Page 1 of 3 123>
Topic Options
#183150 - 2007-12-02 04:05 PM Installing packages via GPO Startup script.
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Moved discussion of this to here.

So Witto, your function here uses this syntax in your INI file:

;NetworkID
; Network or networks where computer should be to allow software installation
; The format of the list of networks should be build like this
; xxx.xxx.xxx.xxx/yy;xxx.xxx.xxx.xxx/yy;xxx.xxx.xxx.xxx/yy
; where xxx.xxx.xxx.xxx is the NetworkID and yy is the Net Mask
; preceeding zero's should not be used
; In example:
; NetworkID=192.168.1.0/24;172.16.0.0/27

I'm not a network weenie - can you explain how this mask works ... does that mean apply the package to machines with the IP 192.168.1.0 to .24 or is that "24" more of a binary mask ?

[edit]

So if I wanted all ip with 192.168.1.* one would use 255 as that second number ?

-Shawn


Edited by Shawn (2007-12-02 04:09 PM)

Top
#183152 - 2007-12-02 04:25 PM Re: Installing packages via GPO Startup script. [Re: Shawn]
Gargoyle Offline
MM club member
*****

Registered: 2004-03-09
Posts: 1597
Loc: Valley of the Sun (Arizona, US...
If Witto is using it in the standardized notation form, it would be the binary mask I.E. yy = the number of bits that are masked - 24 would be the same as saying 255.255.255.0 - 27 would be 255.255.255.224 etc.
_________________________
Today is the tomorrow you worried about yesterday.

Top
#183154 - 2007-12-02 04:41 PM Re: Installing packages via GPO Startup script. [Re: Shawn]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
The net mask can be written in decimal numbers or in binary numbers.
If you write it binary, you just tell how much 1's you see.
Try to make it clear like this:
 Code:
/20 = 11111111.11111111.11110000.00000000 = 255.255.240.0
/21 = 11111111.11111111.11111000.00000000 = 255.255.248.0
/22 = 11111111.11111111.11111100.00000000 = 255.255.252.0
/23 = 11111111.11111111.11111110.00000000 = 255.255.254.0
/24 = 11111111.11111111.11111111.00000000 = 255.255.255.0
/25 = 11111111.11111111.11111111.10000000 = 255.255.255.128
/26 = 11111111.11111111.11111111.11000000 = 255.255.255.192
/27 = 11111111.11111111.11111111.11100000 = 255.255.255.224
/28 = 11111111.11111111.11111111.11110000 = 255.255.255.240
/29 = 11111111.11111111.11111111.11111000 = 255.255.255.248
/30 = 11111111.11111111.11111111.11111100 = 255.255.255.252
/31 = 11111111.11111111.11111111.11111110 = 255.255.255.254
/32 = 11111111.11111111.11111111.11111111 = 255.255.255.255

172.16.0.0/27 means:
a subnet of the class B network 172.16.0.0
(default network mask = 255.255.0.0 or /16)
network address = 172.16.0.0
host adresses: 172.16.0.1 - 172.16.0.30
broadcast adress = 172.16.0.31

Here it is explained by someone else:
http://www.nongnu.org/lpi-manuals/lpi-102/html/ch05s02.html

[Edit]
Thanks Gargoyle, you hit the nail right on the head
[/Edit]
[Edit]
192.168.1.* would be 192.168.1.0/24
[/Edit]


Edited by Witto (2007-12-02 04:58 PM)

Top
#183155 - 2007-12-02 05:24 PM Re: Installing packages via GPO Startup script. [Re: Witto]
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
So if you wanted to hit just a single machine, you would say:

192.168.1.36/32

?

Top
#183156 - 2007-12-02 05:33 PM Re: Installing packages via GPO Startup script. [Re: Shawn]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
Why not stick the GPO to the OU the computer is in and be done with it, no scripting neccesary ;\)
Top
#183158 - 2007-12-02 08:32 PM Re: Installing packages via GPO Startup script. [Re: Shawn]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
 Originally Posted By: Shawn
So if you wanted to hit just a single machine
That is handled with a "Global Security Group" containing the computer accounts that should have the software installed. Change the security for the GPO on the OU. Withdraw at least the "Apply Group Policy" for the "Authenticated users" and give "Read" and "Apply Group Policy" for your own Global Security Group. If you want to install the package to only one computer, the group should only contain that computer account.
The net mask is to define the network where the software installation is allowed. If I am at home, working via VPN, I would not want that the software package starts installing. Just a matter of bandwith.
If you only have the network 192.168.1.0/24 at work, you would want that your computer has an address in that network before installing the software. But are you sure that the computer you want to install the software to always has address 192.168.1.36? Don't you use DHCP?
NetworkID in the INI-file refers to "Network Addresses" and the masks of the networks where you want to allow the installation.
 Originally Posted By: apronk
Why not stick the GPO to the OU the computer is in and be done with it
Because the OU can contain more accounts than only that computer.

