Action script run whoami /upn and get return value into a action parameter

shoerman · July 11, 2023, 2:23pm

Does anyone know how to get the return value of whoami /upn into a action script parameter?
I’m trying to get the Azure username of the currently logged on user “which is their domain email address” into some action code I have to add them to the local admin group.

I know this will not work, and is simplistic attempt at this, but something like this?

override wait
runas=currentuser
completion=job
hidden=true
wait whoami /upn = parameter “DomainEmail”

thank you for any help you can provide.

Jstev · July 11, 2023, 2:34pm

You could probably just do wait cmd.exe /c whoami /upn >> c:\temp\whoami.txt

or something like that.

JasonWalker · July 11, 2023, 2:36pm

There’s not a way to redirect stdout from a process into a parameter directly. Instead you’d need to use a shell to redirect the whoami output into a file, and then fill the parameter by reading the file in relevance.

override wait
runas=currentuser
completion=job
hidden=true
wait cmd /c "whoami /upn > c:\temp\whoami.txt"
parameter "DomainEmail"="{line 1 of file "c:\temp\whoami.txt"}"

Of course you shouldn’t just assume “c:\temp”. The folder might not exist, the data might be tampered by another user on the machine, etc. Instead use the tip at Tip - Action Override User settings about finding a good per-user path for the active user… except another thread here recently highlighted that profile folder of user does not work for AzureAD users, so…that maybe still needs some work, but do be careful about where you write the file (as the user) and where we read the file content (as LocalSystem)

Jstev · July 11, 2023, 2:36pm

I sometimes use a text file but often times I will write it to a registry key so that I can reference it easily without having to worry whether or not the file was deleted.

shoerman · July 11, 2023, 3:03pm

thank you all for your help on this!
yea writing it out to a file and reading it back in is the only way to do it.

shoerman · July 12, 2023, 12:52pm

ran into a odd result on this, it worked on some machines but not others.
the problem was this line.
wait cmd /c "whoami /upn > c:\temp\whoami.txt"
it would create a empty file on some machines.
running the command manually on the same machine would populate the file fine, so this makes no sense why Bigfix running the command on some machines would not populate the file. the pipe is working because the file is being created.
thought I would mention this, in case someone else tries to use this code.

JasonWalker · July 12, 2023, 12:56pm

It might be worth capturing error messages from ‘whoami’ to troubleshoot the issue

override wait
runas=currentuser
completion=job
hidden=true
wait cmd /c "whoami /upn > c:\temp\whoami.txt 2> c:\temp\whoami-error.txt"
parameter "DomainEmail"="{line 1 of file "c:\temp\whoami.txt"}"

shoerman · July 12, 2023, 12:57pm

thanks I will give this a try and see what the error output is.

shoerman · July 20, 2023, 3:44pm

I found a work around, if I build a VB program and compile it to a .exe that does the same thing and pipes the whoami to a text file, it works.
so there is something about bigfix running the whoami command directly it does not pipe out the value to a text file, but if I run a sub process that is an exe it works.

odd thing is bigfix will work for other command pipes, like I can do a dir > sometextfile.txt and it works.