Hello gang!

Thought that I would share my latest project with the group.

first a little history....

We use Mcafee Virus scan 4.0.3, and we rely on the autoupgrade feature to
keep the datfiles/engine at the latest version. For win9x computers I was
able to automate this with the logon script, and it works like a champ.

Enter NT....

because not all of our users have local admin rights on their computers
this brings some problems to the surface.

1. Can't run superdat from a logon prompt with out admin rights... using SU
is not a good idea it opens a security hole.

2. Can't run the McTaskManager with the local system account because local
system account is unable to access network resources. Also can't run
McTaskManager with the user's account, especially if the user is not a local
admin...

3. there is noooo #3

4. need to "fix" the close to 70 NT workstations that are already been
deployed.


So we have 3 requirements,

1. need to modify McTaskManager to run under an account that has the proper
rights
2. Need to grant the McTaskManager Service account local admin rights on the
NT workstations,
3. need to configure Mcafee's autoupgrade so it knows where to go.

Enter KIX....

The following script will,

Modify Mcafee's autoupgrade to check once an hour, giving each workstation a
random X minutes after the hour slot.

Modify the McTaskManager service to run under the @domain\mcafeeupdate account

Grant the @dmoain\mcafeeupdate account the "Log on as service" right and give
it local administrator rights.

code:

break on cls
;-----------------------------------------------------------------------------
; The reason for this script is to change the way that Mcafee 
; virus scan is updated on nt workstations (here on refered to as "target")
;
; this script has 3 functions,
; 1.  Modify the target's registry to point to the location of 
;     the modified superdat.
;
; 2.  Modify the "McTaskManager" service on the target to use the 
;     account @domain\mcafeeupdate
;     (This is done by using the program xnet.exe)
;     @domain\mcafeeupdate is just a standard "Domain User" account.
;
; 3.  grant the account @domain\mcafeeupdate the "SeServiceLogonRight", and 
;     place this account in the local Administrators group on the target computer.
;     (This is done by using the program ntuser.exe, from the NTSEC utils
;     found @ http://www.pedestalsoftware.com  Currently installed @ "w:\ntsec"
;     and in the local path)
;
; use the kix script ComputerList.kix to generate a list of all NT computers
; that are in the Domain. http://www.neosoft.com/~brycel/kix/other_scripts/Computer_List 
;
;	The computer list must be in a UNC format.  You can provide a username
;	and password for systems that that you don't have admin rights on
;
;		\\computer1
;		\\computer2,<username>,<password>
;		\\computer3
;		\\computer4
;		....
;-----------------------------------------------------------------------------

$SAccount	= "@domain\<domain account>"
$SAccountPW	= "<Domain Account password>"
$MfdSDatLoc	= "<UNC location to Modified Superdat file>"

$clist		= "clist.dat"
$tempfile	= "%temp%\kix.txt" del $tempfile

;-----------------------------------------------------------------------------

$McafeeKey	= "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan"
$Upgradekey 	= "Tasks\Upgrade"
$Updatekey	= "Tasks\Update"
$Service	= "McTaskManager"
$right		= "SeServiceLogonRight"

$nextFlag 	= 0

srnd(val(substr("@time",7,2))*2000000)

;-----------------------------------------------------------------------------
;-----------------------------------------------------------------------------
;-----------------------------------------------------------------------------

if open(1,"clist.dat",2) <> 0
	? '"@serror" opening $clist'
	? "You must provide a list of target computers for this script to work."
	exit
endif

$temp = readline(1)
do
	if instr("$temp",",") <> 0
		$target = substr("$temp",1,instr("$temp",",")-1)
		$targetname = substr("$target",3,len("$target"))
		$temp = substr("$temp",len("$target")+2,len("$temp"))
		$targetadmin = substr("$temp",1,instr("$temp",",")-1) 
		$targetpassword = substr("$temp",len("$targetadmin")+2,len("$temp"))
	else
		$target = rtrim(substr($temp,1,23))
		$targetname = substr("$target",3,len("$target"))
		$targetadmin = ""
		$targetpassword = ""
	endif

	IF $targetadmin <> ""
		use "$target\ipc$$" /user:'$targetname\$targetadmin' /password:$targetPassword
	else
		use "$target\ipc$$"
	endif

	Select
		case @error = 0
			? "____ $target _________________________________________________________________________"
			Gosub Registry
			if $netxflag = 0
				Gosub Service
				Gosub Rights
				Gosub startstop
			else
				$nextflag = 0
			endif
		case @error <> 0
			? "Can't connect to $Target -OR- you have insufecent rights"
	endselect

	use "$target\ipc$" /delete

	$temp = readline(1)
until @error <> 0

exit
;-----------------------------------------------------------------------------

