Page 1 of 1 1
Topic Options
#210609 - 2015-08-26 07:52 PM Don't run audit.exe when logging into any server
Thrasonic Offline
Fresh Scripter

Registered: 2011-08-15
Posts: 26
Loc: GA
Hi everyone. I've been trying for a couple of days to figure this one out and I'm stumped. I want to run BMC Track-It's audit.exe with the /Q parameter if a user logs into a desktop or laptop computer. I do not want it to run if they log into a terminal server. Right now this is not working, it runs no matter what they log into.

So far I've used this:
 Code:
;  - check if logon to Wintendo or WinNT
;  @InWin - 1 = Windows NT; 2 = Windows 9x 
;  - check if logon to Server or Workstation
;  PRODUCTTYPE - WinNT = Workstation, ServerNT = Member Server, LanmanNT = Domain Controller
;
IF @InWin = 1 ;Not Wintendo
	$PRODUCTTYPE = READVALUE("HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\PRODUCTOPTIONS","PRODUCTTYPE")
	;  if not Workstation, just exit without notice
	if $PRODUCTTYPE <> "WinNT"
		Exit 1
	ENDIF
ENDIF

which I got from Citrix and/or Terminal Server Client Collection

If I log into a PC it works as it should, meaning that the audit occurs. If I log into a server, however, the server ends up being audited and that is not what I want.

For testing I'm using 2 scripts. The first is a batch file that is placed in the logon script field of the Profile tab in the test user's Active Directory (AD) object. That script is named tiaudit.bat and it runs these commands:

 Code:
*************************************************************************************
if not exist %systemroot%\system32\kix32.exe copy \\Netfiles5\update$\utils\kix32.exe %systemroot%\system32\kix32.exe >nul
if not exist %systemroot%\system32\wkix32.exe copy \\Netfiles5\update$\utils\wkix32.exe %systemroot%\system32\wkix32.exe >nul

%systemroot%\system32\kix32.exe \\woodruffcenter.org\NETLOGON\tiaudit.kix
*************************************************************************************

The tiaudit.kix script looks like this:
 Code:
*************************************************************************************
IF @InWin = 1 ;Not Wintendo
	$PRODUCTTYPE = READVALUE("HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\PRODUCTOPTIONS","PRODUCTTYPE")
	;  if not Workstation, just exit without notice
	if $PRODUCTTYPE <> "WinNT"
		Exit 1
	ENDIF
ENDIF

run "\\servername\sharename\audit.exe /Q"
*************************************************************************************

What am I missing or doing wrong? I can't figure this out... 8(


Edited by Mart (2015-09-01 09:20 AM)
Edit Reason: Please use code tags when posting code.

Top
#210611 - 2015-08-26 11:35 PM Re: Don't run audit.exe when logging into any server [Re: Thrasonic]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
I use
 Code:
; Con=Direct Console, RDP=Terminal Server, or ICA=Citrix
$ConnType = Left(%SESSIONNAME%, 3)
, so if the result is "CON", you're NOT on a RDS/Citrix host.

Glenn

PS - use CODE tags!! \:\)
_________________________
Actually I am a Rocket Scientist! \:D

Top
#210612 - 2015-08-27 03:01 AM Re: Don't run audit.exe when logging into any server [Re: Glenn Barnas]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Pretty much the same code as what Glenn posted, but in a UDF.

