Page 1 of 1 1
Topic Options
#153963 - 2005-12-23 12:23 AM Couple of problems with login script
Aaron Perrault Offline
Fresh Scripter

Registered: 2003-08-29
Posts: 27
Loc: Emeryville, CA
Hi everyone,
I am having a few problems with my login scripts. I am trying to force an install of Symantec Anti-Virus on machines that do not already have it installed. I am using Symantec's provided vplogon.bat, but the shell function is not running. I am also getting errors in Application Event Logs on my machine when I login. The errors are:
The description for Event ID ( 1722 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: UserGetLocalGroups failed Error : The RPC server is unavailable. (0x6ba/1722).

The description for Event ID ( 1332 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: GetPrimaryGroup failed Error : No mapping between account names and security IDs was done. (0x534/1332).

The description for Event ID ( 1332 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: GetPG: LookupAccountSid failed Error : No mapping between account names and security IDs was done. (0x534/1332).

The description for Event ID ( 53 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: UserModalsGet failed Error : The network path was not found. (0x35/53).

The description for Event ID ( 53 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: UserGetInfo failed Error : The network path was not found. (0x35/53).

Here is the script (The Anti-Virus is towards the bottom).

;*************************************************************************
; Script Name: Logon.bat
; Author: Aaron Perrault
; Date: 11/16/2005
; Description: Logon Script for EVault Corp.
;*************************************************************************
;
Small
Color b+/n
Box (0,0,24,90,GRID) ; 'background grid'
Color b/n
Box (8,21,18,71,Å) ; 'shadow' of the box
Color g+/n
Box (7,20,17,70,FULL)
;
Color w+/n
AT ( 9,25) "Userid : " ; display some text strings
AT (10,25) "Full name : "
AT (11,25) "Privilege : "
AT (12,25) "Workstation : "
AT (13,25) "Domain : "
AT (14,25) "Logon Server : "
AT (15,25) "Operating System : "
;
Color y+/n
AT ( 9,45) @userid ; ...and some macro's
AT (10,45) @fullname
AT (11,45) @priv
AT (12,45) @wksta
AT (13,45) @domain
AT (14,45) @lserver
AT (15,45) @ProductType
;
;Drive Mapping Section:
;
Use J: "\\ev-fps\public"
;
If (InGroup ("GRP-Accounting-Main") OR InGroup ("Grp-Finance") OR InGroup ("Domain Admins"))
Use g: "\\ev-fps\accounting$"
EndIf
;
If (InGroup ("GRP-Alliance") OR InGroup ("alliance") OR InGroup ("Domain Admins"))
Use H: "\\ef-fps\alliance$"
EndIf
;
If (InGroup ("GRP-Business Development") OR InGroup ("Domain Admins"))
Use K: "\\ev-fps\busdev$"
EndIf
;
If (InGroup ("GRP-Contract") OR InGroup ("GRP-Contracts-Read Only") OR InGroup ("Domain Admins"))
Use L: "\\ev-fps\contracts$"
EndIf
;
If (InGroup ("GRP-Marketing") OR InGroup ("GRP-Marketing Bus Dev") OR InGroup ("Marketing") OR InGroup ("Domain Admins"))
Use M: "\\ev-fps\marketing$"
EndIf
;
If (InGroup ("GRP-ExecAdmin") OR InGroup ("GRP-General Exec Administration") OR InGroup ("Domain Admins"))
Use N: "\\ev-fps\ExecAdmin$"
EndIf
;
If (InGroup ("GRP-Operations") OR InGroup ("Domain Admins"))
Use O: "\\ev-fps\Operations"
EndIf
;
If (InGroup ("GRP-License") OR InGroup ("GRP-General Exec Administration") OR InGroup ("Domain Admins"))
Use W: "\\ev-fanda\license$"
EndIf
;
If (InGroup ("GRP-Human Resources") OR InGroup ("GRP-Human Resources-Read Only") OR InGroup ("Domain Admins"))
Use Q: "\\ev-fps\hr$"
EndIf
;
If (InGroup ("GRP-Europe") OR InGroup ("Domain Admins"))
Use R: "\\ev-fps\europe$"
EndIf
;
If (InGroup ("GRP-PreSales") OR InGroup ("GRP-Direct Sales") OR InGroup ("GRP-Sales") OR InGroup ("GRP-Teleprospecting") OR
InGroup ("GRP-Teleprospecting Restricted") OR InGroup ("sbe.sales") OR InGroup ("sbe-support") OR InGroup ("Domain Admins"))
Use s: "\\ev-fps\Sales$"
EndIf
;
If (InGroup ("GRP-Product Development") OR InGroup ("Domain Admins"))
Use T: "\\ev-fps\ProdDev$"
EndIf
;
If (InGroup ("GRP-Emeryville Engineering") OR InGroup ("Domain Admins"))
Use U: "\\ev-fps\EE$"
EndIf
;
If (InGroup ("GRP-Commissions") OR InGroup ("Domain Admins"))
Use V: "\\ev-fps\commissions$"
EndIf
;
If (InGroup ("GRP-Evault Admin") OR InGroup ("Domain Admins"))
Use Y: "\\ev-fps\EvVault$"
EndIf
;
If (InGroup ("GRP-Evault-Solutions") OR InGroup ("Domain Admins"))
Use W: "\\ev-fps\solutions$"
EndIf
;

