how to deploy sccm 2012 bat file app so that it actually executes on client machines and not just go to software center?


  • I have a bat file with some regedit commands. I created an application and it distributed OK. I have a collection for these machines. I used the deployment wizard and the only thing that happens is the app get put into the software center. None of the machines actually got the regedits installed. I suppose it wants to put up a notification to the machines for the user to get the app from the software center and install it. That's not what I want. I want the regedits installed automatically and a message telling the user that the update was installed and they need to reboot. Can anyone give a step-by-step for how to do it? Please, no lectures about getting training. Thanks.
    Tuesday, February 12, 2019 3:52 PM

All replies

  • What does your bat file look like? Are you sure the registry hasn't been modified?

    What happens if you run process monitor and trace the install, are any keys written?

    Richard Knight | Collection Refresh Manager | Automate detection rules for patch \ msp files | Twitter

    Tuesday, February 12, 2019 5:11 PM
  • @ECHO ON
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 8 /f
    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

    I created the application per the wizard.  It's on the distribution point(s).  I made it required and to install per device whether anyone is logged on or not and to send wake-ups and notice to reboot.

    Rather than using GPO this Spectre/Meltdown vulnerability for certain machines I'm using reg add.   I haven't looked at the registry(s) nor run process monitor, but sccm says compliance = 0%. 

    Tuesday, February 12, 2019 6:22 PM
  • What did you specify for your detection method?

    What deadline did you specify for the deployment?

    You really need to directly view a system where this ran to troubleshoot though as anything else is just guessing. This would include of course examining those values in the registry as well as reviewing appenforce.log.

    Finally, is there a reason you didn't simply use a configuraiton item and baseline for this? This is a super easy way to deploy changes to registry values.

    Also, keep in mind that WoL may require configuration in your network infrastructure and must also be enabled in ConfigMgr -- even though WoL uses a magic packet it doesn't does magically work without some potential configuration.

    Jason | | @jasonsandys

    Tuesday, February 12, 2019 6:37 PM
  • By "configuration item" you mean GPO, I chose not to do that.  My deadline is ASAP after available (which was immediately).  Using the wizard, even though it isn't necessary because every machine has such key, for "detection method" I checked that "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" is present.  Regarding WoL, we have not configured it -- yet.  I'm just looking at the status that says "failed".
    Tuesday, February 12, 2019 8:04 PM
  • By "configuration item" you mean GPO,

    No, I mean exactly as stated, "Configuration Item":

    Have you examined a system directly yet?

    Jason | | @jasonsandys

    Tuesday, February 12, 2019 10:16 PM
  • I'm asking for help here.  Regarding configuration items, can they be deployed for only specific machines?  When I create one it seems as though it will apply to all machines.  Also, it seems as though I can do only one registry entry per CI.  Is all of this true or am I missing something?


    Friday, February 15, 2019 3:01 PM
  • As with all deployable items in ConfigMgr, you target collections when deploying a baseline (CIs go into baselines and then you deploy the baseline). The collection can have one member or as many members as you'd like based upon the rules you assign to that collection.

    You can add as many rules to a single CI as you'd like and as many CIs to a baseline as you'd like. Generally, for compliance reporting, it's cleaner to include only one rule per CI and then include many CIs in a baseline, but that's not a technical limitation.

    As an alternative here, depending on your exact goal, you could also use the new(-ish) Scripts feature introduced in 1710 (I think it was 1710). The Scripts feature allows you to nearly-instantly run a PowerShell script on any managed system or set of managed systems. Scripts are meant for one-time actions though in general so if you are interested in continued enforcement and compliance reporting of that enforcement, baselines are still the way to go.

    Going back to your initial issue though, What did you specify for your detection method in the deployment type?"

    And, have you directly examined the registry on a targeted system to see if the change has occurred yet?

    And, have you examined the appenforce.log on a targeted client to see if the Application was successfully enforced or not?

    Jason | | @jasonsandys

    Friday, February 15, 2019 4:09 PM