This script doesn't work i don't know why mosquito_hippy 12/20/2008 12:48:12 AM I wrote this machine script to apply a patch to the computers of a OU in a Windows 2003 Server Domain. if exist C:\patchs\kbxxxxxx.dat goto end if exist C:\patchs\. goto label1 md c:\patchs :label1 \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart /log:C:\patchs\ echo "patch applyed" > c:\patchs\kbxxxxxx.dat :end I gave to the group "Domain Computers" read and write rights over the share where the patch is located. I know the script was actually executed because it creates the folder and the flag file. Any idea Thanks in advance.

Re: This script doesn't work i don't know why "Al Dunbar" <alandrub[ at ]hotmail.com> 12/20/2008 5:30:32 AM "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in message news:535913B3-775A-4EF6-8F3F-38D217CEFE94[ at ]microsoft.com... [Quoted Text] >I wrote this machine script to apply a patch to the computers of a OU in a > Windows 2003 Server Domain. > > if exist C:\patchs\kbxxxxxx.dat goto end > if exist C:\patchs\. goto label1 > md c:\patchs > :label1 > \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart /log:C:\patchs\ > echo "patch applyed" > c:\patchs\kbxxxxxx.dat > :end > > I gave to the group "Domain Computers" read and write rights over the > share > where the patch is located. > > I know the script was actually executed because it creates the folder and > the flag file. > > Any idea If run as a logon script, perhaps the user lacks the privs necessary to run the patch executable. /Al

Re: This script doesn't work i don't know why "Richard Mueller [MVP]" <rlmueller-nospam[ at ]ameritech.nospam.net> 12/20/2008 4:50:55 PM "Al Dunbar" <alandrub[ at ]hotmail.com> wrote in message news:esizUQmYJHA.1532[ at ]TK2MSFTNGP03.phx.gbl... [Quoted Text] > > "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in > message news:535913B3-775A-4EF6-8F3F-38D217CEFE94[ at ]microsoft.com... >>I wrote this machine script to apply a patch to the computers of a OU in a >> Windows 2003 Server Domain. >> >> if exist C:\patchs\kbxxxxxx.dat goto end >> if exist C:\patchs\. goto label1 >> md c:\patchs >> :label1 >> \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart >> /log:C:\patchs\ >> echo "patch applyed" > c:\patchs\kbxxxxxx.dat >> :end >> >> I gave to the group "Domain Computers" read and write rights over the >> share >> where the patch is located. >> >> I know the script was actually executed because it creates the folder and >> the flag file. >> >> Any idea > > If run as a logon script, perhaps the user lacks the privs necessary to > run the patch executable. > > /Al > > You might want to deploy the patch remotely. I have an example VBScript that deploys any executable (if it runs silently with no user interaction) to all computers in a domain group linked here: http://www.rlmueller.net/Deploy.htm The program uses WMI to connect to each computer in the group and run the specified executable (with parameters). The program pings each computer first to check if they are available. The program logs everything to a log file. The person running the script must be a member of the local Administrators group. By default the group "Domain Admins" is added to the local Administrators group when the computer is joined to the domain, so if you are member of that group you should be fine. No one needs to be logged into the remote computers, but they must be connected to the network and running. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net --

Re: This script doesn't work i don't know why mosquito_hippy 12/21/2008 2:06:01 AM I ran it as a machine startup script. "Al Dunbar" wrote: [Quoted Text] > > "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in message > news:535913B3-775A-4EF6-8F3F-38D217CEFE94[ at ]microsoft.com... > >I wrote this machine script to apply a patch to the computers of a OU in a > > Windows 2003 Server Domain. > > > > if exist C:\patchs\kbxxxxxx.dat goto end > > if exist C:\patchs\. goto label1 > > md c:\patchs > > :label1 > > \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart /log:C:\patchs\ > > echo "patch applyed" > c:\patchs\kbxxxxxx.dat > > :end > > > > I gave to the group "Domain Computers" read and write rights over the > > share > > where the patch is located. > > > > I know the script was actually executed because it creates the folder and > > the flag file. > > > > Any idea > > If run as a logon script, perhaps the user lacks the privs necessary to run > the patch executable. > > /Al > > >

