scripting batch file to open folder then launch PGP script

Posted on 2013-12-19
Last Modified: 2014-01-06
Hey all,
I'm attempting to run a batch file that does two things:

1. First opens cmd in a peticular folder;
      %comspec% /k cd "C:\Program Files (x86)\PGP Corporation\PGP Desktop\"

2. Run a Symantec PGP encryption script. (which has to run in cmd in the folder mentioned above.
    pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!"

The pgp script basically adds a new admin account to the pgp desktop software which I need to do on every laptop in the company. This script i'm working on will be initiated via group policy.

The problem i'm coming across is that I can't quite get the hand off from the first part to the second part down. they each work individually, but I can't seem to get the handoff right after the directory change to launching of the pgp script.

If anyone can help out i'd greatly appreciate it. my scripting is a little weak.
Question by:-JT
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 250 total points
ID: 39731875
I am assuming you really want the new shell to terminate after it completes the second task (/c rather than /k) so you are probably looking at:

%comspec% /c "cd ""C:\Program Files (x86)\PGP Corporation\PGP Desktop\"" && pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!"

using the conditional continuation operator (&&) which executes the second command if and only if the first completes successfully.

Is this what you were after?
LVL 14

Accepted Solution

Giovanni Heward earned 250 total points
ID: 39732235
A typical approach would be to simply call a batch script, which completes the desired actions.

For example (call script):
%comspec% /c \\server.domain.local\share\path\script.bat

@echo off
if exist "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop" (
   cd /d "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop"
   pgpwde --add-user --disk 0 -- passphrase  --passphrase UserPassword --username newadmin --admin-passphrase AdminPassword!
   goto :eof
) else (
   echo "%ProgramFiles(x86)%\PGP Corporation\PGP Desktop" not found
)>>\\server.domain.local\share\path\%COMPUTERNAME%_%USERNAME%.log 2>&1

Open in new window

If you are actually using a quotation char in the password, you may need to escape it using a caret ^.

Author Comment

ID: 39733079
Thanks for the help guys, I was able to get it to function properly.  ;)
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

LVL 54

Expert Comment

ID: 39752150
Although solved, two questions: what do you need the first command cd... for? Simply run %program files...%\...pgpwde.exe, no need to cd first.
Then: why not use the central management? This seems to be your administrative user, this can be set using the universal server, no script needed at all.

Author Comment

ID: 39760730
Hi McKnife,
so, you're correct about the cd, I dropped that out of the script.

As for the second part, we use a local windows admin account for authentication to pgp for the desktop guys. Only us network dudes know the central server admin account login. thats what makes this whole thing trickier then normal.
LVL 54

Expert Comment

ID: 39760738
> Only us network dudes know the central server admin account login
And why wouldn't you provide those desktop guys with the pgp wde admin password? It would not need to be the same as you use for the logon to the universal server.

Author Comment

ID: 39760749
From what i'm told by support, there can only be one wde admin pw. the login to the actual server is definitely different. Its a weird security separation thing.  it would be much easier not to have to deal with adding another local admin account to authenticate.
LVL 54

Expert Comment

ID: 39760764
> there can only be one wde admin pw
Correct, but why don't you share that one?

Author Comment

ID: 39760787
I'd like to but the powers that be want to keep it separated <insert Offspring tune>. Anyway, I may push for a policy change because the script is inherently insecure without pw obfuscation, which I still need to figure out for this if i'm forced to continue down this road. Plain text pw's are no bueno.

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question