locked
Trying to run program off network location using GPO with Power shell script. RRS feed

  • Question

  • Hello All,

    Not much of a script writer. I am giving it a shot.  My issue is that I need to run a application update across our network and I am trying to do it with as little hands on as possible. So I was planning to push a GPO with a power shell script in it to run the program with elevated privileges. 

    Little background:

    We are running on a domain and end users do not have admin rights.

    The application is stored on a share on our network that is open to all domain users.

    The installer user name and password is a temp one and will only be valid for the 30 min window when everyone logs in at the beginning of the day.

    So this is what I have so far.

    $username = "USER"
    
    $password = "PASSWORD"
    
    
    $credentials = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
    
    
    
    Start-Process PSQLv11Patch_Client_x86.msp -Credential ($credentials) -WorkingDirectory \\Server\Folder\Folder1\Folder2\filder3\PSQLv11sp3_x32\


    But for some reason I keep getting :

    Start-Process : This command cannot be run due to the error: The system cannot find the file specified.
    At line:10 char:1
    + Start-Process PSQLv11Patch_Client_x86.msp -Credential ($credentials) -WorkingDir ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException
        + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

    Any help you could give would be great.

    Thanks,

    jdfmonkey


    • Edited by Jdfmonkey Friday, March 21, 2014 2:47 PM
    • Moved by Bill_Stewart Tuesday, July 22, 2014 6:18 PM Off-topic
    Friday, March 21, 2014 2:06 PM

All replies

  • You cannot and should not do this.  You cannot run a script in a user logon and have it access remote resources.  Placing admmin credentials in a file is a formula for disaster.

    MSP based installs can be installed using this system startup scripts and can be set using GP.  THer eis no need to supply credentials.  Just palce the MSP on a public share.


    ¯\_(ツ)_/¯

    Friday, March 21, 2014 2:37 PM
  • Here is documentation on how to deploy with MSP files: http://technet.microsoft.com/en-us/library/cc179196(v=office.14).aspx


    ¯\_(ツ)_/¯

    Friday, March 21, 2014 2:38 PM
  • MSP based installs can be installed using this system startup scripts and can be set using GP.  THer eis no need to supply credentials.  Just palce the MSP on a public share.

    I tested that but the file requires some [Next] button pushes from the end user and did not work when I tried it this way.  The computer never prompts the user for input. Any ideas?

    As stated in the post the "The installer user name and password is a temp one and will only be valid for the 30 min window when everyone logs in at the beginning of the day."  and it is a local admin account.

    Is there a way to create an answer file for a non Microsoft msp?

    Friday, March 21, 2014 3:00 PM
  • An MSP file is a customization.  Read the link to see how to edit and customize the file.


    ¯\_(ツ)_/¯

    Friday, March 21, 2014 3:13 PM
  • I have tried that but it givings me an error. "Failed to load Setup Customization File. The specified file may not be a valid Setup Customization file for may have been created by a different version of this tool." 

    As I stated earlier it is not a Microsoft MSP file.  That is why I tried to script it instead of using the same GPO Logon bat file deployment used for office installs.

    Any Ideas?


    Friday, March 21, 2014 5:40 PM
  • I have tried that but it givings me an error. "Failed to load Setup Customization File. The specified file may not be a valid Setup Customization file for may have been created by a different version of this tool." 

    As I stated earlier it is not a Microsoft MSP file.  That is why I tried to script it instead of using the same GPO Logon bat file deployment used for office installs.

    Any Ideas?


    Customization file issues are not scripting related.  If you do not know how to customize or if your package is not designed correctly you will have issues.

    An MSP file is NOT an executable.  It is run by MSIEXEC as is shown in the example.  If you are trying to customize Office then this is the ONLY way to do this and have it distribute.  If it is office then you should post in the Office deplouyment forum.  It is nort a scripting issue.

    If you are having issues with another package then you will need to work with the vendor to learn how to customize it.

    It is also possible to exract an MSP into an MSI and use GP Softwqare Distribution to deploy the package.

    None of this can be done by scripting, You cannot install a package under a standard user account and you would not want to do that anyway.  It will likely cause many problems.

    Contact the vendor for instructions on ow to batch deploy the package.


    ¯\_(ツ)_/¯

    Friday, March 21, 2014 5:55 PM
  • Hi jdfmonkey,

    Has anyone provided an answer to your original question?  I am trying to use Start-Process to launch a process using another logged in user's credentials, and am not able to get it working:

    $cred=Get-Credential

    start-process Process.exe-WorkingDirectoryC:\Scripts-Credential$cred

    I get the same error that you mentioned:

    start-process : This command cannot be run due to the error: The system cannot find the file specified.

    At C:\Scripts\Process.ps1:2 char:1

    + start-process Process.exe -WorkingDirectory C:\Scripts -Credential ...

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException

        + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

    When I leave off the credentials:

    start-processProcess.exe-WorkingDirectoryC:\Scripts

    It works correctly.  Does anyone have a solution to make this work correctly?

    Monday, June 23, 2014 9:07 PM
  • Hi jdfmonkey,

    Has anyone provided an answer to your original question?  I am trying to use Start-Process to launch a process using another logged in user's credentials, and am not able to get it working:

    $cred=Get-Credential

    start-process Process.exe-WorkingDirectoryC:\Scripts-Credential$cred

    I get the same error that you mentioned:

    start-process : This command cannot be run due to the error: The system cannot find the file specified.

    At C:\Scripts\Process.ps1:2 char:1

    + start-process Process.exe -WorkingDirectory C:\Scripts -Credential ...

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : InvalidOperation: (:) [Start-Process], InvalidOperationException

        + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand

    When I leave off the credentials:

    start-processProcess.exe-WorkingDirectoryC:\Scripts

    It works correctly.  Does anyone have a solution to make this work correctly?

    Please ask your own question.  You issue is nothing like the current thread.  You clearly are using a user account that has no access to the folder.  It is a permissions issue.  It is not a scripting issue.

    If you need further help please start your own question.


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, June 24, 2014 12:40 AM
    Monday, June 23, 2014 9:49 PM