SessionType() -
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=195471

How to use UDFs -
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=81943#Post81943

The rest of the UDFs are here -
http://www.kixtart.org/forums/ubbthreads.php?ubb=postlist&Board=7&page=1

Top
#210613 - 2015-08-27 02:51 PM Re: Don't run audit.exe when logging into any server [Re: Allen]
Thrasonic Offline
Fresh Scripter

Registered: 2011-08-15
Posts: 26
Loc: GA
Thank you both for the information. I'll give it a try and report back.
Top
#210614 - 2015-08-27 03:42 PM Re: Don't run audit.exe when logging into any server [Re: Glenn Barnas]
Thrasonic Offline
Fresh Scripter

Registered: 2011-08-15
Posts: 26
Loc: GA
Glenn, would you mind explaining how your 2 lines of code work? What they actually do? I'm having a hard time understanding it. Should it work if I just put this in my tiaudit.kix script:

; Con=Direct Console, RDP=Terminal Server, or ICA=Citrix
$ConnType = Left(%SESSIONNAME%, 3)

run "\\helpdesk\TrackIt8\audit.exe /Q"

I don't understand how the Con code ends up being the determining factor in deciding whether or not the run command below it is executed. That's where I'm lost. Sorry for the confusion. I'm not a coder... 8)

Top
#210615 - 2015-08-27 03:57 PM Re: Don't run audit.exe when logging into any server [Re: Glenn Barnas]
Thrasonic Offline
Fresh Scripter

Registered: 2011-08-15
Posts: 26
Loc: GA
Glenn, I just took a look at this:

http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=195460

which is what, I believe, Allan referenced in his post as it was the post at the link above that caused him to create the UDF "stuff" for everyone's use.

The real problem is that I'd say this stuff is above me. I don't understand it. Here's a snippet from your post in the link above:
 Code:
; Determine login type - direct, Terminal Server, or Citrix
; Con=Direct Console, RDP=Terminal Server, or ICA=Citrix
$ConnType = Left(%SESSIONNAME%, 3)
; Get list of connection types allowed to run login scripts
$Tag = ReadProfileString($INIFILE, 'COMMON', 'ConnType')
; If Connection Type Allow list is defined, current ConnType must be in list
If $Tag					; defined
  If Not InStr($Tag, $ConnType)		; if not in list
    DbgMsg('Invalid connection type - exiting.')
    Exit 0				; exit script
  EndIf
EndIf

I just can't grasp what this is doing, not entirely anyway. I don't know what in this needs to be changed for my own environment, assuming something needs to be changed/added.

Sorry for the confusion and lack of knowledge in this area. Any help you can offer would be great.


Edited by Mart (2015-09-01 09:21 AM)
Edit Reason: Please use code tags when posting code.

Top
#210616 - 2015-08-27 06:46 PM Re: Don't run audit.exe when logging into any server [Re: Thrasonic]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
You don't change UDFs, that's the beauty of them. Make sure to read the second link I provided "How to use UDFs".

Basically it should come down to a if statement...
 Code:
If SessionType="RDP"
  ;Do RDP Stuff
Endif

;Copy UDF at bottom of your script


or if using Glenn's example
 Code:
; Con=Direct Console, RDP=Terminal Server, or ICA=Citrix
$ConnType = Left(%SESSIONNAME%, 3)
if $ConnType="RDP"
  ;do RDP Stuff
endif

Top
#210617 - 2015-08-27 07:21 PM Re: Don't run audit.exe when logging into any server [Re: Allen]
Thrasonic Offline
Fresh Scripter

Registered: 2011-08-15
Posts: 26
Loc: GA
Allen, thanks for some more information. Here's what I have in my current test script:

 Code:
If SessionType="RDP"
  ;Do RDP Stuff
Endif

run "\\helpdesk\TrackIt8\audit.exe /Q"

Function SessionType()

	Dim $sessionname, $session

	$sessionname = ExpandEnvironmentVars(%sessionname%)
	$session = Left($sessionname, 3)
	Select
		Case $Session = "Con"
			$sessiontype = "Console session"
		Case $session = "RDP"
			$sessiontype = "Remote desktop session"
		Case $session = "ICA"
			$sessiontype = "Citrix ICA session"
		Case 1
			$sessiontype = "Unknown session type"
	EndSelect
EndFunction


Is there something I need to add/edit in order for this to work properly? As it is now the audit.exe runs no matter what I log into. I don't doubt there's something missing, but since I'm not a coder or much of a script writer I don't know what to put where.