Top
#183160 - 2007-12-02 08:51 PM Re: Installing packages via GPO Startup script. [Re: Witto]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
 Originally Posted By: Witto
 Originally Posted By: apronk
Why not stick the GPO to the OU the computer is in and be done with it
Because the OU can contain more accounts than only that computer.


Then create a Computer Group for instance named "appl_package".
Then make a GPO with the same name and have the package deployed there.
Link the GPO to the computer group in the security tab. And you're done. simply add computers that need that package to that computer group.

Top
#183166 - 2007-12-02 09:04 PM Re: Installing packages via GPO Startup script. [Re: Arend_]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
Wasn't it that what I was explaining?
Top
#183167 - 2007-12-02 09:07 PM Re: Installing packages via GPO Startup script. [Re: Witto]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
 Originally Posted By: Witto
Wasn't it that what I was explaining?

Ehm, yeah... sorry I didn't really read it

Top
#183172 - 2007-12-02 09:38 PM Re: Installing packages via GPO Startup script. [Re: Arend_]
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
We will be deploying this script to ALL workstations in the OU (1000's of machines) - just looking for a way to perform the following:

1) Impact only a handful of machines in the short-term (our soak).
2) Possibly increase this to more than a handful if required (extended soak).
3) Release to everyone.

Plus - this script would not be specific to just installing a single package. Will probably enhance to install many packages over the years.

Top
#183173 - 2007-12-02 09:47 PM Re: Installing packages via GPO Startup script. [Re: Shawn]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
We just have about 150 workstations (for administrative purposes). I cannot say what impact the script will have in your situation. I just was looking for a way to install non MSI packages that do support silent installations.
Top
#183174 - 2007-12-02 09:55 PM Re: Installing packages via GPO Startup script. [Re: Witto]
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
I have a gut-feeling this concept will work. Every workstation will run the script, and logic would be something like:

 Code:
if (this workstation is in scope for package A)
 install package A
enndif

if (this workstation is in scope for package B) 
 install package B
endif

etc, etc


Its the determination of "in-scope" I need to work-out. Unfortunately that could be just about anything ... from a simple list of hostnames to some other more complex criteria (like using the IP address). Will probably just custom code these IF statements as opposed to "softening them up" in an INI file like you did (your way is more eloquent imho).

Top
#183175 - 2007-12-02 10:06 PM Re: Installing packages via GPO Startup script. [Re: Shawn]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
If I understand what you mean, that is also in the script.
The INI file contains a section per package. Create a GPO per section. In the Startup Script parameters, you refer to the section:
 Code:
\\domain-name\SysVol\domain-name\scripts\script.kix $INI="\\domain-name\SysVol\domain-name\scripts\script.ini" $Section="Package Name"

Top
#183177 - 2007-12-03 12:57 AM Re: Installing packages via GPO Startup script. [Re: Shawn]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
You guys rolling out SAP again there Shawn?
Top
#183179 - 2007-12-03 01:07 AM Re: Installing packages via GPO Startup script. [Re: NTDOC]
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Lol. Nah - we're putting out UPHClean. Having big problems with locked registry on logoff - especially on our VMWARE sessions.

-Shawn

Top
#183181 - 2007-12-03 01:15 AM Re: Installing packages via GPO Startup script. [Re: Shawn]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
It is a nice utility. I install it on all my Citrix servers. Lemme guess... Symantec locking your reg?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#183182 - 2007-12-03 02:04 AM Re: Installing packages via GPO Startup script. [Re: Les]
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Hehee nah, we dont use Symantec - but we do have some in-house applications that are hanging on to the registry. Tell you another bit of software that seems to run crap on VMWARE - McAfee Host Intrusion Protection (HIP) and Site Advisor ... we have people looking into this issue but damn - they had to remove it from all our virtual sessions - something about locking them up too.
Top
#183183 - 2007-12-03 05:23 AM Re: Installing packages via GPO Startup script. [Re: Shawn]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Oh... we don't need to push it out as it's in all our Ghost images

Been using it for years in our images, since my Disney days.

Though I'm about 99% certain that some recent "Critical Update" from MS is causing a yellow exclamation in the Event Viewer about the registry hive of the current user not be released properly. Never used to see it till recently and MS updates are the only things that get added to most of these systems and users are not Admins.

Have not really researched much more as it still unloads quickly due to UPH but PITA that MS changed something that is now causing it to happen on systems that had clean logs for months.

Top
#183192 - 2007-12-03 10:24 AM Re: Installing packages via GPO Startup script. [Re: NTDOC]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
Shawn,
Forgot to tell that (installations via) computer startup scripts don't make the user wait to log on. I use it for small installations. I presume when you roll out big installations that take several minutes to install, users will be able to log on to their computers while installation is still ongoing. I don't know if that is an issue. Maybe, if needed, you can script something that asks the user to wait untill the installation has ended. I know you are great with kixforms.

Top
#183193 - 2007-12-03 10:30 AM Re: Installing packages via GPO Startup script. [Re: Witto]
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
 Originally Posted By: Witto
I know you are great with kixforms.


Umm, well, if not Shawn, who else?
_________________________



Top
Page 1 of 3 123>


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.075 seconds in which 0.025 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org