9 Replies Latest reply on Jan 27, 2017 8:41 AM by LomonacJ

    Custom actions not working

    LomonacJ Rookie

      Product: Shavlik Protect Standard v9.2.0 Build 5119

       

      I'm trying to run a PowerShell script on the Custom Actions page and it doesn't work. I want it to run "After Reboot" but it doesn't matter if I have it run "Before Any Patches" or "After Reboot" it just refuses to run.

       

      Here is my Custom Actions setup:

      Step 1 - All Deployments using this template

      Step 2 - Grayed out because I chose all.

      Step 3 - Before Any Patches

      Step 4 - Run this command: c:\windows\syswow64\WindowsPowerShell\v1.0\powershell.exe c:\Scripts\ADTest.ps1

       

       

      I've tried both 64-bit PowerShell and the 32-bit PowerShell, but nothing happens. Here is a screenshot of my template Custom Action page

       

      Is there a bug in v9.2.0 Build 5119? Are there any logs that would tell me if this is running or not?

       

      Another dumb question - Does this get executed at the Shavlik Protect server? or on the targets of the patch jobs? I would think it would be executed on the Shavlik Protect server.

       

      Thank you.

        • 1. Re: Custom actions not working
          rdavidson SupportEmployee

          Hello,

           

          Is this script signed? Powershell often only allows signed scripts from a trusted signer to run. The default setting is Restricted, which doesn't actually allow scripts to run, only interactive sessions in a powershell window.

           

          This doc from Microsoft lists the available execution policies: Using the Set-ExecutionPolicy Cmdlet

          • 2. Re: Custom actions not working
            LomonacJ Rookie

            Hm. I'll try that but it runs from PoweShell ISE.

            • 3. Re: Custom actions not working
              rdavidson SupportEmployee

              I forgot to add, a custom actions runs on the target. It's the same process that executes patches.

               

              If the execution policy is restricted, the script will run from ISE, because ISE is interactive. Deployments are not interactive, so the script would fail to run then, regardless of whether it works in ISE or the powershell command line.

              • 4. Re: Custom actions not working
                LomonacJ Rookie

                Ok so I would need to have a copy of the script I want to run on each target?

                • 5. Re: Custom actions not working
                  rdavidson SupportEmployee

                  Yup. You can use the "Push File" action under your custom action to do that, before your command to run it, to automate the process. The console will then push out the script during the typical "Copy Files" process.

                  • 6. Re: Custom actions not working
                    LomonacJ Rookie

                    Ok so it worked, kind of.  It works on Windows 2012 R2 targets but on 2008 R2 targets the script doesn't fire.

                     

                    I did make sure that the Execution policy was set to unrestricted. Anyplace else I can look?

                    • 7. Re: Custom actions not working
                      LomonacJ Rookie

                      Also, Post Boot Tasks XML file doesn't show anything about running the script:

                       

                      <?xml version="1.0"?>

                      -<TASKCFG context="0" machineId="91" deploymentId="bc98175f-1992-4c14-9a66-221cc7a873ff">


                      -<TASK ID="RECORD_PATCH_INSTALL_BREADCRUMB_IN_REGISTRY">

                      <PARAM ID="PatchIdentifier" VALUE="00017fbd-0000-0000-0000-000000000000"/>

                      <PARAM ID="PatchInstallState" VALUE="Finished"/>

                      </TASK>


                      -<TASK ID="RECORD_PATCH_INSTALL_BREADCRUMB_IN_REGISTRY">

                      <PARAM ID="PatchIdentifier" VALUE="00017fd6-0000-0000-0000-000000000000"/>

                      <PARAM ID="PatchInstallState" VALUE="Finished"/>

                      </TASK>


                      -<TASK ID="STATUS_REPORT">

                      <PARAM ID="MachineStatus" VALUE="Finished"/>

                      <PARAM ID="Message" VALUE="TBD"/>

                      <PARAM ID="StatusHandler" VALUE="dplyevts.dll"/>

                      <PARAM ID="StatusReportType" VALUE="OnlineMachineStatus"/>

                      <PARAM ID="TrackingService" VALUE="https://bc98175f-1992-4c14-9a66-221cc7a873ff:3121/ST/Console/Deployment/Tracker/V92"/>

                      </TASK>

                      </TASKCFG>

                      • 8. Re: Custom actions not working
                        rdavidson SupportEmployee

                        The bost boot tasks xml has nothing to do with custom actions, so it won't show anything. That's a post-restart task to update some regkeys for any patches you installed that required a reboot, and then to send an update to the console with the final status.

                         

                        You can check for errors in C:\windows\ProPatches\Logs\STDeployerCore.log

                         

                        If there are no errors, I would also try editing the command you're running to pipe the output to a file, to see if any errors are being thrown that we aren't able to catch. Something like:

                        c:\windows\syswow64\WindowsPowerShell\v1.0\powershell.exe c:\Scripts\ADTest.ps1 > log.txt

                         

                        I've also seen situations where the Set-ExecutionPolicy command runs successfully, but doesn't update the policy, due to ownership of the associated registry key preventing even admin users from changing it unless they forcibly take full control of the key. Once you set the execution policy, try running Get-ExecutionPolicy to verify that the change took affect.

                        • 9. Re: Custom actions not working
                          LomonacJ Rookie

                          So just an update.

                           

                          Could not get it to run on 2008 R2 no matter what I did with setting execution policy. So I tried this in my command line:

                           

                          powershell.exe -executionpolicy unrestricted -command c:\Scripts\ADTest.ps1

                           

                          So basically it forces the policy every time it runs and that worked.

                          1 of 1 people found this helpful