11 Replies Latest reply on May 29, 2020 8:18 AM by LukaszDziwisz

    Unable to run VBS script on logon with appstacks

    LukaszDziwisz Enthusiast

      Hello Everyone,

       

       

      We have an in-house software that should be looking at the ViewClient_Machine_Name Value in HKEY_CURRENT_USER\Volatile Environment or if we issue a set view command but unfortunately it is pretty much hit and miss. THe application needs to look a the client name that the user is connecting from as this is the only constant that doesn't change

      in our Instant Clones deployment

       

       

      The developer came up with another idea and is able to program the application to look at the System Variable with much more reliability. However, to achieve that they are  asking us to deploy a VBS script that should be deployed using Horizon View GPO/Agent Settings and be running at logon (CommandsToRunOnConnect) and reconnect to session (CommandsToRunon Reconnect) with the following command:  c:\windows\system32\cscript.exe \\domain.local\netlogon\viewlogin.vbs

       

       

      Overall the script works when logged in to VM with writable only but as soon as I attach another appstack to it the script breaks and does not run. ALso if I'm fully logged in and go to my Netlogon share and run it then it doesn't work. No errors, nothing in logs, at least I cannot find anything.

       

       

      Below is the script:

       

       

      '************************************************************************************************************************

      'The following will create applications and printers based on the following variables:

      'vMachine = View Client Machine Name

      'vIP = View Client IP Address

      'vMAC = View Client MAC Address

      'This section sets the variables mentioned above based on registry keys set by VMware View Agent

      '***********************************************************************************************************************

      On Error Resume Next

      Const HKEY_CURRENT_USER = &H80000001

      Set wmiLocator=CreateObject("WbemScripting.SWbemLocator")

      Set wmiNameSpace = wmiLocator.ConnectServer(".", "root\default")

      Set objRegistry = wmiNameSpace.Get("StdRegProv")

      sPath = "Volatile Environment"

      lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClient_Machine_Name", vMachine)

      lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClient_IP_Address", vIP)

      lRC = objRegistry.GetStringValue(HKEY_CURRENT_USER, sPath, "ViewClient_MAC_Address", vMAC)

      'msgbox "The Remote Device Name is " & vMachine & " @ " & vIP & " (" & vMAC & ") "

      Dim WSHShell

      Dim Shortcut, Desktop, DesktopPath

      Set WSHShell = WScript.CreateObject("WScript.Shell")

      DesktopPath = WSHShell.SpecialFolders("Desktop")

      Set fso = CreateObject("Scripting.FileSystemObject")

      'Sets ViewClient_Machine_Name as a system variable Dim SysVarReg, Value Set SysVarReg = WScript.CreateObject("WScript.Shell") value = SysVarReg.RegRead("HKCU\Volatile Environment\ViewClient_Machine_Name") SysVarReg.RegWrite "HKCU\Volatile Environment\1\CLIENTNAME", value WshShell.Environment.Item("ViewClient_Machine_Name") = vMachine

       

       

       

       

      We did give Users Modify permissions to

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

       

       

       

       

      It seems to be very inconsistent too as it seems to work with some appstacks attached but not all which is majority but it always works fine on Vm with no appstacks and writable only.

       

       

      I have also attempted to do the same with Powershell Script but that doesn't seem to work at all, not even on appstack free machines.

       

       

      $userVariables= (Get-ItemProperty -Path 'Registry::HKEY_CURRENT_USER\Volatile Environment')

      Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment' -Name ViewClient_Machine_Name -Value $userVariables.ViewClient_Machine_Name

       

       

      Also tried UEM Logon task just to see if the PS script would work and even though in logs I see it processed it does not work. When logged in to the machine I can run it just fine. UEM was more for test as it wil lneed to work through Horizon GPO due to reconnect option.

       

       

       

       

      Envronment: AppVoloumes 2.16, Horizon 7.8, vCenter 6.7 U3, Windows 1809 LTSC

       

       

      Any advise would be very appreciated.

