4 Replies Latest reply on Jun 27, 2017 2:22 PM by Moe Hassan

    EEDK Calling a PowerShell Script, which runs maconfig.exe -custom -prop1 "value" -prop2 "value" fails to populate Custom Properties

    youngpae

      Hello all,

       

      We are using MA5.0.5 and I wanted to use EEDK to create a custom ePO package do run a Powershell script which perform the followings:

      - Query bunch of system info (easy)

      - Run maconfig.exe -custom -prop1 "value1" -prop2 "value2"

      - Run CMDAGENT.exe /p

      - Log everything to a log file

       

      Here are the scripts:

       

      1. RUNME.bat

       

      @ECHO OFF

      ECHO ==================================================

      ECHO Run BODSNWIN.ps1...

       

      :: PushD

      pushd "%~dp0"

       

      :: Get software package source directory and set as variable SRCDIR

      SET SRCDIR=

      for /f "delims=" %%a in ('cd') do @set SRCDIR=%%a

       

      :: Run PowerShell Script...

      %comspec% /c %systemroot%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File "%SRCDIR%\RUNME.ps1"

       

      :: Always exit with Code 0

      Exit /B 0

       

      B. (Portion of) RUNME.ps1

       

      $sSetCustomPropString = """<fullpathToMA>maconfig.exe"" -custom -prop1 ""Value1"" -prop2 ""Value2"" -prop3 ""Value3"""

      $sSetCustomPropString = """<fullpathToMA>cmdagent.exe"" /p"

      Invoke-Command -ScriptBlock { $sSetCustomPropString }

      Sleep -Seconds 60

      Invoke-Command -ScriptBlock { $sRunASCIString }

      Sleep -Seconds 60

       

      C. Test Results

      1. When I run the batch file manually as an administrator

      - The batch file successfully calls RUNME.ps1

      - Log file generated to C:\Windows\Temp\McAfeeLogs\RUNME.log

      - MAConfig.exe and CMDAGENT.exe does exactly what it suppose to do.

       

      2. But when I create a EEDK package and deploy via ePO

      - The batch file successfully calls RUNME.ps1

      - Log file generated to C:\Windows\Temp\McAfeeLogs\RUNME.log

      - MAConfig.exe and CMDAGENT.exe does NOT populate Custom Props and does not perform ASCI. (Log file says it ran)

       

      D. Questions are

       

      1. Did anyone have similar issue?

      2. Is there any Security feature or "Self-Protection" blocking maconfig.exe from running via ePO's EEDK custom package?

       

      Thanks,

       

      Young-

        • 1. Re: EEDK Calling a PowerShell Script, which runs maconfig.exe -custom -prop1 "value" -prop2 "value" fails to populate Custom Properties
          tao

          I wondering if it's a permission issue; meaning, eedk runs under system privilege.  This may be worth a try: trans files to your test system / from cmd "psexec \\IP or computername -s -i "C:\runme.bat"" and fields are populated.

           

          Also, there is a self-protect / access protection, if enabled, may stop the writing under the mcafee reg key.

          • 2. Re: EEDK Calling a PowerShell Script, which runs maconfig.exe -custom -prop1 "value" -prop2 "value" fails to populate Custom Properties
            johnmoe

            I haven't used EEDK, but two things jump out at me in the script:

             

            1. You set $sSetCustomPropString twice.  The second one would overwrite the first.  I presume the second string should be $sRunASCIString?  The way it's coded, the wakeup would happen, and then nothing for the second one.
            2. Since you're just running a single command line, you might look at using "Start-Process" rather than "Invoke-Command".  On thing you get from Start-Process is the ability to wait for the process to end, check the return code from that (using something like "$proc = Start-Process -FilePath "file.exe" -ArgumentList "/StuffAfterExe" -PassThru", "$proc.WaitForExit()"), and then keep going if $proc -eq 0 (i.e., returned Success).  You can then eliminate the sleep commands, as you're already waiting for the process to end.
            • 3. Re: EEDK Calling a PowerShell Script, which runs maconfig.exe -custom -prop1 "value" -prop2 "value" fails to populate Custom Properties
              youngpae

              Thanks for the follow up.

               

              1. having $sSetCustomPropString twice was an error while I was cleaning up my script to make this topic simpler. (My original script doesn't have that mistake)

              2. I think it is something to do with listing multiple arguments (with multiple double quotes) while I was running script block.

