Link to home
Start Free TrialLog in
Avatar of Leo
LeoFlag for Australia

asked on

Running VB/Batch script through Group policy

Hi All,

I have a VBS script, which checks on the network for Sophos End Point Antivirus application if its installed, and secondly it checks for which Sophos version its running.
I am trying to run it through GP, I have tried it under default GP policy (Startup Script) but its not working.
Under which Container in GP I should put so it will serve its purpose :-)

thanks.
Avatar of NVIT
NVIT
Flag of United States of America image

What does your script do? Is it supposed to check each computer on the domain?
If you post it, you'll possible get better help.
Avatar of Leo

ASKER

This is the script;

Option Explicit
'=======================================================
'File:      NoSophos.vbs
'Version:      1.0
'Description
'Checks for the existence of a Sophos file and email if it doesn't exist.
'=======================================================
Const x86_SAV = "C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const x64_SAV = "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Dim wshShell : Set wshShell = Wscript.CreateObject("Wscript.Shell")
Dim objFSO : set objFSO = createobject("Scripting.FileSystemObject")
Dim objMessage : Set objMessage = CreateObject("CDO.Message")
Dim WshNetwork : Set WshNetwork = CreateObject("WScript.Network")
Dim strComputer
Dim objNetwork : Set objNetwork = wscript.CreateObject("wscript.network")
Dim strIP
Dim strcomputerIP
Dim objWMIService
Dim colItems
Dim strCount
Dim objitem
Dim strIPAddress
Dim Architecture
Dim strFile
strComputer = WshNetwork.ComputerName
Architecture =  WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE")

If InStr(Architecture,"86") <> 0 Then
      strFile = x86_SAV
ElseIf InStr(Architecture,"64") <> 0 Then
      strFile = x64_SAV
Else
      ' unknown result, fail gracefully
      WScript.Quit
End If
strcomputerIP = "."
      Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputerIP & "\root\cimv2")
            Set colItems = objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
                strCount = 1
            For Each objitem in colitems
          If strCount = 1 Then
              strIPAddress = Join(objitem.IPAddress, ",")
              strIP = stripaddress
              strCount = strCount + 1
            Else
          End If
            next
If (NOT objFSO.FileExists(strFile)) Then
      objMessage.Subject = "Sophos not installed"
objMessage.TextBody = objNetwork.Username & " " & strIP & objMessage.Subject
else
objMessage.Subject = "Sophos Installed"
          objMessage.TextBody = objNetwork.Username & " " & strIP & " File Version: " & objFSO.GetFileVersion(strFile)
End if
      objMessage.From = strComputer & "@EmailServer"
      objMessage.To = "test1@EmailServer"
      objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
      objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.EmailServer"
      objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
      objMessage.Configuration.Fields.Update
      objMessage.Send
Your startup script should be a batch file that looks like this

 CScript.exe "\\UNC path to your script.vbs"
Hi, I don't think sending an email from every PC would be your preferred option either.  That would mean every PC that starts up will send you an email every time.  You could set a flag somewhere on the PC that knows the script has already been run once, and then only email you if Sophos is NOT installed, since I assume that would be your objective.

Also, Sophos may be configured to stop ordinary clients from sending email anyway.

The other option could be that you have the script write to a central database (or CSV file) as computers start up, then you collate that data at any point from the central location.

I suggest you tell you us more about how you expect this to be run, and what your goal is, then we can fit it better to your environment.

Regards,

Rob.
Avatar of Leo

ASKER

@kevinhsieh: I did tired what you mentioned, I didn't get any email alerts, I have attached screenshot for our GP, I placed the script under Default policy.

@RobSampson: We have been hit by virus few times in our regional countries (Australia is central Site), reason being some PCs were not on the latest version of Sophos, secondly In Sophos EndPoint client it has two locations to get its update from (SCRRENSHOT ATTACHED)
1)Primary location: Its the one to get updates from Server.
2)Secondary Location: to get updates from Sophos (internet),in regional countries there is a struggle for slow internet and slow connection.
So the only way I thought of to know each PC is running the most updated version is through the script i posted, the objective is to get informed of PC name and Sophos version its running, and get it send through email or the
method you suggested, i.e. script write to CSV file.
GP.jpg
Sophos.jpg
OK, I see.  So here's what I would do in my environment.  You should be able to use this script, which only requires you to modify the strReportFolder line to the path of a centrally shared folder where the status files will go.

NOTE:  The share must have Domain Computers added with Write access to the folder, because this will be a StartUp script.

