Another deployment tool

travbrack · ‎01-02-2009

Hi there, first post

I thought I would share with you all how I deployed lansweeper in my environment. I created the following vbscript which queries the active directory domain for computers, pings them, and remotely executes lsclient.exe using psexec on the ones that respond. Feel free to use it, hack it, do whatever you want with it. Suggestions are appreciated.

Just change your variables to match the locations appropriate for your environment and let 'er rip. *must be run as a user in the "administrators" group on the local machines*


'****************************************************************************
' This script created by Travis Brackett (travmeister@gmail.com)
'
'Stolen from http://www.rlmueller.net and netnerds.net
'
' This script finds all computers in AD and attempts to run LSclient.exe
' On each machine using Sysinternals Psexec.
'
'Requirements: AD Domain, LSclient.exe in a network location, Sysinternals
'Psexec (http://download.sysinternals.com/Files/PsTools.zip) and a working
'Lansweeper install
'
'Creates a temp file in your %temp% directory for each computer so you can
'Track output of the process.  Not recommended if you have tons of computers
'
' NO WARRANTIES, USE THIS AT YOUR OWN RISK, etc.
'*****************************************************************************
Dim strPsexecpath,strLsclientpath,strServerName
'Location of psexec.exe
strPsexecpath = "\\server01\pstools\psexec.exe"
'Location of lsclient.exe
strLsclientpath = "\\contoso.com\netlogon\lsclient.exe"
'Name of the server running the Lansweeper service
strServerName = "LSSERVER"

Set objAdRootDSE = GetObject("LDAP://RootDSE")
Set objRS = CreateObject("adodb.recordset")
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

strTemp = objShell.ExpandEnvironmentStrings("%TEMP%")
 
  varConfigNC = objAdRootDSE.Get("defaultNamingContext")
  strConnstring = "Provider=ADsDSOObject"
  strWQL = "SELECT * FROM 'LDAP://" & varConfigNC & "' WHERE objectCategory= 'Computer'"
  objRS.Open strWQL, strConnstring
    Do until objRS.eof
       Set objComputer = GetObject(objRS.Fields.Item(0))
      strComputer = objComputer.CN
       objRS.movenext
       Set objComputer = Nothing
	If (IsConnectible(strComputer, 1, 750) = True) Then
RETURN = objShell.Run ("%comspec% /c " & strPsexecpath & " \\" & strComputer & " -c " & strLsclientpath & " " & strServerName & " > " & strTemp & "\" & strComputer & ".tmp", 0)
	End If
	Loop
  objRS.close
 
Set objRS = Nothing
Set objAdRootDSE = Nothing

Function IsConnectible(ByVal strHost, ByVal intPings, ByVal intTO)
    ' Returns True if strHost can be pinged.
    ' Based on a program by Alex Angelopoulos and Torgeir Bakken.

	strTempFile = strTemp & "\RunResult.tmp"
    Dim objFile, strResults

    If (intPings = "") Then
        intPings = 2
    End If
    If (intTO = "") Then
        intTO = 750
    End If

    Const OpenAsDefault = -2
    Const FailIfNotExist = 0
    Const ForReading = 1

    objShell.Run "%comspec% /c ping -n " & intPings & " -w " & intTO _
        & " " & strHost & ">" & strTempFile, 0, True

    Set objFile = objFSO.OpenTextFile(strTempFile, ForReading, _
        FailIfNotExist, OpenAsDefault)
    strResults = objFile.ReadAll
    objFile.Close

    Select Case InStr(strResults, "TTL=")
        Case 0
            IsConnectible = False
        Case Else
            IsConnectible = True
    End Select
End Function
set objShell = Nothing

taeratrin · ‎03-19-2009

Travbrack,
Seems you came to the same conclusion I did with mine. For testing and initial inventory it works great, but GPO is really the only way to do it if you want to keep track of your users. You would figure that there would be provisions for domain admins to create processes under a different user with no password provided, but apparently this is a 'security risk'. They seem to have missed the point that if you're already domain admin then all other 'security risks' are really moot.

travbrack · ‎03-18-2009

Sundarrs

Since I created this script, I realized it's kind of a crappy way to deploy LS. Since you run it as your account on everyone's machine, you don't see who is logging into the machines, also it doesn't update the information. Your best bet is probably to create a Group Policy login script and link it at the OU level. This will only find machines that people are actually logging in to, if you want it to get all of them use a startup script.

If you absolutely insist on using an RPC push:
did you modify the script?
are you logged in to a workstation which is joined to the domain with a user with appropriate active directory permissions?
can you query active directory using the AD users and computers snapin?
etc...

sundarrs · ‎03-18-2009

Hello Travback,

when i run this script it gives the error,

Script C:\w.vbs
Line : 33
Char: 3
Error : The directory property cannot be found in the cache

Code : 8000500D
Source : Active Directory

I am trying to run this script for alaska.local.domain.com , where alaska is the local OU and machines name starts with alaw001

Can you please help.

rvspinx · ‎01-09-2009

Excellent thanks!

travbrack · ‎01-09-2009

That should be possible, you just need to specify the DN of the child domain on line 26 instead of "RootDSE". So for example:

Set objAdRootDSE = GetObject("LDAP://dc=antarctica,dc=contoso,dc=com")

Pretty sure that will work.

rvspinx · ‎01-09-2009

I am in no way a script person, or programmer type of any kind.. If I wanted to limit the search to one child domain of the forest would I be able to?

Thanks.

Another deployment tool

Archive

New to Lansweeper?

Try Lansweeper For Free