#210609 - 2015-08-26 07:52 PM
Don't run audit.exe when logging into any server
|
Thrasonic
Fresh Scripter
Registered: 2011-08-15
Posts: 26
Loc: GA
|
Hi everyone. I've been trying for a couple of days to figure this one out and I'm stumped. I want to run BMC Track-It's audit.exe with the /Q parameter if a user logs into a desktop or laptop computer. I do not want it to run if they log into a terminal server. Right now this is not working, it runs no matter what they log into.
So far I've used this:
; - check if logon to Wintendo or WinNT
; @InWin - 1 = Windows NT; 2 = Windows 9x
; - check if logon to Server or Workstation
; PRODUCTTYPE - WinNT = Workstation, ServerNT = Member Server, LanmanNT = Domain Controller
;
IF @InWin = 1 ;Not Wintendo
$PRODUCTTYPE = READVALUE("HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\PRODUCTOPTIONS","PRODUCTTYPE")
; if not Workstation, just exit without notice
if $PRODUCTTYPE <> "WinNT"
Exit 1
ENDIF
ENDIF
which I got from Citrix and/or Terminal Server Client Collection
If I log into a PC it works as it should, meaning that the audit occurs. If I log into a server, however, the server ends up being audited and that is not what I want.
For testing I'm using 2 scripts. The first is a batch file that is placed in the logon script field of the Profile tab in the test user's Active Directory (AD) object. That script is named tiaudit.bat and it runs these commands:
*************************************************************************************
if not exist %systemroot%\system32\kix32.exe copy \\Netfiles5\update$\utils\kix32.exe %systemroot%\system32\kix32.exe >nul
if not exist %systemroot%\system32\wkix32.exe copy \\Netfiles5\update$\utils\wkix32.exe %systemroot%\system32\wkix32.exe >nul
%systemroot%\system32\kix32.exe \\woodruffcenter.org\NETLOGON\tiaudit.kix
*************************************************************************************
The tiaudit.kix script looks like this:
*************************************************************************************
IF @InWin = 1 ;Not Wintendo
$PRODUCTTYPE = READVALUE("HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\PRODUCTOPTIONS","PRODUCTTYPE")
; if not Workstation, just exit without notice
if $PRODUCTTYPE <> "WinNT"
Exit 1
ENDIF
ENDIF
run "\\servername\sharename\audit.exe /Q"
*************************************************************************************
What am I missing or doing wrong? I can't figure this out... 8(
Edited by Mart (2015-09-01 09:20 AM) Edit Reason: Please use code tags when posting code.
|
Top
|
|
|
|
#210612 - 2015-08-27 03:01 AM
Re: Don't run audit.exe when logging into any server
[Re: Glenn Barnas]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
|
Top
|
|
|
|
#210615 - 2015-08-27 03:57 PM
Re: Don't run audit.exe when logging into any server
[Re: Glenn Barnas]
|
Thrasonic
Fresh Scripter
Registered: 2011-08-15
Posts: 26
Loc: GA
|
Glenn, I just took a look at this:
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=195460
which is what, I believe, Allan referenced in his post as it was the post at the link above that caused him to create the UDF "stuff" for everyone's use.
The real problem is that I'd say this stuff is above me. I don't understand it. Here's a snippet from your post in the link above:
; Determine login type - direct, Terminal Server, or Citrix
; Con=Direct Console, RDP=Terminal Server, or ICA=Citrix
$ConnType = Left(%SESSIONNAME%, 3)
; Get list of connection types allowed to run login scripts
$Tag = ReadProfileString($INIFILE, 'COMMON', 'ConnType')
; If Connection Type Allow list is defined, current ConnType must be in list
If $Tag ; defined
If Not InStr($Tag, $ConnType) ; if not in list
DbgMsg('Invalid connection type - exiting.')
Exit 0 ; exit script
EndIf
EndIf
I just can't grasp what this is doing, not entirely anyway. I don't know what in this needs to be changed for my own environment, assuming something needs to be changed/added.
Sorry for the confusion and lack of knowledge in this area. Any help you can offer would be great.
Edited by Mart (2015-09-01 09:21 AM) Edit Reason: Please use code tags when posting code.
|
Top
|
|
|
|
#210616 - 2015-08-27 06:46 PM
Re: Don't run audit.exe when logging into any server
[Re: Thrasonic]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
You don't change UDFs, that's the beauty of them. Make sure to read the second link I provided "How to use UDFs".
Basically it should come down to a if statement...
If SessionType="RDP"
;Do RDP Stuff
Endif
;Copy UDF at bottom of your script
or if using Glenn's example
; Con=Direct Console, RDP=Terminal Server, or ICA=Citrix
$ConnType = Left(%SESSIONNAME%, 3)
if $ConnType="RDP"
;do RDP Stuff
endif
|
Top
|
|
|
|
#210617 - 2015-08-27 07:21 PM
Re: Don't run audit.exe when logging into any server
[Re: Allen]
|
Thrasonic
Fresh Scripter
Registered: 2011-08-15
Posts: 26
Loc: GA
|
Allen, thanks for some more information. Here's what I have in my current test script:
If SessionType="RDP"
;Do RDP Stuff
Endif
run "\\helpdesk\TrackIt8\audit.exe /Q"
Function SessionType()
Dim $sessionname, $session
$sessionname = ExpandEnvironmentVars(%sessionname%)
$session = Left($sessionname, 3)
Select
Case $Session = "Con"
$sessiontype = "Console session"
Case $session = "RDP"
$sessiontype = "Remote desktop session"
Case $session = "ICA"
$sessiontype = "Citrix ICA session"
Case 1
$sessiontype = "Unknown session type"
EndSelect
EndFunction
Is there something I need to add/edit in order for this to work properly? As it is now the audit.exe runs no matter what I log into. I don't doubt there's something missing, but since I'm not a coder or much of a script writer I don't know what to put where.
