#66840 - 2002-06-12 11:28 PM
Change Management Process - RFC
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
We are preparing a rollout of Kixtart 4.x to our enterprise. We have a Change Management process in place to have changes to our servers/clients, so that we are (1)Held accountable (2)We have a backout process (3)We are under scrutiny (Auditors).
Anyway, here is the information I submitted for tomorrow's meeting. Any comments/ideas are welcome.
Description of Change:
Ongoing PCM..
This will affect the following files:
KIX32.EXE - KIXTART executable > KiX2001.402 Once 4.10 gets out of "Release Candidate" status, take the KIX32.EXE file to this new version.
KX16.DLL - DLL Needed for 9x clients
KX32.DLL - DLL Needed for 9x clients
KX95.DLL - DLL Needed for 9x clients
KXRPC.EXE - Executable needed for the Domain Controllers for Win9x compatibility, runs as a service.
NTLOGON.BAT - Common Batch file
KIXTART.KIX - Main Company Logon script
KIXTARTM.KIX - Sub-Company Logon script
This may affect the following files (Sub-Company -specific):
CITRIX.KIX - Citrix Configuration script
DEFPRTR.KIX - Default Printer Script
NOGAMES.KIX - Removes common Windows Games from the system
OLCFG.KIX - Configures Outlook
Phase 1
Initial rollout of Kixtart 4.10 (KIX32.EXE or executable) to IT Network Engineering/Network Engineering. This will be done on client login via the NTLOGON.BAT file.
Phase 2
Update NTLOGON.BAT to be "Windows XP Friendly"
Using MS "Q" Article - http://support.microsoft.com/default.aspx?scid=kb;en-us;Q318689
Phase 3
Update all clients/servers across The Enterprise to use Kixtart 4.10. This will be done on client login via the NTLOGON.BAT file.
Phase 4
Use Kixtart across all clients/servers
On servers, there are detection pieces we can use where if you login, it will leave. No need for the use of GETTYPE.EXE from the Resource kit.
Phase 5
Go through the KIXTARTM.KIX file and update groups/procedures to be up-to-date with changes that have been made in the systems.
We will want to insure that all clients are functioning properly before implementing any COM, ADSI, etc. before using it within the scripts
Impact of Change:
With Kixtart 4.x, you will gain the ability to use COM,ADSI,WMI, etc. There are also enhanced components to detect servers, etc.
Back-out Procedure:
Create copies of the scripts and revert to version 3.63 of Kixtart (currently in production). The executable KIX32.EXE can be brought back from the logon share. Alternatively, the KIX32.EXE from version 3.63 could be renamed to be KIX32.363 on the client workstation and if needed, a Support Agent could rename this file back to be KIX32.EXE locally.
Thank you,
Kent Dyer
|
|
Top
|
|
|
|
|
#66843 - 2002-06-12 11:39 PM
Re: Change Management Process - RFC
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Doc,
Thanks for the comments. That was the original intent. I did see a pretty cool batch script site last night which may have some stuff to help in this process. The point being, once we get everybody over to Kixtart 4.x, we will be able to go away from all of the extra Resource Kit tools.
Anyway, here is the site - http://home.mnet-online.de/horst.muc/horst.htm
Thanks again,
Kent
|
|
Top
|
|
|
|
|
#66844 - 2002-06-12 11:39 PM
Re: Change Management Process - RFC
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
have tested all your code so that it is kix 4 compliant?
It handles and interprets a few things different than 3.6. The logic is the same, just some of the syntax may need to be touched up... I had a few spots where my sloppy code didn't like the new engine.
you may also want to keep you old script available and do a @kix in front to make sure they client actually has ver 4, the copy might fail or timeout or whatever...
[ 12 June 2002, 23:41: Message edited by: Radimus ]
|
|
Top
|
|
|
|
|
#66845 - 2002-06-12 11:45 PM
Re: Change Management Process - RFC
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Rad,
I will be creating back-ups of the scripts, exes, etc. I will be testing this thoroughly before implementation.
Anyway, that is why the "phases."
One question: If you update KXRPC on the server from Kix 4.x, is it backward compatible with 3.63 on the client? I know for example, the DLLs in 4.10 are 3.63, where previous versions are 3.60.
