Leo
asked on
Running VB/Batch script through Group policy
Hi All,
I have a VBS script, which checks on the network for Sophos End Point Antivirus application if its installed, and secondly it checks for which Sophos version its running.
I am trying to run it through GP, I have tried it under default GP policy (Startup Script) but its not working.
Under which Container in GP I should put so it will serve its purpose :-)
thanks.
I have a VBS script, which checks on the network for Sophos End Point Antivirus application if its installed, and secondly it checks for which Sophos version its running.
I am trying to run it through GP, I have tried it under default GP policy (Startup Script) but its not working.
Under which Container in GP I should put so it will serve its purpose :-)
thanks.
ASKER
This is the script;
Option Explicit
'========================= ========== ========== ==========
'File: NoSophos.vbs
'Version: 1.0
'Description
'Checks for the existence of a Sophos file and email if it doesn't exist.
'========================= ========== ========== ==========
Const x86_SAV = "C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const x64_SAV = "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Dim wshShell : Set wshShell = Wscript.CreateObject("Wscr ipt.Shell" )
Dim objFSO : set objFSO = createobject("Scripting.Fi leSystemOb ject")
Dim objMessage : Set objMessage = CreateObject("CDO.Message" )
Dim WshNetwork : Set WshNetwork = CreateObject("WScript.Netw ork")
Dim strComputer
Dim objNetwork : Set objNetwork = wscript.CreateObject("wscr ipt.networ k")
Dim strIP
Dim strcomputerIP
Dim objWMIService
Dim colItems
Dim strCount
Dim objitem
Dim strIPAddress
Dim Architecture
Dim strFile
strComputer = WshNetwork.ComputerName
Architecture = WshShell.RegRead("HKLM\SYS TEM\Curren tControlSe t\Control\ Session Manager\Environment\PROCES SOR_ARCHIT ECTURE")
If InStr(Architecture,"86") <> 0 Then
strFile = x86_SAV
ElseIf InStr(Architecture,"64") <> 0 Then
strFile = x64_SAV
Else
' unknown result, fail gracefully
WScript.Quit
End If
strcomputerIP = "."
Set objWMIService = GetObject("winmgmts:{imper sonationLe vel=impers onate}!\\" & strComputerIP & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("S elect * From Win32_NetworkAdapterConfig uration Where IPEnabled = True")
strCount = 1
For Each objitem in colitems
If strCount = 1 Then
strIPAddress = Join(objitem.IPAddress, ",")
strIP = stripaddress
strCount = strCount + 1
Else
End If
next
If (NOT objFSO.FileExists(strFile) ) Then
objMessage.Subject = "Sophos not installed"
objMessage.TextBody = objNetwork.Username & " " & strIP & objMessage.Subject
else
objMessage.Subject = "Sophos Installed"
objMessage.TextBody = objNetwork.Username & " " & strIP & " File Version: " & objFSO.GetFileVersion(strF ile)
End if
objMessage.From = strComputer & "@EmailServer"
objMessage.To = "test1@EmailServer"
objMessage.Configuration.F ields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objMessage.Configuration.F ields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.EmailServer"
objMessage.Configuration.F ields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.F ields.Upda te
objMessage.Send
Option Explicit
'=========================
'File: NoSophos.vbs
'Version: 1.0
'Description
'Checks for the existence of a Sophos file and email if it doesn't exist.
'=========================
Const x86_SAV = "C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const x64_SAV = "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Dim wshShell : Set wshShell = Wscript.CreateObject("Wscr
Dim objFSO : set objFSO = createobject("Scripting.Fi
Dim objMessage : Set objMessage = CreateObject("CDO.Message"
Dim WshNetwork : Set WshNetwork = CreateObject("WScript.Netw
Dim strComputer
Dim objNetwork : Set objNetwork = wscript.CreateObject("wscr
Dim strIP
Dim strcomputerIP
Dim objWMIService
Dim colItems
Dim strCount
Dim objitem
Dim strIPAddress
Dim Architecture
Dim strFile
strComputer = WshNetwork.ComputerName
Architecture = WshShell.RegRead("HKLM\SYS
If InStr(Architecture,"86") <> 0 Then
strFile = x86_SAV
ElseIf InStr(Architecture,"64") <> 0 Then
strFile = x64_SAV
Else
' unknown result, fail gracefully
WScript.Quit
End If
strcomputerIP = "."
