Category Archives: Scripting

Windows GPO: Disable Adobe Updater for CS3 and CS4

0
Posted by admin on June 30, 2010 – 1:48 pm
Filed under Active Directory, GPO, HowTo, Network, Scripting

We’ve known for a while that Adobe updates are too frequent and too large and annoying when you have a couple of hundred machines on the network with the Master Collection installed. Recently, we installed Viewpoint to give us reporting from our Sonicwall firewall, and we saw the impact that Adobe updates had on our internet connection and it was staggering. Adobe updates and Apple iTunes updates were the bulk of our traffic, which is no mean feat when we have 900 Students in the Senior School on Facebook.

Viewpoint_AdobeUsage 
Web Usage Report from Viewpoint

Luckily, Adobe have a registry key that can be used to enable/disable the Adobe Updater, and pushing the entry out to clients via Group Policy seems like the sensible option
http://kb2.adobe.com/cps/408/kb408711.html

On Windows XP or Windows Vista

  1. Using Regedit.exe, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe
  2. Create a new Key in this folder named "Updater"
  3. Create a new DWORD value within this Key named "Enterprise with a value of "1"

To try it out, I created the registry entries on my local machine and imported the entries into a new GPO with the Registry Wizard (Right Click on Registry in the Computer Configuration, and select New –> Registry Wizard)

AdobeGPO1 
Registry Keys imported into GPO

 
AdobeGPO2 
Registry Entries, Action set to Update

It’s important to remember to still update the Adobe applications, especially Acrobat and Flash. The Sophos Security Threat Report 2010 highlights the need to keep these two applications up to date. Malicious code can be executed from flash files embedded in PDF documents, Sebastian Porst has a superb write up on dissecting the Adobe/Flash exploit here, if you’ve got 10 minutes grab a coffee and read up.

You can download the Acrobat Updates manually from Adobe, and push them out to clients with msiexec.exe, check AppDeploy for specifics with your version of Acrobat, but something like this would do the trick

msiexec /p "%installdir%\AcroProStdUpd910_T1T2_incr.msp" /qn /norestart REINSTALL=ALL REINSTALLMODE=omus

msiexec /p "%installdir%\AcrobatUpd912_all_incr.msp" /qn /norestart REINSTALL=ALL REINSTALLMODE=omus

Which is from the Adobe forums and push it out with a script or via GPO

Netbooks: Setting Student as Admin’s during deployment

0
Posted by admin on January 7, 2010 – 5:23 pm
Filed under Altiris, Code, HP, HowTo, Netbook, Scripting, VBS

3761637114_47d8ac8cf0 As part of our config for the Student Netbook SOE, we’re going to make each Student an Administrator on their netbook. We don’t want to make every student an administrator on the machines, because of the security/privacy issues that may arise. If every Student is an administrator then it’s possible for them to log onto another Students machine and look/edit/delete/copy their files.

When we unboxed the netbooks we attached our Asset tags (BGSID) and used the barcode scanner to grab the BGSID and Serial for each netbook and put them into Excel. We thought we could use this data and run a post imaging script from Altiris to set the student admin on each machine after they’re sysprep’d and before they’re given out to Students.

We created a SQL database with one table, see below. The image shows our test data, but we’re able to copy the BGSID’s and Serials from the spreadsheet to the database and assign a username for each netbook. The database also has a field for MachineName, which is blank initially and is populated when the script is run. Altiris automatically names the machines, according to the template we’ve specified, but we thought it would be handy to grab the machine name and store it next to the Serial as the machines are assigned to Students.
We can also be sneaky, and use the StudentUserName field to query AD and grab the Student’s firstname and surname to make sticky labels for their machine and maybe their bags too… will see

image001

‘______________________ Start SetStudentAdmin.vbs __________________________
‘Option Explicit

dim adoConn, adoRS, adoStrm
Set adoConn = CreateObject(”ADODB.Connection”)
Set adoRS = CreateObject(”ADODB.Recordset”)
Call GetBGSID

‘_______________________________________________________________________

Sub GetBGSID()

Dim NetBookSerial

winmgmt1 = “winmgmts:{impersonationLevel=impersonate}!//.”
Set SNSet = GetObject( winmgmt1 ).InstancesOf (”Win32_BIOS”)

for each SN in SNSet
NetBookSerial = SN.SerialNumber
Next

adoConn.Open “Provider=SQLOLEDB;Data Source=lumberjack;User ID=sa;Password=12345;Initial Catalog=Netbooks;”
adoRS.Open “select * from netbooks where (Serial = ‘” & NetBookSerial & “‘)”, adoConn, 1, 3

Set objWshNet = CreateObject(”WScript.Network”)
strDomain = objWshNet.UserDomain
strComputer = objWshNet.ComputerName
Set objGroup = GetObject(”WinNT://” & strComputer & “/Administrators,group”)

strUser = adoRS.fields.item(3)

Set objUser = GetObject(”WinNT://” & strDomain & “/” & strUser & “, user”)

