I've written some UI Automation that runs an installer and clicks on its buttons to complete the installation without human interaction.
The main reason to do this is to automate installations that cannot be automated through orthodox means (such as parameters, or deployment packages).
This is a low cost solution and it works well on a user pc, but crucially it doesn't work on our build farm, which the system was written for primarily.
After some investigation I think this is due to the fact that in the build agents although a user is logged in, this login is not "interactive", and the screen will not be rendered unless Windows has to.
I can force the rendering by connecting via Remote Desktop, and the automation works correctly then.
If the Remote Desktop window loses focus though (for example by being behind another window), the automation stops working.
I suspect if I could trick Windows into believing a user is logged in interactively, and Windows rendered, the automation would work fine, but I have no idea how to achieve this.
I know this solution is far from solid and if you can recommend better ways to approach the problem I'm happy to hear them, but it's really cheap to implement, and quite effective if it can be made to work (the code being built in the build farm depends on the packages being installer, so after a sync the auto installer needs to be run, and we'll have up to 30-40 machines to manage and maintain).
In short: does anybody know how to trick Windows into believing it should behave as if a human user was logged in interactively?
Thank you in advance!
Related
I am using PowerShell to manage Autodesk installs, many of which depend on .NET, and some of which install services, which they then try to start, and if the required .NET isn't available that install stalls with a dialog that requires user action, despite the fact that the install was run silently. Because Autodesk are morons.
That said, I CAN install .NET 4.8 with PowerShell, but because PowerShell is dependent on .NET, that will complete with exit code 3010, Reboot Required.
So that leaves me with the option of either managing .NET separately, or triggering that reboot and continuing the Autodesk installs in a state that will actually succeed.
The former has always been a viable option in office environments, where I can use Group Policy or SCCM or the like, then use my tool for the Autodesk stuff that is not well handled by other approaches. But that falls apart when you need to support the Work From Home scenario, which is becoming a major part of AEC practice. Not to mention the fact that many/most even large AEC firms don't have internal GP or SCCM expertise, and more and more firm management is choosing to outsource IT support, all to often to low cost glorified help desk outfits with even less GP/SCCM knowledge. So, I am looking for a solution that fits these criteria.
1: Needs to be secure.
2: Needs to support access to network resources where the install assets are located, which have limited permissions and thus require credentials to access.
3: Needs to support remote initiation of some sort, PowerShell remote jobs, PowerShell remoting to create a scheduled task, etc.
I know you can trigger a script to run at boot in System context, but my understanding is that because system context isn't an actual user you don't have access to network resources in that case. And that would only really be viable if I could easily change the logon screen to make VERY clear to users that installs are underway and to not logon until they are complete and the logon screen is back to normal. Which I think is really not easily doable because Microsoft makes it near impossible to make temporary changes/messaging on the logon screen.
I also know I can do a one time request for credentials on the machine, and save those credentials as a secure file. From then on I can access those credentials so long as I am logged in as the same user. But that then suggests rebooting with automatic logon as a specific user. And so far as I can tell, doing that requires a clear text password in the registry. Once I have credentials as a secure file, is there any way to trigger a reboot and one time automatic logon using those secure credentials? Or is any automatic reboot and logon always a less than secure option?
EDIT: I did just find this that seems to suggest a way to use HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon without using a plain text DefaultPassword. The challenge is figuring out how to do this in PowerShell when you don't know C#. Hopefully someone can verify this is a viable approach before I invest too much time in trying to implement it for testing. :)
And, on a related note, everything I have read about remote PowerShell jobs and the Second Hop Problem suggests the only "real" solution is to use CredSSP, which is itself innately insecure. But it is also a lot of old information, predating Windows 10 for the most part, and I wonder if that is STILL true? Or perhaps was never true, since none of the authors claiming CredSSP to be insecure explained in detail WHY it was insecure, which is to me a red flag that maybe someone is just complaining to get views.
