1

I am trying to create unattended.xml file for windows server 2016 unattended installation where in after installing windows it should execute one powershell script located on remote samba share.

I am using following command to run powershell script stored in samba share:

cmd.exe /c "ECHO R | powershell.exe -ExecutionPolicy Unrestricted -File \\192.168.137.131\install\ConfigureRemotingForAnsible.ps1"

The Unattended installation process works well but ConfigureRemotingForAnsible.ps1 script execution fails with error:

The argument '\\192.168.137.131\install\ConfigureRemotingForAnsible.ps1' to the -File parameter does not exist. Provide the path to an existing '.ps1' file as an argument to the -File parameter.

The same command executes successfully when I run it manually.

Relevant portion of unattended.xml file:

<settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Credentials>
                        <Username>Administrator</Username>
                        <Password>Devops@123</Password>
                    </Credentials>
                    <Path>cmd.exe /c "ECHO R | powershell.exe -ExecutionPolicy Unrestricted -File \\192.168.137.131\install\ConfigureRemotingForAnsible.ps1 > c:\pss.txt"</Path>
                    <Order>1</Order>
                    <Description>Execute ansible script</Description>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
    </settings>

Can somebody tell me what should I add in my unattended.xml to make it working?

Thanks in advance.

Yugendra
  • 151
  • 1
  • 12
  • I'm not positive, but I suspect from the docs that the Path item is *accessed* using the credentials, but not *run as*. Broadly the docs say that `RunSynchronousCommand` during specialize runs in a system context, whereas an `AuditUser` would run as the user. It looks like that requires an administrator AutoLogon. I'm referring to the docs at https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-deployment-runsynchronous-runsynchronouscommand-credentials, and https://technet.microsoft.com/en-us/library/cc722343(v=ws.10).aspx. – Matthew Wetmore Jun 29 '17 at 08:11
  • You might also check event logs at the target side to see if there were any accesses rejected. If my theory is right, you may see a machine account access that didn't have permission to the share/file. You could simply grant permissions to the share & file to the machine. Are you joining the machine to the domain during the unattend? – Matthew Wetmore Jun 29 '17 at 08:14
  • @MatthewWetmore No, I am not joining to any domain during unattended installation. – Yugendra Jun 29 '17 at 09:55
  • Probably the easiest option then, if my theory is correct, would be to do two things: Try outputting `whoami` in your script to verify. Then explicitly map a drive via either `net use` or `new-psdrive` with the explicit credentials you specified in the unattend. Do note that these creds will be left behind in clear text in the script. – Matthew Wetmore Jun 29 '17 at 15:38
  • Now I am able to execute that script in Audit mode, but problem with this approach is: It ignores rest of the settings(Administrator password, EULA) in OOBE pass while entering in Audit mode. I have created seprate thread for that. https://superuser.com/questions/1226053/note-able-to-set-administrator-password-in-oobe-pass-after-returning-from-audit – Yugendra Jul 05 '17 at 18:38
  • I'd still recommend trying to explicitly map the credentials with `net use` or `new-psdrive`, but if you've got what you need for this question - I can put it up as answer and we can close it out. – Matthew Wetmore Jul 07 '17 at 22:49
  • If this solved your problem, please consider accepting the answer so other folks know it's handled. – Matthew Wetmore Jul 26 '17 at 06:52

1 Answers1

0

From the docs it seems the Path item is accessed using the provided credentials, but not run as. Broadly it says that RunSynchronousCommand during Specialize runs in a system context, whereas an AuditUser would run as the user.

Some options:

  • During Specialize, map a drive with explicit credentials to the remote share using net use or New-PSDrive
  • Put your commands in the AuditUser. In the comments by the OP, it's mentioned this had other issues.
  • Create an Administrator AutoLogon, and run your commands in a SetupComplete.cmd

I'm referring to the docs at https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-deployment-runsynchronous-runsynchronouscommand-credentials, and https://technet.microsoft.com/en-us/library/cc722343(v=ws.10).aspx

Matthew Wetmore
  • 1,633
  • 12
  • 21