Is This Silly - Windows Server Making Scripts for .exe Installs

jamesleecoleman · August 2017

So I'm making GPO's to install software. I find myself making .bat files just to install programs with .exe. Is this a silly way to try to do things?

I'm not even sure it's working for me

djrabes · September 2017

Nothing is ever silly in IT, as long as it works!

What version of Windows Server are you doing this on?

You could create a GPO in Computer Configuration > Software Settings > Software Installation and use an MSI package to remotely install programs.

What does your script look like?

BlackBeret · September 2017

What are the permission settings for the .bat file? The location where the .exe is stored? Could someone replace the .exe with another, then let your script install their malicious file with elevated permissions? Could someone alter your .bat file to change what's being installed if they gained access to your account?

gespenstern · September 2017

No. It is a good way to go. Collecting info and supplying it to msiexec options is one of reliable approaches that worked for decades and still works and is supported and can be used remotely via psexec, WinRM, group policies, SCCM, whatever.

ally_uk · September 2017

We use a combination of serva 32/64. Nlite to patch the iso with all updates. You pxe boot and are greeted with a menu of all Windows installs, Utilities / Linux distros.

Answer file automatically installs Windows and created a small partition for saving PC check reports)

Windows installs and a script is fired off using a combination of autoit and Powershell. This automatically installs office starter and ninite apps, deletes install files and reboots machine.

Drivers is the next challenge currently I am building up a archive of drivers by manufacturers and storing on a server share . I may look at some Powershell wizardry to auto silent install .MSI files. That is a future task.

jamesleecoleman · September 2017

Alright so what I have for the a/v is this:

@echo off

R:\installation\ESET Endpoint\avremover_eea_nt64_enu.exe /quiet /norestart

O365 is this:
start /wait R:\deployment tool R:\deployment toolconfiguration.xml

I was able to get a .msi to work... kinda.

Nessus Agent:

@echo off

msiexec /i NessusAgent-6.10.1-x64.msi NESSUS_GROUPS="laptops" NESSUS_SERVER="cloud.tenable.com" NESSUS_KEY=XXXXXXX

I made GPOs to the laptops OU and this would install all the stuff but I set it up on sign in for the script. I realized that stuff would install again when people signed in so I moved the GPO to a different OU called 'install' and linked/enforced the GPOs that will install software and now it's not working. I'm gonna go crazy lol.

CodeBlox · September 2017

I pretty much always use scripts if needing to install something on multiple workstations. Gives me the option to do cleanup or other things if needed after running the exe.

jamesleecoleman · September 2017

So I guess I gotta get good at batch and powershell scripting.

Is This Silly - Windows Server Making Scripts for .exe Installs

Comments