So what this program does is makes modifcations to remote computers as they logon to the network. This allows me to quickly make changes to machines without having to worry about them being turned on.
- So the first part of this is the logon script which checks if modifications need to made and, if so, dumps a text file of the computer name onto a server. So we have a folder on a domain controller called "login" with a directory called "client_mon." The login folder is shared with everyone as read access and the client_mon folder everyone has modify access. Then under that is a "done" folder with read only for everyone (write for admins).
Here is the logon script. We use kixtart logon scripts (http://www.kixtart.org) --What this does is first checks to make sure the machine being logged onto is joined to the right domain. If it's not then the domain controller (loged on as a domain admin) wont have access to make the changes to the client. The rest of it is checking for the current modification we are doing which is changing the server (stored as hex) for our fortres security program and renaming a job folder for our antivirus to clean it out. Finally, if it finds either of the two things need to be changed it dumps a text file with some debugging information.
Code: Select all
$SERVER = "AJH1" $CheckFile="\\" + $SERVER + "\login\client_mon\" + @WKSTA + ".txt" $checkclient=0 $fgcserver="none" IF UCASE(@DOMAIN) = "JUNIOR" IF KeyExist("HKEY_LOCAL_MACHINE\Software\Fortres Grand\AppManager") $fgcserver=ReadValue("HKEY_LOCAL_MACHINE\Software\Fortres Grand\AppManager", "ServerName") IF NOT $fgcserver = "616a68342e61646d696e2e6162696e67746f6e2e6b31322e70612e757300" $checkclient=1 ENDIF ENDIF IF EXIST ("c:\Program Files\CA\eTrustITM\00000001.QSD") IF NOT EXIST ("c:\Program Files\CA\eTrustITM\00000001.OLD") $checkclient=1 ENDIF ENDIF ENDIF IF $checkclient = 1 OPEN (1, $CheckFile, 5) WRITELINE (1, "User: " + @USERID + @CRLF) WRITELINE (1, "FGC: " + $fgcserver + @CRLF) WRITELINE (1, "Domain: " + @DOMAIN + @CRLF) WRITELINE (1, "LDomain: " + @LDOMAIN + @CRLF) WRITELINE (1, "Hostname: " + @HOSTNAME + @CRLF) CLOSE (1) ENDIF
- The next part is the application I wrote to monitor for these dumped files and act on them. This "client monitor" just sits open and running on the server--
If the computers logs on again and a file is logged a second time you'll see "(REDONE)" noted in the status area. Sometimes the changes may fail based on a variety of reasons such as a wireless connection dropping out or windows firewall being turned on on the client. If you see repeated "(REDONE)" errors, check the client.
Whenever it sees a textfile dropped into the directory it's monitoring (it does a check every 20 seconds), it sends a shell command to execute the batch file with the computer name as the %1 variable (e.g. "c:\login\client_mon.bat OVHEALTH"). The window runs minimized and finishes out quickly (depending on the amount of stuff in your batch file). After it executes the batch file it logs a note in the status area, copies the textfile into the "done" directory, and then deletes the original file.
- So the third part of this is the batch file. Here is the batch file used to make the changes we are currently doing.
dtreg is a program to make remote registry changes. ini is a program to make modifications to ini files. both are included in the attached zip as well as this batch file.
Code: Select all
IF EXIST "\\%1\c$\Program Files\CA\eTrustITM\00000001.OLD" GOTO fgc IF NOT EXIST "\\%1\c$\Program Files\CA\eTrustITM\00000001.QSD" GOTO fgc MOVE "\\%1\c$\Program Files\CA\eTrustITM\00000001.QSD" "\\%1\c$\Program Files\CA\eTrustITM\00000001.OLD" dtreg -Quiet -Set REG_DWORD "\\%1\HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\SystemSetting\RequestJobEnabled"=0 ini "\\%1\c$\Program Files\CA\eTrustITM\ppcl.ini" write "Control" ScanAtBoot 0 :fgc dtreg -Quiet -Set REG_BINARY "\\%1\HKLM\Software\Fortres Grand\AppManager\ServerName"=616a68342e61646d696e2e6162696e67746f6e2e6b31322e70612e757300 :end