VMware Workspace ONE Community
Jasonw79
Contributor
Contributor
‎01-13-2021 11:08 AM

Problems getting simple BAT files to execute using UEM

I have having problems getting user created batch files to execute.  Running the files locally on the machine works fine but deploying though UEM just doesn't work for me.  I am just trying to take a basic bat file and execute it on the machine of my choice through UEM.  As you can tell all it does is creates a local admin user that looks like the following:

net user /add user1 password1
net localgroup administrators user1 /add
WMIC USERACCOUNT WHERE Name='user1' SET PasswordExpires=FALSE

I have tried getting both options in the files to "Run" and "Install" under Devices >> Provisioning >> Components >> File/Actions.  Using this method, the file actually gets copied to destination but never executes and creates the user on the workstation.

I have also tried using Apps & Books >> Native >> Add >> Application File >> Local File >> Choose File >> Choosing a ZIP with a dummy.exe file >> etc anyway you get the idea.  For Install Command I have tried just putting the "filename.bat" under Deployment Options.

Any help with getting powershell/bat files to run would be greatly appreciated!  I have tried using this tutorial https://techzone.vmware.com/using-product-provisioning-deliver-files-windows-10-vmware-workspace-one...and also various other ways in test.

Labels (1)
Labels
0 Kudos
2 Replies
AlexAskin
Enthusiast
Enthusiast
‎01-13-2021 03:31 PM

Hi Jason,

 

any "Security"-Agent running on your system which could prohibit such "sucpisious" activity?

In which context (User/Admin/System) have you tried to execute your commands?

Switching to Powershell and execute in System-Context should do the trick:

 

function Create-NewLocalAdmin {
    [CmdletBinding()]
    param (
        [string] $NewLocalAdmin,
        [securestring] $Password
    )    
    begin {
    }    
    process {
        New-LocalUser "$NewLocalAdmin" -Password $Password -FullName "$NewLocalAdmin" -Description "Local Admin User" -AccountNeverExpires
        Add-LocalGroupMember -Group "Administrators" -Member "$NewLocalAdmin"
    }    
    end {
    }
}
$NewLocalAdmin = ""
$Password = ""
Create-NewLocalAdmin -NewLocalAdmin $NewLocalAdmin -Password $Password

 

 

Here's a great blog entry from Brooks Pepping covering this topic: https://brookspeppin.com/2018/11/04/how-to-deploy-a-powershell-script-with-airwatch/ 

 

- Alex

Jasonw79
Contributor
Contributor
‎01-13-2021 07:50 PM

Thank you for replying Alex!  The very first time I tried executing the bat file on the system Windows Defender blocked it.  After I saw that I disabled Windows Defender to test.  We have been in the process of implementing Carbon Black and UEM at the same time but Carbon Black was not on the machine at this time, only defender.  Subsequent times I tried running the bat file as I described...the file would push down but the user never got created as the bat didn't ever execute it...nor did any powershell script I tried.  When using File/Actions to execute the file you choose the location that the file executed from so I can watch the file get deployed to that directory, but when you use Apps & Books I can't find the location the file gets copied to prior to execution.  Do you know?  Also is there a repository of files that the community has made where I can use as templates for making my own powershell and bat files?  I've mostly only modified other people's powershell files as I don't know how to write them.   I do have a lot of bat files and would really like to use them as they are easier to create.  I'm having a hard time finding good info on this and searched for hours today prior to my post here.  As to the question you asked about which context I tried...inused System and Admin context.  I will try this powershell script below tomorrow but would really like to figure out why bats are not working for me.  I also have a hard time trying to figure out what to put in the field that flags a successful installation of the program.   Like for this particular instance I would have to do something in powershell that would report that the user was actually created and that would then pipe out a result that I could check.  It is hard for me to do all of this as I am not that fluent in powershell.  Thanks!

0 Kudos