:Registry
$mintowait = rnd(59)
? $mintowait
if existkey("$target\$mcafeekey") = 0
	? "Registry: Mcafee is installed on $target"
	? "Registry: Modifying Automatic Product Upgrade on $target"
	$nul = writevalue("$target\$mcafeekey\$upgradekey",""				,'ftp.nai.com/pub/antivirus/datfiles/4.x',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bAnonymousLogin"		,'1'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bApplyNow"			,'1'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bDoUpdate"			,'0'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bLogToFile"			,'1'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bProxy"			,'0'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bRetrieveOnly"		,'0'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bSchedEnabled"		,'1'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bStartedByConsole"		,'0'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","bUpdateStoreAfter"		,'0'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","dwExitStatus"		,"17"		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","dwInternetAccessType"	,"3"		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","dwLastModified"		,"4"		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","dwProxyPort"		,'50'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","szFTPPassword"		,'user@@hostname',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","szFTPUserName"		,'anonymous',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","szProxy"			,'',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","szTaskName"			,'Automatic Product Upgrade',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","szUpdateShellScript"	,'',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","szUpdateStoreFolder"	,'C:\\Program Files\\Network Associates\\VirusScan NT\\Temp',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","szUpdateUNCLocation"	,'$MfdSDatLoc',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","szUpgradeCmd"		,'setup -s',"REG_SZ")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","uUpdateFrom"		,'1'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","wDate"			,'14'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","wFlags"			,"559"		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","wLastExec"			,'0'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","wTaskAttrib"		,'0'		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","wTaskType"			,"6"		,"REG_DWORD")
	$nul = writevalue("$target\$mcafeekey\$upgradekey","wTime"			,'$mintoWait'	,"REG_DWORD")

	? "Registry: Disabling Auto DAT Update on $target"
	$nul = writevalue("$target\$mcafeekey\$updatekey","bSchedEnabled"		,'0'		,"REG_DWORD")
else
	? "Registry: Mcafee is not installed on $target"
	$nextflag = 1
endif
return

;-----------------------------------------------------------------------------
:Service
shell '%comspec% /c xnet list $target\McTaskManager | find "Account" > $tempfile'
$nul = open(2,$tempfile,2) $data = readline(2) $nul = close (2) del $tempfile
Select
	case ltrim(substr("$data",8,len("$data"))) = $SAccount 
		? "SERVICE:  $target\$service already running under $saccount"
	case 1
		? "SERVICE:  Modifing $service on $target to run under $SAccount"
		? "SERVICE:  " shell '%comspec% /c xnet modify $target\$service /u:$SAccount /p:$SAccountPW'
endselect	
return

;-----------------------------------------------------------------------------
:Rights
shell '%comspec% /c ntuser -s $target lgroup show administrators | find /i "$SAccount">  $tempfile'
$nul = open(2,$tempfile,2) $data = readline(2) $nul = close (2) del $tempfile
Select
	Case len("$data") <> 0
		? "RIGHTS:   $SAccount already has Admin rights on $target"
	case 1
		? "RIGHTS:   Giving $SAccount Admin rights on $target"
		? "RIGHTS:   " shell '%comspec% /c ntuser -s $target lgroup append administrators $SAccount'
endselect

shell '%comspec% /c ntuser -s $target rights show $right | find /i "$SAccount">  $tempfile'
$nul = open(2,$tempfile,2) $data = readline(2) $nul = close (2) del $tempfile
Select
	Case len("$data") <> 0
		? "RIGHTS:   $SAccount has the rights $right on $target"
	case 1
		? "RIGHTS:   Giving $SAccount the rights $right on $target"
		? "RIGHTS:   " shell '%comspec% /c ntuser -s $target rights add $right $SAccount'
endselect
return

;-----------------------------------------------------------------------------
:StartStop
? "Stopping and restarting $service on $target"
? shell '%comspec% /c xnet stop $target\$service' 
do
	shell '%comspec% /c xnet list $target | find /i "$service" > $tempfile'
	$nul = open(2,$tempfile,2) $data = readline(2) $nul = close (2) del $tempfile
	"." sleep 1
until substr("$data",63,len("$data")) = "stopped"
? shell '%comspec% /c xnet start $target\$service' 
return


Bryce

[This message has been edited by Bryce (edited 18 October 2000).]