Page 1 of 1 1
Topic Options
#194224 - 2009-06-11 12:29 PM DelValue and RD command not working on remote workstations
yellowdog Offline
Getting the hang of it

Registered: 2005-06-14
Posts: 97
Hello everybody,

In the following script I want to remove files and subdirectories with the RD command, localy it works fine but nothing happens on a remote PC.
Same problem with the DelValue command (Return code 2).
The commands to start and stop the services are OK...........
What is the clue ???????????????


 Quote:
;***********Script pour nettoyer les définitions de virus corrompues pour les clients Symantec Endpoint Protection*************
;***********D'APRES http://service1.symantec.com/SUPPORT/ent...***************

? "Machine name? " Gets $machine
$strComputer = $machine

;---------------ARRET DES SERVICES SEP-------------------------

WMISvcMgr ('STOP','Symantec Antivirus',,$strComputer )
SLEEP 10
WMISvcMgr ('STOP','ccEvtMgr',,$strComputer )
SLEEP 10
WMISvcMgr ('STOP','ccSetMgr',,$strComputer )
SLEEP 10

;---------------SUPPRESSION DES FICHIERS ET REPERTOIRES CONTENANT LES DEFINITIONS DE VIRUS--------------------

RD "C:\Program Files\Common Files\Symantec Shared\VirusDefs\" /s
RD "c:\documents and settings\all users\application data\symantec\liveupdate\downloads\" /s

;--------------SUPPRESSION DES VALEURS DE LA BASE DE REGISTRE------------------------------

DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs ", "SRTSP")
DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs ", "NAVCORP_70")
DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs ", "DEFWATCH_10")
DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs ", "SepCache3")
DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs ", "SepCache2")
DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs ", "SepCache1")

;---------------DEMARRAGE DES SERVICES SEP-------------------------

WMISvcMgr ('START','Symantec Antivirus',,$strComputer )
WMISvcMgr ('START','ccEvtMgr',,$strComputer )
WMISvcMgr ('START','ccSetMgr',,$strComputer )


;;
;;======================================================================
;;
;;FUNCTION WMISvcMgr()
;;
;;ACTION Manage windows services
;;
;;AUTHOR Glenn Barnas
;;
;;VERSION 1.1 / 2008/04/15
;; Correction - added data validation for Modify process
;;
;; 1.0 / 2007/10/15
;; Written as a replacement for SvcList() & SvcCtl(), which uses XNET.exe
;;
;;SYNTAX WMISvcMgr(Action, [Service] [, SvcData] [, Computer] [, AuthPtr])
;;
;;PARAMETERS Action - REQUIRED, Action to perform - must be one of:
;; Status# - return WMI_Service status message
;; List - list all services and their status
;; Start - start the named service
;; Stop - stop the named service
;; *Create - create the named service using the supplied configuration array (*unimplemented)
;; Modify - modify the named service using the supplied configuration array
;; Delete - delete the named service
;; Query - return current service data in the configuration array
;;
;; Service - OPTIONAL, Name of service to act upon
;;
;; SvcData - OPTIONAL, Array of service parameters
;; 0 - service short name (Read Only)
;; 1 - DisplayName Long service name
;; 2 - PathName Path to executable
;; 3 - ServiceType Own Process / Share Process
;; 4 - ErrorControl 0/Ignore, 1/Normal, 2/Severe, 3/Critical
;; 5 - StartMode Disabled, Manual, or Automatic
;; 6 - DesktopInteract (Read Only)
;; 7 - State (only when reading, ignored when writing)
;; 8 - StartName User ID
;; 9 - StartPassword (only when writing, always returned empty)
;;
;; Computer - OPTIONAL, Name of computer to query
;;
;; AuthPtr - OPTIONAL - pre-authenticated WMI object pointer
;; Use WMIAuthentication() udf to create the AuthPtr value
;; AuthPtr is not needed if user has admin rights
;;
;;REMARKS Used to manipulate & query services on a local or remote system
;;
;;
;;RETURNS Depends upon action
;; List - Array of comma-delimited strings: short name,display name,status
;; Start - WMI_Service status code
;; Stop - WMI_Service status code
;; Create - WMI_Service status code
;; Modify - WMI_Service status code
;; Delete - WMI_Service status code
;; Query - Array of service information (SvcData array format)
;;
;;DEPENDENCIES WMI
;;
;;TESTED WITH W2K, WXP, W2K3, Vista, x64
;;
;;EXAMPLES $Status = WMISvcMgr('Start', 'UPS', , $Computer)
;; WmiSvcMgr($Status) ? ; Display the message based on status code
;
Function WMISvcMgr($_Action, OPTIONAL $_Service, OPTIONAL $_SvcData, OPTIONAL $_Target, OPTIONAL $_pAuth)

