Windows scripting

[Giraffe }{unter]

where can I find info on how to disable a service with a windows script?

I need to stop and disable the windows Security Center Service after deployment of XP SP2.

The script will be invoked at the end of the SP2 install via a batch file. Unless anyone knows a way to modify registry entries using a batch file.

I cannot use the "regedit.exe /s regfile.reg" in the batch file because the batch file is running from another bach file witin a shell that does not allow it to find the regfile.reg file...

Code: Select all

;Disable Security Center
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000004

[PhoeniX]

sc config wscsvc start= disabled

[PhoeniX]

a simple bat file with a NET STOP cmd will do the trick

That would just stop it for the current session wouldn't it? The one I just posted should disable it completely.

[4days]

if you don't have the service control thing, you could echo the registry file from the bat file before running it, eg:

echo Windows Registry Editor Version 5.00 > temp.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\MyApp] >> temp.reg

[Giraffe }{unter]

sc config wscsvc start= disabled

@echo=off

sc stop wscsvc
SC config wscsvc start= disabled

did the trick, I completly forgot about that thanks...


Now that th test phase worked I am going to deploy it with
Service Pack 2
the XML file to disable the firewall
and the batch file to run after reboot.

We'll see what happens in an hour... :icon32:

[PhoeniX]

Good luck .

That reminds me, I really need to sort out a custom XP install as I install so many copies for people with usually the same programs. One which puts on office and several other programs too. You have much experience doing that?

[R00k]

Good luck .

That reminds me, I really need to sort out a custom XP install as I install so many copies for people with usually the same programs. One which puts on office and several other programs too. You have much experience doing that?

You should find most of what you're looking for here man:
http://www.extremeoverclocking.com/arti ... ide_1.html

Plus some extra background/tools here:
http://old.bink.nu/bootcd/

[Giraffe }{unter]

I originally tried, but we have far to many different computer types and all of them come with XP pro pre installed. We open the box and create a local drive image.

I setup a Deployment server (Track-It! Deploy) that enters computers into groups. if a computer meets a certain criteria it goes into the group and an action is performed then it is kicked out of the group.

If a computer with a fresh install of windows gets the client installed it puts it into limbo, if a tech drops the text file in the root of C with the department name. it installs all the apps for that department then delets the text file.

this works for us much better. I gave up on the install images a long time ago I could never get them to work flawlessly. :/

[R00k]

That sounds like a pretty good solution.

Is this software you're talking about pretty solid, not glitchy or buggy? Any specific problems you've had with it?

[Giraffe }{unter]

you need to sit and spend alot of time learning and setting it up, but the payoff it great. It's a great IT solution, with very few if any issues. We use it for alot of automated tasks stuff like.

Scan the user's registry at login to detect sofware we do not like, if they have it it notifies us and puts a message on their screen to contact IT.

Build install packages for all of our software, so I can drag and drop software on a user and it will install with no user interaction.

Detect Software versions and push upgrades ifneeded.

complete simple tasks like dropping shortcuts on desktops, repairng user dammaged software by restoring it to default settings and files.

Detect missing critical updates and SPs (just replaced this with Shavlik HFNetChkPro 5)

The possabilities are endless

[R00k]

Very cool man. We're already doing a lot of that, but with tons of different time-consuming tools and processes.

On top of that, we're getting away from Ghost because licensing is so expensive, and we're looking for something that will let us do quick installs with several different build types, so this sounds like a pretty good fit.

Any idea how the prices compares to Ghost in an enterprise?

[Giraffe }{unter]

The pricing varies alot depending on how many licenses you buy. Your best bet is to contact the sales department and get a test license pack.

http://www.itsolutions.intuit.com/Deploy.asp

if you go for it, let me know I'll give you a run down of what not to do to save you alot of frustration

once you spend a few hours learning package creating you can create an install package for almost any software in less than an hour, including testing on multiple OS installs.

