|
|
|||||||
Hi all I'm trying to do the following: setl "SU_COMMANDLINE=c:\epoagent\aginst32 /remove" setl "SU_DOMAIN=@domain" setl "SU_PASSWORD=xxxxx" shell "%comspec% /c su administrator" But it goes wrong because of the /remove bit in the first line. Any clues? btw suss.exe is running as service on the pc. cheers Leo |
||||||||
|
|
|||||||
what about: setl 'SU_COMMANDLINE="c:\epoagent\aginst32 /remove"' this keeps the whole line with the remove as var... or should. try and reply how it works cheers, |
||||||||
|
|
|||||||
To bad, it doesn't work: CreateProcessAsUser error! (rc=3) The system cannot find the path specified. cheers Leo |
||||||||
|
|
|||||||
I used RUNAS to achieve a switch in user. I found I had to also use ScriptIt (or AutoIt) to type the password (as RUNAS does not allow you to pipe the password into the command). The one thing I didn't like is the password was stored in a file somewhere which is a REALLY bad idea. However the what I wanted to do was being done selectively and I knew who would be running the script and roughly when. So I put the password in a text file located in a hidden share and left it blank. Then the script would say, "This process has NOT been enabled. Please contact Mickey Mouse on 5551234!" Mark |
||||||||
|
|
|||||||
heh... let's go deeper then. you could also try something like: setl 'commandlinearg="this" /remove' but after the line call cmd to see how it is written in there. like: setl 'commandlinearg="this" /remove' shell "%comspec% /k set" |
||||||||
|
|
|||||||
The script print the following: SU_COMMANDLINE="c:\epoagent\aginst32" /remove it down't give an error but it also doesn't perform the program with the /remove option It seems that only c:\epoagent\aginst32 is being run |
||||||||
|
|
|||||||
could the wksta be xp? |
||||||||
|
|
|||||||
Yes, my machine is running XP prof |
||||||||
|
|
|||||||
xp has some problem with passing first argument... as %0 is not properly interpreted... if just someone could check this as I don't have any XP wksta to test on |
||||||||
|
|
|||||||
Yes but I'm not running it in a logon script yet, just locally on my PC. SO I don't use %0\..\ |
||||||||
|
|
|||||||
yes, but xp seems to handle all those differently as you said the %1 doesn't get passed to the program. does it work, if you open command prompt and put those variables manually and then try to run su? |
||||||||
|
|
|||||||
I've entered the variables manually but still su doens't work If I enter %SU_COMMANDLINE% on the command prompt, the program runs correctly so it seems to have to do with su.exe (and suss.exe) I got those from Bryce'S Kix Library |
||||||||
|
|
|||||||
Lonkero.. It has to be C:\epoagent\aginst32.exe /remove Leo - How about: setl 'SU_COMMANDLINE="c:\epoagent\aginst32 /remove"' Does that work? Kent |
||||||||
|
|
|||||||
kent, what about reading carefully my first post? |
||||||||
|
|
|||||||
OK.. Here we go.. Try this.. code:setl "SU_COMMANDLINE="+$Removecmd$Removecmd = READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\ePOAgent2000","Uninstall Command") Does this help? Kent |
||||||||
|
|
|||||||
May I ask why you are trying to remove the ePO Agent? We just upgraded our enterprise and the Agents have all updated across the domain with little or no issue. We went from ePO 2.0 to 2.52. The upgrade was also completed on locked down workstations too. Thank you, Kent |
||||||||
|
|
|||||||
We're using epo with quite some success. However sometimes it happens that the client stops communicating with the server. So only uninstalling this client and reinstalling makes it working again (installing it again over th old installation doesn help) I've written a perl script which checks for the last communication with the server and if this is longer than 7 days ago, it must remove th old client and reinstall it. It works like a charm on Win 9x machines but I want this to work on Win 2K as well. I've got a kixstart version of the perl script I use so I want to get this working with SU before I try to use it with perl (the perl script is about 4 times faster) |
||||||||
|
|
|||||||
quote:Sorry, no go . It has to do with SU because the command works if I enter it as %SU_COMMANDLINE% on the command prompt |
||||||||
|
|
|||||||
Instead of messing with SU, why not push to Task Scheduler? Looks like you have an admin script running so with JT.EXE, it could also push the task. |
||||||||
|
|
|||||||
$passwd="chrompack" settitle("logonscript") setfocus ("logonscript") setconsole ("foreground") run '%windir%\System32\runas.exe /user:administrator "c:\epoagent\aginst32.exe /remove "' sleep 0.3 sendkeys ($passwd) sendkeys (chr(13)) THIS DOES THE TRICK WITHOUT SU! OK it isn't very neat but it works and it is just as (un)safe as using SU. I found this one somewhere hidden on this forum :-) |
||||||||
|
|
|||||||
No, I wasn't to hasty with publishing, the password isn't valid :-) |
||||||||
|
|
|||||||
What version of ePO are we working with? Thanks, Kent |
||||||||
|
|
|||||||
Epo 2.5.1 cheers Leo |
||||||||
|
|
|||||||
We just went to 2.52 (or SP-1) of ePO.. It has upgraded all clients automatically (even locked down). We just installed this new version on Thursday evening (18 July 2002). All appears well. This appealed to me when investigating this upgrade: quote:Or this.. quote:Or... quote:Here is some information of interst: Product Upgrades www.mcafeeb2b.com/naicommon/download/upgrade/login.asp Valid grant number required. Contact Network Associates Customer Service HTH, Kent |
||||||||
|
|
|||||||
Why even mess with SU or Task Scheduler? Why not set up a service account with Domain Admin rights and setup the agent to use these credentials when installing? We're doing this is our org and do not have rights issues installing the agent. |