Dim $_objWMI, $_cItems, $_oItem ; WMI object vars
Dim $_Line ; line string
Dim $_aTmp[0], $_I ; return array, index
Dim $_ ; temp var
Dim $_BTime, $_CTime ; boot and current times from target system
Dim $_E, $_R ; error and result vars to be returned

; If a numeric value was provided for Action, return the WMI_Service status/error message string
If $_Action = Int($_Action)
Select
Case $_Action = 0 $WMISvcMgr = 'Service Control Request completed successfully'
Case $_Action = 1 $WMISvcMgr = 'Not Supported'
Case $_Action = 2 $WMISvcMgr = 'Access Denied'
Case $_Action = 3 $WMISvcMgr = 'Start failed - dependent service(s) not running'
Case $_Action = 4 $WMISvcMgr = 'Invalid Service Control Request'
Case $_Action = 5 $WMISvcMgr = 'Service cannot accept the requested control'
Case $_Action = 6 $WMISvcMgr = 'Service Not Active'
Case $_Action = 7 $WMISvcMgr = 'Service Request Timeout'
Case $_Action = 8 $WMISvcMgr = 'Unknown failure when starting service'
Case $_Action = 9 $WMISvcMgr = 'Path not found'
Case $_Action = 10 $WMISvcMgr = 'Service Already Running'
Case $_Action = 11 $WMISvcMgr = 'Service Database Locked'
Case $_Action = 12 $WMISvcMgr = 'Service Dependency Deleted'
Case $_Action = 13 $WMISvcMgr = 'Service Dependency Failure'
Case $_Action = 14 $WMISvcMgr = 'Service Disabled'
Case $_Action = 15 $WMISvcMgr = 'Service Logon Failure'
Case $_Action = 16 $WMISvcMgr = 'Service Marked for Deletion'
Case $_Action = 17 $WMISvcMgr = 'No Service Execution Thread'
Case $_Action = 18 $WMISvcMgr = 'Circular Dependency'
Case $_Action = 19 $WMISvcMgr = 'Duplicate Name'
Case $_Action = 20 $WMISvcMgr = 'Invalid Name'
Case $_Action = 21 $WMISvcMgr = 'Invalid Service Parameter(s)'
Case $_Action = 22 $WMISvcMgr = 'Invalid Service Account'
Case $_Action = 23 $WMISvcMgr = 'Service Exists'
Case $_Action = 24 $WMISvcMgr = 'Already Paused'
EndSelect
Exit 0
EndIf


; insure we have a valid target name, without any "\"
$_Target = IIf($_Target, $_Target, '.')
If InStr($_Target, '\') $_Target = Join(Split($_Target, '\'), '') EndIf
; If we pre-authenticated via WMIAuth, use that WMIobject instead, otherwise instantiate an object reference
If $_pAuth
$_objWMI = $_pAuth
Else
$_objWMI = GetObject('winmgmts:{impersonationLevel=impersonate}!\\' + $_Target + '\root\cimv2')
If @ERROR Exit Val('&' + Right(DecToHex(@ERROR), 4)) EndIf
EndIf


; Verify that the Service name is provided for actions that require it
If InStr('-Start-Stop-Create-Modify-Delete-Query-', '-' + $_Action + '-')
If $_Service = '' Exit 87 EndIf
EndIf


