jstatham
Flexera beginner

Help with Custom Action Not running bat file as Administrator

Hello everyone I have a problem with a custom action not running a BAT file as administrator.  Here is some background.  Our product installs a Windows Service that runs as Local System Account (NT AUTHORITY\SYSTEM) .  The service connects to SQL Express 2019.  In order for the service to have permission to create the database and run we have to run sql to set NT Authority\System user as sql sysadmin account.

USE Master;
Go
EXEC master..sp_addsrvrolemember
@loginame = N'NT AUTHORITY\SYSTEM', @rolename = N'sysadmin'
Go

here is the error I get

Changed database context to 'master'.
Msg 15151, Level 16, State 1, Server DESKTOP-MEEAI4V\TRACSSE, Line 1
Cannot alter the server role 'sysadmin', because it does not exist or you do not have permission.

 

I have the bat file below setup as a customer action.  The problem is when the bat file runs I get an error that it doesn't have permission.  If I leave the install running and go find the file and right click and choose run as admin it works.  I have tried about every option possible for the custom action and it still doesn't work.  Any help or another was to setup these permission would be greatly appreciated.

error,jpg.JPG

Labels (1)
0 Kudos
2 Replies
conorhoran
Active participant

Hi,

If you want to run the batch file with elevated privileges then you will need to set the execution to "Deferred in system context" (or something similar) and also make sure that your custom action is sequenced in between InstallInitialize and InstallFinalize.

This will actually run the file under the local system account so it will be a level above admin. In rare cases and depending on the contents of your batch file you might need to run as admin only but this would normally only cause issues where you are trying to do a file copy over network etc. and the local system would not have permission.

Also, if you are relying on any properties in a custom action when calling it in deferred execution then you will need to pass these in using a CAD or custom action data action but this might not apply to you and is somewhat well documented online.

Good luck.

Thanks,

Conor

0 Kudos

Sorry, I just re-read your question. What I said will run the batch file as local system (not admin) but it appears the issue you have is actually being returned from SQL Server. You might need to add a user to SQL Server with permission to alter the role. So you either need to not run the custom action deferred and add the local user to SQL login with permission to modify roles, or make the action deferred and possibly add system as a user.
0 Kudos