The IFAS Computer Startup Script

Overview

The IFAS computer startup script, which is applied via the co-managed computer GPO, retrieves machine specific information and stores it in an SQL database. The script exports local group memberships, the Add/Remove programs list and the services along with the path to their executables. This will allow us to identify machines that are potentially infected with viruses or Trojans and also allow us to notify OU admins of machines that might need to be patched should an exploit come out for a software package. We can also report on software versions that are installed and might need upgrades.

In addition to running at startup, the script is scheduled to run weekly on all machines--Friday nights at midnight. That job runs for 48 hours--in case they don't get rebooted.

The script appears to be taking between 10 and 60 seconds to run at sites. The 60 seconds was from our worst site (Baker) and is the only report of a site taking more then 15 seconds. There is a problem with GPOs in general for machines which are joined to UFAD, but are located on networks off-campus. The UFAD DCs are pingable, but not reachable. This can lead to long timeouts during startups as the machine trys to pull GPOs from each of the many DCs, failing at each. UFAD staff are aware of that problem and have plans to address it. For machines on the UF network that experience log startup times, the problem is usually that the machine account has expired. Another possibility for slow startups on campus would be the use of a software firewall that blocked the GPO traffic; the solution there is coordinate firewalls with the security person.

OU admins will have access to see these results, but the details of how that will be done are still being worked out. At a minimum it will be available via SQL Server Enterprise Manager.

The Code

The only difference between what is below and the production script is that the username and password have been obscured here in line 6. The script runs under the credentials of the computer object. When the computer boots up, it pulls the script from the netlogon folder:

The script itself is encrypted as a .vbe and is secured on the network logon share so that only computer objects can read the script.

Note: as of 20 April 2006, the startup script was changed to use an unencrypted \\ad.ufl.edu\netlogon\ifas\ComputerStartup.vbs. This is possible due the script now using the new SQL server with integrated security; prior to this the connection credentials were in the script, so encryption (and poor at that) was necessary. The script also now retrieves the version number of installed software. In addition, for co-managed machines, \\ad.ufl.edu\netlogon\ifas\EnumMappings.vbs will be added (see the code listing at bottom of this page). This script enumerates printer and drive connections so that we can prepare a script to correct these mappings and then remove WINS.

Code Walkthrough

• The first seven lines set the computer name and connect to the SQL server.
• Line six sets a five second timeout on the script. If it cannot connect to the SQL server within that time, the script is aborted. The protects against network problems causing a machine to hang here on boot.
• Line nine deletes all of the local group memberships for your computer from the SQL server. This removes the old data from the database so that it acquires only current data at each machine reboot. It is done in this fashion because it was determined to be much faster than simply doing an update of the record. No history is kept, so we will only have data from the most recent run available.
• Lines 10-16 enumerate the local groups on your machine and transfer that data to the SQL server, storing it into the LocalGroupMembership table.
• Line 17 deletes all saved information on installed applications (from the Add/Remove Programs list) for the computer.
• Lines 18-19 then pull that new information afresh from the registry settings of the computer.
• Lines 21-30 loop through that registry data and pull the names of the applications. Two types of names are stored because applications varying in how they use that info. The most popular is the displayname--quiet displayname is the other. The code grabs whichever one is there and writes the computer name, the application name and when it was updated, into the Applications table of the SQL database.
• Line 31 deletes the information on the computer's services from the SQL database.
• Lines 32-34 grab the installed services information from the machine's registry.
• Lines 35-44 loop through that registry data, locate the service names (which again is stored in one of two places) and the paths to the executables that start each service.
• Line 42 writes that information into the Services table of the SQL server database.

EnumMappings.vbs

on error resume next
Wscript.Sleep 20000
Set objNetwork = CreateObject("Wscript.Network")
Set objConnection = CreateObject("ADODB.Connection")
Set objRecordset = CreateObject("ADODB.Recordset")
objConnection.CommandTimeout=5
objConnection.Open "Driver={SQL Server};Server=IF-SRV-SQL02.AD.UFL.EDU;Database=AD-APPS"
Set colDrives = objNetwork.EnumNetworkDrives
objConnection.Execute "DELETE FROM DriveMappings where ComputerName = '" & objNetwork.ComputerName & "'"
For i = 0 to colDrives.Count-1 Step 2
	objConnection.Execute "INSERT INTO DriveMappings (ComputerName, DriveName, Username, Updated) VALUES ('" & objNetwork.ComputerName & "', '" & colDrives.Item (i + 1) & "', '" & objNetwork.UserName & "', '" & Now() & "')"
Next
Set colPrinters = objNetwork.EnumPrinterConnections
objConnection.Execute "DELETE FROM PrinterMappings where ComputerName = '" & objNetwork.ComputerName & "'"
For i = 0 to colPrinters.Count-1 Step 2
	objConnection.Execute "INSERT INTO PrinterMappings (ComputerName, PrinterName, Username, Updated) VALUES ('" & objNetwork.ComputerName & "', '" & colPrinters.Item (i + 1) & "', '" & objNetwork.UserName & "',  '" & Now() & "')"
Next