I am trying to figure how I can run a cmd command by creating the cmd batch file temporarily inside the computer, run it and then delete it.
Now I know that it is possible to run it right from bigfix by using cmd /c “command”, but I am facing some problems when I try to use the winget on workstations machines direclty through BigFix, so I though of running it on a separated file. Could you guys help me on how to do that properly?
Here’s the command line I am trying to run:
winget upgrade --all --silent --force --accept-package-agreements -a x64
I wonder if the issue you’re facing isn’t so much the comand, but more either the context or archtecture? When you run it you are running as a logged in user and most likley in a 64 bit CMD process wheras when run by a Bigfix action, its running as SYSTEM in a 32 bit process.
Anyway, to create a CMD file on the fly and execute it you can use something like
I remember Jason Walker telling me something about running on a logged-on user, but I couldn’t test it practically, yet, but I believe it could be an easier way. This command “winget” needs to be run on the current user using the machine.
does the C:\TEMP folder exist?
The ‘delete C:\TEMP\winget.cmd’ will not throw an error if the file or directory does not exist, but the ‘copy’ will fail if the target directory does not exist.
Taking aware the assumption of the TEMP folder exists (or that the drive is C:)
createfile until EOF
winget upgrade --all --silent --force --accept-package-agreements -a x64
EOF
delete C:\TEMP\winget.cmd
if {not exists folder "TEMP" of drive of system folder}
folder create {name of drive of system folder & "\TEMP"}
endif
copy __createfile C:\TEMP\winget.cmd
action use wow64 redirection false
waithidden cmd.exe /c C:\TEMP\winget.cmd
Well, I could see that the folder was created and that there is a winget.cmd inside there. However, despite the status being “completed”, it appears that the script couldn’t run through bigfix, yet when I enter C:\TEMP and run as admin the winget.cmd, it runs as expected.
Could this be a privilege issue? Or is it because it can’t run as current user?
When it’s running through BigFix, it’s executing under the ‘LocalSystem’ account unless you override that. Lots of examples of overrides at Tip - Action Override User settings
It might also be helpful to save any command-line output to a file you can review later, in case there are some error messages. I posted a summary for that at Tip: Running Commands and Saving Output (Windows)
It could be that ‘winget’ requires a user session rather than LocalSystem, or that the particular package is installed per-user and only some users have it ‘installed’. Saving the command line output and posting that here may help.
The other thing you can do to test interactively is to use PSExec from the Sysinternals kit, to open a command prompt running in the LocalSystem account. This is the same kind of environment used by BESClient.
