Troubleshooting the Deep Freeze Custom Actions – Push & Install MSI and Remote Execute

Overview

The Push & Install MSI function and the Remote Execute function of the Deep Freeze console make use of 3^rd party tool provided by Microsoft to perform remote commands on the workstations. This document will detail how to ensure that the PSEXEC utility is properly configured and how to resolve several common issues with the utility in some environments.

Obtaining PSEXEC

PSEXEC can be downloaded from the URL Below:

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

It is recommended that the downloaded files be unzipped and placed in the system path to ensure that they are accessible with ease.

Requirements for PSEXEC to work.

PSEXEC makes use of a number of technologies to push commands to workstations, and it requires some specific options to be configured for it to work properly.

1)      File and Printer sharing must be enabled, and simple file sharing must be turned off.

• If file and printer sharing is disabled PSEXEC will be unable to connect to the remote machine to push commands.
• If Simple File Sharing is enabled then users are not prompted to authenticate with the remote computer and all tasks are run in the context of the guest account. This account has limited rights on a remote machine and remote commands cannot be run under this account.

2)      The account being used to run the remote commands must have administrative rights on the remote machine.

• Accounts without administrative rights will not be able to access all portions of the system. As well the Push and Execute MSI command needs rights to connect to the administrative share on the remote machine – something that non administrative accounts do not have rights to do.
• Generally we suggest using the local administrator account for tasks that do not require access to the network / domain.

3)      Appropriate exemptions must be made in the windows firewall on the remote machine to allow remote administration of the workstation

• The remote administration firewall exception rule can be enabled with the command below:

   netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes

Provided that the options above can be configured correctly then PSEXEC should work in your environment.

Testing PSEXEC

It is recommended to test PSEXEC prior to attempting to use it with Deep Freeze to ensure that the utility does function properly. This can be done by running the following command:

PSEXEC.EXE \\WORKSTATIONNAME –u USERNAME –p PASSWORD ECHO “SUCCESS > C:\PSEXECTEST.TXT”

The “Password” “Username”, and WORKSTATIONNAME will need to be replaced with the username and password of the user running the command, and the IP Address or the hostname of the computer that you are trying to run the command on remotely.

When run successfully this will create a file called PSEXECTEST.TXT on the root of the C:\ drive, if this file is not created or you see errors those errors will need to be resolved before Deep Freeze can make use of the utility.

Configuring Deep Freeze to use PSEXEC

Before running the commands the first time the Deep Freeze Console must be configured so that it knows where the PSEXEC utility is located. This is done by clicking on the Actions à Configure Custom Actions menu item of the Enterprise Console and selecting one of the custom actions that use the PSEXEC utility (Either Remote Execute or Push and Install MSI File).

A dialog asking for the location of the PSEXEC utility will be shown, either enter the path to, or browse to the utility. Once selected click on close, no further configuration should be required provided that the PSEXEC utility is working in your environment.