How to copy files in %appdata% of current user

written by jmlafreniere91)

Hello, I’m trying to create a Bigfix script that copies some files to the %appdata% of the current user.

Could you please tell me how I can do that ?

I’ve been trying to use the Windows Software Distribution Wizard to push the files to the server, then execute a .CMD file that copies the data to %appdata%, but the data is never written.

Action script:


download http://bigfix.domain.com:52311/Uploads/51ffb2dc7678f0ee1ad28d6e9640ec095aaf2fc6/signature.tmp

continue if {(size of it = 15093 AND sha1 of it = “51ffb2dc7678f0ee1ad28d6e9640ec095aaf2fc6”) of file “signature.tmp” of folder “__Download”}

extract signature.tmp

wait __Download\signature.cmd (see content of signature.cmd below)


I’ve also tried this, to no avail.


wait __Download\signature.cmd “{value “APPDATA” of key “Volatile Environment” of current user key (logged on user) of registry}\Microsoft\Signatures”


Content of signature.cmd:


@echo off

rem This section creates the Signatures directory if it doesn’t exist

if exist “%appdata%\Microsoft\Signatures” goto copy

mkdir “%appdata%\Microsoft\Signatures”

rem This section copies the files

:copy

rem This section creates a log if files are already present

if exist “%appdata%\Microsoft\Signatures\flag.sig” echo Signature files already installed > “%appdata%\Microsoft\Signatures\signature.log”

rem This section copies the files if not present

if not exist “%appdata%\Microsoft\Signatures\flag.sig” copy /y “\domain.com\netlogon\itsd\templates\signature\signature\Signature.*” “%appdata%\Microsoft\Signatures”


Could you please tell me what I should do ? Can I use something else than the .CMD and use the dos copy command instead, but how does it work knowing that Bigfix uses the SYSTEM account ?

Regards,

JML

1 Like

(imported comment written by jessewk)

signature.cmd is running under the SYSTEM account, so %appdata% in your batch file will look for the %appdata% location for the system account, not the current user account. I suspect your SYSTEM account probably doesn’t even have an %appdata% environment variable.

Additionally, your cmd file accesses a share which would need to be setup as a null session in order for the system account to have permission to access the files.

You have a couple options:

  1. Run the cmd file through the RunAsCurrentUser.exe utility. Search the forum for many examples. However, you will need to ensure that the current user has permissions to access your share.

  2. Re-write the action to use native BigFix ActionScript commands to download the signature files and move them to the correct location.

I would highly recommend option 2. It will me much more reliable and easier to troubleshoot. You can also use relevance to restrict the action from running on machines that already have the updated signature files.

Jesse

Jesse

(imported comment written by jmlafreniere91)

Thanks Jesse, is it possible to give me the commands for this specific example, as I have tried many things and it doesn’t seem to be working. I guess I have to 1) Upload the files to the Bigfix server 2) Run some copy commands.

Regards,

Jim

(imported comment written by jessewk)

Hi Jim,

Use the Windows Software Distribution Wizard to upload the files to the server. Then edit the action script so that after the extract statement it does something like this:

download …
continue if …
extract …

parameter “sig_path” = “{value “APPDATA” of key “Volatile Environment” of current user key (logged on user) of registry}\Microsoft\Signatures”

delete "{parameter “sig_path”}\file1"
copy __Download\file1 “{parameter “sig_path”}\file1”

delete "{parameter “sig_path”}\fileN"
copy __Download\file1 “{parameter “sig_path”}\fileN”

For relevance, you want to use something like:

number of logged on users = 1 AND (exists file “file1” whose () of it OR … OR exists file “fileN” whose () of it ) of folder ((it as string & “\Microsoft\Signatures”) of value “APPDATA” of key “Volatile Environment” of current user key (logged on user) of registry)

Jesse

(imported comment written by jmlafreniere91)

Jesse, I’ve created my task using the Wizard and this is what I have under action:

download http://bigfix.company.com:52311/Uploads/cc503e4524c37d2bff4c15f869b2ed1c3e7ec64c/signature.tmp

continue if {(size of it = 14849 AND sha1 of it = “cc503e4524c37d2bff4c15f869b2ed1c3e7ec64c”) of file “signature.tmp” of folder “__Download”}

extract signature.tmp

parameter “sig_path” = “{value “APPDATA” of key “Volatile Environment” of current user key (logged on user) of registry}\Microsoft\Signatures”

copy __Download\sign.htm “{parameter “sig_path”}\sign.htm”

copy __Download\sign.rtf “{parameter “sig_path”}\sign.rtf”

copy __Download\sign.txt “{parameter “sig_path”}\sign.txt”

Also, I’ve put the following relevance, based on yours:

number of logged on users = 1 AND (not exists file “sign.htm”) of it OR (not exists file “sign.rtf”) of it OR (not exists file “sign.txt”) of folder ((it as string & “\Microsoft\Signatures”) of value “APPDATA” of key “Volatile Environment” of current user key (logged on user) of registry)

And after verification on some “relevant” computers, they do have the files in their %appdata%\Microsoft\Signatures, then it should not be relevant.

Can you tell me what I’m doing wrong ? I want that fixlet to be applied ONLY if the user is in session AND the files are NOT present, as I don’t want to overwrite them.

Best regards,

Jim

(imported comment written by jessewk)

You just have some parentheses in the wrong place, and I think you want to use AND instead of OR. Try this:

number of logged on users = 1 AND (not exists file “sign.htm” of it AND not exists file “sign.rtf” of it AND not exists file “sign.txt” of it) of folder ((it as string & “\Microsoft\Signatures”) of value “APPDATA” of key “Volatile Environment” of current user key (logged on user) of registry)

Jesse

(imported comment written by jmlafreniere91)

Looks like it works Jesse, thank you very much !

(imported comment written by jmlafreniere91)

Hello Jesse, I thought it worked, but it seems the relevance faild. When I use the Relevance Debugger with this line:

number of logged on users = 1 AND (not exists file “sign.htm” of it AND not exists file “sign.rtf” of it AND not exists file “sign.txt” of it) of folder ((it as string & “\Microsoft\Signatures”) of value “APPDATA” of key “Volatile Environment” of current user key (logged on user) of registry)

I get this error:

Error: Singular expression refers to nonexistent object.

Any idea ?

(imported comment written by jessewk)

The logged on users inspector doesn’t work in the relevance debugger because of the underlying API requirements. It should however run successfully if evaluated by client.

If the client is evaluating the query and you get that error it is because either the signature folder doesn’t exist, the “APPDATA” value doesn’t exist, or the “Volatile Environment” key doesn’t exist.

(imported comment written by jmlafreniere91)

Thanks Jesse, I will look into it.