Set objWMIService = GetObject("winmgmts:{imper
Set colItems = objWMIService.ExecQuery("S
strCount = 1
For Each objitem in colitems
If strCount = 1 Then
strIPAddress = Join(objitem.IPAddress, ",")
strIP = stripaddress
strCount = strCount + 1
Else
End If
next
If (NOT objFSO.FileExists(strFile)
objMessage.Subject = "Sophos not installed"
objMessage.TextBody = objNetwork.Username & " " & strIP & objMessage.Subject
else
objMessage.Subject = "Sophos Installed"
objMessage.TextBody = objNetwork.Username & " " & strIP & " File Version: " & objFSO.GetFileVersion(strF
End if
objMessage.From = strComputer & "@EmailServer"
objMessage.To = "test1@EmailServer"
objMessage.Configuration.F
objMessage.Configuration.F
objMessage.Configuration.F
objMessage.Configuration.F
objMessage.Send
Your startup script should be a batch file that looks like this
CScript.exe "\\UNC path to your script.vbs"
CScript.exe "\\UNC path to your script.vbs"
Hi, I don't think sending an email from every PC would be your preferred option either. That would mean every PC that starts up will send you an email every time. You could set a flag somewhere on the PC that knows the script has already been run once, and then only email you if Sophos is NOT installed, since I assume that would be your objective.
Also, Sophos may be configured to stop ordinary clients from sending email anyway.
The other option could be that you have the script write to a central database (or CSV file) as computers start up, then you collate that data at any point from the central location.
I suggest you tell you us more about how you expect this to be run, and what your goal is, then we can fit it better to your environment.
Regards,
Rob.
Also, Sophos may be configured to stop ordinary clients from sending email anyway.
The other option could be that you have the script write to a central database (or CSV file) as computers start up, then you collate that data at any point from the central location.
I suggest you tell you us more about how you expect this to be run, and what your goal is, then we can fit it better to your environment.
Regards,
Rob.
ASKER
@kevinhsieh: I did tired what you mentioned, I didn't get any email alerts, I have attached screenshot for our GP, I placed the script under Default policy.
@RobSampson: We have been hit by virus few times in our regional countries (Australia is central Site), reason being some PCs were not on the latest version of Sophos, secondly In Sophos EndPoint client it has two locations to get its update from (SCRRENSHOT ATTACHED)
1)Primary location: Its the one to get updates from Server.
2)Secondary Location: to get updates from Sophos (internet),in regional countries there is a struggle for slow internet and slow connection.
So the only way I thought of to know each PC is running the most updated version is through the script i posted, the objective is to get informed of PC name and Sophos version its running, and get it send through email or the
method you suggested, i.e. script write to CSV file.
GP.jpg
Sophos.jpg
@RobSampson: We have been hit by virus few times in our regional countries (Australia is central Site), reason being some PCs were not on the latest version of Sophos, secondly In Sophos EndPoint client it has two locations to get its update from (SCRRENSHOT ATTACHED)
1)Primary location: Its the one to get updates from Server.
2)Secondary Location: to get updates from Sophos (internet),in regional countries there is a struggle for slow internet and slow connection.
So the only way I thought of to know each PC is running the most updated version is through the script i posted, the objective is to get informed of PC name and Sophos version its running, and get it send through email or the
method you suggested, i.e. script write to CSV file.
GP.jpg
Sophos.jpg
OK, I see. So here's what I would do in my environment. You should be able to use this script, which only requires you to modify the strReportFolder line to the path of a centrally shared folder where the status files will go.
NOTE: The share must have Domain Computers added with Write access to the folder, because this will be a StartUp script.
Now with that script running as a StartUp Script via Group Policy, it will run as the computer SYSTEM account, which is why the report share will need Domain Computers to have write access to it.
What will happen when a computer runs that script is that will place a file called
COMPUTERNAME.txt
in that folder, where COMPUTERNAME is the name of the computer.
Now because that script will run every time, that one file for each computer will simply be update with a new status each time the computer restarts.
Then, after a few days, you can run this from your computer in the command prompt:
type \\YourServer\SophosReports \*.txt > \\YourServer\SophosReports \Report.cs v
and then, you can open that CSV file in Excel, and sort it as you need to.
Regards,
Rob.
