Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

scripting batch file to open folder then launch PGP script

Posted on 2013-12-19
9
Medium Priority
?
1,204 Views
Last Modified: 2014-01-06
Hey all,
I'm attempting to run a batch file that does two things:

1. First opens cmd in a peticular folder;
      %comspec% /k cd "C:\Program Files (x86)\PGP Corporation\PGP Desktop\"

2. Run a Symantec PGP encryption script. (which has to run in cmd in the folder mentioned above.
    pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!"

The pgp script basically adds a new admin account to the pgp desktop software which I need to do on every laptop in the company. This script i'm working on will be initiated via group policy.

The problem i'm coming across is that I can't quite get the hand off from the first part to the second part down. they each work individually, but I can't seem to get the handoff right after the directory change to launching of the pgp script.

If anyone can help out i'd greatly appreciate it. my scripting is a little weak.
0
Comment
Question by:-JT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1000 total points
ID: 39731875
I am assuming you really want the new shell to terminate after it completes the second task (/c rather than /k) so you are probably looking at:

%comspec% /c "cd ""C:\Program Files (x86)\PGP Corporation\PGP Desktop\"" && pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!"

using the conditional continuation operator (&&) which executes the second command if and only if the first completes successfully.

Is this what you were after?
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 1000 total points
ID: 39732235
A typical approach would be to simply call a batch script, which completes the desired actions.

For example (call script):
%comspec% /c \\server.domain.local\share\path\script.bat

[script.bat]
@echo off
if exist "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop" (
   cd /d "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop"
   pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!
   goto :eof
) else (
   echo "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop" not found
)>>\\server.domain.local\share\path\%COMPUTERNAME%_%USERNAME%.log 2>&1

Open in new window


If you are actually using a quotation char in the password, you may need to escape it using a caret ^.
0
 

Author Comment

by:-JT
ID: 39733079
Thanks for the help guys, I was able to get it to function properly.  ;)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 56

Expert Comment

by:McKnife
ID: 39752150
Although solved, two questions: what do you need the first command cd... for? Simply run %program files...%\...pgpwde.exe, no need to cd first.
Then: why not use the central management? This seems to be your administrative user, this can be set using the universal server, no script needed at all.
0
 

Author Comment

by:-JT
ID: 39760730
Hi McKnife,
so, you're correct about the cd, I dropped that out of the script.

As for the second part, we use a local windows admin account for authentication to pgp for the desktop guys. Only us network dudes know the central server admin account login. thats what makes this whole thing trickier then normal.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39760738
Hi.
> Only us network dudes know the central server admin account login
And why wouldn't you provide those desktop guys with the pgp wde admin password? It would not need to be the same as you use for the logon to the universal server.
0
 

Author Comment

by:-JT
ID: 39760749
From what i'm told by support, there can only be one wde admin pw. the login to the actual server is definitely different. Its a weird security separation thing.  it would be much easier not to have to deal with adding another local admin account to authenticate.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39760764
> there can only be one wde admin pw
Correct, but why don't you share that one?
0
 

Author Comment

by:-JT
ID: 39760787
I'd like to but the powers that be want to keep it separated <insert Offspring tune>. Anyway, I may push for a policy change because the script is inherently insecure without pw obfuscation, which I still need to figure out for this if i'm forced to continue down this road. Plain text pw's are no bueno.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question