Hi all, I’m trying to create a fixlet to execute a .msi file on a server. I think I have it configured, but the BigFix action just sits in Running status without ever finishing. Here’s what the action script looks like:
I’d check to see if it’s a per user install. You may have to use the override command to get around it if it is.
There may be switches you could use as well e.g. /ALLUSERS
I anticipate two problems, but it’s not really possible to troubleshoot based on this short information.
The BESClient runs as LocalSystem, not your user account, and it probably cannot access the network share containing your MSI package.
Additionally to that, your batch file will need to send all of the msiexec command-line arguments to run the MSI package silently. The parameters required can vary based on the application, but most can use some form of
so i tried another way. here’s what the action script looks like now:
folder create "C:\temp\TenableInstall"
dos copy \xx.xxxxxx.xxx\netlogon\xxx.bat c:\temp\TenableInstall
dos copy \xx.xxxxxx.xxx\netlogon\tenable.msi c:\temp\TenableInstall
dos cd c:\temp\TenableInstall
run “c:\temp\TenableInstall\xxx.bat”
works except for the last line. i need to run the .bat file with elevated privileges. i tried a couple ways with limited knowledge of BigFix action scripts, but no joy. any ideas on how to run the .bat file with elevated privileges?
By default everything we ‘run’ or ‘wait’ executes as LocalSystem, with elevated privileges.
What may be an issue though is that we run a 32-bit version of cmd.exe by default. You could try adding
action uses wow64 redirection false
to the actionscript, on any line before the ‘run’ command.
Also, each ‘dos’ and ‘run’ command is a separate shell. So the dos cd c:\temp\TenableInstall command will have no effect, since that shell is closed before the next one runs. If the working directory matters to your script, you have to both change directory & run the the script in one command.
It may also be useful to capture error messages for troubleshooting. What I’d suggest trying is to put all the commands together in one batch.
folder create "C:\temp\TenableInstall"
// use 'createfile' to generate a set of batch commands
delete __createfile
createfile until END_OF_FILE_MARKER
copy \\xx.xxxxxx.xxx\netlogon\xxx.bat c:\temp\TenableInstall
copy \\xx.xxxxxx.xxx\netlogon\tenable.msi c:\temp\TenableInstall
cd c:\temp\TenableInstall
“c:\temp\TenableInstall\xxx.bat”
END_OF_FILE_MARKER
// move the new __createfile to a batch file
delete installer.cmd
move __createfile installer.cmd
//disable 32-bit redirection for this action
action uses wow64 redirection false
// execute the generated batch file, saving output and error messages to a log file
wait cmd.exe /c installer.cmd > c:\temp\TenableInstall\output.log 2>&1
In most cases a computer account would not be able to access a network share to download your TenableInstall\xxx.bat file, but in this case it looks like you’re using the Netlogon share from a domain. That’s a special case and should work as long as this client is a domain member.