NOTE: The share must have Domain Computers added with Write access to the folder, because this will be a StartUp script.
Option Explicit
'=======================================================
'File: NoSophos.vbs
'Version: 1.0
'Description
'Checks for the existence of a Sophos file and email if it doesn't exist.
'=======================================================
Const x86_SAV = "C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const x64_SAV = "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProxy.exe"
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Const strReportFolder = "\\YourServer\SophosReports\"
Dim wshShell : Set wshShell = Wscript.CreateObject("Wscript.Shell")
Dim objFSO : set objFSO = createobject("Scripting.FileSystemObject")
Dim WshNetwork : Set WshNetwork = CreateObject("WScript.Network")
Dim strComputer
Dim strIP
Dim objWMIService
Dim colItems
Dim strCount
Dim objitem
Dim strIPAddress
Dim Architecture
Dim strFile
Dim strResult
If Right(strReportFolder, 1) <> "\" Then strReportFolder = strReportFolder & "\"
strComputer = WshNetwork.ComputerName
Architecture = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE")
If InStr(Architecture,"86") <> 0 Then
strFile = x86_SAV
ElseIf InStr(Architecture,"64") <> 0 Then
strFile = x64_SAV
Else
' unknown result, fail gracefully
WScript.Quit
End If
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
strCount = 1
For Each objitem in colItems
If strCount = 1 Then
strIPAddress = Join(objitem.IPAddress, ",")
If InStr(strIPAddress, ",") > 0 Then strIPAddress = Left(strIPAddress, InStr(strIPAddress, ",") - 1)
strIP = strIPAddress
strCount = strCount + 1
Else
End If
Next
If (NOT objFSO.FileExists(strFile)) Then
'objMessage.Subject = "Sophos not installed"
'objMessage.TextBody = WshNetwork.Username & " " & strIP & objMessage.Subject
strResult = strComputer & "," & strIP & ",Not Installed,Not Installed"
Else
'objMessage.Subject = "Sophos Installed"
'objMessage.TextBody = WshNetwork.Username & " " & strIP & " File Version: " & objFSO.GetFileVersion(strFile)
strResult = strComputer & "," & strIP & ",Installed," & objFSO.GetFileVersion(strFile)
End If
Dim objOutput
Set objOutput = objFSO.CreateTextFile(strReportFolder & strComputer & ".txt", True)
objOutput.WriteLine strResult
objOutput.Close
Now with that script running as a StartUp Script via Group Policy, it will run as the computer SYSTEM account, which is why the report share will need Domain Computers to have write access to it.
What will happen when a computer runs that script is that will place a file called
COMPUTERNAME.txt
in that folder, where COMPUTERNAME is the name of the computer.
Now because that script will run every time, that one file for each computer will simply be update with a new status each time the computer restarts.
Then, after a few days, you can run this from your computer in the command prompt:
type \\YourServer\SophosReports
and then, you can open that CSV file in Excel, and sort it as you need to.
Regards,
Rob.
ASKER
Thanks.
Can you please give some clarification on "Then, after a few days, you can run this from your computer in the command prompt:
type \\YourServer\SophosReports \*.txt > \\YourServer\SophosReports \Report.cs v"?
Is this for comparison.
Also I have attached the screenshot where I am placing the batch script, it should be under Default Domain policy?
GP1.jpg
Can you please give some clarification on "Then, after a few days, you can run this from your computer in the command prompt:
type \\YourServer\SophosReports
Is this for comparison.
Also I have attached the screenshot where I am placing the batch script, it should be under Default Domain policy?
GP1.jpg
Hi, yes, it doesn't specifically need to go into the Default Domain Policy, but yes, the StartUp Scripts is the correct place. So just to test, you can run the script manually after updating the file share, and see the file for your computer get placed in that folder. Then delete that text file of your computer, run it at startup from Group Policy (that is, reboot your computer) and make sure the file gets put in that folder again.
If it does, all good. Now, as computers restart, more text files will be put there. When you want an update on how many computers have what version, then from your command prompt, run:
type \\YourServer\SophosReports \*.txt > \\YourServer\SophosReports \Report.cs v
This will create the Report.csv file, which will have all of the text files combined in it, so you can see all of the data in one place. You can run that command any time, but whenever you want the most current report, just run the command again to "join" the text files.
Regards,
Rob.
