-1

At the company I work for, we use Bit9 as part of our security stack. We are in the process of upgrade the version to 8.0 (and eventually 8.2) on all of our devices. Between the automatic upgrades and a different script I wrote, I was able to upgrade about 1000. But there are still about 700 left where the CLI password from Bit9 is not working, and the devices are not checking in to allow auto upgrade.

Bit9 has come back and suggested the following:

  1. Boot the endpoint into Safe Mode w/ Networking

  2. Run a script that executes the following Administrative commands from a CMD prompt (please note the proper spacing between start= disabled):

    sc config parity start= disabled

    sc config paritydriver start= disabled

  3. Boot into Normal Mode

I've written a script that is supposed to do all of this, except I cannot for the life of me get the script to run once the device starts in safe mode. I've tried everything that I can think of:

  • HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  • Placing a batch file in the Startup folder
  • Scheduled task

Nothing I do is working.

And one other caveat, the user that is logging in (safe mode & normal mode) is not an administrator. It is a regular user. I am kicking off the initial script with BigFix, which does run as an administrator.

Thanks in advance.

Harlan
  • 133
  • 1
  • 3
  • 15
  • See answer here: https://stackoverflow.com/a/18822203/11609403 – leeharvey1 Jun 11 '20 at 01:13
  • @leeharvey1 I've tried that. Doesn't seem to be working. – Harlan Jun 11 '20 at 13:10
  • 1
    Probably due to the user logging-in as a regular user. Here's a hack (if you're adventurous): Try creating a 'fake' system service set to 'Automatic' startup that runs as 'Local System' with 'Recovery' options to 'Run a program' with command line parameters. In theory, this should invoke your program in a local administrator context, would give your program more than 1 opportunity to run at startup, and if configured properly, should work during a normal Windows startup too. Good luck. – leeharvey1 Jun 11 '20 at 14:03
  • @leeharvey1 I'm willing to give that a try (at least in a lab environment). Not sure how I would go about doing that though. – Harlan Jun 11 '20 at 16:47

1 Answers1

0

I was finally able to get it to work. The service idea was the starting point, though instead of creating a "fake" service, I actually wrote a service in C# that calls the PS script. I was then able to edit the registry, where I made that service able to start in safe mode. That seemed to do the trick. Now the only issue is that I can't seem to disable safe mode programmatically, but I will ask that as a separate question.

Harlan
  • 133
  • 1
  • 3
  • 15