7, as the script copies a file into Program Files, which is a protected folder in Win7. As which user do postinstallation tasks run? I assume not SYSTEM since this isn't working for me. What's the best way to get run this script during a scripted install with SYSTEM privileges in order to bypass any special protection on that folder?
Answers (5)
It runs as the local admin. One way to get around this is to have a script/MI to copy this file once the agent is installed.
Comments:
-
If it's an important file that is need right away maybe create a label for machines that have just been imaged in the past couple of hours. Then create an Online script to run against that label every 15 minutes (depending on your machine count). Just change the last line of this query to match your needs.
select *, UNIX_TIMESTAMP(now()) - UNIX_TIMESTAMP(LAST_SYNC) as LAST_SYNC_TIME,
UNIX_TIMESTAMP(MACHINE.LAST_SYNC) as LAST_SYNC_SECONDS
from ORG1.MACHINE
LEFT JOIN KBSYS.KUID_ORGANIZATION ON KUID_ORGANIZATION.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION ON SMMP_CONNECTION.KUID = MACHINE.KUID AND KUID_ORGANIZATION.ORGANIZATION_ID = 1
where ((OS_INSTALLED_DATE > DATE_SUB(NOW(),INTERVAL 2 HOUR))) - dugullett 11 years ago
I have my machines autologin as admin 2 boots just after post imaging to allow anything like this to run easier.
Comments:
-
In my answer file I have :
<AutoLogon>
<Password>
<Value>XASADFZGFZDSDBVSZVgBkAA==</Value>
<PlainText>false</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>1</LogonCount>
<Username>installer</Username>
</AutoLogon>
Iinstaller is a local user who is an admin. you can create in your ans file or prior to syspreping.
during my post task the machine joins the domain, deletes this user and then auto login as a domain user 2 more times for us to install any extra software we may need from the k1000 or manually.
These are in my post install task
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoAdminLogon /d 1 /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v AutoLogonCount /t REG_DWORD /d 2 /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultDomainName /d domainname /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName /d domainuser /f
start /wait reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPassWord /d Password /f
net user installer /delete - SMal.tmcc 11 years ago
Have you tried running it as a mid-level task (i.e. before the Reboot - Exit Boot Environment section)?
John
An option I would throw my support behind would be using AutoIT create an elevated task, per:
http://www.edugeek.net/forums/windows-7/102014-using-batch-file-copy-files-protected-folders.html
Of course, I'm sure you're already aware of this option... but have you given it a try? I love AutoIT, use it all the time for my scripted installs.
John
Post installation tasks run as whatever user first logs into the machine after deployment is complete. Best practice is to have the system automatically login as a local admin at least once to avoid sitatuations such as the one you are describing. Building a reboot task at the end of your post installation phase will ensure that the system isn't left logged in as a local admin should the computer be left unattended.
