ICC Home / Members / Meetings / Peer Support / Documentation / Projects
The IFAS Computer Startup ScriptReturn to IT/SA Services Documentation: Active Directory |
OverviewThe IFAS computer startup script, which is applied via the co-managed computer GPO, retrieves machine specific information and stores it in an SQL database. The script exports local group memberships, the Add/Remove programs list and the services along with the path to their executables. This will allow us to identify machines that are potentially infected with viruses or Trojans and also allow us to notify OU admins of machines that might need to be patched should an exploit come out for a software package. We can also report on software versions that are installed and might need upgrades. In addition to running at startup, the script is scheduled to run weekly on all machines--Friday nights at midnight. That job runs for 48 hours--in case they don't get rebooted. The script appears to be taking between 10 and 60 seconds to run at sites. The 60 seconds was from our worst site (Baker) and is the only report of a site taking more then 15 seconds. There is a problem with GPOs in general for machines which are joined to UFAD, but are located on networks off-campus. The UFAD DCs are pingable, but not reachable. This can lead to long timeouts during startups as the machine trys to pull GPOs from each of the many DCs, failing at each. UFAD staff are aware of that problem and have plans to address it. For machines on the UF network that experience log startup times, the problem is usually that the machine account has expired. Another possibility for slow startups on campus would be the use of a software firewall that blocked the GPO traffic; the solution there is coordinate firewalls with the security person. OU admins will have access to see these results, but the details of how that will be done are still being worked out. At a minimum it will be available via SQL Server Enterprise Manager. The CodeThe only difference between what is below and the production script is that the username and password have been obscured here in line 6. The script runs under the credentials of the computer object. When the computer boots up, it pulls the script from the netlogon folder: The script itself is encrypted as a .vbe and is secured on the network logon share so that only computer objects can read the script. Note: as of 20 April 2006, the startup script was changed to use an unencrypted \\ad.ufl.edu\netlogon\ifas\ComputerStartup.vbs. This is possible due the script now using the new SQL server with integrated security; prior to this the connection credentials were in the script, so encryption (and poor at that) was necessary. The script also now retrieves the version number of installed software. In addition, for co-managed machines, \\ad.ufl.edu\netlogon\ifas\EnumMappings.vbs will be added (see the code listing at bottom of this page). This script enumerates printer and drive connections so that we can prepare a script to correct these mappings and then remove WINS. |
1 on error resume next 2 Set objNetwork = CreateObject("Wscript.Network") 3 Set objConnection = CreateObject("ADODB.Connection") 4 Computer = objNetwork.ComputerName 5 Set objConnection = CreateObject("ADODB.Connection") 6 objConnection.CommandTimeout=5 7 objConnection.Open "Driver={SQL Server};Server=IF-SRV-SQL02.AD.UFL.EDU;Database=AD-APPS" 9 objConnection.Execute "DELETE FROM LocalGroupMembership where ComputerName = '" & Computer & "'" 10 Set colGroups = GetObject("WinNT://" & Computer & "") 11 colGroups.Filter = Array("group") 12 For Each objGroup In colGroups 13 For Each objUser in objGroup.Members 14 objConnection.Execute "INSERT INTO LocalGroupMembership (ComputerName, GroupName, Username, Updated) VALUES ('" & Computer & "', '" & Replace(objGroup.Name, "'", "''")& "', '" & objUser.ADsPath &"', '" & Now() & "')" 15 Next 16 Next 17 objConnection.Execute "DELETE FROM Applications where ComputerName = '" & Computer & "'" 18 Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & Computer & "/root/default:StdRegProv") 19 SoftwareKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" 20 AppEnum = objRegistry.EnumKey(&H80000002, SoftwareKey, SubKeys) 21 For Each Application In SubKeys 22 AppEnum = objRegistry.GetStringValue(&H80000002, SoftwareKey & Application, "DisplayName", ApplicationName) 23 If AppEnum <> 0 Then 24 objRegistry.GetStringValue &H80000002, SoftwareKey & Application, "QuietDisplayName", ApplicationName 25 End If 26 If ApplicationName <> "" Then 27 objRegistry.GetStringValue &H80000002, SoftwareKey & Application, "DisplayVersion", DisplayVersion 28 objConnection.Execute "INSERT INTO Applications (ComputerName, ApplicationName, Version, Updated) VALUES ('" & Computer & "', '" & Replace(ApplicationName, "'", "''") & "', '" & DisplayVersion & "', '" & Now() & "')" 29 End If 30 Next 31 objConnection.Execute "DELETE FROM Services where ComputerName = '" & Computer & "'" 32 Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & Computer & "/root/default:StdRegProv") 33 ServicesKey = "SYSTEM\CurrentControlSet\Services\" 34 ServiceEnum = objRegistry.EnumKey(&H80000002, ServicesKey, SubKeys) 35 For Each Service In SubKeys 36 ServiceEnum = objRegistry.GetStringValue(&H80000002, ServicesKey & Service, "DisplayName", ServiceName) 37 If ServiceEnum <> 0 Then 38 objRegistry.GetStringValue &H80000002, ServicesKey & Service, "QuietDisplayName", ServiceName 39 End If 40 ServiceEnum = objRegistry.GetStringValue(&H80000002, ServicesKey & Service, "ImagePath", ImagePath) 41 If ServiceName <> "" and ImagePath <> "" Then 42 objConnection.Execute "INSERT INTO Services (ComputerName, ServiceName, ImagePath, Updated) VALUES ('" & Computer & "', '" & Replace(ServiceName, "'", "''") & "', '" & Replace(ImagePath, "'", "''") & "', '" & Now() & "')" 43 End If 44 Next 45 objConnection.Close
Return to IT/SA Services Documentation: Active Directory |
Code Walkthrough
|
Return to IT/SA Services Documentation: Active Directory |
EnumMappings.vbson error resume next Wscript.Sleep 20000 Set objNetwork = CreateObject("Wscript.Network") Set objConnection = CreateObject("ADODB.Connection") Set objRecordset = CreateObject("ADODB.Recordset") objConnection.CommandTimeout=5 objConnection.Open "Driver={SQL Server};Server=IF-SRV-SQL02.AD.UFL.EDU;Database=AD-APPS" Set colDrives = objNetwork.EnumNetworkDrives objConnection.Execute "DELETE FROM DriveMappings where ComputerName = '" & objNetwork.ComputerName & "'" For i = 0 to colDrives.Count-1 Step 2 objConnection.Execute "INSERT INTO DriveMappings (ComputerName, DriveName, Username, Updated) VALUES ('" & objNetwork.ComputerName & "', '" & colDrives.Item (i + 1) & "', '" & objNetwork.UserName & "', '" & Now() & "')" Next Set colPrinters = objNetwork.EnumPrinterConnections objConnection.Execute "DELETE FROM PrinterMappings where ComputerName = '" & objNetwork.ComputerName & "'" For i = 0 to colPrinters.Count-1 Step 2 objConnection.Execute "INSERT INTO PrinterMappings (ComputerName, PrinterName, Username, Updated) VALUES ('" & objNetwork.ComputerName & "', '" & colPrinters.Item (i + 1) & "', '" & objNetwork.UserName & "', '" & Now() & "')" Next |
last edited 24 April 2006 by Steve Lasley