EDIT: I guess what I need to know is how do I tell the kix script not to execute the line that runs audit.exe
EDIT: I just changed the first part of the script to the following:
If SessionType="RDP"
Exit
Endif
I was hoping it would exit the script and not execute the line that runs the audit.exe file, but it didn't work. I thought for sure that would do it...
Edited by Thrasonic (2015-08-27 07:29 PM)
|
Top
|
|
|
|
#210618 - 2015-08-27 10:06 PM
Re: Don't run audit.exe when logging into any server
[Re: Thrasonic]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
Try
If SessionType="RDP"
Exit 0
Endif
Or possibly
if SessionType="Con"
;add your code here
endif
|
Top
|
|
|
|
#210619 - 2015-08-27 11:29 PM
Re: Don't run audit.exe when logging into any server
[Re: Allen]
|
Thrasonic
Fresh Scripter
Registered: 2011-08-15
Posts: 26
Loc: GA
|
Okay Allen, this is weird. If I use the following it doesn't run on a local PC or a RDP session into a server:
If SessionType="Con"
run "\\helpdesk\TrackIt8\audit.exe /Q"
Endif
Function SessionType()
Dim $sessionname, $session
$sessionname = ExpandEnvironmentVars(%sessionname%)
$session = Left($sessionname, 3)
Select
Case $Session = "Con"
$sessiontype = "Console session"
Case $session = "RDP"
$sessiontype = "Remote desktop session"
Case $session = "ICA"
$sessiontype = "Citrix ICA session"
Case 1
$sessiontype = "Unknown session type"
EndSelect
EndFunction
If I use the following code, slightly changed from the code above, it runs when I log into a local PC and when I log into a server via RDP.
If SessionType="RDP"
Exit 0
Endif
run "\\helpdesk\TrackIt8\audit.exe /Q"
Function SessionType()
Dim $sessionname, $session
$sessionname = ExpandEnvironmentVars(%sessionname%)
$session = Left($sessionname, 3)
Select
Case $Session = "Con"
$sessiontype = "Console session"
Case $session = "RDP"
$sessiontype = "Remote desktop session"
Case $session = "ICA"
$sessiontype = "Citrix ICA session"
Case 1
$sessiontype = "Unknown session type"
EndSelect
EndFunction
I'm a bit confused. It's almost like it's doing things backwards from how I imagine it will while at the same time it either runs on everything or it runs on nothing. Very strange behavior.
|
Top
|
|
|
|
#210620 - 2015-08-28 02:51 AM
Re: Don't run audit.exe when logging into any server
[Re: Thrasonic]
|
Glenn Barnas
KiX Supporter
Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
|
Yikes!
When I first presented my example a long time back, it was suggested to convert it to a UDF.. Kind of pointless, I said, because it's just ONE LINE. My example returns the following: "CON" - a login at the workstation (or server) console "RDP" - a login using RDP protocol "ICA" - a login using Citrix ICA protocol
So - if you want to run a command only on the console login (not RDS or ICA), you do the following:$ConnType = Left(%SESSIONNAME%, 3)
If $ConnType = "CON"
; do stuff...
EndIf This compares a specific login type with the type detected. Very straightforward. In this case, the UDF is not only excessive, it complicates matters by changing a single 3-char ID into a text string that, while being human readable, doesn't make the logic any easier.
Let's look at a different example - you want to run only if on an RDS or ICA remote terminal session but not a workstation login:$ConnType = Left(%SESSIONNAME%, 3)
If InStr('ICARDP', $ConnType)
; do stuff...
EndIf This compares the type detected with two or more possible matches, in this case ICA and RDP.
Just replace the "Do stuff..." line with your code.
Glenn
_________________________
Actually I am a Rocket Scientist!
|
Top
|
|
|
|
#210623 - 2015-08-28 01:22 PM
Re: Don't run audit.exe when logging into any server
[Re: Allen]
|
Glenn Barnas
KiX Supporter
Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
|
Well, $Val = Code vs $Val - Func() saves nothing and actually increases the amount of code, even if just the function, endfunction, and exit statements are considered. I guess what bothered me was that my original code from 4/2009 (original post) returned a unique, short identifier from a text string. The function, which used my code and purported to do the same thing actually takes the simple logic that identifies the connection string and adds a fair amount of code to return an even longer string, which must then be parsed using additional code. While this function might be good to display a message about the connection type, it doesn't provide the simple connection identification that the original code statement did.
I actually could have returned a single char for identification, but 3 chars allowed use of the standards "CON", "RDP", and "ICA" that were easily identified visually and were also simply parsed, as I illustrated above. As you've seen here, using that function resulted in additional confusion due to the verbose messages returned.
As for UDF and documentation, I hear you - my code generally has a 1.3:1 or better comment to code ratio, between many individual comments and the detailed function headers. This, however, was documented in one line in my original response in this thread - the value assigned will have one of three 3-character terms.
Finally, I'm not against a "one line" function, but to be practical, it should be something that's complex or possibly obscure logic so that you don't have to try to reinvent a wheel or research how to get it done each time you need it. This is a simple Left() command of a standard variable - would you convert all such simple statements to functions? I wouldn't.. I also wouldn't approve this in a code review of my team's projects. This would not be called multiple times, does not represent a complex construct, and its use does not clarify the process being performed.
Of course, this is my opinion, and has been for some time on this topic.
Glenn
_________________________
Actually I am a Rocket Scientist!
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
1 registered
(Allen)
and 382 anonymous users online.
|
|
|