Kent
[ 12 June 2002, 23:46: Message edited by: kdyer ]
|
|
Top
|
|
|
|
|
#66847 - 2002-06-12 11:51 PM
Re: Change Management Process - RFC
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
I read something about backward compatability.. but I didn't pay any attention as I don't have ANY wintendo (out of 2000 pcs and laptops) ![[Big Grin]](images/icons/grin.gif) ![[Smile]](images/icons/smile.gif) ![[Cool]](images/icons/cool.gif) ![[Wink]](images/icons/wink.gif) and almost 100% win2k (up from NT)
Look for Ruuds comments in Beta
|
|
Top
|
|
|
|
|
#66848 - 2002-06-13 12:02 AM
Re: Change Management Process - RFC
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
When I took 40,000 seats to 4.02, I used two complete sets of batch files and Kixtart code. I setup a test domain and copied all the current code to the netlogon share. Then placed 4.02 binaries on the netlogon share. I created accounts for all the local admins that wanted to test their and configured the account to execute the scripts.
They were responsible to test their code. After a reasonable amount of time the they had to identify any issue that the current code had with 4.02. Then the code on the server was updated to resolve those issues.
This code was setup in parallel with the current production scripts on the production domain. Then I changed 1,000 accounts every night for five days monitoring help desk calls during the week. (Very few came in.)
After that week I then started changing 5,000 per night until all accounts were running the new binaries with the slightly modified (if at all) code.
Then after a week I started changing the accounts again to execute the 4.02 binaries with the 4.02 specific KiXtart code.
I use a CRC32 check to verify that the binaries I want are on the client. I do not rely on "xcopy /d". I can back version or update any single file using this method. I also maintain different versions of KiXtart on the server in different directories. I can take the whole corporation to 4.10rc2 this morning and have then revert at the next logon by a small edit to my batch file.
The same batch can also execute two different version of Kix code based on a flag file on the client. Using this methodolgy, you test your new code on any computer as desired without changing an account.
[ 13 June 2002, 00:03: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#66850 - 2002-06-13 12:35 AM
Re: Change Management Process - RFC
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Howard/Chris,
Very interesting information. I will use some of these ideas.
One thing I would like to pin down is the VPN vs. LAN traffic. It would be helpful to nail this down because when you login from a VPN connection, it is very slow. In fact, I have pulled myself from using a login script so when I am at home it does not run.
Thanks again,
Kent
|
|
Top
|
|
|
|
|
#66851 - 2002-06-13 12:41 AM
Re: Change Management Process - RFC
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
What is your VPN connection speeds? Every client executes my script dialup included. I happen to have broadband at home but used to execute it every night over dialup.
I cache all the binaries and 90%+ of the code locally on the client. The files are CRC32 checked and updated if the user damages them.
A network traffic capture (Netmon.exe) of the logon script execution:
Total capture
#Frames: 958
#Bytes: 224,158
Client Bytes rcvd: 55,083
Client Bytes sent: 168,790
Only 4,986 bytes is logon script code. (+protocol wrapper)
If I remember correctly, my less functional 3.62 script caused ~350,000 bytes of traffic.
Here is tonight's logon.log.
quote:
Start logon script batch file
The current date is: Wed 06/12/2002
Enter the new date: (mm-dd-yy)
The current time is: 18:33:30.76
Enter the new time:
PROCESSOR_ARCHITECTURE=x86
CRC: C:\DOCUME~1\adminhab\LOCALS~1\Temp\CRC32.exe
CRC and Filesize Matched
CRC: C:\DOCUME~1\adminhab\LOCALS~1\Temp\kix32.exe
CRC and Filesize Matched
CRC: C:\DOCUME~1\adminhab\LOCALS~1\Temp\Libr-prd.kix
CRC and Filesize Matched
CRC: C:\DOCUME~1\adminhab\LOCALS~1\Temp\Corp-prd.kix
CRC and Filesize Matched
C:\DOCUME~1\adminhab\LOCALS~1\Temp\kix32.exe \\AMBDC006\NETLOGON\corp\corp-prd.bat\..\boot-prd.kix $Script=corp $SPath=C:\DOCUME~1\adminhab\LOCALS~1\Temp
2002/06/12 18:33:38 - Returned from C:\DOCUME~1\adminhab\LOCALS~1\Temp\Libr-prd.kix
2002/06/12 18:33:38 - Calling C:\DOCUME~1\adminhab\LOCALS~1\Temp\corp-prd.kix
2002/06/12 18:33:38 - Executing C:\DOCUME~1\adminhab\LOCALS~1\Temp\corp-prd.kix
2002/06/12 18:33:39 - Start Macros
2002/06/12 18:33:45 - End Macros
2002/06/12 18:33:45 - Start Corp-prd.kix Version: 4.15
2002/06/12 18:33:45 - Kixtart Version: 4.02
2002/06/12 18:33:45 - OS Suite: 0
2002/06/12 18:33:45 - OS Suite: Small Business = 0
2002/06/12 18:33:45 - OS Suite: Enterprise = 0
2002/06/12 18:33:45 - OS Suite: BackOffice = 0
2002/06/12 18:33:45 - OS Suite: CommunicationServer = 0
2002/06/12 18:33:45 - OS Suite: Terminal Server = 0
2002/06/12 18:33:45 - OS Suite: Small Business (Restricted) = 0
2002/06/12 18:33:45 - OS Suite: Embedded NT = 0
2002/06/12 18:33:45 - OS Suite: DataCenter = 0
2002/06/12 18:33:45 - OS Suite: Single User Terminal Server = 0
2002/06/12 18:33:45 - OS Suite: Home Edition = 0
2002/06/12 18:33:45 - OS Suite: Blade Server = 0
2002/06/12 18:33:45 - ProductType : Windows 2000 Professional
2002/06/12 18:33:45 - OS Version : 5.0
2002/06/12 18:33:45 - CSD : Service Pack 2
2002/06/12 18:33:45 - General OS : WinNT
2002/06/12 18:33:45 - User Language : 0409English
2002/06/12 18:33:45 - System Language : 0409English
2002/06/12 18:33:45 - Network Software Ver: 5.0
2002/06/12 18:33:45 - Working Network Data are the values used for calculating the logical subnet.