If it does, all good. Now, as computers restart, more text files will be put there. When you want an update on how many computers have what version, then from your command prompt, run:
type \\YourServer\SophosReports
This will create the Report.csv file, which will have all of the text files combined in it, so you can see all of the data in one place. You can run that command any time, but whenever you want the most current report, just run the command again to "join" the text files.
Regards,
Rob.
ASKER
I have just run the script through my machine, the online field I changed was;
Const strReportFolder = "C:\temp\"
I cant see any files, I have restarted my computer as well.
can I add a breaker in the script? so that I can see if it gives any error messages, at the moment I am not able to see anyting.
Const strReportFolder = "C:\temp\"
I cant see any files, I have restarted my computer as well.
can I add a breaker in the script? so that I can see if it gives any error messages, at the moment I am not able to see anyting.
Hi, so with
strReportFolder = "C:\Temp\"
when you just run the script while logged in, do you get the text file created in that folder?
For simple testing about how far the script gets, **first take it out of StartUp Scripts, or make a copy of it** you can add
MsgBox "Message from here"
at various points in the script to make sure you see that prompt.
Rob.
strReportFolder = "C:\Temp\"
when you just run the script while logged in, do you get the text file created in that folder?
For simple testing about how far the script gets, **first take it out of StartUp Scripts, or make a copy of it** you can add
MsgBox "Message from here"
at various points in the script to make sure you see that prompt.
Rob.
ASKER
Hi, I am not getting any text files created at "C:\Temp\" after running the script.
ASKER
I added MsgBox "Message from here", but it was still splashing, I was able to take a screenshot, and read a bit.
Dim StrIPAddress
'Dim' is not recognized as an internal or external command.
so All the Dim commands its not able to recognize.
Dim StrIPAddress
'Dim' is not recognized as an internal or external command.
so All the Dim commands its not able to recognize.
Best practice is to not modify the default domain policy. Create a new group policy object for every setting or group of settings.
Hi, I think you may be running the file with a .bat extension? Make sure the file has a .vbs extension. The code is VBScript, which requires a VBS extension. When you are calling the script, you should be able to double-click it.
When running it from Group Policy, just enter
\\domain.com\sysvol\domain .com\scrip ts\SophosR eport.vbs
where domain.com is the name of your domain, and SophosReport.vbs is the name you gave the script.
Rob.
When running it from Group Policy, just enter
\\domain.com\sysvol\domain
where domain.com is the name of your domain, and SophosReport.vbs is the name you gave the script.
Rob.
ASKER
It works when I work locally on my computer, output is "Computer Name,IP Address,Installed,10.6.3.5 00"
Can it capture Primary location of Sophos EndPoint Client?
Can it capture Primary location of Sophos EndPoint Client?
>> Can it capture Primary location of Sophos EndPoint Client?
More than likely we can pull it from somewhere, whether it be an ini file or in the registry.
Can you have a look in
HKLM\SOFTWARE\Sophos\AutoU pdate\Serv ice\
or
HKLM\SOFTWARE\Wow6432Node\ Sophos\Aut oUpdate\Se rvice\
and see whether they are listed there?
Rob.
More than likely we can pull it from somewhere, whether it be an ini file or in the registry.
Can you have a look in
HKLM\SOFTWARE\Sophos\AutoU
or
HKLM\SOFTWARE\Wow6432Node\
and see whether they are listed there?
Rob.
ASKER
I have attached the screenshots, its not listed there.
I found it in under C:\ProgramData\Sophos\Auto Update\Con fig , file name iconn.cfg
;************************* ********** ********** ********** ********** ********** *
;
; iconn.cfg
;
; Please do not edit this text file.
;
;************************* ********** ********** ********** ********** ********** *
[PPI.WebConfig_Primary]
AllowLocalConfig = 0
AutoDialTimeout =
LocalPath =
DownloadGranularity =
ConnectionAddress = \\Server\SophosUpdate\CIDs \S000\SAVS CFXP\
UserName = Domain\svcSophos
UserPassword =
ConnectionType = UNC
UseSophos = 0
AutoDial = 0
BandwidthLimit = 0
UseHttps = 0
PortNumber =
[PPI.ProxyConfig_Primary]
AllowLocalConfig = 0
ProxyPortNumber = 0
ProxyType = 0
[PPI.WebConfig_Secondary]
AllowLocalConfig = 0
AutoDialTimeout =
LocalPath =
DownloadGranularity =
ConnectionAddress = http://es-web.sophos.com/update/
UseSophos = 1
UserName =
UserPassword =
ConnectionType = HTTP
AutoDial = 0
BandwidthLimit = 0
UseHttps = 0
[PPI.ProxyConfig_Secondary ]
AllowLocalConfig = 0
ProxyPortNumber = 0
ProxyType = 0
SophosR.jpg
SophosR1.jpg
I found it in under C:\ProgramData\Sophos\Auto
;*************************
;
; iconn.cfg
;
; Please do not edit this text file.
