You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » formatting question
Register User       Forum List       Calendar       FAQ
Page 2 of 2 <12
Topic Options
#125667 - 2004-08-27 03:44 PM Re: formatting question
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
well, I searched for the audit32 but all board gave me was some crappy stuff.
I know this has been discussed before too.

anyway, it seemed to be the normal style to put the audit to the very end and use a line like this:
run "%comspec% /c audit32.exe"

don't ask me why.
_________________________
!

download KiXnet

Top
#125668 - 2004-08-27 04:33 PM Re: formatting question
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Quote:

Was also wondering why you couldnt just move the audit portion to the very bottom of the primary script.


Better still... move it to RunOnce.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#125669 - 2004-08-28 12:06 AM Re: formatting question
howyadoing Offline
Getting the hang of it

Registered: 2002-06-01
Posts: 86
Loc: Cincinnati
Les you rule.. I put it in Current_user run once and the audit32 execution is flawless. I wrote the following script. I am still haveing one weird issue that maybe is a bug. When I assign the script below using gpo as a computer script it works just as it should. If the trackitaudit.id file is not there is puts the run once in and if its there and is now under 30 days it doesnt put the run once. But each time the system boots it shows that the trackitaudit.id file has been modified even though the audit didnt run. If I run the same script once the machine is up and running it doesnt change the modification date of the trackitaudit.id file. Maybe its some kind of bug??

Code:
 ;----- Run trackit audit
$InventFile = "C:\trackitaudit.id"
If Not Exist($InventFile) OR (SubSTR(GetFileTime($InventFile),6,2) <> SubSTR(@DATE,6,2))
KeyExist ('HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce') AND NOT KeyExist ('HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\TrackitAudit')
WriteValue ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\","TrackitAudit","\\na\netlogon\pcaudit\audit32.exe","REG_SZ")
Else
EndIf

Top
#125670 - 2004-08-28 12:31 AM Re: formatting question
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I doubt very much that the logon script is changing the timestamp. Run the script with debug on and watch the timestamp as you step through it.

I am not familiar with the audit software, but I suspect that it is configured to run on every boot. Look for installed services or check the reg for entries in Run and RunServices under HKLM.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#125671 - 2004-08-28 04:17 AM Re: formatting question
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
Not sure what the keyexist's are for in that snippet you just posted. But since there wasnt even any IF/ENDIFs around them i dont think its doing any good. Try just something simpler like this.

Code:
;----- Run trackit audit
$InventFile = "C:\trackitaudit.id"
If Not Exist($InventFile) OR (SubSTR(GetFileTime($InventFile),6,2) <> SubSTR(@DATE,6,2))
   $null = WriteValue ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce","TrackitAudit","\\na\netlogon\pcaudit\audit32.exe","REG_SZ")
EndIf
Top
#125672 - 2004-08-28 05:47 AM Re: formatting question
howyadoing Offline
Getting the hang of it

Registered: 2002-06-01
Posts: 86
Loc: Cincinnati
I will try that last post but I write back because I just thought of another way to do this.. I have confirmed that for what ever reason the last script I posted is for some reason (even though the audit is not running) is changing the file modification data when applied as a pc policy via gpo. But when I run the script after the machine is at the desktop the file doesnt get modified. I wonder if it is some issue with the file being access and the machine still booting?? Anyways. As I stated before thie audit program creates a file called trackitaudit.id. This is just a text file. Will ReadLine work with this file extension even though its not .txt? If not I can script the renaming of the files. But this file has the following. Code:
 id=5D5859EE-8889-412B-A5C8-448D321A64A8
LASTRUN=20040827000000
The second line is the date the audit ran last so I was thinking of using readline to extrat that text date then running the audit based on that information. I am new to some of these more complicated scripting functions and can only get an echo of the first line. Attached is the code. What am I missing to get the second line in with readline then "reuse" parts of my existing script to execute the script. I dont even know if readline is the right thing. Code:
 
$Inventfile = "C:\Trackitaudit.txt"
If Open (2, "$Inventfile") = 0
$date = ReadLine (2)
While Error = 0
? "Line read: [" + $date + "]"
$date = ReadLine (2)
Loop
Close (2)
? "$date"
? "@error"
EndIf


Thanks for all of the help... This has been very helpful.
Top
#125673 - 2004-08-28 05:58 AM Re: formatting question
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Does the text file have a header somewhere above that line with square [brackets]? If so then it is an INI format and ReadProfileString can be used to read that line directly without parsing.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#125674 - 2004-08-28 06:17 AM Re: formatting question
howyadoing Offline
Getting the hang of it

Registered: 2002-06-01
Posts: 86
Loc: Cincinnati
I accidentially included an extra space in the post but that is it. I will copy it again correctly.
Quote:

id=5D5859EE-8889-412B-A8C8-448D187A64A8
LASTRUN=20040827000000


It doesnt look to be an ini format. I can get the first line but not the second.
Top
#125675 - 2004-08-28 09:52 AM Re: formatting question
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
Maybe something like this.

Code:
$filehandle = FreeFileHandle()
If Open($filehandle,"C:\TrackitAudit.id",2)=0
   While @Error=0
      $line = ReadLine($filehandle)
      If InStr($line,"LASTRUN=")
         $lastrunmonth = SubStr($line,13,2)
         If $lastrunmonth <> SubSTR(@DATE,6,2)
            $null = WriteValue ("HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce","TrackitAudit","\\na\netlogon\pcaudit\audit32.exe","REG_SZ")
         Endif
      Endif
   Loop
Else
   $null = WriteValue ("HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce","TrackitAudit","\\na\netlogon\pcaudit\audit32.exe","REG_SZ")
Endif


Still doubt that the id file is being modified by the script in anyway. But this method should work. Doing pretty much the same thing as before, except its getting the month from the data in the file instead of the modify time of the file.
Top
Page 2 of 2 <12


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 242 anonymous users online.
details
Newest Members
BeeEm, min_seow, Audio, Hoschi, Comet
17882 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.169 seconds in which 0.134 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org