Access Denied in WMI script when run from User Console Library
I have created an AutoIt program to allow users to add a network printer and added it as an install to the User Console Library so that it will run with Admin privileges. This program works perfectly when run locally, but produces an error when run from KACE:
Is there a difference between the KACE Agent's admin rights and typing admin credentials into the UAC?
Here is the function that is throwing up the error:
Func _AddPrinter($sPrinterName, $sDriverName, $sPortName, $sLocation = '', $sComment = '')
$strComputer = "."
$objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$objPrinter = $objWMIService.Get("Win32_Printer").SpawnInstance_
If NOT IsObj($objPrinter) Then Return 0
$objPrinter.DriverName = $sDriverName
$objPrinter.PortName = $sPortName
$objPrinter.DeviceID = $sPrinterName
$objPrinter.Location = $sLocation
$objPrinter.Comment = $sComment
$objPrinter.Put_
Return 1
EndFunc
4 Comments
[ + ] Show comments
Answers (2)
Answer Summary:
Needed to use the "rundll32 printui.dll,PrintUIEntry" CMD script instead of WMI.
Needed to use the "rundll32 printui.dll,PrintUIEntry" CMD script instead of WMI.
Please log in to answer
Posted by:
EdT
9 years ago
The KACE agent runs in system context which means there is no user profile for it to work with, and this will break printer installation which does require user profile access. Local admin is a normal user account with a user profile so will work.
Posted by:
tdickinson
9 years ago
Got around the function by running a CMD script:
RunWait(@ComSpec & ' /c rundll32 printui.dll,PrintUIEntry /if /b "' & $printerName & '" /f "' & $printerInf & '" /r "' & $PrinterIP & '" /m "' & $printerModel & '"', @SystemDir, @SW_HIDE)
Worked like a charm. Thanks, guys, for getting me unstuck from my preferred solution. :-)
I'll take a look at the GPO and KScript options and ignore my wounded pride. I worked so hard on that program... *sniffle, tear* - tdickinson 9 years ago
sample portion of kix script:
;************************************************************
;GROUP DRIVE MAPPINGS ARE DONE BY GROUP, THEN BY DRIVE LETTER.
;COMMON DRIVE MAPPINGS (SHARED, ETC.) ARE LOCATED
;UNDER "MISC. DRIVE MAPPINGS"
;Advisory Committee
If InGroup("Advis Comm")
Use M: "\\drserver\dept$\Advis Comm"
EndIf
;Financial Aid
If InGroup("Fin Aid")
Use S: "\\DRserver\dept$"
Use V: "\\server309\FA_viewwise$"
;Use L: "\\drserver\crystal$"
Use I: "\\DRserver\upload$"
EndIf
;Classified Council
If InGroup("Classified Council")
Use Z: "\\DRserver\dept$\Classified Council"
EndIf
:ADDPRINTERS
; OK, set up each printer on the server here.
; Default printers should be described first.
; $PrinterName: A human readable name that will be shown during installation. Shouldn't be too long.
; $PrinterPath: The full UNC-path to the printer like \\server\printer
; $PrinterGroup: The usergroup that should have the printer installed. Use "Domain Users" if you want everyone to have it.
; Just duplicate the above line for multiple user groups.
; The numbers in [] must increase by 1.
$MUpdate= "Please wait while your network printers are connected..."
$pick = 2
Gosub welcome
; If on an ACAD Machine do not add printers
If InStr (@HOSTNAME, ".acad.tmccadmn.tmcc.edu")<>0
Return
Endif
$Printers = 60
Dim $PrinterName[$Printers], $PrinterPath[$Printers], $PrinterGroup[$Printers]
$PrinterName[0] = "FS - 100 Color"
$PrinterPath[0] = "\\DR-Main\FS - 100 Color"
$PrinterGroup[0] = "FS - 100 Color-PG"
$PrinterName[1] = "RDMT - 315U Color"
$PrinterPath[1] = "\\DR-Main\RDMT - 315U Color"
$PrinterGroup[1] = "RDMT - 315U-PG"
$PrinterName[2] = "RDMT - 200E"
$PrinterPath[2] = "\\DR-Main\RDMT - 200E"
$PrinterGroup[2] = "RDMT - 200E-PG" - SMal.tmcc 9 years ago