search cancel

How does the Run Script process work within the Ghost Solution Suite?

book

Article ID: 150629

calendar_today

Updated On:

Products

Ghost Solution Suite

Issue/Introduction

 

Resolution

The purpose of this tech article is to explain the processed used by the Ghost Solution Suite server when performing Run Script tasks.

The first thing you need to know about the Run Script process is that the file transfer will happen on ports ranging from 1025 to 65536.  This is dynamically chosen by the axengine at the time the job is scheduled.

After scheduling a Run Script task job through the GSS console, the Altiris eXpress Server service will create an entry in the database for the job. This entry will be given an Event_ID.  With logging level for this service set to 7 you'll see the following in the axengine.log.

Processing scheduled event: EVENT_ID=<dynamiceventid>; NEXT_TASK_SEQ=0; STATUS_CODE=0; COMPUTER_ID=5xxxxxxx

If there are multiple tasks within the job the NEXT_TASK_SEQ= value will start with zero and then will increment up one when the next task starts.

The next step in the process is a batch file will be created in the Temp directory under the eXpress share.  This batch file will be named with the computer id and then .bat (5000011.bat)

'[05/15/17 16:32:08.927] a70-C:\Program Files (x86)\Altiris\eXpress\Deployment Server\Temp\5000011.bat created in first attempt' will be seen in the axengine.log.

The batch file will contain whatever information was placed in the 'Run this cript:' section of the Run Script task. 

The next step in the process is the server reaching out to the Dagent telling it that there is work to be done.  It looks like this in the axengine.log...

[05/15/17 16:32:08.927] a70-CRxDatabase::ReplaceTokens - Entered.
[05/15/17 16:32:08.927] a70-CRxDatabase::ReplaceTokens - Exited.
[05/15/17 16:32:08.943] a70-CRxCtrlServer::CopyFileToComputer (CSession) - Entered.
[05/15/17 16:32:08.943] a70-CRxCtrlServer::CopyFileToComputer (CSession ... CFileStatus ...) - Entered.
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo () - Entered.
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo(): Initailizing KeyTmp
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo(): After Initailizing KeyTmp
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo(): truncatedKeyTmp = 404d6  
[05/15/17 16:32:08.943] a70-Global::dec2hex () - Entered.
[05/15/17 16:32:08.943] a70-Global::dec2hex(): Hex = 404d6  
[05/15/17 16:32:08.943] a70-Global::dec2hex () - Exited.
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo(): strTemp = 404d6  
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo(): keyTmp = 404d6  
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo(): After calculating m_sTruncatedkey
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo(): After calculating m_skey
[05/15/17 16:32:08.943] a70-CFileTxSession::OpenFile(): Got file size 6, high 32 bits = 0
[05/15/17 16:32:08.943] a70-CFileTxSession::SetTransferInfo () - Exited.
[05/15/17 16:32:08.943] a70-CRxCtrlServer::SendReply - Entered.
[05/15/17 16:32:08.943] a70-CCtrlServer::SendDataToClient - Entered.
[05/15/17 16:32:08.943] a70-Socket: Sent on socket (1620) - 344 chars sent.
[05/15/17 16:32:08.943] a70-Socket: Sent data to computer 5000011 (192.168.2.31), socket (1620).

The socket specified here is for the initial handshake being made between the GSS and the Dagent.  It is how the GSS is telling the Dagent what to do.  You'll then see this in the axengine.log file.

    Request=SendFile
    Filename=temp:rxscript.bat
    Date=1494862328
    Attributes=32
    Size=6
    Port=1031
    Execute=temp:"rxscript.bat"
    Task-Type=RunScript
    OS-Required=Windows
    Boot-Env=Production
    
    
    Allow-Defer=5
    Options=
    Window=0
    
    Schedule-ID=100000029
    Task-Sequence-ID=0
    CurrentFileCount=1
    TotalFileCount=1
    TotalFileCopySize=6
    ID=5000011
    FileStamp=1498776243
    
[05/15/17 16:32:08.943] a70-CCtrlServer::SendDataToClient - Exited.

The above information is the details about the job that was created in the GSS console.  Once the Dagent receives this information you'll see it reflected in the aclient.log file.  You'll see the same information listed above.  The GSS will then open a connection and begin to send the rxscript.bat file down.

Once the file has been successfully delivered, the Dagent will send a status update to the GSS.  You'll see the following in the aclient.log.

Reply=StatusUpdate
Filename=rxscript.bat
ID=5000011
Schedule-ID=100000029
Status-Code=2500

It will then move onto the running of the file.  You'll see the following in the aclient.log.

[05/18/2017 19:49:44.780 1596 1] CExecute ExecuteCmdLine() Calling ExecuteCmd. pszCmdExe=C:\Windows\system32\cmd.exe, pszCmdLine= /C ""C:\Windows\TEMP\rxscript.bat" ", user=epm\administrator, bWait=true

Upon completion of the running of the script you'll either receive a success or failure status up from the Dagent to the GSS. It looks like this in the aclient.log.

Success:

Reply=SendFile
Event=Execute
Result=Success
Schedule-ID=100000031
Status-Code=0
Status-Module=Unknown
SystemUser-ID=
Task-Sequence-ID=0
User-ID=

Failure:

Reply=SendFile
Event=Execute
Result=Failed
Schedule-ID=100000031
Status-Code=1
Status-Module=Unknown
SystemUser-ID=
Task-Sequence-ID=0
User-ID=

Something to remember when running a Run Script task.  GSS doesn't know what you've put into the run this script section of the task.  It simply puts it into the database and then writes it into the batch file.  We don't know if any type of exit code has been written into the script itself.  Success is a return code of 0 and failure is a return code of 1.  If we receive anything else we won't know how to continue.

--------------------------------------------------------------------------------------------------------

Some common questions related to this process and elevated privileges:

1. Can I specify what account I want to use?

--Yes. Make sure you add the proper details while configuring your task/script:

2. When I run a script using the GSS Console, will it run it as an elevated command prompt scripts? 
--as long as the account has elevated privileges, it should be fine.
If running with default local admin, that account would need to be enabled first on the endpoint.

3. So if I run the job using an account on the machine that is an admin then it will run with elevated privileges?

--That is correct, it should. As mentioned in this article, you can make sure the script got to the destination in directory %temp%\rxscript.bat

Attachments