I am a network admin with very little experience coding or using Powershell. About once a month I have to check for and install Windows updates on about 25 servers. I've played around with Powershell in hopes of handling this task in a more automated fashion but get hung up getting the servers to actually install the updates after checking. I apologize for posting such a noob question, but can anyone let me know if this is possible and if so, show me the ways of your dark arts?
WSUS will require you to install the components and setup the profiles etc. If you have a large number of servers on a single network, that is your best bet for delivering the content.
If you just want to be able to schedule and run the updates on specific remote hosts, there is a ton of stuff already available that will do this and you just need to come up with your implementation of scheduling the updates for what hosts. I did this exact thing for a prior employer for 10k plus servers world wide using a web app for the owners to schedule the updates and then back end workflow to perform the approval requests, installs, logging, etc..
PowerShell Gallery is a good start. Here is a post that walks you through using PSWindowsUpdate.
TLDR: How do I automate uninstall of all drivers in two categories without needing to know the OEM number beforehand?
First things first - I'm as far from an expert as they come. I'm an L1 support desk grunt messing with powershell to try automate the tedious parts of my job. A persistent issue we've got with 90% of our machines requires uninstalling all drivers for audio devices, and because I'm too lazy to do this in a remote session, I'm trying to automate it through a script that fires off a bunch of commands through psexec to a specified hostname.
Downside is driver name is not always going to be the same on each machine, and the OEM number for the drivers isn't consistent across multiple machines either. This doesn't matter when you're doing it through device manager - just need to uninstall everything in the Audio I/O and Sound Controllers dropdown - but I've no idea how to specify this in command line.
I'm sure it's possible. I've been poking around at pnputil and Get-WindowsDriver and there's gotta be some way to do it. Might be something with wmic that could work, but I'm not familiar enough with that command. I could just do it manually, but then I'd have to spend five minutes in a laggy remote session making small talk with a user, and I can't stand small talk.
So essentially my question is: Is there a way to query OEM info of every driver in a specific category, and then pipe that info into a cmdlet that'll uninstall them?
I noticed that my fan goes up a lot on occasion for no apparent reason. Investigation shows that it's the process Antimalware Service Executable, the service Windows Defender Antivirus Service and the file executed is MsMpEng.exe.
I want it to be able to run still but not go bananas, so I tried to set its priority to low. However, Windows barked at me that the operation could not be completed and that access was denied.
How can I force the service to run at a limited performance?
You can't, by design. That "by design" means that if you find a hack, a future security update of Windows will likely render your hack inoperable.
The key word here is "security". The whole point of anti-malware is that detects malware even when the malware tries to avoid detection. To make that work, Windows treats anti-malware software as a special case, and offers it additional protection. If there was an answer to your question, it would be treated by Microsoft as a bug.
I'm a novice with AS/400. I have a bit of coding experience and know that there's always an access to the backend if you're clever enough. But developers in my organisation said that it's hard to communicate with the server and make it run things remotely.
So I'm wondering if you anyone's got any ideas how I can schedule a simple task. I login to the "Personal Communication", which is the client app. Then I go to a certain menu, ie I543, enter a parameter "1". And Press "ENTER" to run a report which have a file output.
I know there is that "Macro" function within Personal Communication. But that relies on send keys which does not work on a locked screen, nor do I want to activate it manually, which really defies the point of automation.
I was hoping I can schedule a simple call command somehow to activate some kind of procedure. Just need to know if possible and where to start looking? Thanks.
Last millennium's AS/400 and today's IBM i both have a basic job scheduler built in.
From a command line WRKJOBSCDE.
You need to find out what happens when you select menu I543 option 1. Assuming it's a simple CALL MYRPT or SBMJOB CMD(CALL MYRPT) then adding a scheduled job to run the report is easy.
However, you probably don't have the authority to do so. Nor should your developers necessarily be able to do so. Your system administrator is the right person. In a small shop, that might be the guy doing development. In a large one, it's another person or team.
But your developers should have at least pointed you toward the admin and the job scheduler.