Wednesday, August 20, 2008

Deploying a Scheduled Task via an MSI package

Sounds dumb I know. But I was curious how this might be done. The question came up from a question broadcast on one of the listmailers I subscribe to. The question was how to deploy a scheduled task to all clients with minimum effort and highest probable success.

Create an MSI package with only a bare minimal set of properties (so you can inventory the installations and upgrade or remove them if needed later). All you do is give the package a name (for Add/Remove Programs) and add one "Execute Command" statement for invoking the AT command with the desired parameters.

AT 6:00 /every:M,Tu,W,Th,F %windir%\system32\myscript.bat

This will launch the MyScript.bat file from the %windir%\system32 folder at 6:00 AM every weekday and run it under the local SYSTEM account context.

I've already blogged on ad nauseum before about using the SYSTEM account for everything that would otherwise require a dedicated domain user "service" account. The advantages are HUGE. No passwords to manage. Computer accounts can be more granularly assigned rights to resources. Local administrator rights are inherent. Blah blah blah.

So, one possible scenario (which I've used several times in production environments without things like SMS, SCCM or Altiris) is to run a local BAT file that launches a VBscript file with a butt-ton of logic to check for conditions, sentinels, etc. and perform actions based on results. For example, look for an existing inventory report file (locally) and if found, check the age of the file. If too old, replace it by running another inventory audit. Or, read a list of software packages on a server and check to see if they've already been locally installed. If not, launch and install them with msiexec silent parameters. Or, well, you get the idea. A poor man's SMS/SCCM obviously. The cool thing is that it CAN be done.

Microsoft gives us all the tools to do this if we want. Or we can buy a canned application. The choice is ours. We have WMI/WBEM, LDAP, ADSI, REG, VBScript, Perl, BAT/CMD, OLEDB/ODBC, .NET and even PowerShell, at our disposal. We can tie them together with SCHTASKS, and so much more. It's all free too. Sorry, I rambled off topic again.

For more information about using AT, read this or Google for more.
Post a Comment