; Create the collection of all services, or one specific one, depending on action
If InStr('-List-Create-', '-' + $_Action + '-')
$_cItems = $_objWMI.ExecQuery('Select * from Win32_Service')
Else
; All remaining Actions require a service name - either exit if not definee or query WMI
$_cItems = $_objWMI.ExecQuery('Select * from Win32_Service WHERE Name = "' + $_Service + '"')
EndIf


; validate the action and required arguments, perform the defined task
Select
; ==============================
Case $_Action = 'List'
$_I = -1
For Each $_oItem in $_cItems
$_I = $_I + 1
ReDim Preserve $_aTmp[$_I]
$_aTmp[$_I]= $_oItem.name + ',' + $_oItem.DisplayName + ',' + $_oItem.State
Next
$WMISvcMgr = $_aTmp
$_cItems = 0
Exit 0

; ==============================
Case $_Action = 'Create'
If VarType($_SvcData) < 8192 Exit 87 EndIf ; exit if service data array is not defined
Exit 1
; TBD - future release

; ==============================
Case $_Action = 'Modify'
If VarType($_SvcData) < 8192 Exit 87 EndIf ; exit if service data array is not defined
If UBound($_SvcData) <> 9 Exit 87 EndIf ; exit if service data array is invalid
; Change(DisplayName, PathName, ServiceType, ErrorControl, StartMode, DesktopInteract, StartName, StartPassword,
; next 3 unsupported at this time... (feel free to code/test on your own!)
; LoadOrderGroup, LoadOrderGroupDependencies, ServiceDependencies)

; Need to convert ServiceType strings to proper value
Select
Case Left($_SvcData[3], 3) = 'Own'
$_SvcData[3] = 16
Case Left($_SvcData[3], 3) = 'Sha'
$_SvcData[3] = 32
EndSelect

; Need to convert ErrorControl strings to values
Select
Case $_SvcData[4] = 'Ignore'
$_SvcData[4] = 0
Case $_SvcData[4] = 'Normal'
$_SvcData[4] = 1
Case $_SvcData[4] = 'Severe'
$_SvcData[4] = 2
Case $_SvcData[4] = 'Critical'
$_SvcData[4] = 3
EndSelect

For Each $_oItem in $_cItems
$_R = $_oItem.Change($_SvcData[1],$_SvcData[2],$_SvcData[3],$_SvcData[4],,,$_SvcData[8],$_SvcData[9])
$_E = @ERROR
If Not @ERROR And $_R = 0
If $_SvcData[5]
$_R = $_oItem.ChangeStartMode($_SvcData[5])
$_E = @ERROR
EndIf
EndIf
Next

; ==============================
Case $_Action = 'Query'
ReDim $_aTmp[9]
For Each $_oItem in $_cItems
$_aTmp[0] = $_oItem.Name ; Service Name (not modifiable)
$_aTmp[1] = $_oItem.DisplayName ; Display Name
$_aTmp[2] = $_oItem.PathName ; Binary Path
$_aTmp[3] = $_oItem.ServiceType ; type of service
$_aTmp[4] = $_oItem.ErrorControl ; 0:Ignore, 1:Normal, 2:Severe, 3:Critical
$_aTmp[5] = $_oItem.StartMode ; Start Mode
$_aTmp[6] = $_oItem.DesktopInteract ; Bool - true if service can interact with desktop (Read Only)
$_aTmp[7] = $_oItem.State ; Current state (Read Only)
$_aTmp[8] = $_oItem.StartName ; Service User Account
$_aTmp[9] = '' ; Service password (not readable, return null)
Next
$WMISvcMgr = $_aTmp
Exit @ERROR

; ==============================
Case $_Action = 'Start'
For Each $_oItem in $_cItems
$_R = $_oItem.StartService
$_E = @ERROR
Next

; ==============================
Case $_Action = 'Stop'
For Each $_oItem in $_cItems
$_R = $_oItem.StopService
$_E = @ERROR
Next

; ==============================
Case $_Action = 'Delete'
For Each $_oItem in $_cItems
$_R = $_oItem.DeleteService
$_E = @ERROR
Next

