One other approach that I have implemented to perform Administrative operations on NT clients is listed below. This system works well and you do not have to include special code in your logon script for a specified period in the hopes of hitting all computers.
The Bullock methodology:
1. Setup a hidden share on a central server with subdirectories for each distinct process you want to perform/execute.
2. Write code that will:
a. checks for a custom defined registry key/value
b. if the value does not exist or is incorrect write a file named as the @wksta.flg to the specific directory created in item #1
3. Write your Admin script to perform your specific function.
a. run as a service from a production server for optimal ease and uptime.
b. this program reads the files in the directory and takes action on the computer specified by the file name.
c. on successful completion, write the correct registry key/value so that the logon script does not recreate the flag file.
d. Record the action to a log file or database
4. Add a service account to the local administrators group so that your process has the necessary permissions to complete the task.
5. Implement the key checking/flag genration code in the logon script.
This methodology then only processes computers that have just come onto the network. It guarantees that a process is only run once. And it does not generate noise when the Admin script is target to all computers and some are not online. This process can run for any period of time and has very low overhead on the client and the server where the Admin script runs.
We use SMS as well, but some areas of the company have yet to implement SMS and others have elected not to participate. The logon script however has 97% coverage on 40,000 accounts. This methodology can be leverage quickly and inexpensively.
Comments & criticisms welcome.
[ 03 April 2002, 16:28: Message edited by: Howard Bullock ]