2002/06/12 18:33:45 - Working IP Address : 192.168.0.101
2002/06/12 18:33:45 - Working Subnet Mask: 255.255.255.0
2002/06/12 18:33:45 - Working Gateway : 192.168.0.1
2002/06/12 18:33:45 - Working MAC Address: 0000864A995F
2002/06/12 18:33:45 - These IP values are provided via EnumIPinfo() for trouble shooting purposes.
2002/06/12 18:33:45 - 0:IP Address.........: 192.168.0.101
2002/06/12 18:33:45 - 0:Subnet Mask........: 255.255.255.0
2002/06/12 18:33:45 - 0:Adapter Description: 3Com 10/100 Mini PCI Ethernet Adapter
2002/06/12 18:33:45 - 0:Default Gateway....: 192.168.0.1
2002/06/12 18:33:45 - 1:IP Address.........:
2002/06/12 18:33:45 - 1:Subnet Mask........:
2002/06/12 18:33:45 - 1:Adapter Description:
2002/06/12 18:33:45 - 1:Default Gateway....:
2002/06/12 18:33:45 -
2002/06/12 18:33:45 - Host Name........: bullockha.us.tycoelectronics.com
2002/06/12 18:33:45 - Domain...........: US-TYCO-E
2002/06/12 18:33:45 - Windows 2000 Site: FMR-HBG-PA-US
2002/06/12 18:33:45 - RAS Sessions.....: 0
2002/06/12 18:33:45 - VPN Session......: N/A
2002/06/12 18:33:45 - User.............: AdminHAB
2002/06/12 18:33:45 - Full Name........: Bullock, Howard A.
2002/06/12 18:33:45 - Logon Server.....: \\AMBDC006
2002/06/12 18:33:45 - Logon Domain.....: AMP01
2002/06/12 18:33:45 - Computer Name....: BULLOCKHA
2002/06/12 18:33:45 - Home Directory Server: twister
2002/06/12 18:33:45 - Home Share Name......: adminhab$
2002/06/12 18:33:45 - Success: Open(2, \\AMBDC006\netlogon\corp\legalmsg\0409.txt, 2)
2002/06/12 18:33:45 - Wrote legal message to registry.
2002/06/12 18:33:45 - NAI: Found NAI product version (4.5.1.1306) in HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan, szCurrentVersionNumber
2002/06/12 18:33:45 - NAI: VirusScan version is OK, Current = 4.5.1.1306, Expected = 4.5.1
2002/06/12 18:33:45 - Calling \\AMBDC006\netlogon\region\subnets\192.168.0.0.kix
2002/06/12 18:33:45 - File Not Found: \\AMBDC006\netlogon\region\subnets\192.168.0.0.kix
2002/06/12 18:33:45 - Entered subroutine SMS
2002/06/12 18:33:45 - SMS: Current Date=20020612; SmsStartDate=0; Offset=1
2002/06/12 18:33:46 - SMS: Returned from \\AMBDC006\netlogon\corp\sms\smsls.bat RC:0
2002/06/12 18:33:46 - SMS: TravelMode is currently set to:262145
2002/06/12 18:33:46 - SMS: TravelMode has been changed to:262145 ReturnCode=0
2002/06/12 18:33:46 - Calling \\AMBDC006\netlogon\region\region.kix
2002/06/12 18:33:46 - File Not Found: \\AMBDC006\netlogon\region\region.kix
2002/06/12 18:33:47 - Connecting H: to \\twister\adminhab$ - Success
2002/06/12 18:33:48 - LookupADname: (3, '', 3, 'US-TYCO-E\BULLOCKHA$', 1, 'CN=BULLOCKHA,OU=test,OU=9826,OU=NCS,OU=Machines,DC=us,DC=tycoelectronics,DC=com')
2002/06/12 18:33:48 - Searching for [*-prd.asc | *-prd.kix] in \\amdc005.us.tycoelectronics.com\netlogon
2002/06/12 18:33:49 - Searching for [*-prd.asc | *-prd.kix] in \\amdc005.us.tycoelectronics.com\netlogon\Machines
2002/06/12 18:33:50 - Searching for [*-prd.asc | *-prd.kix] in \\amdc005.us.tycoelectronics.com\netlogon\Machines\NCS
2002/06/12 18:33:50 - Executing \\amdc005.us.tycoelectronics.com\netlogon\Machines\NCS\NCS-prd.kix
2002/06/12 18:33:51 - NCSE Customer: No
2002/06/12 18:33:51 - Connecting L: to \\twister\apps - Success
2002/06/12 18:33:51 - Connecting N: to \\twister\data - Success
