Write a text file to the server install directory

[GGugliuzza]

Hoping someone might be able to help - or just tell me it can't be done so I stop the endless internet searching!

 

I have written a batch file to check a file comparison to see what computers have a mismatch. Everything works fine, but I would like to be able to append to a text file on our server so that I can have a list of all the computers that have the mismatch. I have tried any number of permissions, but I just can't seem to gain write access to a folder on the server. So far, I have been using the install folder that I am running the batch file out of, but I have no problem creating a separate folder on any server - just as long as I can get read/write access to it so that the file can be appended.

 

I am currently using Software Center to deploy the batch file and it is running with Administrative rights. If I check the %USERNAME%, it comes back as the name of the machine followed by a $ (i.e. MY-PC$) so I'm guessing there's some sort of system account being used to execute the batch - but I can't seem to find a way to give that account anything beyond read access to the folder on the server.

 

Any help would be greatly appreciated!

[Ath3na]

The account configuration manager uses is the local system account. Download psexec from sysinternals. Then psexec -I -s cmd.exe gives a command prompt running under the system account. Type whoami at that prompt and it will show the local system account. To grant access to the share you could add the individual computer or domain computers or the everyone group via both ntfs and share permissions

[GGugliuzza]

Ath3na ~

 

Thanks for your reply. I was able to keep open the command window after the batch file ran using a /k instead of a /c in the command line ( cmd /k "path\batchfile"), so I've been trying all manner of things that way. I did the whoami command and found that the user in question is "nt authority\system" which I'm guessing equates to the local system account.

 

I have added full control to Domain Computers, domain\computername (of the test computer), and also the Everyone group to the folder on the server that houses the batch file - but all of them come back with no write access in that folder. I can list the directory and edit the batch file in notepad - but it will not write the file to the directory (even if I do a "Save As" to a different filename). I have only tested it using UNC paths, not with a drive letter, so I will try that real fast to see how that turns out. I'm putting my money on "no", but never hurts to try.

 

Also, the permissions that I added were done by right clicking the folder, while logged into the server as admin, and adding the accounts to the security tab as well as the Sharing tab in that same Properties window. Is there some other spot or method that I am missing in order to add access rights - like SetACL or something?

 

Thanks for any suggestions or thoughts!

[GarthMJ]

ok, I will bite, why not do this via CI or Hardware inventory? This will remove all the permission issue.

[GGugliuzza]

Garth ~

 

Here's how this came about. We have a Windows file that has been replaced on some number of our machines in order to circumvent the machine security. What I wanted to do was run something that would compare that file with a reference file to give me a list of all computers that are affected. Initially when I looked at Software Inventory, there was no way to filter out the data collection based on file attributes other than name and extension (or compressed / windows folder) so that would mean I'd have to then write a query based on that data in order to filter out only the machines that had the bogus file. Or.... write a batch file that I could require to run on all the machines and have it just create a .csv file of the name of each machine that failed the comparison.

 

The batch file method seemed much quicker and straight forward - until I ran into this little snafu with write access to a server directory. There have been other times that I was hoping to keep some info from installs or driver updates in a centralized location on the server and had issues with it, but this time I thought I would just see if I could once and for all figure out why that didn't work. I thought I would post here because I've always had good luck finding answers on SCCM issues. I guess if there really isn't a way to make that happen, I'll just go the SI route and code a query, but I really wanted to make sure that it's not just something silly that I'm missing. It always seems that when I've run into issues in the past, it's some minute "thing" that everyone seems to just inherently know that I've never even heard of before.

 

I hope that covers your question, as I'm not completely sure what CI is or if there is something in SCCM's Hardware Inventory that might do what I'm looking for. If there's a better way to skin this particular cat, I'd appreciate any further info you're willing - or have time - to give.

 

And if anyone has any other ideas on the permission issue, I'd still like to hear those as well even if there ends up being a more expedient way to handle this particular project. It could be helpful in the future - especially if it's something I've got set up or configured wrong.

 

Thanks for responding!

[GarthMJ]

Take a look at this blogs, they will help with the CI stuff. Read this post set about four files to remove from your environment. It will help you get started with CI stuff.

http://www.enhansoft.com/?s=four+files&post_type=post (July 15-23rd)

[GGugliuzza]

Good stuff in that blog series. I've never used Config Baselines before - that will be pretty useful going forward. I am going to dig into that this afternoon and see if I can apply it to my current project. I'll also check for the 4 files you mention so that we can get rid of those as well.

 

Thanks for your help!