;
;*************************
[PPI.WebConfig_Primary]
AllowLocalConfig = 0
AutoDialTimeout =
LocalPath =
DownloadGranularity =
ConnectionAddress = \\Server\SophosUpdate\CIDs
UserName = Domain\svcSophos
UserPassword =
ConnectionType = UNC
UseSophos = 0
AutoDial = 0
BandwidthLimit = 0
UseHttps = 0
PortNumber =
[PPI.ProxyConfig_Primary]
AllowLocalConfig = 0
ProxyPortNumber = 0
ProxyType = 0
[PPI.WebConfig_Secondary]
AllowLocalConfig = 0
AutoDialTimeout =
LocalPath =
DownloadGranularity =
ConnectionAddress = http://es-web.sophos.com/update/
UseSophos = 1
UserName =
UserPassword =
ConnectionType = HTTP
AutoDial = 0
BandwidthLimit = 0
UseHttps = 0
[PPI.ProxyConfig_Secondary
AllowLocalConfig = 0
ProxyPortNumber = 0
ProxyType = 0
SophosR.jpg
SophosR1.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It works :-) output is bellow, I guess "http://es-web.sophos.com/update/" is secondary location?
ComputerName,IPAddress,Ins talled,10. 6.3.500,\\ DomainCont roller\Sop hosUpdate\ CIDs\S000\ SAVSCFXP\, http://es-web.sophos.com/update/
Also when I will put the script on Default Group policy, can it put all the computers in one CSV file?
thanks a ton.
ComputerName,IPAddress,Ins
Also when I will put the script on Default Group policy, can it put all the computers in one CSV file?
thanks a ton.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, so the Sophos script will go under Default Domain Policy, Under which container?
thanks.
GP.jpg
thanks.
GP.jpg
It would depend on which OUs you want to apply it to. Adding it as a Computer Configuration --> StartUp Script means it will run the script for every computer object under the OU you have applied it to. If you have workstations in particular OUs that you want to report on, then link it to those OUs. The top level of the domain would be fine, though.
Also, don't forget to add Domain Computers with Write access to your central share.
Rob.
Also, don't forget to add Domain Computers with Write access to your central share.
Rob.
Don't put it in the default domain policy, which gets applied to every computer in the domain. Put your login script in a new policy, and apply the GPO to whatever OUs contain the computers that you want to run the script.
Absolutely agree with kevinhsieh1.
You are much better off creating a new policy.
Rob.
You are much better off creating a new policy.
Rob.
ASKER
Its working, but report creation part is not working.
So in batch file what do I have to include?
If I just run this "\\YourServer\SophosReport s\*.txt > \\YourServer\SophosReports \Report.cs v" as a batch file, it errors out "UNC Paths is not supported, defaulting to windows directory.
So in batch file what do I have to include?
If I just run this "\\YourServer\SophosReport
Do you have the word "type" as the first word in the command? That needs to be the first word.
Rob.
Rob.
ASKER
tried it same error :-(
Any other way of combining all these txt files to CSV?
Any other way of combining all these txt files to CSV?
It really should work....can you try running it manually?
Open a command prompt (maybe as Administrator) --> Click Start, type cmd, then right click the command prompt executable, and click Run As Administrator.
Enter the following on that command line
type "\\YourServer\SophosReport s\*.txt" > "\\YourServer\SophosReport s\Report.c sv"
Note that I put double quotes around the paths this time, in case you have spaces in the share name.
Rob.
Open a command prompt (maybe as Administrator) --> Click Start, type cmd, then right click the command prompt executable, and click Run As Administrator.
Enter the following on that command line
type "\\YourServer\SophosReport
Note that I put double quotes around the paths this time, in case you have spaces in the share name.
Rob.
If you post it, you'll possible get better help.