               

              The following well explain what is the correct way of using double quotes (inside of double quotes):

               

              PowerShell and external commands done right // blog.edgylogic

               

              So the working script is

               

              #Get FrmInstPath

               

               

              #MA48x64

              If (Test-Path -LiteralPath "C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe") { $sFrmInstPath = "C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe" ; $sMAVersion = "MA48x64"}

               

               

              #MA50x64 (Old location)

              If (Test-Path -LiteralPath "C:\Program Files (x86)\McAfee\Common Framework\x86\FrmInst.exe") { $sFrmInstPath = "C:\Program Files (x86)\McAfee\Common Framework\x86\FrmInst.exe" ; $sMAVersion = "MA50x64"}

               

               

              #MA50x64 (New location)

              If (Test-Path -LiteralPath "C:\Program Files (x86)\McAfee\Agent\x86\FrmInst.exe") { $sFrmInstPath = "C:\Program Files (x86)\McAfee\Agent\x86\FrmInst.exe" ; $sMAVersion = "MA50x64"}

               

               

              #MA48x86

              If (Test-Path -LiteralPath "C:\Program Files\McAfee\Common Framework\FrmInst.exe") { $sFrmInstPath = "C:\Program Files\McAfee\Common Framework\FrmInst.exe" ; $sMAVersion = "MA48x86"}

               

               

              #MA50x86 (Old location)

              If (Test-Path -LiteralPath "C:\Program Files\McAfee\Common Framework\x86\FrmInst.exe") { $sFrmInstPath = "C:\Program Files\McAfee\Common Framework\x86\FrmInst.exe" ; $sMAVersion = "MA50x86"}

               

               

              #MA50x86 (New location)

              If (Test-Path -LiteralPath "C:\Program Files\McAfee\Agent\x86\FrmInst.exe") { $sFrmInstPath = "C:\Program Files\McAfee\Agent\x86\FrmInst.exe" ; $sMAVersion = "MA50x86"}

               

               

              #Get MAConfigPath

              #MACONFIGx64 (Old location)

              If (Test-Path -LiteralPath "C:\Program Files (x86)\McAfee\Common Framework\maconfig.exe") { $sMAConfigPath = "C:\Program Files (x86)\McAfee\Common Framework\maconfig.exe" }

               

               

              #MACONFIGx64 (New location)

              If (Test-Path -LiteralPath "C:\Program Files (x86)\McAfee\Agent\maconfig.exe") { $sMAConfigPath = "C:\Program Files (x86)\McAfee\Agent\maconfig.exe" }

               

               

              #MACONFIGx86 (New location)

              If (Test-Path -LiteralPath "C:\Program Files\McAfee\Agent\maconfig.exe") { $sMAConfigPath = "C:\Program Files\McAfee\Agent\maconfig.exe" }

               

               

              #Get CMDAgentPath

              #CMDAgentx64 (Old location)

              If (Test-Path -LiteralPath "C:\Program Files (x86)\McAfee\Common Framework\cmdagent.exe") { $sCMDAgentPath = "C:\Program Files (x86)\McAfee\Common Framework\cmdagent.exe" }

               

               

              #CMDAgentx64 (New location)

              If (Test-Path -LiteralPath "C:\Program Files (x86)\McAfee\Agent\cmdagent.exe") { $sCMDAgentPath = "C:\Program Files (x86)\McAfee\Agent\cmdagent.exe" }

               

               

              #CMDAgentx86 (New location)

              If (Test-Path -LiteralPath "C:\Program Files\McAfee\Agent\cmdagent.exe") { $sCMDAgentPath = "C:\Program Files\McAfee\Agent\cmdagent.exe" }

               

               

              If ($sMAVersion -eq "MA50x86" -or $sMAVersion -eq "MA50x64") {

                  #Refer to http://edgylogic.com/blog/powershell-and-external-commands-done-right/

                  #MACONFIG

                  & $sMAConfigPath -custom -prop1 "$Value1" -prop2 "$Value2" -prop3 "$Value3" -prop4 "$Value4"

              }

               

              If ($sMAVersion -eq "MA48x86" -or $sMAVersion -eq "MA48x64") {

               

                  #Refer to http://edgylogic.com/blog/powershell-and-external-commands-done-right/

                  #FRMINST

                  & $sFrmInstPath /silent /CustomProps1="$sSerialNumber" /CustomProps2="BODSNVersion: $sScriptVersion;" /CustomProps3="$sBOD"

              }

               

              #Run CMDAGENT /p

              Start-Sleep -Seconds 5

               

              & $sCMDAgentPath /p

               

              Start-Sleep -Seconds 5

              1 of 1 people found this helpful
              • 4. Re: EEDK Calling a PowerShell Script, which runs maconfig.exe -custom -prop1 "value" -prop2 "value" fails to populate Custom Properties
                Moe Hassan

                youngpae, thanks for the script. this will "set" values. what if i want to "read" or "fetch" values from a particular system? i have used "get-wmiobject" in the past with a batch script but using powershell would be better. Please see last few posts in this thread : MA 5.0 location in the registry of the custom props