EDIT: I guess what I need to know is how do I tell the kix script not to execute the line that runs audit.exe

EDIT: I just changed the first part of the script to the following:

 Code:
If SessionType="RDP"
  Exit
Endif


I was hoping it would exit the script and not execute the line that runs the audit.exe file, but it didn't work. I thought for sure that would do it...


Edited by Thrasonic (2015-08-27 07:29 PM)

Top
#210618 - 2015-08-27 10:06 PM Re: Don't run audit.exe when logging into any server [Re: Thrasonic]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Try
 Code:
If SessionType="RDP"
  Exit 0
Endif

Or possibly
 Code:
if SessionType="Con"
  ;add your code here
endif

Top
#210619 - 2015-08-27 11:29 PM Re: Don't run audit.exe when logging into any server [Re: Allen]
Thrasonic Offline
Fresh Scripter

Registered: 2011-08-15
Posts: 26
Loc: GA
Okay Allen, this is weird. If I use the following it doesn't run on a local PC or a RDP session into a server:

 Code:
If SessionType="Con"
  run "\\helpdesk\TrackIt8\audit.exe /Q"
Endif

Function SessionType()

	Dim $sessionname, $session

	$sessionname = ExpandEnvironmentVars(%sessionname%)
	$session = Left($sessionname, 3)
	Select
		Case $Session = "Con"
			$sessiontype = "Console session"
		Case $session = "RDP"
			$sessiontype = "Remote desktop session"
		Case $session = "ICA"
			$sessiontype = "Citrix ICA session"
		Case 1
			$sessiontype = "Unknown session type"
	EndSelect
EndFunction


If I use the following code, slightly changed from the code above, it runs when I log into a local PC and when I log into a server via RDP.

 Code:
If SessionType="RDP"
  Exit 0
Endif

run "\\helpdesk\TrackIt8\audit.exe /Q"

Function SessionType()

	Dim $sessionname, $session

	$sessionname = ExpandEnvironmentVars(%sessionname%)
	$session = Left($sessionname, 3)
	Select
		Case $Session = "Con"
			$sessiontype = "Console session"
		Case $session = "RDP"
			$sessiontype = "Remote desktop session"
		Case $session = "ICA"
			$sessiontype = "Citrix ICA session"
		Case 1
			$sessiontype = "Unknown session type"
	EndSelect
EndFunction


I'm a bit confused. It's almost like it's doing things backwards from how I imagine it will while at the same time it either runs on everything or it runs on nothing. Very strange behavior.

Top
#210620 - 2015-08-28 02:51 AM Re: Don't run audit.exe when logging into any server [Re: Thrasonic]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
Yikes!

When I first presented my example a long time back, it was suggested to convert it to a UDF.. Kind of pointless, I said, because it's just ONE LINE. My example returns the following:
"CON" - a login at the workstation (or server) console
"RDP" - a login using RDP protocol
"ICA" - a login using Citrix ICA protocol

So - if you want to run a command only on the console login (not RDS or ICA), you do the following:
 Code:
$ConnType = Left(%SESSIONNAME%, 3)
If $ConnType = "CON"
  ; do stuff...
EndIf
This compares a specific login type with the type detected. Very straightforward. In this case, the UDF is not only excessive, it complicates matters by changing a single 3-char ID into a text string that, while being human readable, doesn't make the logic any easier.

Let's look at a different example - you want to run only if on an RDS or ICA remote terminal session but not a workstation login:
 Code:
$ConnType = Left(%SESSIONNAME%, 3)
If InStr('ICARDP', $ConnType)
  ; do stuff...
EndIf
This compares the type detected with two or more possible matches, in this case ICA and RDP.

Just replace the "Do stuff..." line with your code.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#210621 - 2015-08-28 02:57 AM Re: Don't run audit.exe when logging into any server [Re: Thrasonic]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
I see why now... run this code to see why.

