none
HELP with Install SCRIPT RRS feed

  • Question

  • Hello Guys,

    I have a batch script to install IE 11 on machines. But when the machine upgraded from IE8 to IE11 - the activex settings are getting disabled so i have few registry settings.

    Can someone please help me how a single script can perform this.

    Install IE 11

    perform reboot

    apply registry values:

    msiexec /i "IE-FULL-setup.msi"
    reboot
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 160A /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1A00 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1406 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1604 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1803 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2001 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2004 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2007 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2702 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1208 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1209 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2201 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2000 /t REG_DWORD /d 0 /f 
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1001 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1004 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1201 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1200 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 270C /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 120B /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1405 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 120A /t REG_DWORD /d 0 /f

    Thank you very much


    Regards, Prasad

    Monday, December 9, 2019 6:51 AM

Answers

  • ok, so you can create GPO to run the first script as Administrator and the second script iwll be executed in the user's context after the reboot.

    Or even better use PSEXEC with a domain admin account to run the first script, and the second as always will b eexecuted after the reboot in the user's context

     In the GPO case you can use a startup script, but you have to carefully design your script in order to avoid entering an infinite loop. you can follow direction from this article

    https://www.petri.com/run-startup-script-batch-file-with-administrative-privileges

    BUt remove the forced reboot from the firs script. otherwise it will enter an infinite loop; startup script->reboot->startupscript->reboot->etc..

    With PSEXEC you can pass a file containing the list of PC where to run the script and you can run just on few PC each time. PUt the scripts on a network schare that evey PC can access and then execute something like this from a PC where you are connected as a Domain Admin:

    PSEXEC c:\temp\Computerlist.txt -s -h \\server\share\first-script.cmd

    In firstscript.cmd the line which will add the second script will something like this:

    reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MySecondScript /t REG_SZ /d \\server\share\second_script.cmd

    so, psexec will install IE, then when the user will reboot (you may want to display a message box when the first script is ended or you can force a reboot if you choose an hour when the user are no longer actively working) te second script will be executed in the user's context..

    HTH
    -mario

    • Marked as answer by RealStruggler Thursday, December 12, 2019 9:09 AM
    Tuesday, December 10, 2019 11:29 AM

All replies

  • Quick and easy..

    First script must be run as administrator, second script will be run as the user at logon..

    Put them both in the  c:\temp folder and they wil work  immediately without any change.

    first_script.cmd
    >>>>>>>>>>>>>>>>
    msiexec /i "IE-FULL-setup.msi"
    reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MySecondScript /t REG_SZ /d c:\temp\second_script.cmd
    Shutdown /r /f /t 000

    second_script.cmd
    >>>>>>>>>>>>>>>>
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 160A /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1A00 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1406 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1604 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1803 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2001 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2004 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2007 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2702 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1208 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1209 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2201 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 2000 /t REG_DWORD /d 0 /f 
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1001 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1004 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1201 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1200 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 270C /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 120B /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 1405 /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v 120A /t REG_DWORD /d 0 /f

    rem Clean up to avoid run the secnod script again.
    reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MySecondScript /f

    HTH
    -mario

    Monday, December 9, 2019 11:00 AM
  • Thank you very much Mario. I will give this a try


    Regards, Prasad

    Tuesday, December 10, 2019 8:49 AM
  • Hi Mario,

    I need to deploy this to about 3200 users.

    I have tested this on a user's machine with user's account.

    And none of them seem to be a administrator of their machine.

    After the installation, machine restarts. When the user logs in - i don't get a prompt to run the script and IE won't upgrade.


    Regards, Prasad

    Tuesday, December 10, 2019 9:27 AM
  • ok, so you can create GPO to run the first script as Administrator and the second script iwll be executed in the user's context after the reboot.

    Or even better use PSEXEC with a domain admin account to run the first script, and the second as always will b eexecuted after the reboot in the user's context

     In the GPO case you can use a startup script, but you have to carefully design your script in order to avoid entering an infinite loop. you can follow direction from this article

    https://www.petri.com/run-startup-script-batch-file-with-administrative-privileges

    BUt remove the forced reboot from the firs script. otherwise it will enter an infinite loop; startup script->reboot->startupscript->reboot->etc..

    With PSEXEC you can pass a file containing the list of PC where to run the script and you can run just on few PC each time. PUt the scripts on a network schare that evey PC can access and then execute something like this from a PC where you are connected as a Domain Admin:

    PSEXEC c:\temp\Computerlist.txt -s -h \\server\share\first-script.cmd

    In firstscript.cmd the line which will add the second script will something like this:

    reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MySecondScript /t REG_SZ /d \\server\share\second_script.cmd

    so, psexec will install IE, then when the user will reboot (you may want to display a message box when the first script is ended or you can force a reboot if you choose an hour when the user are no longer actively working) te second script will be executed in the user's context..

    HTH
    -mario

    • Marked as answer by RealStruggler Thursday, December 12, 2019 9:09 AM
    Tuesday, December 10, 2019 11:29 AM