        • 1. Re: Unable to run VBS script on logon with appstacks
          sjesse Master
          vExpertUser Moderators

          Have you tried wrapping the command in a cmd file?

          • 2. Re: Unable to run VBS script on logon with appstacks
            LukaszDziwisz Enthusiast

            I didn't, just simply followed what vendor requested. Would you mind sharing how to accomplish this?

            • 3. Re: Unable to run VBS script on logon with appstacks
              sjesse Master
              User ModeratorsvExpert

              take

               

              c:\windows\system32\cscript.exe \\domain.local\netlogon\viewlogin.vbs

               

               

              and put it in viewlogin.bat, and save that in the appstack and use the gpos to call viewlogin.bat instead.

              • 4. Re: Unable to run VBS script on logon with appstacks
                LukaszDziwisz Enthusiast

                Ok I'll try that. I'm not putting the script in the appstack. Instead is sits in my Netlogon share and I'm calling it from there as not every machine has the same appstack and some don't have any.

                • 5. Re: Unable to run VBS script on logon with appstacks
                  sjesse Master
                  vExpertUser Moderators

                  If these are all instant clones can you put it in the parent image? If not you may want to enable the always wait for network gpo setting to make sure its not being ran before the netlogon share is available.

                  • 6. Re: Unable to run VBS script on logon with appstacks
                    LukaszDziwisz Enthusiast

                    Yes I  do have wait for network gpo setting enabled. For now if it works I will leave it in Netlogon and once I go around with my image updates I'll include it there and point it to local drive of the Parent Image

                    • 7. Re: Unable to run VBS script on logon with appstacks
                      LukaszDziwisz Enthusiast

                      OK so I have done more testing and different scenarios. None of them seem satisfactory, here are the reuslts"

                      All scenarios have permissions for Users set to Modify on  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

                      1. Scenario 1 - as main post above

                      - ViewLogin.vbs located in \\domain\netlogon\viewlogin.vbs

                      - horizon agent configured through GPO to run c:\windows\system32\cscript.exe \\domain\netlogon\viewlogin.vbs

                      Results:

                      Works on VMs with writable only and some appstacks but with majority of them it does not work

                      If I'm logged in to the machine with appstack  and try to run it manually it also doesn't work

                       

                      2. Scenario 2

                      - Placed ViewLogin.vbs in C:\Windows\Setup\Scripts on the master image

                      - horizon agent configured through GPO to run c:\windows\system32\cscript.exe C:\Windows\Setup\Scripts\viewlogin.vbs

                      Results:

                       

                      The same as Scenario 1.

                      Works on VMs with writable only and some appstacks but with majority of them it does not work

                      If I'm logged in to the machine with appstack  and try to run it manually it also doesn't work

                       

                      3. Scenario 3

                       

                      As advised I have created a ViewLogin.bat and placed it into \\domain\netlogon\viewlogin.bat.

                       

                      ViewLogin.bat contains the following:

                      c:\windows\system32\cscript.exe C:\Windows\Setup\Scripts\viewlogin.vbs

                       

                      - Placed ViewLogin.vbs in C:\Windows\Setup\Scripts

                      - horizon agent configured through GPO to run \\domain\netlogon\viewlogin.bat

                       

                      Results:

                      Doesn't work at the logon on Vm with no appstack. If I run it manually it adds the Environmental Variable just fine

                      If I attach and appstack, it doesn't work at the logon and it doesn't work when I manually launch it when logged in to machine with appstack

                       

                      4. Scenario 4

                      Created a ViewLogin.bat and placed it into \C:\Windows\Setup\Scripts\viewlogin.bat on master image

                       

                      ViewLogin.bat contains the following:

                      c:\windows\system32\cscript.exe C:\Windows\Setup\Scripts\viewlogin.vbs

                       

                      - Placed ViewLogin.vbs in C:\Windows\Setup\Scripts

                      - horizon agent configured through GPO to run C:\Windows\Setup\Scripts\viewlogin.bat

                       

                      Results:

                      The same as Scenario 3

                      Doesn't work at the logon on Vm with no appstack. If I run it manually it adds the Environmental Variable just fine

                      If I attach and appstack, it doesn't work at the logon and it doesn't work when I manually launch it when logged in to machine with appstack

                       

                      Any idea what might be happening?