 Code:
? "SessionType=" + SessionType()


Warning, Spoiler:

The function is returning more verbose responses than just Con, RDP, etc... ie it is returning Console Session, Remote Desktop Session, etc.

Top
#210622 - 2015-08-28 03:10 AM Re: Don't run audit.exe when logging into any server [Re: Allen]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
I don't see why a one line function would be treated any differently than a multi line function, but for the most part everything we do around here centers around putting things in a UDF, so its easily deployed, documented, and if for no other reason easier makes the code easier to read.
Top
#210623 - 2015-08-28 01:22 PM Re: Don't run audit.exe when logging into any server [Re: Allen]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
Well, $Val = Code vs $Val - Func() saves nothing and actually increases the amount of code, even if just the function, endfunction, and exit statements are considered. I guess what bothered me was that my original code from 4/2009 (original post) returned a unique, short identifier from a text string. The function, which used my code and purported to do the same thing actually takes the simple logic that identifies the connection string and adds a fair amount of code to return an even longer string, which must then be parsed using additional code. While this function might be good to display a message about the connection type, it doesn't provide the simple connection identification that the original code statement did.

I actually could have returned a single char for identification, but 3 chars allowed use of the standards "CON", "RDP", and "ICA" that were easily identified visually and were also simply parsed, as I illustrated above. As you've seen here, using that function resulted in additional confusion due to the verbose messages returned.

As for UDF and documentation, I hear you - my code generally has a 1.3:1 or better comment to code ratio, between many individual comments and the detailed function headers. This, however, was documented in one line in my original response in this thread - the value assigned will have one of three 3-character terms.

Finally, I'm not against a "one line" function, but to be practical, it should be something that's complex or possibly obscure logic so that you don't have to try to reinvent a wheel or research how to get it done each time you need it. This is a simple Left() command of a standard variable - would you convert all such simple statements to functions? I wouldn't.. I also wouldn't approve this in a code review of my team's projects. This would not be called multiple times, does not represent a complex construct, and its use does not clarify the process being performed.

Of course, this is my opinion, and has been for some time on this topic.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#210624 - 2015-08-28 03:30 PM Re: Don't run audit.exe when logging into any server [Re: Glenn Barnas]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Just to make clear I'm not upset or trying to attack... all the respect to you Glenn, we have been friends for a long time.

One thing I will say about the UDFs is, if you don't take ownership of it, this is the kind of thing that happens. I was EXPECTING the UDF to do exactly what your code did, and had to stop and look at how it was changed to see the difference.

Top
#210625 - 2015-08-28 03:50 PM Re: Don't run audit.exe when logging into any server [Re: Glenn Barnas]
Thrasonic Offline
Fresh Scripter

Registered: 2011-08-15
Posts: 26
Loc: GA
Glenn, that short snippet of code seems to have done the trick. I've tested it multiple times and it's working just as I need it to - the audit.exe runs only when someone logs into a system at the console and doesn't run at all if you log into a system via RDP. Thanks for your help with this.
Top
#210628 - 2015-08-28 07:06 PM Re: Don't run audit.exe when logging into any server [Re: Thrasonic]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
Thrasonic - glad it worked, & thanks for the feedback!

Allen - no offense taken or attack perceived - or provoked.. just putting my thoughts out there.

You know I'm usually pretty flexible, but I've discussed this in the past, before Mart created his UDF, and my feeling about this being a UDF vs a code snippet haven't changed. \:\)

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#210630 - 2015-08-28 09:20 PM Re: Don't run audit.exe when logging into any server [Re: Glenn Barnas]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Big difference Glenn. If you don't know how to do it. Don't know what you're looking for exactly then having a UDF is easily found. :-) Have to do a lot of searching to find your code vs looking in the UDF section.

LOL , but I hear ya.

Top
#210632 - 2015-08-28 10:43 PM Re: Don't run audit.exe when logging into any server [Re: NTDOC]
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Easily found.... when it is stored here.
Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 382 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.075 seconds in which 0.026 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org