; ECHO OFF
;If Exist ("%wiwndir%\system32\pskill.exe")
; Display ("File Exists")
;Else Copy @ldrive+\files\pskill.exe ("%windir%\system32")
;;
;Run ("%windir%\system32\pskill.exe wUauclt")
;
Shell 'net stop "Automatic Updates"'
Shell 'net start "Automatic Updates"'
Run ("%windir%\system32\wUauclt.exe /resetauthorization /detectnow")

Shell ("@lserver\vplogon.bat")

SetTime "@lserver"


Thanks and have a great Holiday.

aaron

Top
#153964 - 2005-12-23 03:34 AM Re: Couple of problems with login script
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Parts of your login script require local admin privs. Do your users have those?
_________________________
There are two types of vessels, submarines and targets.

Top
#153965 - 2005-12-23 03:46 AM Re: Couple of problems with login script
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
You can ignore the errors in the Event viewer for KiXtart as those are normal due to how calls are made. There is a DLL file you could install from Tripoli if wanted but just ignore for now.

1. What version of KiXtart are you using?
2. Is the Domain NT4 or Active Directory?
3. Are the workstations all NT and above ?
4. Do your clients have local admin rights on their systems?

As Jens pointed out there are a few commands that can not be run by users unless they have local admin rights.

Before I make too many suggestions please answer the above questions.

Thanks


I'd do away with the vplogon.bat file myself and use anothe method which we can discuss once we know more about your environment.
 

Top
#153966 - 2005-12-23 03:47 AM Re: Couple of problems with login script
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
what OS are your clients?
Is the Domain Controller available?

as a minor tip you can alter you ingroup statements like this:
If InGroup("GRP-Evault-Solutions","Domain Admins")

Ignore the crap in the event log, are you running logon syncronous or async, does it work if you run it manually after logon?
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#153967 - 2005-12-23 04:10 AM Re: Couple of problems with login script
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Contrary to what DOC says, you cannot ignore the errors. It looks like you have either a WINS problem or a GC problem.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#153968 - 2005-12-23 04:16 AM Re: Couple of problems with login script
maciep Offline
Korg Regular
*****

Registered: 2002-06-14
Posts: 947
Loc: Pittsburgh
And don't use parens with run or shell

Shell @lserver + "\vplogon.bat"

Top
#153969 - 2005-12-23 04:36 AM Re: Couple of problems with login script
Aaron Perrault Offline
Fresh Scripter

Registered: 2003-08-29
Posts: 27
Loc: Emeryville, CA
OK, let me answer all of the questions.

I am running the most recent version of Kix32. I downloaded it about 2 months ago.
We are in a Windows 2003 Native Active Directory.
All of my machines are Windows XP Pro, and my users do have Administrative Privs.

AS for what Les was talking about. I dont believe that I have any WINS or GC errors, or at least nothing else in my environment is reporting any problems. my MOM is not reporting any problems.

Any help is appreciated. Thanks guys for all this help.

app

Top
#153970 - 2005-12-23 05:07 AM Re: Couple of problems with login script
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Well... you were told about the parens before.
http://www.kixtart.org/ubbthreads/showthreaded.php?Cat=0&Number=151552&page=0&vc=1

InGroup() supports multiple parms so there is no need for the double parens and the ORing.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#153971 - 2005-12-23 05:10 AM Re: Couple of problems with login script
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Oh, as for MOM, that is a poor comparison. I don't believe MOM uses NetBIOS or WINS.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#153972 - 2005-12-23 05:28 AM Re: Couple of problems with login script
Aaron Perrault Offline
Fresh Scripter

Registered: 2003-08-29
Posts: 27
Loc: Emeryville, CA
I know that MOM is a poor comparison. I also know about the parens. I actually was thinking about that on the way home. I posted the message shortly before I left for the day, and as I was driving home, I said to myself. I think the guys in the forum are going to be pissed, because the made suggestions last time, and I dont think I took all of them. I havent gotten around to this, we had other fires to put out, and since this is a quiet week, I figured that I would finally finish this project.