Re: This script doesn't work i don't know why mosquito_hippy 12/21/2008 2:10:00 AM I'll try your script but just for curiosity, what's the problem with the script, why it doesn't run as supposed? "Richard Mueller [MVP]" wrote: [Quoted Text] > > "Al Dunbar" <alandrub[ at ]hotmail.com> wrote in message > news:esizUQmYJHA.1532[ at ]TK2MSFTNGP03.phx.gbl... > > > > "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in > > message news:535913B3-775A-4EF6-8F3F-38D217CEFE94[ at ]microsoft.com... > >>I wrote this machine script to apply a patch to the computers of a OU in a > >> Windows 2003 Server Domain. > >> > >> if exist C:\patchs\kbxxxxxx.dat goto end > >> if exist C:\patchs\. goto label1 > >> md c:\patchs > >> :label1 > >> \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart > >> /log:C:\patchs\ > >> echo "patch applyed" > c:\patchs\kbxxxxxx.dat > >> :end > >> > >> I gave to the group "Domain Computers" read and write rights over the > >> share > >> where the patch is located. > >> > >> I know the script was actually executed because it creates the folder and > >> the flag file. > >> > >> Any idea > > > > If run as a logon script, perhaps the user lacks the privs necessary to > > run the patch executable. > > > > /Al > > > > > > You might want to deploy the patch remotely. I have an example VBScript that > deploys any executable (if it runs silently with no user interaction) to all > computers in a domain group linked here: > > http://www.rlmueller.net/Deploy.htm > > The program uses WMI to connect to each computer in the group and run the > specified executable (with parameters). The program pings each computer > first to check if they are available. The program logs everything to a log > file. The person running the script must be a member of the local > Administrators group. By default the group "Domain Admins" is added to the > local Administrators group when the computer is joined to the domain, so if > you are member of that group you should be fine. No one needs to be logged > into the remote computers, but they must be connected to the network and > running. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > >

Re: This script doesn't work i don't know why "Al Dunbar" <alandrub[ at ]hotmail.com> 12/21/2008 2:55:16 AM "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in message news:2ADD4A2E-AC7D-4018-A666-C9CE66CF75C8[ at ]microsoft.com... [Quoted Text] >I ran it as a machine startup script. I'm not sure, then, but perhaps you can get some status info from the patch executable itself: :label1 ( \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart /log:C:\patchs\ echo "patch applyed" ) > c:\patchs\kbxxxxxx.dat 2>[ at ] :end You might find, for example, that the account that runs machine startup scripts does not have access to the patchs share on server mcse-01. Or that you have mis-spelt the share name (might it be "patches") or the executable (which likely has numbers instead of x's). /Al > "Al Dunbar" wrote: > >> >> "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in >> message >> news:535913B3-775A-4EF6-8F3F-38D217CEFE94[ at ]microsoft.com... >> >I wrote this machine script to apply a patch to the computers of a OU in >> >a >> > Windows 2003 Server Domain. >> > >> > if exist C:\patchs\kbxxxxxx.dat goto end >> > if exist C:\patchs\. goto label1 >> > md c:\patchs >> > :label1 >> > \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart >> > /log:C:\patchs\ >> > echo "patch applyed" > c:\patchs\kbxxxxxx.dat >> > :end >> > >> > I gave to the group "Domain Computers" read and write rights over the >> > share >> > where the patch is located. >> > >> > I know the script was actually executed because it creates the folder >> > and >> > the flag file. >> > >> > Any idea >> >> If run as a logon script, perhaps the user lacks the privs necessary to >> run >> the patch executable. >> >> /Al >> >> >>

Re: This script doesn't work i don't know why mosquito_hippy 12/21/2008 3:25:01 AM Thanks for take the time to answer Al. First. The user that execute the script when it is an startup script is the "System" user, at least that's i concluded from my research on the subject, in theory it would be enough to give to the group "Domain Computers" read access to the share. If i'm wrong please let me know. Second. I rule out any miss spelling due to the fact the script runs when it is executed from the command line for any given user. Any idea Thankis in advance "Al Dunbar" wrote: [Quoted Text] > > "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in message > news:2ADD4A2E-AC7D-4018-A666-C9CE66CF75C8[ at ]microsoft.com... > >I ran it as a machine startup script. > > I'm not sure, then, but perhaps you can get some status info from the patch > executable itself: > > :label1 > ( > \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart > /log:C:\patchs\ > echo "patch applyed" > ) > c:\patchs\kbxxxxxx.dat 2>[ at ] > :end > > You might find, for example, that the account that runs machine startup > scripts does not have access to the patchs share on server mcse-01. Or that > you have mis-spelt the share name (might it be "patches") or the executable > (which likely has numbers instead of x's). > > /Al > > > "Al Dunbar" wrote: > > > >> > >> "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in > >> message > >> news:535913B3-775A-4EF6-8F3F-38D217CEFE94[ at ]microsoft.com... > >> >I wrote this machine script to apply a patch to the computers of a OU in > >> >a > >> > Windows 2003 Server Domain. > >> > > >> > if exist C:\patchs\kbxxxxxx.dat goto end > >> > if exist C:\patchs\. goto label1 > >> > md c:\patchs > >> > :label1 > >> > \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart > >> > /log:C:\patchs\ > >> > echo "patch applyed" > c:\patchs\kbxxxxxx.dat > >> > :end > >> > > >> > I gave to the group "Domain Computers" read and write rights over the > >> > share > >> > where the patch is located. > >> > > >> > I know the script was actually executed because it creates the folder > >> > and > >> > the flag file. > >> > > >> > Any idea > >> > >> If run as a logon script, perhaps the user lacks the privs necessary to > >> run > >> the patch executable. > >> > >> /Al > >> > >> > >> > > >

