Copying files to System32 w/ Scripting
Hi,
At a loss, hoping someone can see what I am doing wrong. I just want to copy .ico files to C:\Windows\System32 on all machines in my district. I've ran into issues using KACE scripts trying to do this. The task I've been given is to update desktop shortcuts that reside in C:\Users\Public\Desktop. I need to first copy the shortcut's .ico files to system32 (because once the desktop shortcut .url is copied to C:\users\public\desktop it loses its picture and is looking in system32 for the .ico file). I even created new shortcuts and had their picture point to a network location that's global \\servername\DesktopIcons and that still doesn't work. When KACE tries to copy the shortcut files, the pictures sometimes don't come over, it's very sporadic and the logs aren't really helpful as to why this happens. Quest support has stated that working on icon files "is out of their realm of support" even though clearly putting this into KACE is where it stops working... so I am at a loss, I've been trying to get this to work for 3 days now and have been unsuccessful I'm not sure why copying desktop shortcuts is so difficult with the SMA. I can't use the desktop shortcut feature in Configuration Policies either because there is no option for the desktop icon. We are a k-12 school so it's imperative that the icon appears with the internet shortcut for easy identification to children. I tried the File Synchronization feature as well but since these are desktop icons and not software packages I really don't think that would work either. I've read through the usage of robocopy and xcopy but still having issues using the 2 (only with KACE, works fine locally). There are 5 shortcuts altogether but only 2 that need to be updated.
If I run this locally (pretty much all of this ran locally works fine), it works great. Once it's in KACE and ran as local system, it does nothing. I also tried running it through KACE with domain admin credentials and it still won't work (presumably because they do not have access to system32?):
First step, copy .ico files to system32, have tried multiple different ways:
tried: robocopy \\SERVERNAME\DesktopIconTest\DesktopIcons\Icons C:\windows\system32 classlink.ico Destiny.ico "Genesis Login.ico" Gmail.ico SchoolDude.ico - this works ran locally, does not work when ran in a Kscript as local admin nor domain admin
tried: xcopy /Y "%~dp0\Icons\*" "C:\Windows\System32"
tried: Selected "run a batch file" as a Remediation Task and copied both of those ^ into here. Also saved a .bat file and ran from \\SERVERNAME\. Also saved as a .bat file and uploaded as a dependency and than ran it like $(KACE_DEPENDENCY_DIR)\CopyItems.bat
Second Step, Remove the old shortcuts and copy the new ones:
tried: cd C:\users\public\desktop
del "Technology Help Desk.url"
del ClassLink.url
xcopy /Y \\SERVERNAME\DesktopIconTest\DesktopIcons\ClassLink.url "C:\users\public\desktop"
xcopy /Y "\\SERVERNAME\DesktopIconTest\DesktopIcons\Technology Help Desk.url" "C:\users\public\desktop" - works when ran with domain admin credentials
tried: xcopy /Y "SchoolDude.ico" "C:\Windows\System32"
xcopy /Y "Technology Help Desk.url" "c:\users\public\desktop" - combination of the first task and also copies the shortcut
tried: xcopy /Y "classlink.ico" "C:\Windows\System32"
xcopy /Y "classlink.url" "c:\users\public\desktop" - combination of the first task and also copies the shortcut
At this point I guess that I am looking for a method to this madness, maybe I am over complicating it. I'm not really sure why I can't just copy the .url files to the public user's desktop and be done with this like I have done in the past with Kscripts. Any help or resources would be super appreciated, willing to try anything at this point. Thanks
Log for !2020 Desktop Shortcuts - 12/20/19 TEST on RSD-SURF-03 [ Show All ]
| Started: | 12/20/2019 11:17:19 |
| Finished: | 12/20/2019 11:17:20 |
| Elapsed Time: | 1 second |
| Status: | 3 |
Output Log
Running with credntials provided: domain [DOMAINNAME] user [KACEService] Creating process returned non-zero: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\ 739\CopyItems.bat : (0) The operation completed successfully. Error Code: 0 Status Code: 1
Activity Log
verify - on_verify_success verify - on_verify_failure verify - launch_program Launching program: 'C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\ 739\CopyItems.bat' '' wait='true'
Debug Log
Running kbot: runkbot 739 1576858558 KBotScript::LogScriptInfo - Start id=739 name=!2020 Desktop Shortcuts - 12/20/19 TEST version=1576858558 type=policy execute disconnected=false logged_off=true execute events KBotScript::LogScriptInfo - Finish KBotScript::LogScriptInfo - Start id=739 name=!2020 Desktop Shortcuts - 12/20/19 TEST version=1576858558 type=policy execute disconnected=false logged_off=true execute events KBotScript::LogScriptInfo - Finish KBotScriptManager::CleanupDependencies - clean up dependencies in kbot directory C:\ProgramData\Quest\KACE\ kbots_cache\\packages\kbots\ 739\ CleanupDependencies: file CopyIcons.bat is part of the dependency list, keep the file runkbot ----- launching [path='C:\ProgramData\Quest\ KACE\kbots_cache\packages\ kbots\739' program='CopyItems.bat' parms='' wait='true'] -----
Answers (1)
Hey amcfarland,
I see two ways to accomplish this.
- Use a file synchronization job (should be easier) One way to do this would be to couple the files into a zip and upload it as a piece of software
- Call cmd in your script sending to $(KACE_SYS_DIR) instead of C:\windows\System32
What I mean by call cmd is you need to call an application on the system to run the script for you, if you're not using the built in functions. Calling cmd or powershell will work just fine and then you tell it the parameters you want to run.
For example below, this is how I uninstalled Filezilla for a certain label:
Hope this gives you the push you need
Comments:
-
Thank you for your comment! Unfortunately this method did not work for me. I am familiar with calling cmd.exe and passing commands to it as parameters so it made sense. I might want to add, just focusing on this command here robocopy, the local system should have full rights to C:\windows\system32, right? When I run this command as a domain admin from the machine itself through CMD, everything works great. When I run it with my KACE domain admin account, access is denied to system32. This is seeming to be more of a permissions issue. I'm not really sure why though. I also just generated logs that show robocopy succeeding when it copies the files to system32, but when I go to that folder, the files aren't there at all. Very confusing! BTW the command is: robocopy \\SERVERNAME\DesktopIconTest\DesktopIcons\Icons C:\windows\system32 classlink.ico Destiny.ico "Genesis Login.ico" Gmail.ico SchoolDude.ico - amcfarland 4 years ago
-
Getting closer I hope! I think it is running as a 32-bit application and defaulting to the syswow64 directory instead of system32? I just checked that directory on the test machine that I've been working with and sure enough my files are there. Found this - https://community.spiceworks.com/topic/988827-can-t-copy-to-system32 - amcfarland 4 years ago
-
This is exactly the issue. The kace agent is 32 bit, and the path to system32 from a 32 bit process is sysnative.
To have a batch script that works well when run both by hand and by kace, you need to make the path into a variable, and then for good measure, I call the system32 version of processes by doing "%SystemPath%\robocopy.exe" etc.
setlocal
IF EXIST "%SystemRoot%\Sysnative\msiexec.exe" (set "SystemPath=%SystemRoot%\Sysnative") ELSE (set "SystemPath=%SystemRoot%\System32")
"%SystemPath%\robocopy.exe" \\SERVERNAME\DesktopIconTest\DesktopIcons\Icons "%SystemPath%" classlink.ico Destiny.ico "Genesis Login.ico" Gmail.ico SchoolDude.ico
endlocal - chrisgoding 4 years ago