Any help would be greatly appreciated (and implimented)

thanks guys

app

Top
#153973 - 2005-12-23 05:30 AM Re: Couple of problems with login script
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
My #1 recommendation would be to remove local admin privs from your users
_________________________
There are two types of vessels, submarines and targets.

Top
#153974 - 2005-12-23 05:44 AM Re: Couple of problems with login script
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I dropped Symantec years ago so I don't know how much it may have changed but back in teh early years when I did use it, I had to rewrite the functionality of vplogon.bat in KiX rather than SHELL to it. That was back in the Wintendo years. After we dumped the Wintendos, I dropped having it in the logon script altogether. The SSC is quite capable of pushing out SAV.

There is also no need for SetTime. AD and the Windows Time Service takes care of that.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#153975 - 2005-12-23 06:27 AM Re: Couple of problems with login script
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
 
;*************************************************************************
; Script Name: Logon.bat
; Author: Aaron Perrault
; Date: 11/16/2005
; Description: Logon Script for EVault Corp.
;*************************************************************************
;

;**************************
; RECOMMENDED SETTINGS
Break On
Dim $SO
$SO=SetOption('Explicit','On')
$SO=SetOption('NoVarsInStrings','On')
$SO=SetOption('NoMacrosInStrings','On')
;**************************

Small
Color b+/n
Box (0,0,24,90,GRID) ; 'background grid'
Color b/n
Box (8,21,18,71,Å) ; 'shadow' of the box
Color g+/n
Box (7,20,17,70,FULL)

Color w+/n
AT ( 9,25) "Userid : " ; display some text strings
AT (10,25) "Full name : "
AT (11,25) "Privilege : "
AT (12,25) "Workstation : "
AT (13,25) "Domain : "
AT (14,25) "Logon Server : "
AT (15,25) "Operating System : "

Color y+/n
AT ( 9,45) @userid ; ...and some macro's
AT (10,45) @fullname
AT (11,45) @priv
AT (12,45) @wksta
AT (13,45) @domain
AT (14,45) @lserver
AT (15,45) @ProductType

;Drive Mapping Section:

;Might want to use one of the drive mapping UDFs or at least check
;and unmap drives before trying to re-map them.
Use J: "\\ev-fps\public"

If InGroup("GRP-Accounting-Main","Grp-Finance","Domain Admins")
Use g: "\\ev-fps\accounting$"
EndIf

If InGroup("GRP-Alliance","alliance","Domain Admins")
Use H: "\\ef-fps\alliance$"
EndIf

If InGroup("GRP-Business Development","Domain Admins")
Use K: "\\ev-fps\busdev$"
EndIf

If InGroup("GRP-Contract","GRP-Contracts-Read Only","Domain Admins")
Use L: "\\ev-fps\contracts$"
EndIf

If InGroup("GRP-Marketing","GRP-Marketing Bus Dev","Marketing","Domain Admins")
Use M: "\\ev-fps\marketing$"
EndIf

If InGroup("GRP-ExecAdmin","GRP-General Exec Administration","Domain Admins")
Use N: "\\ev-fps\ExecAdmin$"
EndIf

If InGroup("GRP-Operations","Domain Admins")
Use O: "\\ev-fps\Operations"
EndIf

If InGroup("GRP-License","GRP-General Exec Administration","Domain Admins")
Use W: "\\ev-fanda\license$"
EndIf

If InGroup("GRP-Human Resources","GRP-Human Resources-Read Only","Domain Admins")
Use Q: "\\ev-fps\hr$"
EndIf

If InGroup("GRP-Europe","Domain Admins")
Use R: "\\ev-fps\europe$"
EndIf

If InGroup("GRP-PreSales","GRP-Direct Sales","GRP-Sales","GRP-Teleprospecting","GRP-Teleprospecting Restricted","sbe.sales","sbe-support","Domain Admins")
Use s: "\\ev-fps\Sales$"
EndIf

If InGroup("GRP-Product Development","Domain Admins")
Use T: "\\ev-fps\ProdDev$"
EndIf

If InGroup("GRP-Emeryville Engineering","Domain Admins")
Use U: "\\ev-fps\EE$"
EndIf

If InGroup("GRP-Commissions","Domain Admins")
Use V: "\\ev-fps\commissions$"
EndIf