Option Explicit
'=======================================================
'File:      NoSophos.vbs
'Version:      1.0
'Description
'Checks for the existence of a Sophos file and email if it doesn't exist.
'=======================================================
Const x86_SAV = "C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const x64_SAV = "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Const strReportFolder = "\\YourServer\SophosReports\"
Dim wshShell : Set wshShell = Wscript.CreateObject("Wscript.Shell")
Dim objFSO : set objFSO = createobject("Scripting.FileSystemObject")
Dim WshNetwork : Set WshNetwork = CreateObject("WScript.Network")
Dim strComputer
Dim strIP
Dim objWMIService
Dim colItems
Dim strCount
Dim objitem
Dim strIPAddress
Dim Architecture
Dim strFile
Dim strResult

If Right(strReportFolder, 1) <> "\" Then strReportFolder = strReportFolder & "\"
strComputer = WshNetwork.ComputerName 
Architecture =  WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE")

If InStr(Architecture,"86") <> 0 Then 
	strFile = x86_SAV
ElseIf InStr(Architecture,"64") <> 0 Then 
	strFile = x64_SAV
Else
	' unknown result, fail gracefully
	WScript.Quit
End If
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
strCount = 1
For Each objitem in colItems
	If strCount = 1 Then
		strIPAddress = Join(objitem.IPAddress, ",")
		If InStr(strIPAddress, ",") > 0 Then strIPAddress = Left(strIPAddress, InStr(strIPAddress, ",") - 1)
		strIP = strIPAddress
		strCount = strCount + 1
	Else
	End If
Next
If (NOT objFSO.FileExists(strFile)) Then
	'objMessage.Subject = "Sophos not installed" 
	'objMessage.TextBody = WshNetwork.Username & " " & strIP & objMessage.Subject
	strResult = strComputer & "," & strIP & ",Not Installed,Not Installed"
Else
	'objMessage.Subject = "Sophos Installed"
	'objMessage.TextBody = WshNetwork.Username & " " & strIP & " File Version: " & objFSO.GetFileVersion(strFile)
	strResult = strComputer & "," & strIP & ",Installed," & objFSO.GetFileVersion(strFile)
End If
Dim objOutput
Set objOutput = objFSO.CreateTextFile(strReportFolder & strComputer & ".txt", True)
objOutput.WriteLine strResult
objOutput.Close

Open in new window


Now with that script running as a StartUp Script via Group Policy, it will run as the computer SYSTEM account, which is why the report share will need Domain Computers to have write access to it.

What will happen when a computer runs that script is that will place a file called
COMPUTERNAME.txt
in that folder, where COMPUTERNAME is the name of the computer.

Now because that script will run every time, that one file for each computer will simply be update with a new status each time the computer restarts.

Then, after a few days, you can run this from your computer in the command prompt:
type \\YourServer\SophosReports\*.txt > \\YourServer\SophosReports\Report.csv

and then, you can open that CSV file in Excel, and sort it as you need to.

Regards,

Rob.
Avatar of Leo

ASKER

Thanks.
Can you please give some clarification on "Then, after a few days, you can run this from your computer in the command prompt:
 type \\YourServer\SophosReports\*.txt > \\YourServer\SophosReports\Report.csv"?
Is this for comparison.

Also I have attached the screenshot where I am placing the batch script, it should be under Default Domain policy?
GP1.jpg
Hi, yes, it doesn't specifically need to go into the Default Domain Policy, but yes, the StartUp Scripts is the correct place.  So just to test, you can run the script manually after updating the file share, and see the file for your computer get placed in that folder.  Then delete that text file of your computer, run it at startup from Group Policy (that is, reboot your computer) and make sure the file gets put in that folder again.

If it does, all good.  Now, as computers restart, more text files will be put there.  When you want an update on how many computers have what version, then from your command prompt, run:
type \\YourServer\SophosReports\*.txt > \\YourServer\SophosReports\Report.csv

This will create the Report.csv file, which will have all of the text files combined in it, so you can see all of the data in one place.  You can run that command any time, but whenever you want the most current report, just run the command again to "join" the text files.

Regards,

Rob.
Avatar of Leo

ASKER

I have just run the script through my machine, the online field I changed was;

Const strReportFolder = "C:\temp\"

I cant see any files, I have restarted my computer as well.

can I add a breaker in the script? so that I can see if it gives any error messages, at the moment I am not able to see anyting.
Hi, so with
strReportFolder = "C:\Temp\"

when you just run the script while logged in, do you get the text file created in that folder?

For simple testing about how far the script gets, **first take it out of StartUp Scripts, or make a copy of it** you can add
MsgBox "Message from here"

at various points in the script to make sure you see that prompt.

Rob.
Avatar of Leo

ASKER

Hi, I am not getting any text files created at "C:\Temp\" after running the script.
Avatar of Leo

ASKER

I added MsgBox "Message from here", but it was still splashing, I was able to take a screenshot, and read a bit.