EndSelect

$WMISvcMgr = $_R ; return the status value
Exit $_E

EndFunction





Edited by yellowdog (2009-06-11 12:43 PM)

Top
#194226 - 2009-06-11 02:54 PM Re: DelValue and RD command not working on remote workstations [Re: yellowdog]
Gargoyle Offline
MM club member
*****

Registered: 2004-03-09
Posts: 1597
Loc: Valley of the Sun (Arizona, US...
A return code of 2 generally means file not found. Or in your case key not found.
_________________________
Today is the tomorrow you worried about yesterday.

Top
#194227 - 2009-06-11 03:21 PM Re: DelValue and RD command not working on remote workstations [Re: Gargoyle]
eriqjaffe Offline
Hey THIS is FUN

Registered: 2004-06-24
Posts: 214
Loc: Arlington Heights, IL USA
You're starting/stopping services on the remote machine, but removing keys and directories on the local machine. The RD and DelValue commands should look like this:

 Code:
RD "\\"+$strComputer+"\c$\Program Files\Common Files\Symantec Shared\VirusDefs\" /s

DelValue("\\"+$strComputer+"\HKLM\SOFTWARE\Symantec\SharedDefs ", "SRTSP")

...unless I'm misunderstanding what you're trying to do.

Top
#194228 - 2009-06-11 03:21 PM Re: DelValue and RD command not working on remote workstations [Re: Gargoyle]
yellowdog Offline
Getting the hang of it

Registered: 2005-06-14
Posts: 97
As I told in my first topic, the DelValue command works fine on the local machine but with a remote machine it generates a return code 2.
The key I want to suppress exist on the machine in the right path.

Any idea ??????????????

Top
#194231 - 2009-06-11 04:14 PM Re: DelValue and RD command not working on remote workstations [Re: yellowdog]
yellowdog Offline
Getting the hang of it

Registered: 2005-06-14
Posts: 97
OOOOOOOOPS,

I found the reasons why, I'm far to be a real kixtart script developer......



 Quote:
;***********Script pour nettoyer les définitions de virus corrompues pour les clients Symantec Endpoint Protection*************
;***********D'APRES http://service1.symantec.com/SUPPORT/ent...***************

? "Machine name? " Gets $machine
$strComputer = "\\" + $machine

;---------------ARRET DES SERVICES SEP-------------------------

WMISvcMgr ('STOP','Symantec Antivirus',,$strComputer )
SLEEP 10
WMISvcMgr ('STOP','ccEvtMgr',,$strComputer )
SLEEP 10
WMISvcMgr ('STOP','ccSetMgr',,$strComputer )
SLEEP 10

;---------------SUPPRESSION DES FICHIERS ET REPERTOIRES CONTENANT LES DEFINITIONS DE VIRUS--------------------

RD "$strComputer"+"\C$\Program Files\Fichiers communs\Symantec Shared\VirusDefs\" /s
?@error
RD "$strComputer"+"\C$\documents and settings\all users\application data\symantec\liveupdate\downloads\" /s
?@error

;--------------SUPPRESSION DES VALEURS DE LA BASE DE REGISTRE------------------------------

DelValue("$strComputer"+"\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\","SRTSP")
DelValue("$strComputer"+"\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\","NAVCORP_70")
DelValue("$strComputer"+"\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\","DEFWATCH_10")
DelValue("$strComputer"+"\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\","SepCache3")
DelValue("$strComputer"+"\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\","SepCache2")
DelValue("$strComputer"+"\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\","SepCache1")

;---------------DEMARRAGE DES SERVICES SEP-------------------------
Sleep 5
WMISvcMgr ('START','Symantec Antivirus',,$strComputer )
WMISvcMgr ('START','ccEvtMgr',,$strComputer )
WMISvcMgr ('START','ccSetMgr',,$strComputer )

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 151 anonymous users online.
Newest Members
diefnet, Arogya, gkustra, emnipetro, Hirze
17644 Registered Users

Generated in 0.03 seconds in which 0.012 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org