If InGroup("GRP-Evault Admin","Domain Admins")
Use Y: "\\ev-fps\EvVault$"
EndIf

If InGroup("GRP-Evault-Solutions","Domain Admins")
Use W: "\\ev-fps\solutions$"
EndIf
SHELL '%COMSPEC% /c net stop "Automatic Updates" >nul 2>nul'
SHELL '%COMSPEC% /c net start "Automatic Updates" >nul 2>nul'
Run ("%windir%\system32\wUauclt.exe /resetauthorization /detectnow")

;Use an auto install msi switches to install and even reboot if wanted
;Run some registry checks to see if it's installed or up to date
;Shell ("@lserver\vplogon.bat")

;Active Directory should automatically setup and manage the time for
;all systems that are domain members. SetTime is legacy
;SetTime @lserver


Top
#153976 - 2005-12-23 06:27 AM Re: Couple of problems with login script
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
oh...

Script Name: Logon.bat


This is a KiXtart script, not a batch file.

Top
#153977 - 2005-12-23 01:31 PM Re: Couple of problems with login script
maciep Offline
Korg Regular
*****

Registered: 2002-06-14
Posts: 947
Loc: Pittsburgh
Doc, what's up with this?

Run ("%windir%\system32\wUauclt.exe /resetauthorization /detectnow")

Top
#153978 - 2005-12-23 04:40 PM Re: Couple of problems with login script
Aaron Perrault Offline
Fresh Scripter

Registered: 2003-08-29
Posts: 27
Loc: Emeryville, CA
Thanks for the help Doc. I know that the file is not logon.bat. Originally I was going to re-write the logon.bat file that the previous admin put together, but I decided against it and went with Kix. I have some questions about the UDFs. I do not really understand how they work. Do I just put them in the script and they work? Do I need any additional files in my scripts folder? I have not been able to locate any info on using the silent install switches for the Symantec install on version 10. I know that they used to have it in version 7 and 8, but someone mentioned that there are problems with running the MSI directly in version 10, but I havent done a lot of in depth research yet on that.

I will let you guys know if I have more questions. Thanks much for the help and have a Merry Christmas, Happy Holidays etc.

aaron

Top
#153979 - 2005-12-23 07:13 PM Re: Couple of problems with login script
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
Sorry Maciep missed that one.

Aaron the SAV10 has install switches as well.

Here is an example of installing SAV10 without any cancel buttons. The user can see it installing, but can't stop it. Then it reboots the computer when done.

%windir%\system32\msiexec.exe /i "\\server\share\sav10\Symantec AntiVirus.msi" ADDLOCAL=SAVMain,SAVHelp,SAVUI,QClient NETWORKTYPE=1 SERVERNAME=AV01 RUNLIVEUPDATE=0 REBOOT=Force REBOOTPROMPT=Suppress /qb!

Installing Symantec Client Security 3.x clients or Symantec AntiVirus Corporate Edition 10.x clients without E-Mail Auto-Protect plug-ins
http://service1.symantec.com/support/ent...rc=ent_gold_nam

Installing Symantec Client Security using command-line parameters
http://service1.symantec.com/SUPPORT/ent...&dtype=corp

Symantec System Center 10.0 walk-through for administrators
http://service1.symantec.com/SUPPORT/ent...=ent_tutweb_nam


 
KiXtart: FAQ Contents Page
http://www.kixtart.org/ubbthreads/showflat.php?Cat=0&Number=133917

How to use UDFs
http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Number=81594

 

Top
#153980 - 2005-12-23 10:09 PM Re: Couple of problems with login script
Aaron Perrault Offline
Fresh Scripter

Registered: 2003-08-29
Posts: 27
Loc: Emeryville, CA
Hey guys,
thanks for all the help. I am almost there. I am getting ready to leave for the long weekend. I will work more with this on Tuesday. Thanks for everything. All that i need to do know is look in the registry to see if SAV is already installed or not.

Happy Holidays

Aaron

Top
#153981 - 2005-12-23 10:40 PM Re: Couple of problems with login script
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
We have a UDF for that as well

GetNavAntiVirusInfo() - Returns Information and Date of installed Symantec AntiVirus
 
and for just SAV definition date

GetNavDate() - Returns DEF dates of Symantec AV
 

Top
#173028 - 2007-01-21 08:47 AM Re: Couple of problems with login script [Re: NTDOC]
Megabit Offline
Fresh Scripter

Registered: 2007-01-21
Posts: 13
Loc: Miami, FL
Ahh, just what I was looking for. I love you NTDOC! (in a totally manly IT professional way of course.)
Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 365 anonymous users online.
Newest Members
rrosell, PatrickPinto, Raoul, Timothy, Jojo67
17877 Registered Users

Generated in 0.127 seconds in which 0.084 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org