Page 1 of 1 1
Topic Options
#68671 - 2002-07-29 06:45 PM KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Kixtart Systems Management Server

Developed by Jens Meyer (sealeopard on the KIXtart BBS at http://81.17.37.55/board/ultimatebb.php)

The Kixtart Systems Management Server scripts and support utilities are provided on an AS-IS basis. There is no support for it and proper functionality is not guaranteed. It is advisable to test the system on a limited basis before deploying it to a whole in-production network.

Certain words and/or word-combinations/phrases might be trademarked/servicemarked/copyrighted/*marked in which case applicable legal provisions apply.

OVERVIEW

The Kixtart Systems Management Server (KSMS) consists of three main scripts, the login script, the server script, and the client script.

The login script is used to log every domain user into the domain.

The server script runs on a computer that serves as the distribution point for all files that are part of KSKS.

The client script runs on each computer that has been integrated into KSMS.

The server and client scripts as well as all support files should be located on a dedicated share on the KSMS computer.

Both scripts should run under a special administrative account that will be used to log the client script into a computer.

KSMS requires the presence of Task Scheduler under Windows NT/2000/XP and the client script runs automatically upon the first login of the day under Windwos 9x.

KSMS FLOWCHART

1) User runs login script and integrates computer into KSMS

2) Maintenance server script runs on a regular interval (like 1am each night) and schedules the client script on all clients that are not powered down. Powered-down computers will be sent a Wake-On-LAN packet in case the NIC supports Wake-On-LAN and the client script will be scheduled as soon as the client has completed to boot up.

3) Client maintenance script runs, checks for granted application install requests, checkes services, registry keys, applications, installs applications. Reboots computer if reboot is necessary and nobody is logged in or displays a reboot request.

4) User runs login script and grants/dceclines application update/install requests.

FUTURE OF KSMS

KSMS is currently being rewritten/modified for KiXtart 4.11 and will feature more functionality based on WMI and ADSI. A SQL-based inventory manager will most likely be included in the next release. Estimated date of release: Whenever it's done, or maybe a day earlier.

Download the complete package here: [url= http://s91376351.onlinehome.us/kixtart/ksms.zip] http://s91376351.onlinehome.us/kixtart/ksms.zip[/url] [830kb]

LOGIN SCRIPT (excerpt from readme_login.txt):
The script is controlled by a collection of .INI files therefore protecting the KiXtart code from modifications. Adapting the login script will only require modifications to the .INI files but not the script itself unless you'd like to take out code segments that do not apply to your environment.

The script itself works in interaction with a client-server based maintenance script system. The maintenance scripts are not necessary for the correct functioning of the login script though. The installation of certain software products and the creation of specific user directories is done by the maintenance script but activated by the login script. E.g. the user has to allow the installation of any software package that will require the computer to reboot automatically in order to finish the installation. Some of my users run multi-day number-crunching routines and I'm therefore preventing the computer from rebooting at an inappropriate time. Additionally, if there is a reboot scheduled the user will be warned upon login.

The script provides extensive logging options. Nearly every screen output (the output that the user sees in the login window) can be written into a unique log file, therefore enabling the administrator to read the exact output for debugging purposes. Additionally, most errors and warnings are trapped and written into a separate error log. Finally, a login log keeps track of each login attempt on a per-day basis, thus one doesn't need to check multiple domain controllers to see when a user logged into a specific computer. All these logging options can be enabled/diabled in the login script initialization file.

The login script has the ability to detect a users login location based on the IP address used (currently tested with single-NIC computers only). Drive and printer mappings can be initiated based on the detected location. The script demonstrates this by differentiating between a Class C subnet (the NT domain), a VPN connection through a Cisco 3000 VPN Concentrator, a dial-up connection, and a connection through a Class B subnet.

MAINTENANCE SERVER SCRIPT (excerpt from readme_maintenance_server.txt):
This is the second part in a series of Kixtart scripts. The complete series will illustrate how to create a complete Kixtart Systems Management Server (KSMS) using only Kixtart and various freeware utilities and programs which are part of the Windows operating system. KSMS enables an administrator to perform administrative tasks in off-hours and without being present at the remote computer. It can be used to install programs, remove programs, clean up the harddisks, and modify regitry entries. It does not cook coffee though. It is compatible with both Windows NT/2000 and Windows 9x.

The first part described a modular login script for Windows 9X/NT/2K. The latest version on the modular login script can be found at http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=002682.

The second part covers the server part of the KSMS. The server part consists of one Kixtart script, two initialization files, and two function libraries. The MAINTENANCE_SERVER.KIX script calls various functions in those two UDF libraries. Nevertheless, all listed UDFs are used throughout KSMS.