2002/06/12 18:33:51 - Connecting P: to \\twister\PublicTemp - Success
2002/06/12 18:33:51 - Connecting R: to \\twister\ENGapps - Success
2002/06/12 18:33:51 - Connecting T: to \\twister\AMPapps - Success
2002/06/12 18:33:51 - Returned from \\amdc005.us.tycoelectronics.com\netlogon\Machines\NCS\NCS-prd.kix
2002/06/12 18:33:51 - Searching for [*-prd.asc | *-prd.kix] in \\amdc005.us.tycoelectronics.com\netlogon\Machines\NCS\9826
2002/06/12 18:33:52 - Searching for [*-prd.asc | *-prd.kix] in \\amdc005.us.tycoelectronics.com\netlogon\Machines\NCS\9826\test
2002/06/12 18:33:53 - Calling \\AMBDC006\netlogon\Sites\FMR-HBG-PA-US-prd.kix
2002/06/12 18:33:53 - File Not Found: \\AMBDC006\netlogon\Sites\FMR-HBG-PA-US-prd.kix
2002/06/12 18:33:53 - Calling \\AMBDC006\netlogon\region\AdminHAB.kix
2002/06/12 18:33:53 - File Not Found: \\AMBDC006\netlogon\region\AdminHAB.kix
2002/06/12 18:33:53 - Calling C:\local.kix
2002/06/12 18:33:53 - File Not Found: C:\local.kix
2002/06/12 18:33:53 - Calling H:\user.kix
2002/06/12 18:33:53 - Executing H:\user.kix
2002/06/12 18:33:54 - Connecting I: to \\bullpup\c$ - Success
2002/06/12 18:33:55 - Connecting J: to \\nighthawk\c$ - Success
2002/06/12 18:33:55 - BlankLastLoggedOnUser(AltDefaultUserName) Error 0 writing to registry
2002/06/12 18:33:55 - BlankLastLoggedOnUser(DefaultUserName) Error 0 writing to registry
2002/06/12 18:33:55 - Returned from H:\user.kix
2002/06/12 18:33:55 - Exiting Corp-prd.kix
2002/06/12 18:33:55 - Returned from C:\DOCUME~1\adminhab\LOCALS~1\Temp\corp-prd.kix
2002/06/12 18:33:55 - Exit Boot-prd.kix
End of corp-prd.bat
[ 13 June 2002, 01:49: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
#66852 - 2002-06-13 02:42 AM
Re: Change Management Process - RFC
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Howard,
Our VPN Users are on a combination of dial-up (56K) and DSL (384K). Since I have been away from the script world for some time (last September being full time). I have moved back in to this role again (no longer a DBA ![[Frown]](images/icons/frown.gif) ).. However, my first choice would be troubleshooting, scripting, etc.
I will let you know what I find out.
Good to be back.
Kent
|
|
Top
|
|
|
|
|
#66853 - 2002-06-17 08:14 AM
Re: Change Management Process - RFC
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
It looks like a re-write of the scripts with some of the underlying structure within.
Couple of ideas that I am bouncing around..
(1) Use arrays or similar methodologies for Group detection.. I can envision the SELECT CASE INGROUP.. ENDSELECT getting rather large and cumbersome.
(2) One of the things that we have started to do is to use IP-Proximity checking. However, the problem is if you login from Administration or Underwriting, the printers should not be the same.
The thought process should be:
- Setup a "common" section that all users get routines to fit all machines.
- Use the IP Detection to filter out Site or Regional Operation Center.
- Based on the Group Detection, Detect the need for printers and other departmental needs.
I know that Shawn was part of a modular login script and maybe that would be the better solution?
Any other thoughts?
Thank you,
Kent
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
1 registered
(Allen)
and 483 anonymous users online.
|
|
|