We have a special software install that used to take just over an hour that included things like insert CD1 don't press ok, stand on one foot, hop in a circle then with your finger firmly inserted in your anus say ieeeeeeeeeeeeeeeeeeeee and press cancel to continue...

that now takes 7 minutes unattended to complete and 1/2 that time is file transfer

also you can run installs, and execute files remotely with alternate credentials. so if a user is logged in you can run everything as the admin, without affecting them.

[R00k]

Very cool. Again, we do a lot of that already (running silent installs under alternate credentials), but most of it is done in arcane and complicated ways via scripts and batches.

I'm definitely going to take a look at this though. I'll probably download it, get familiar with it and shop it around to some of the other guys here if I like it to see what they think.

Thanks for the advice. :icon14:

[R00k]

I'm getting a db error on their site trying to d/l it.

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Could not allocate space for object 'IITS_Demo' in database 'pf' because the 'PRIMARY' filegroup is full.

/Eval_DP.asp, line 120



I'll try again later.

[4days]

does this mean you folks know about MSIs? been trying to write one using installshield 11.5 and it's a real pita. microsoft bitching aside, and in all fairness, MSIs are shite and installshield doesn't make things much easier.

do you know what sort of things i should make sure are in there for network admins? been concentrating on making it idiot-friendly, but thinking i should spare a thought for users who actually know what they're doing.

[Tormentius]

GH: You could simply enable the already-existing group policy to disable Windows firewall at either the domain or OU level.

Other than what you mentioned about scanning the registry (which could be easily scripted) you could use some well-planned GPOs, WSUS, RIS, and properly packaged software to accomplish everything you listed there. You might be able to save a small fortune on licensing since everything except the app packaging software is included in 2000 and 2003 server already.

[raw]

Tormentius you prick! You said my answer . Anyway G}{, what Tormentius said is the best implementation.

[Giraffe }{unter]

I though for scripting you needed everyone to have a domain login? All our users use local user accounts to access the domain.

[R00k]

As long as the computers themselves are members of the domain, you can use Computer Policies to do whatever you want with them (instead of User Policies).

[Tormentius]

All our users use local user accounts to access the domain.

That seems...odd. Why did your network admins choose such an awkward and restrictive way of doing things?

Anyways, as R00k said you can still apply computer policies to those machines (WSUS, Software installs, and computer policies like Windows Firewall)

[R00k]

Yea, that is a pretty strange way to maintain user accounts. If you want to restrict users to only be able to login to certain machines, you can easily do that with domain accounts. I assume there is some other reason you're doing that way though, since there is so much extra administration overhead involved.

[Giraffe }{unter]

We're not setup like a normal company, none of the machines are members of the domain. They won't be in the future either.

The system we have now is working well, it did cost extra, but the benifits pay off 10 fold. Once I get the Shavlik HFNetChkPro setup Which not only does all MS windows/office updates Service packs. It also does Winzip, Acrobat, FireFox, Real, Macromedia, and a bunch more... I will picup the add-on for Spyware and Non-Bizware which will detect and fully remove Most of the spyware out there and also uninstall any program we do not want on our network all from one console.

So yes there are easy and free tools to do the job, but when you have a non-standard environment, and a decent IT Budget life is much easier.

Oh and Shavlik HFNetChkPro and HFNetChkProtect are available for Free demo at http://www.shavlik.com. If you're thinking of checking it out I will hook you up with a great Rep who hung around patiently giving me demo extensions and as I strung it along for 7 months :icon26:

[Tormentius]

There aren't many logical reasons to shoestring together machines on a network without using a domain. No offense, but it sounds like one of the many networks that are still doing things in an awkward and inefficient way simply because its always been done that way.

[R00k]

I agree, with Active Directory there is not much reason for a company to not have its machines joined to a domain anymore.

It offers ways to separate computers to the extent that they can't even see or access other machines or devices if necessary, yet still be able to centrally manage all of them with policies.