11 Replies Latest reply on Jul 13, 2013 12:37 AM by khiyal

    Popup display in a third-party custom package

    khiyal

      I am working on creating a package that displays a popup to users. For example, if I create a batch file, and include a shutdown command, the shutdown command can be configured to pop up a text message and also a timer which tells users that their machine will be rebooted. The package works as expected when used interactively. However, when the package is sent through WSUS, the system hangs. What I understand is that the popup is attempted to be displayed, but under the system security context as that is the context under which patches are installed. Since the logged on user is not under that context, they cannot see the popup. I am trying to find a way to make sure that the package runs under NT Authority\Localservice context. I am currently testing if creation of a task could accomplish this task. Any other thoughts?

        • Re: Popup display in a third-party custom package
          David Di Blasio

          I don't believe there's a way to modify this behavior as the Windows Update Agent is executing the update under a defined and unchangeable user context.

          • Re: Popup display in a third-party custom package
            Lawrence Garvin

            There is no way to change the context in which packages are installed, this will always be the SYSTEM context, but it's not the user context that is preventing the display of the UI in the package.

             

            The ability to display UI content to a logged on user is driven by an option defined in the package. On Advanced Options, enable "Install can request user input" to allow the WUAgent to present UI to the logged on user.

            RequestUserInputOption.png

            1 of 1 people found this helpful
              • Re: Popup display in a third-party custom package
                khiyal

                Thanks, Lawrence. I got partial success. The first popup does appear that is within my code. At the end of the code, there is a line to restart the system, shutdown -r -t 60 -c "Restarting your machine after an uninstall". That message does not pop up. Either the control is lost within the app, or there may be a system limitation. Not sure.

                  • Re: Popup display in a third-party custom package
                    Lawrence Garvin

                    I'm not quite understanding why you have a need to launch shutdown.exe from within the package.

                    If the package requires a system restart, the Windows Update Agent will initiate that system restart (provided the return codes for Restart Required are properly defined).

                    If the package does not require a restart, then no restart is required.

                     

                    If you want to do a system restart after package deployment, the place to do that is with the Patch Manager Update Management tools, select the option "Always Reboot"

                      • Re: Popup display in a third-party custom package
                        khiyal

                        Shutdown.exe is being used to provide users with :

                         

                        1. A pop up message telling them that their machine is being rebooted

                        2. Provide a delay so shutdown is not immediate

                          • Re: Popup display in a third-party custom package
                            Lawrence Garvin

                            The natural behavior of Windows Vista and later systems is to provide a user notification when a machine is being rebooted.

                             

                            The Patch Manager Update Management tools allow you to define a custom message to be displayed to the end-user following an update deployment.

                             

                            The delay after installation is an item of interest, but Patch Manager easily provides you that capability as well, by setting the Update Management task to "Do Not Reboot", which will trigger the standard WUAgent notifications about a pending reboot, allowing the user to reboot when they wish. The reboot can be forced using a Patch Manager Restart/Shutdown task, or through the use of WSUS Approval Deadlines.

                             

                            All in all, I suspect that you will encounter several complications trying to launch shutdown.exe within the context of the Windows Update Agent, and given that the things you are trying to accomplish are already natively supported in the OS, and via existing Patch Manager tools, I'd suggest there are better options than trying to force an execution of shutdown.exe within the confines of a package installation.

                             

                            However, one option that might work .... using PackageBoot, run shutdown.exe as an asynchronous Program Task and set the "Delay before running" to be the desired delay previously mentioned. Configure a minimal delay in the actual execution of the shutdown.exe. This should allow the shutdown.exe to be spawned outside of the execution hold of the package installer. I don't know that this will actually work .. but it's likely the best option you have for being able to successfully preempt the natural behavior of the WUAgent.

                             

                            You should also be cautious of what might happen as a result of pre-empting the natural behaviors of the WUAgent. For starters, you'll need to intercept the Success Pending Reboot Codes in the package definition, so the WUAgent does not get the instructions to place the machine in a pending reboot state. Failure to do that may result in the WUAgent launching the reboot despite your efforts with the shutdown.exe. Second, also be aware that since the WUAgent will be unaware of the pending reboot state, it may well try to install additional updates in a subsequent session (when it should not), and that activity could be catastrophic (if the unknown pending reboot doesn't actually happen when it should).

                             

                            Personally I'd find a way to adapt the natural behaviors of WSUS, the WUA, and Patch Manager, rather than trying to force an untested/unpredictable condition onto the client using shutdown.exe within a package installation.

                             

                            Beyond that.. you're in uncharted waters with this methodology ... so Good Luck!

                            1 of 1 people found this helpful
                              • Re: Popup display in a third-party custom package
                                khiyal

                                Thanks for the detailed response. The requirements are that :

                                 

                                1. Users are given a pop up stating that an upgrade is about to begin

                                2. The program is upgraded

                                3. Users are given a warning that the machine will be rebooted

                                4. The warning should have a counter that displays the amount of time remaining, and then reboot at the scheduled time

                                5. install another package after reboot.

                                 

                                I did find a solution, and this is how the task was accomplished:

                                 

                                1. Used "Install can request..." from Advanced options to enable display the first message

                                2. Created a VBScript code to warn the users and display a counter, and reboot at end of counter

                                3. Copied all extracted files to a temp folder (as the files may disappear from c:\windows\softwaredistribution\download]

                                4. Added the next setup program which is to be run after reboot to HKLM\Software\Windows.... RunOnce key

                                5. Within the setup program, added capability to delete setup files from temp location at end of execution.

                                  • Re: Popup display in a third-party custom package
                                    khiyal

                                    Can someone from Solarwinds support please explain the effect of advanced option "Install can request user input" in a custom third-party package. In my testing I have found that somehow the installation context of the package changes if this option is selected. For a package that would otherwise install successfully, with this option enabled, it requests for administrative credentials to run the package. If this is by design, why so?

                                      • Re: Popup display in a third-party custom package
                                        Lawrence Garvin

                                        The option "Install can request user input" has two fundamental impacts:

                                        • It allows the WUAgent to present UI to a logged on user.
                                        • It precludes the installation of that update in an unattended fashion -- which means that you cannot deploy such an update using Patch Manager Update Management or Update Management Wizard tools. The update MUST be initiated by a logged on user from the Control Panel Windows Update applet (or from the Notification Icon on a WinXP/2003 system).

                                         

                                        It's entirely possible that the installation context of the package itself is changed in this instance, since the installation is now running interactively, not unattended/silent. However, this is exclusively a function of the behavior of the Windows Update Agent, and Patch Manager has absolutely nothing to do with this consideration.

                                         

                                        The request for administrative credentials to run the package is likely a function of User Account Control configuration (on Vista and later). If your Vista/Win7 system does not permit non-admin users to install applications, then a UAC elevation prompt is something to be expected. On Windows XP systems, the logged on user would already have to have administrative privileges to launch the installation (either as result of group memberships, or the Allow non-administrators to receive update notifications policy setting).

                                         

                                        Details regarding the use and behaviors of this option are discussed in the Update Agent Management Protocol documentation.