Go Premium for a chance to win a PS4. Enter to Win


scripting batch file to open folder then launch PGP script

Posted on 2013-12-19
Medium Priority
Last Modified: 2014-01-06
Hey all,
I'm attempting to run a batch file that does two things:

1. First opens cmd in a peticular folder;
      %comspec% /k cd "C:\Program Files (x86)\PGP Corporation\PGP Desktop\"

2. Run a Symantec PGP encryption script. (which has to run in cmd in the folder mentioned above.
    pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!"

The pgp script basically adds a new admin account to the pgp desktop software which I need to do on every laptop in the company. This script i'm working on will be initiated via group policy.

The problem i'm coming across is that I can't quite get the hand off from the first part to the second part down. they each work individually, but I can't seem to get the handoff right after the directory change to launching of the pgp script.

If anyone can help out i'd greatly appreciate it. my scripting is a little weak.
Question by:-JT
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 1000 total points
ID: 39731875
I am assuming you really want the new shell to terminate after it completes the second task (/c rather than /k) so you are probably looking at:

%comspec% /c "cd ""C:\Program Files (x86)\PGP Corporation\PGP Desktop\"" && pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!"

using the conditional continuation operator (&&) which executes the second command if and only if the first completes successfully.

Is this what you were after?
LVL 15

Accepted Solution

Giovanni Heward earned 1000 total points
ID: 39732235
A typical approach would be to simply call a batch script, which completes the desired actions.

For example (call script):
%comspec% /c \\server.domain.local\share\path\script.bat

@echo off
if exist "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop" (
   cd /d "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop"
   pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!
   goto :eof
) else (
   echo "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop" not found
)>>\\server.domain.local\share\path\%COMPUTERNAME%_%USERNAME%.log 2>&1

Open in new window

If you are actually using a quotation char in the password, you may need to escape it using a caret ^.

Author Comment

ID: 39733079
Thanks for the help guys, I was able to get it to function properly.  ;)
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 57

Expert Comment

ID: 39752150
Although solved, two questions: what do you need the first command cd... for? Simply run %program files...%\...pgpwde.exe, no need to cd first.
Then: why not use the central management? This seems to be your administrative user, this can be set using the universal server, no script needed at all.

Author Comment

ID: 39760730
Hi McKnife,
so, you're correct about the cd, I dropped that out of the script.

As for the second part, we use a local windows admin account for authentication to pgp for the desktop guys. Only us network dudes know the central server admin account login. thats what makes this whole thing trickier then normal.
LVL 57

Expert Comment

ID: 39760738
> Only us network dudes know the central server admin account login
And why wouldn't you provide those desktop guys with the pgp wde admin password? It would not need to be the same as you use for the logon to the universal server.

Author Comment

ID: 39760749
From what i'm told by support, there can only be one wde admin pw. the login to the actual server is definitely different. Its a weird security separation thing.  it would be much easier not to have to deal with adding another local admin account to authenticate.
LVL 57

Expert Comment

ID: 39760764
> there can only be one wde admin pw
Correct, but why don't you share that one?

Author Comment

ID: 39760787
I'd like to but the powers that be want to keep it separated <insert Offspring tune>. Anyway, I may push for a policy change because the script is inherently insecure without pw obfuscation, which I still need to figure out for this if i'm forced to continue down this road. Plain text pw's are no bueno.

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question