Re: This script doesn't work i don't know why \RemS 12/23/2008 4:10:01 PM "mosquito_hippy" wrote: [Quoted Text] > Thanks for take the time to answer Al. > > First. The user that execute the script when it is an startup script is the > "System" user, at least that's i concluded from my research on the subject, > in theory it would be enough to give to the group "Domain Computers" read > access to the share. If i'm wrong please let me know. > > Second. I rule out any miss spelling due to the fact the script runs when it > is executed from the command line for any given user. > > Any idea > > Thankis in advance > Check the value of "RunStartupScriptSync" (search the registry), and ensure that startup scripts are running asynchronously (NOT synchronously) on the clients. http://www.petri.co.il/forums/showpost.php?p=135667&postcount=3 You can set the behavior of startup scripts (or logonscripts) via a policy also. If that doesn't help, it is a good plan to capture all output and errors of the startup batch to a file; http://www.petri.co.il/forums/showpost.php?p=137063&postcount=4 and have a look at that logfile. \Rems

Re: This script doesn't work i don't know why "Al Dunbar" <alandrub[ at ]hotmail.com> 12/29/2008 3:57:20 AM "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in message news:DC97DBC5-E10A-42EC-B199-EE956C63E59E[ at ]microsoft.com... [Quoted Text] > Thanks for take the time to answer Al. > > First. The user that execute the script when it is an startup script is > the > "System" user, at least that's i concluded from my research on the > subject, > in theory it would be enough to give to the group "Domain Computers" read > access to the share. If i'm wrong please let me know. That was just a suggestion about one possible problem. I think you are right about the required permission - just beware of any DENY permissions that might be set. I'm not sure if you could verify this with properties - advanced - effective permissions, but alternately, you could create a test startup script that attempts to access one of the shares in question. > Second. I rule out any miss spelling due to the fact the script runs when > it > is executed from the command line for any given user. Good point. > Any idea I second \RemS's suggestion to log information to a file. /Al > Thankis in advance > > "Al Dunbar" wrote: > >> >> "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in >> message >> news:2ADD4A2E-AC7D-4018-A666-C9CE66CF75C8[ at ]microsoft.com... >> >I ran it as a machine startup script. >> >> I'm not sure, then, but perhaps you can get some status info from the >> patch >> executable itself: >> >> :label1 >> ( >> \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart >> /log:C:\patchs\ >> echo "patch applyed" >> ) > c:\patchs\kbxxxxxx.dat 2>[ at ] >> :end >> >> You might find, for example, that the account that runs machine startup >> scripts does not have access to the patchs share on server mcse-01. Or >> that >> you have mis-spelt the share name (might it be "patches") or the >> executable >> (which likely has numbers instead of x's). >> >> /Al >> >> > "Al Dunbar" wrote: >> > >> >> >> >> "mosquito_hippy" <mosquitohippy[ at ]discussions.microsoft.com> wrote in >> >> message >> >> news:535913B3-775A-4EF6-8F3F-38D217CEFE94[ at ]microsoft.com... >> >> >I wrote this machine script to apply a patch to the computers of a OU >> >> >in >> >> >a >> >> > Windows 2003 Server Domain. >> >> > >> >> > if exist C:\patchs\kbxxxxxx.dat goto end >> >> > if exist C:\patchs\. goto label1 >> >> > md c:\patchs >> >> > :label1 >> >> > \\mcse-01\patchs\WindowsXP-KBxxxxxx-x86-enu.exe /norestart >> >> > /log:C:\patchs\ >> >> > echo "patch applyed" > c:\patchs\kbxxxxxx.dat >> >> > :end >> >> > >> >> > I gave to the group "Domain Computers" read and write rights over >> >> > the >> >> > share >> >> > where the patch is located. >> >> > >> >> > I know the script was actually executed because it creates the >> >> > folder >> >> > and >> >> > the flag file. >> >> > >> >> > Any idea >> >> >> >> If run as a logon script, perhaps the user lacks the privs necessary >> >> to >> >> run >> >> the patch executable. >> >> >> >> /Al >> >> >> >> >> >> >> >> >>