Dim StrIPAddress
'Dim' is not recognized as an internal or external command.

so All the Dim commands its not able to recognize.
Best practice is to not modify the default domain policy.  Create a new group policy object for every setting or group of settings.
Hi, I think you may be running the file with a .bat extension?  Make sure the file has a .vbs extension.  The code is VBScript, which requires a VBS extension.  When you are calling the script, you should be able to double-click it.

When running it from Group Policy, just enter
\\domain.com\sysvol\domain.com\scripts\SophosReport.vbs

where domain.com is the name of your domain, and SophosReport.vbs is the name you gave the script.

Rob.
Avatar of Leo

ASKER

It works when I work locally on my computer, output is "Computer Name,IP Address,Installed,10.6.3.500"

Can it capture Primary location of Sophos EndPoint Client?
>> Can it capture Primary location of Sophos EndPoint Client?

More than likely we can pull it from somewhere, whether it be an ini file or in the registry.

Can you have a look in
HKLM\SOFTWARE\Sophos\AutoUpdate\Service\
or
HKLM\SOFTWARE\Wow6432Node\Sophos\AutoUpdate\Service\

and see whether they are listed there?

Rob.
Avatar of Leo

ASKER

I have attached the screenshots, its not listed there.

I found it in under C:\ProgramData\Sophos\AutoUpdate\Config , file name iconn.cfg

;****************************************************************************
;
; iconn.cfg
;
; Please do not edit this text file.
;
;****************************************************************************

[PPI.WebConfig_Primary]
AllowLocalConfig = 0
AutoDialTimeout =
LocalPath =
DownloadGranularity =
ConnectionAddress = \\Server\SophosUpdate\CIDs\S000\SAVSCFXP\
UserName = Domain\svcSophos
UserPassword =
ConnectionType = UNC
UseSophos = 0
AutoDial = 0
BandwidthLimit = 0
UseHttps = 0
PortNumber =

[PPI.ProxyConfig_Primary]
AllowLocalConfig = 0
ProxyPortNumber = 0
ProxyType = 0

[PPI.WebConfig_Secondary]
AllowLocalConfig = 0
AutoDialTimeout =
LocalPath =
DownloadGranularity =
ConnectionAddress = http://es-web.sophos.com/update/
UseSophos = 1
UserName =
UserPassword =
ConnectionType = HTTP
AutoDial = 0
BandwidthLimit = 0
UseHttps = 0

[PPI.ProxyConfig_Secondary]
AllowLocalConfig = 0
ProxyPortNumber = 0
ProxyType = 0
SophosR.jpg
SophosR1.jpg
SOLUTION
Avatar of RobSampson
RobSampson
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Leo

ASKER

It works :-) output is bellow, I guess "http://es-web.sophos.com/update/" is secondary location?

ComputerName,IPAddress,Installed,10.6.3.500,\\DomainController\SophosUpdate\CIDs\S000\SAVSCFXP\,http://es-web.sophos.com/update/

Also when I will put the script on Default Group policy, can it put all the computers in one CSV file?

thanks a ton.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Leo

ASKER

Thanks, so the Sophos script will go under Default Domain Policy, Under which container?

thanks.
GP.jpg
It would depend on which OUs you want to apply it to.  Adding it as a Computer Configuration --> StartUp Script means it will run the script for every computer object under the OU you have applied it to.  If you have workstations in particular OUs that you want to report on, then link it to those OUs. The top level of the domain would be fine, though.

Also, don't forget to add Domain Computers with Write access to your central share.

Rob.
Don't put it in the default domain policy, which gets applied to every computer in the domain. Put your login script in a new policy, and apply the GPO to whatever OUs contain the computers that you want to run the script.
Absolutely agree with kevinhsieh1.

You are much better off creating a new policy.

Rob.
Avatar of Leo

ASKER

Its working, but report creation part is not working.

So in batch file what do I have to include?

If I just run this "\\YourServer\SophosReports\*.txt > \\YourServer\SophosReports\Report.csv" as a batch file, it errors out "UNC Paths is not supported, defaulting to windows directory.
Do you have the word "type" as the first word in the command?  That needs to be the first word.

Rob.
Avatar of Leo

ASKER

tried it same error :-(

Any other way of combining all these txt files to CSV?
It really should work....can you try running it manually?
Open a command prompt (maybe as Administrator) --> Click Start, type cmd, then right click the command prompt executable, and click Run As Administrator.
Enter the following on that command line
type "\\YourServer\SophosReports\*.txt" > "\\YourServer\SophosReports\Report.csv"

Note that I put double quotes around the paths this time, in case you have spaces in the share name.

Rob.