If Not objGroup.IsMember(objUser.ADsPath) Then
objGroup.Add(objUser.ADsPath)
End If
adoRS.fields.item(4) = strComputer

adoRS.Update
adoRS.Close
adoConn.Close

End Sub
‘______________________ End SetStudentAdmin.vbs ___________________________

Exchange 2007 Edge Server Licence

0
Posted by admin on October 16, 2009 – 2:54 pm
Filed under Exchange, HowTo, PowerShell, Scripting, Server

Earlier this year we migrated our Exchange 2003 setup to Exchange 2007 and all was going well for a while. Until we had noticed that our Edge Server thought it was unlicensed, even though we’d entered all the licence info as part of the initial Exchange config. A quick search found this handy PowerShell command for setting, or resetting, the Product Key for our Edge Server. I’m still impressed with how much PowerShell can do in Exchange/Windows, its definitely worth investing the time to learn.

< Power Shell CMD >
[PS] C:\Windows\System32>get-ExchangeServer

Name                Site                 ServerRole  Edition     AdminDisplayVersion
—-                —-                 ———-  ——-     ————–
JACKAL             BGS                  Mailbox,… Standard    Version 8.1…
CARLOS            BGS                  ClientAc… Standard    Version 8.1…
EDGE                BGS                  Edge        Standard… Version 8.1…
ZORO               BGS                  ClientAc… Standard    Version 8.1…

[PS] C:\Windows\System32>set-ExchangeServer Edge -ProductKey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
[PS] C:\Windows\System32>get-ExchangeServer

Name                Site                 ServerRole  Edition     AdminDisplayVersion
—-                —-                 ———-  ——-     ————–
JACKAL             BGS                  Mailbox,… Standard    Version 8.1…
CARLOS            BGS                  ClientAc… Standard    Version 8.1…
EDGE                BGS                  Edge        Standard    Version 8.1…
ZORO               BGS                  ClientAc… Standard    Version 8.1…

[PS] C:\Windows\System32>

Scripting Switch Configuration Backup

0
Posted by GregBell on November 27, 2008 – 6:04 am
Filed under HowTo, Network, ProCurve, Scripting, VBS

Here’s is a short VBS script which telnet’s into your ProCurve switch and sends a config backup to your TFTP Server. The code can easily be changed to telnet into pretty much any device that supports configuration via telnet.

This code is a modified version of a snippet posted on the VBForums

Dim objShell
Dim objNetwork


Set objNetwork=CreateObject("WScript.Network")




strTitle="Telnet Demo"


strDefaultServer="Server01"


strDefaultUser=objNetwork.UserDomain & "\" & objNetwork.UserName


strDefaultPassword="P@ssw0rd"




strComputer=InputBox("What server or device do you want to connect to?",_


strTitle,strDefaultServer)


If Len(strComputer)=0 Then WScript.quit








strPassword="password"




Set objShell=CreateObject("wscript.shell")


'Start Telnet


objShell.Run "Telnet " & strComputer


'Give app a chance to get started


WScript.Sleep 5000


objShell.AppActivate "Telnet " & strComputer




'Send login credentials


objShell.SendKeys strUsername & "~"


WScript.Sleep 2000


objShell.SendKeys strPassword & "~"


WScript.Sleep 2000




'Send commands


WScript.Sleep 200


objShell.SendKeys "~"


WScript.Sleep 200


objShell.SendKeys "copy startup-config tftp 172.16.1.15 "& strComputer &"_config.txt"


WScript.Sleep 1000


objShell.SendKeys "~"




'give lengthy commands time to finish


'WScript.Sleep 10000




'make sure we get window again


objShell.AppActivate "Telnet " & strComputer


'run another command


'objShell.SendKeys "net share"


'WScript.Sleep 200


objShell.SendKeys "~"




'Close session


'make sure we get window again


objShell.AppActivate "Telnet " & strComputer


objShell.SendKeys "exit"


WScript.Sleep 200


objShell.SendKeys "~"


objShell.SendKeys "exit"


WScript.Sleep 200


objShell.SendKeys "~"


WScript.Sleep 200


objShell.SendKeys "y"


objShell.SendKeys "~"


WScript.Sleep 200


objShell.SendKeys "~"






Save this text in a .vbs file and run via “cscript switchbak.vbs“ from the command line


If your modifying the script to run on something other than a ProCurve switch ,you may have to tweak/add/remove the Sleep and SendKeys ”~” . Using the SendKeys and the tilde will send a carriage return to the telnet session


Also, if you’d like to run this script you will need a TFTP server, free download from Solawinds


To make the back script a useful tool I’ve set it to run and query an MS SQL database to get the addresses for our ProCurve switches and have scheduled it to run regularly. I will post an update with how I’ve set that up sometime soon. The Script is essentially the same but I’ve removed the prompt for the device address and added the database connection query, will post the details shortly


If you have setup the ProCurve Manager then you may find this post redundant, but, I’ve found it to be a handy script to have, and send backup config files to a server where they are easily accessible in a disaster, hopefully…