The file COMPUTERS.DB is an .INI file that is created by the login script. The important entry for each computername (the name in the brackets) is the MAC address (used for Wake-On-LAN functionality). All other entries are for informational reasons only to get a quick idea what type of computer it is. They are not necessary for KSMS. Basically, each time the login script runs it writes/updates the current MAC address associated with the specific computer. More precisely, if a user elects to integrate the computer into KSMS, it'll update the information, otherwise that computer is treated as a guest computer (e.g. laptop computer of a visiting researcher in my case)

The file MAINTENANCE_LIST.INI is used mainly to communicate between the login script and the maintenance client script. The maintenance server script is using the MAINTENANCE_LIST.INI file to read the type of scheduling service for a specific computer and to write logging information into the file. Thus, it is possible to track down problems with the initialization of the computer maintenance on a computer.

In order for the maintenance server script to schedule maintenance it requires either the Task Scheduler or the Scheduler service. If the Scheduler service is used, then the service must be run under an administrative account since the SYSTEM account cannot establish network connections.

The maintenance server script is scheduled to run every night (1am seems to be a good time since virtually nobody is working at this time of day). It first initializes itself, loads its UDF libraries and sets the logging options. Each screen printout is also written into a log file to trace errors and monitor the script. One does not need to be logged into the computer that is running the maintenance server script as long as it is run through the Task Scheduler and is using a global administrative account. I created special KIX_SRV and KIX_CLI accounts for the server and client part of KSMS.

The server then reads a list of computers from MAINTENANCE_LIST.INI and the associated scheduler type. It checks whether it can access the admin share on each remote computer. If it cannot access it then the computer either has no admin share (therefore the client script will not be run) or the computer is not reachable. If the computer is not reachable the server script reads the MAC address and uses MAGIC.EXE to send a MagicPacket to the remote computer. This will trigger a Wake-On-LAN request for that computer if the NIC supports it. Then the script waits a little bit and checks wheter the computer is waking up by trying to access the admin share (with a 5 minute timeout). If the computer woke up successfully (admin share accessible) the script continues otherwise the script starts again with the next computer in its list.

If the remote computer is accessible through the admin share, the CLIENT_MAINTENANCE.BAT file is copied to the remote computer. This file contains a call to the CLIENT_MAINTENANCE.KIX script which does the maintenance on the remote computer. The Kixtart script sits on a server, thus is not accessible to a normal user. Also, if a user manipulates the CLIENT_MAINTENANCE.BAT then it will be overwritten with the version on the server the next time the client maintenance is initialized. This should effectively prevent tampering.

Finally, it schedules the execution of CLIENT_MAINTENANCE.BAT on the remote computer using either the Task Scheduler or the Scheduler service. The Task Scheduler is scheduled with JT.EXE from the Microsoft Windows 2000 Resource Kit Supplement 3 which is a CLI for the Task Scheduler. See also http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=1&t=003208 and http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=12&t=000060

This example of KSMS has been used for nine months to manage a computer network consisting of over 80 Windows 9x, NT, and 2000 computers. As part of the systems management all computers have been upgraded to Internet Explorer 5.5 Service Pack 2, an antivirus package has been distributed and various server-based applications have been installed (Microsoft Project, Microsoft Publisher, Microsoft Visio, SPSS). Additionally, system policies have been applied through the manipulation of registry entries and programs on the remote computers have been upgraded if necessary (e.g. Adobe Acrobat from 5.0.0 to 5.0.5). It is also used to essentially push specific applications to the remote computers.

MAINTENANCE CLIENT SCRIPT (excerpt from readme_maintenance_client.txt)
This is the third and last part in a series of Kixtart scripts. The complete series will illustrate how to create a complete Kixtart Systems Management Server (KSMS) using only Kixtart and various freeware utilities and programs which are part of the Windows operating system. KSMS enables an administrator to perform administrative tasks in off-hours and without being present at the remote computer. It can be used to install programs, remove programs, clean up the harddisks, and modify regitry entries. It does not cook coffee though. It is compatible with both Windows NT/2000 and Windows 9x.

The first part described a modular login script for Windows 9X/NT/2K. The latest version on the modular login script can be found at http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=002682.

The second part described the server script for Windows 9X/NT/2K and can be found at http://81.17.37.55/board/ultimatebb.php?ubb=get_topic;f=2;t=002897.

This part gives an overview of the client script of the Kixtart Systems Management Server. It will illustrate the general technique used to manage a heterogeneous array of Windows OS-based computers.

This system is in production on a 80+ computer network and has been running stable for oven nine months.

The maintenance client script is located on a networked share on the same computer that is running the maintenance server script. This will prevent unauthorized changes to the script since regular users only require read access and only if Windows 9x workstations need to be supported. If only Windows NT/2000/XP computers are supported, then access to the maintenance script can be limited to the account that runs the maintenance script.

The client maintenance script should be run under a special account that has full local administrative rights on all targeted workstations. It should not be run under any regular account to prevent misuse and enable better auditing of the script.

The script is initalized by a batch file which is copied to the local workstation by the maintenance server script and scheduled to start at a certain time (preferably at night). When the client batch file starts, it connect to the KSMS share of the central computer and starts running the Kixtart script. It then goes through the different subroutines and executes them one by one, pretty much like a washing maschine cycle.

