Kaseya Community

Agent Procedure - ImpersonateUser / UseCredential Not Working

  • I am hoping someone can shed some light on this issue. I think I have the right procedure in place for the bat file to work but it is not. Without ImpersonateUser line, everything works under an administrator account. Of course, I want the procedure to execute for users without admin access. In the past I will put the Impersonate User before the ExecuteShellCommand and all is good. What am I missing?

  • Any Advice?

  • I have a few Procedures using this option. Could you send over your Procedure so I can see how you are using it?

  • script.png

    Thanks for your reply DLCurtis. Appreciate it. See procedure attached

     

     

  • Looks like you made a typo in the "ExecuteShellCommand" line as I can see two slashes between the batch file and the path that its located in which will be the cause of the script failing. 

    Pro-tips

    1. Always check if the file that you upload exists for in case you have a folder write permission problem and use WriteProcedureLog entries to tell you whats going on.
    2. If you use a value like the command in your "writefile" and the "ExecuteShellCommand" lines more than once consider putting it into a Constant Variable so that if you need to change the command that you don't have to manually change every line in your procedure.
    3. Use Database Views they are awesome time savers especially if you plan to change your Kaseya working directory some time in the future. The Database view for the Kaseya working directory is #vAgentConfiguration.AgentTempDir# and you can find the rest in the help file.
  • I re-ran the script without the typo, but still the same issue. Basically, anytime I added “impersonate user” in the script, the install just STUCK in task manager and never execute, despite in kaseya, it is showing as a success. See below

    If I remove the “impersonate user”, the scripts executes, but again complaints of admin privilege to install. Also, if I try the script with the “impersonate user” on a machine logged as administrator, all is good.


  • From what I can see there is one other file in your script and if it triggers that to install you more than likely have a UAC problem.

    To resolve this you could try running the install command as "System" instead but if it needs administrator permission you will have to turn UAC off and reboot the target machine before you run the install command and then enabled and reboot it again.

    Also if you plan to run this on both 32bit and 64bit machines you should consider making you script check for the OS Type and run ExecuteShellCommand as either the 32 or 64bit System User.  

  • I tried running it as SYSTEM but that doesn't work either. I thought about UAC, but that is already disabled on my test systems.

  • I would test the commands with an executable that you know worked in the past and if it no longer works log a ticket with Kaseya support.

    Another possibility could be that your installer needs to run as an active logged in session with an account with local admin permissions. In this case you would want to trigger the install is run as "logged in user" and you would not use the Impersonate or Use Credentials options.

    To test this theory logon as console session to your test machine with an account that has full local admin permission. Remove or disable the impersonate use line and change the executeshellcommand to run as logged in user and execute your procedure against that machine.

  • HardKnoX - Thanks for all help. I logged a ticket with Kaseya Support. Keep you posted.