Note : I will replace in all below samples our company's domain by ACME.local.
We are using a windows deployserviceaccount with Local Policies > User Rights Assignment (set by GPO):
- Act as a part of the operating system
- Log on as a service
- Log on as a batch job
We want to deploy the agents via GPO, using a OcsPackage.exe, created using OcsPackager.exe V2.1.1.1. and PsExec.exe V2.11 (dated 28/04/2014 - 388 KB).
I am using packager OcsPackager 2.1.1.1 and a company-specific certificate file acme.pem, to create the client deployment package OcsPackage.exe.
In this process I selected the following:
Agent Setup file:
C:\Users\E04\Downloads\OCSNG-Windows-Agent-2.1.1\OCSNG-Windows-Agent-2.1.1.1\OCS-NG-Windows-Agent-Setup.exe
Certificate file:
C:\Download\OCSNG-Windows-Agent-2.1.1\OCSNG-Windows-Packager-2.1.1.1\kszbcss.pem
Plugins : (leave as is:)
C:\Users\E04\Downloads\OCSNG-Windows-Packager-2.1.1\OCSNG-Windows-Packager-2.1.1.1\PsExec.exe
Command line options:
/SSL=1 /CA=acme.pem /NP /S /DEBUG=2 /NOW /SERVER=https://myserver.ACME.local/ocsinventory
User: ACME.local\DeployServiceAccount
Password: .....
Also tried with
User: ACME\DeployServiceAccount
Also tried with
User: DeployServiceAccount@ACME.local
In our Startup script, we are using this 1-line script:
OcsLogon.exe /INSTALL /PACKAGER /GPO /DEPLOY=2.1.1.1
In the same startup folder of this GPO, also files OcsPackage.exe (created with the OcsPackager.exe) and OcsLogon.exe are copied in here.
Contents of C:\ProgramData\OCS Inventory\ocsinventory.ini
[OCS Inventory Agent]
ComProvider=ComHTTP.dll
Debug=2
Local=
NoSoftware=0
HKCU=0
NoTAG=0
IpDisc=
[HTTP]
Server=https://myserver.acme.local/ocsinventory
SSL=1
CaBundle=acme.pem
AuthRequired=0
User=
Pwd=
ProxyType=0
Proxy=
ProxyPort=0
ProxyAuthRequired=0
ProxyUser=
ProxyPwd=
[OCS Inventory Service]
PROLOG_FREQ=1
OLD_PROLOG_FREQ=1
TTO_WAIT=3360
After deploying a first job, after installation of the OCS Inventory
Interactive Services Detection is showing : "A program running on this computer is trying to display a message":
select
--> View the message
PsExec License Agreement
'You can also use the /accepteula command-line switch to accept the EULA."
SYSINTERNALS SOFTWARE LICENSE TERMS
(...)
[Print] [Agree] [Decline]
Details: Program(s) or device(s) requesting attention.
Message title: PsExec License Agreement
Program path: C:\Program Files (x86)\OCS Inventory Agent\plugins\PsExec.exe
PROBLEM 1:
The OCS Agent service is NOT installed with the account DeployServiceAccount, but as Local Service !
For this, I have developed a separate work-around GPO startup script, to change the service parameters, once it is installed.
PROBLEM 2:
For any deployed job, the agent stays in status "Notified", and does never go further.
In addition, the folder
C:\ProgramData\OCS Inventory NG\Agent\Download\
stays EMPTY !!!
Only after accepting [Agree] the deployment is starting !!
My understanding is that the coding syntax for PsExec.exe with the OcsPackager.exe 2.1.1.1 contains a bug as to
1) the user syntax
2) the missing /accepteula command line option.
Any advice welcome.
