How. Cmd file run as admin using sccm
Question
- Using sccm package/application deployment how to run a *.cmd as a administrative privilege. I have tested the cmd file run as admin manually it works.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Answers ( 11 )
Hi Amit,
Did you tried to deploy the package by using SCCM Standard Task Sequences,
You can add runas account for application or cmd line step in Task Sequences, i think this will helps you to run the cmd with Admin account
I don’t understand why we are jumping to GPO or Package directly when we have CI which is the most effective method so far to perform registry modification. The success level is near 99.3 % if the SCCM Agent is healthy on client machines.
Hello Amit,
You could try to add cmd /c before each command line.
Like This —
cmd /c reg add “HKLMsoftwaremicrosoftccmsecurity” /v clientAlwaysOninternet /t REG_DWORD /d “1” /f
cmd /c net stop CcmExec
cmd /c TIMEOUT /t 8 /NOBREAK
cmd /c net start CcmExec
Also tried to Add in Package > Program > General Tab- Command line : cmd.exe /C “FileName.bat”
I’m assuming the registry isn’t present in target devices, If Its already there with Your command Its overriding. You had confirmed Its working manually.
Please let us Update with Results..
Why need to add cmd /c [Microsoft Note] – Add cmd /c to the start of the command line. If you don’t specify cmd /c, the command won’t close after it runs. The deployment continues to wait for the command to finish and won’t start any other configured commands or actions.
Hello All,
Thanks for your reply.
I have tried with the option “cmd.exe /C “FileName.cmd” with no success. Let me tried with .bat also.
Now i m trying creating an application but struggling with detection method.
You also need to be careful about this 🙂 https://www.anoopcnair.com/sccm-package-vs-application-32-64-bit-context/
You could create a package without program, Try to execute with custom Task Sequence Steps and check the Behavior.
https://snipboard.io/wBeNqd.jpg
Please share the logs, we able to help you more. How execution process take places!!
Take this commands you have written and save it as a .bat file aka Batch File.
@echo off
reg add “HKLMsoftwaremicrosoftccmsecurity” /v clientAlwaysOninternet /t REG_DWORD /d “1” /f
net stop “CcmExec”
TIMEOUT /t 8 /NOBREAK
net start “CcmExec”
Create an application in SCCM and deploy it with a command like like: cscript.exe nameofbatchfile.bat .
Deploy to systems.
Hi Amit,
May be you can explain more what you are trying to achieve ?
What is configured in Program Environment ? To run with Admin rights or users rights
In SCCM the installer ( .msi / .cmd / .bat /etc.. ) all run in SYSTEM account context unless your package is explicitly defined to run with users rights.
Hello ,
Actually i want to change one registry value (hklm\software\microsoft\ccm\security
clientAlwaysOninternet=1) and after the want to run one service restart, so for that i have use below line in a .cmd file.
“@echo off
reg add “HKLM\software\microsoft\ccm\security” /v clientAlwaysOninternet /t REG_DWORD /d “1” /f
net stop “CcmExec”
TIMEOUT /t 8 /NOBREAK
net start “CcmExec” ”
Hosted as a package and in Environment Tab -Program can run ‘whether or Not a user logged in’ and Select ‘Run with Administrative Rights’
In this case, I would rather use Group Policy to set this registry key so that its not depended on any deployment.
The problem is you are restarting the CCMexec service, the service which is responsible to carry out the task and report the status.
Please try on one machine WITHOUT restart CCMExec service and see if reg changes are applied
Another option is to try using REG IMPORT or PowerShell command line, if you still want to make the changes through SCCM
Thanks for your reply.
I have tried without restarting the service but still reg settings not changing . If i tried to run the *.CMD file in normal command line it showing access denied and if i run the command prompt as administrator it’s executing successfully. that’s why i am thinking it related to permission issue.