Schedule task for Application version upgrade

Shahban · March 17, 2021, 9:30pm

One application (BLC-Netapp) behavior is to get its update on every 15 days, every 15 day we download update and deploy on machines (that’s manual task)

Patches/updates are downloaded on every 15 day on c:\programdata\insdesk\

trying to automate this process if any new version updates comes under above folder bigfix action triggered (what relevance we can use here)

My thought action will open stage with below option check and get the right relvance to address this task… or set to every 15 days to run action

cmcannady · March 17, 2021, 10:14pm

What security measures do you plan on having in place for BigFix to validate the BLC-Netapp patches/updates prior to execution? Watching a specific folder for new files isn’t overly difficult, but I have concerns with having BigFix execute patches/updates without having gone through the standard security checks (i.e. size, SHA values, etc.). Can you provide more details regarding the BLC-Netapp patches/updates process today?

Aradhana · March 17, 2021, 10:31pm

These are just the application updates which is the behavior of BLC. BLC’s default folder has netupdate.exe which downloads updates of BLC from internet and applies those patches using PATCHER.EXE (another exe in default folder of BLC). This application tend to update every 30 days and we have to schedule a task that can apply these patches that get downloaded every 30 days.

Used the command “wait cmd.exe /C schtasks /create /f /sc ONCE /TN BLC /TR “‘C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE’” /rl highest /st 17:00” but it does not do anything neither does it create tsk nor runs blc.

Shahban · March 18, 2021, 1:46pm

@cmcannady Any thought one this please ?
let me know if any more information require on this,

JasonWalker · March 18, 2021, 1:48pm

Can you post the actual line of the action script, and use the ‘code’ tag to format it? The quotes matter so it would otherwise be difficult to say why the command is not working.

Shahban · March 18, 2021, 4:28pm

indent preformatted text by 4 spaces
“wait cmd.exe /C schtasks /create /f /sc ONCE /TN BLC /TR “‘C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE’” /rl highest /st 17:00”

JasonWalker · March 18, 2021, 5:21pm

So…you literally have a double quote before the ‘wait’ statement?

JasonWalker · March 18, 2021, 5:23pm

Try

action uses wow64 redirection (not x64 of operating system)

wait cmd.exe /C "schtasks /create /f /sc ONCE /TN BLC /TR "C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE" /rl highest /st 17:00"

Shahban · March 18, 2021, 6:29pm

Action completed successfully but task not created in Task scheduler.

JasonWalker · March 18, 2021, 6:53pm

Ok so this turns out to be pretty interesting and illustrates a few troubleshooting steps to perform in general.

I ran this on my machine, and the action status was Completed but no scheduled task was created. The Completed status just means that every line of the script executed; without Relevance to check the results, it’s impossible to tell whether the command line did what you wanted, just that it executed.

The next place to check is the client log.

At 14:16:26 -0500 - actionsite (http://BES-Dev-Root:52311/cgi-bin/bfgather.exe/actionsite)
   Command succeeded (Exit Code=1) wait cmd.exe /C "schtasks /create /f /sc ONCE /TN BLC /TR "C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE" /rl highest /st 17:00" (action:11008)

The command executed on the client, but gave an Exit Code of 1. Usually, any exit code other than 0 indicates some kind of failure.

The next step is to execute the command line manually on a machine. This is successful. We can also check the exit code from the command line as follows:

C:\>cmd.exe /C "schtasks /create /f /sc ONCE /TN BLC /TR "C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE" /rl highest /st 17:00"
SUCCESS: The scheduled task "BLC" has successfully been created.

C:\>echo %ERRORLEVEL%
0

That says it was successful, and the error code is 0 (success). So what gives?

Next I updated the Action Script to produce a log file, with the output of the command line that we are running. Here both Standard Output and Standard Error are output to the same log, c:\temp\task.out :

wait cmd.exe /C "schtasks /create /f /sc ONCE /TN BLC /TR "C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE" /rl highest /st 17:00 > c:\temp\task.out 2>&1"

After running this action script, I check that output file on the client and see

C:\>type c:\temp\task.out
ERROR: No mapping between account names and security IDs was done.
(16,8):UserId:

It’s the schtasks.exe command itself that is giving the error. From the ‘no mapping between account names and security IDs was done’ message, I can surmise that by default schtasks.exe is trying to create the task to run under the account of the user - and it is failing to figure out the username for the LocalSystem account that BigFix is running under.

We can create the task specifically to run as LocalSystem by changing the schtasks command line, adding the /RU parameter to configure which user account should execute the task:

wait cmd.exe /C "schtasks /create /f /sc ONCE /TN BLC /TR "C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE" /rl highest /st 17:00 /RU "NT AUTHORITY\System" > c:\temp\task.out 2>&1"

This time it looks better in the client log, with the exit code of 0 :

At 14:31:30 -0500 - actionsite (http://BES-Dev-Root:52311/cgi-bin/bfgather.exe/actionsite)
   Command started - wait cmd.exe /C "schtasks /create /f /sc ONCE /TN BLC /TR "C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE" /rl highest /st 17:00 /RU "NT AUTHORITY\System" > c:\temp\task.out 2>&1" (action:11010)
At 14:31:31 -0500 - actionsite (http://BES-Dev-Root:52311/cgi-bin/bfgather.exe/actionsite)
   Command succeeded (Exit Code=0) wait cmd.exe /C "schtasks /create /f /sc ONCE /TN BLC /TR "C:\Program Files (x86)\BLC\LEWIN\INSDESK.EXE" /rl highest /st 17:00 /RU "NT AUTHORITY\System" > c:\temp\task.out 2>&1" (action:11010)

And, on the endpoint machine, the task was created

C:\>schtasks /query /tn BLC

Folder: \
TaskName                                 Next Run Time          Status
======================================== ====================== ===============
BLC                                      3/18/2021 5:00:00 PM   Ready

Shahban · March 18, 2021, 8:32pm

strange this time action completed exit code 0

but in task scheduler task not created…

I used with and with out action use wow64 line as above screen shot but the status is same

I conform tested the same scenario in my test environment that’s work (windows server2012 evolution version)

but its not work on our prod env. (windows 10 pro.)

trn · March 18, 2021, 10:24pm

All those embedded quotes complicate matters.

One option has to be to create the task manually on one machine, then export the task definition to XML.

You can then either upload/download the XML file in your script or create it on the fly, then submit the XML to schtasks

Shahban · March 19, 2021, 11:33am

tried this logic too first time manually add task then exported xml file then import through action script but did not work, user have very limited access if any user login admin credential then task reflecting there but not for limited access users…

JasonWalker · March 19, 2021, 11:41am

So, if the Task is there but limited users cannot see the task that’s a different matter, and, I think, may be expected behavior. I don’t know whether limited users are supposed to see tasks created by an administrator.

JonL · March 19, 2021, 3:02pm

Using the scheduling xml makes life much easier. What we do is manually create the options we want on a reference system, export to xml, then use the import option.

wait schtasks /create /xml c:\temp\MyTask.xml /TN MyTaskName