none
MDT - Running scripts in elevated admin mode RRS feed

  • Question

  • Hi,

    I'm trying to run some scripts that require elevated admin permissions. E.g. Changing shadow copy or system protection disk usage from 5% (Default) to 10%, or changing NTP servers.

    vssadmin resize shadowstorage /for=c: /on=c: /maxsize="10%"

    or

    w32tm /config /manualpeerlist:"1.au.pool.ntp.org" /syncfromflags:manual /reliable:yes /update

    Both those commands require elevated admin. When running a script or app through a task sequence, it says that its completed successfully, but it actually doesnt. Ive tried running self elevating powershell scripts and autoit packages that are meant to prompt the UAC prompt, and they do when run manually, but it seems MDT suppresses these prompts as well.

    Any idea how one might be able to either configure MDT to allow UAC prompts, or to elevate to system admin level?

    Thanks

    Thursday, March 15, 2018 5:04 AM

All replies

  • Hi,

    No one able to assist with this query? It would be much appreciated.

    Thanks

    Monday, March 19, 2018 12:59 AM
  • MDT generally runs everything in an elevated session. However, w32tm command (and others which require internet connectivity) might fail if your organization has measures in place which prevent local administrator account to access WWW. In this case, you may either have to resort to a service account (which a few users here have done in the past) or inject proxy configuration which would allow local admin to access certain internet resources (which I did for one of my customers). If this is not applicable in your case, you may want to examine how you are executing the w32tm command (for instance, you may try adding the full path to the executable file). The latter also applies to the volume shadow copy configuration. MDT can be sometimes somewhat finicky when it comes to running external executables with parameters.


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Monday, March 19, 2018 4:12 PM
  • Hi Anton,

    Thank you for your response. i dont believe its internet related as there are no restrictions in place for www access. other apps actually do run in the background, downloading and installing in the same sequence. with those commands (w32tm and vssadmin) i have tried them inside .cmd and .ps1 script files. Same issue occurs. I've logged ps1 output to a log file, and the commands show as 'applied successfully' or executed fine with no errors, however the changes arent actually made.

    When i execute a a test deployment sequence by running litetouch.vbs from inside a test windows machine, under elevated cmd prompt the apps and changes are made successfully. When the same app is run in the actual deployment sequence, the changes dont get applied.

    This makes me thing that MDT doesnt run in true elevated admin permissions and certain commands wont execute, or wont even prompt to elevate because the prompt is suppressed?

    Any other suggestions / possibilities?

    Tuesday, March 20, 2018 12:41 AM