                      • 8. Re: Unable to run VBS script on logon with appstacks
                        LukaszDziwisz Enthusiast

                        So we have identified why it's not working with appstacks but don't really know how ti fix it.

                         

                        Even though HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment key has users permissions to modify the key on the master image, when I attach appstack the command is not running successfully and we are seeing access denied in logs. I have tried to manually run the command in logged in machine and it fails as well.

                         

                        I have tried to create any key this registry key and it fails with access denied as well. I can successfully create one in HKCU but not in HKLM. Once I detach the appstack I can run it successfully.

                         

                        SO for some reason having appstack attached is causing it to fail

                         

                         

                        Also, more for anyone trying to run commands on Connect and reconnect through Horizon Agent GPO I was missing -c  in front of the command that's why the bat file didn't work on logon with no appstack

                         

                        To run scripts that require console access, prepend the -C or -c option followed by a space. For example:

                        -c C:\Scripts\Cli_clip.cmd

                        -C e:\procexp.exe

                        Supported file types include .CMD, .BAT, and .EXE. .VBS files will not run unless they are parsed with cscript.exe or wscript.exe. For example:

                        -C C:\WINDOWS\system32\wscript.exe C:\Scripts\checking.vbs

                        The total length of the string, including the -C or -c option, should not exceed 260 characters.

                        • 9. Re: Unable to run VBS script on logon with appstacks
                          LukaszDziwisz Enthusiast

                          UPDATE:

                           

                          I had SR opened with VMware and we have discovered that if I create brand new appstack containg the same application ( not update existing one) it appears to be working and script successfully is running, so we decided to go that route. However, now we are finding that we still have 10 more appstacks that even after recreation they still prevent this script from running. We even tried to add registry exclusion for that key exclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment    in snapvol.cfg of the appstack and still no luck

                          • 10. Re: Unable to run VBS script on logon with appstacks
                            LukaszDziwisz Enthusiast

                            Furthermore, I have been playing around a little more with affected appstacks and found that for some reason I can create new registry entry under Environment key using regedit UI and it sticks fine but if I try to run it using cmd I get access denied. If I run cmd with privileged account that has admin rights to the machine it works as well.

                             

                            So somewhere along the lines of provisioning something is changing and prevents the script from creating the registry in it. I do have Environment key configured with modify permissions for users.

                             

                            It alos seems like it is only with some applications in appstack that we are seeing it. Don't know what it is though. Examplease are Content Manager Desktop, SQL Management Studio, Quickbooks and couple of other ones specific to our organization.

                             

                            Anyone seen anything like it?

                            • 11. Re: Unable to run VBS script on logon with appstacks
                              LukaszDziwisz Enthusiast

                              One more update:

                               

                              The issue is fixed. It appears that the registry key Environment has some permission issues. If I'm in provisioning and want to change permissions on that key they don't stick. As the matter of the fact yo modify permission and immediately is wipes the change. So affected appstacks were somehow affecting that key because even after attaching the appstack to VM and was trying to manually add the Variable to the key  using CMD I would be getting access denied. I can do that using  UI  (regedit) but just not using cmd. I have checked exclusions on snapvol.cfg and that key is not excluded besides we pretty much stayed with default template.

                               

                              Anyway long story short, I ended up changing the permissions on that key for users to be able to modify on packaging machine and did snapshot and provisioned the same application on that machine and now the script runs with no issues.

                               

                              Thank you everyone for all the suggestions and help with it. Hopefully this will help anybody trying to do something similar.