Certain subroutine check for the presence of applications. If an application cannot be detected or is determined to be outdated, an update/install request is written into the maintenance_list.ini .INI file. On a subsequent user login, this file is checked by the login script whether it contains any update/install requests. The login script then queries the user whether to permit the install/update. If the request is denied, the next user will get prompted again. If the request is granted, the maintenance client script will read the granted request during the next maintenance cycle. This will trigger the actual insta or update. Most of the time, the computer is then instructed to reboot after the maintenance script finished. This will allow the operating system to gracefully finish potential sections of an applicaton install that require a reboot, e.g. replacements of in-use file which is done during a reboot.

As a special case, if the Internet Explorer 5.x+ is being installed, the maintenance script will actually initialize an automatic log-in after reboot and finish setting up the Internet Explorer. It will also automatically clean up the auto-login settings and reboot again after a specific time.

Installation and update routines are provided for internet Explorer 5.5 Service Pack 2, Symantec Norton Antivirus 7.0, Adobe Acrobat 5.0, Adobe Acrobat Reader 5.0, StorageCentral QuotaAdvisor Snap-In, SPSS 10 Client, The Mathworks Matlab 6.1, and various Microsoft Office products. Most fo the information about creating unattended installations for differen application and installer program can be found at http://www.appdeploy.com. Additionally, Microsoft provides Resource Kits for Office and Internet Explorer that create unattended installs for various Microsoft products.

Download the complete package here: [url= http://s91376351.onlinehome.us/kixtart/ksms.zip] http://s91376351.onlinehome.us/kixtart/ksms.zip[/url] [830kb]

<small>[ 29 July 2002, 19:17: Message edited by: sealeopard ]</small>


Edited by Sealeopard (2007-02-17 05:05 AM)
_________________________
There are two types of vessels, submarines and targets.

Top
#68672 - 2002-07-29 07:13 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
MCA Offline
KiX Supporter
*****

Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
Dear,

Good job.
Some links doesn't work in a correct way.
f.e.

http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=002682.
http://81.17.37.55/board/ultimatebb.php)

possible a mistyping in the URL specification. we see that you have include "." symbol in it.
Same problem with the other link 2897.
The other URL includes a ")" symbol.
greetings.
_________________________
email scripting@wanadoo.nl homepage scripting@wanadoo.nl | Links | Summary of Site Site KiXforms FAQ kixtart.org library collection mirror MCA | FAQ & UDF help file UDF kixtart.org library collection mirror MCA | mirror USA | mirror europe UDF scriptlogic library collection UDFs | mirror MCA

Top
#68673 - 2002-07-29 07:18 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Thanks MCA. Corrected and tested all links for functionality.
_________________________
There are two types of vessels, submarines and targets.

Top
#68674 - 2002-07-30 07:39 AM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
uuh aah!
this is getting more and more intresting...

you have really done something I can be proud of! (as kix coder)

I might even have some requests for it's new releases after got it tested.

thanks!
_________________________
!

download KiXnet

Top
#68675 - 2002-07-30 02:17 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Fire them away. I just finished updating the login script to be compatible with KiXtart 4.11, my new target environment. So, it's still time to give me some request and I can see whether I can implement them.

I'm also thinking about a different communications system between the scripts, which is done through the .INI file right now.
_________________________
There are two types of vessels, submarines and targets.

Top
#68676 - 2002-07-30 02:25 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
jens, I haven't had time to see it more, but my invecha used selfwritten scripts.
this is easier even, when you just need to have batch-files.
or kix-files to check the correct needs.
_________________________
!

download KiXnet

Top
#68677 - 2002-07-31 10:10 AM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
MightyR1 Offline
MM club member
*****

Registered: 1999-09-09
Posts: 1264
Loc: The Netherlands
Bye Bye MickeySofts SMS... [Razz] [Razz]
_________________________
Greetz,
Patrick Rutten

- We'll either find a way or make one...
- Knowledge is power; knowing how to find it is more powerful...
- Problems don't exist; they are challenges...

Top
#68678 - 2002-08-13 11:09 AM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
masken Offline
MM club member
*****

Registered: 2000-11-27
Posts: 1222
Loc: Gothenburg, Sweden
This is really impressive. I'm gonna look into this for sure.

NICE work there, i'm really impressed!
_________________________
The tart is out there

Top
#68679 - 2002-08-21 05:50 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Fernando Madruga Offline
Starting to like KiXtart

Registered: 2002-08-21
Posts: 149
Loc: Coimbra.Portugal.Europe.Earth....
[Cool] Just found about this KSMS today! It looks as if it's precisely what I've been looking for!! I'll sure be putting it to a BIG test, and should I decide to use it, I'll let you know later how does it behave in a 300 PCs over 12 locations kind of setup.

In a few months, you should probably consider writing a book: "Poor-man's SMS" or something like that! [Smile] With a clear subtitle, plus an acompanying CD it would be a major seller! (I know it all fits on a floppy disk, but adding a diskette would make the book look old as today they all include CDs...)

Keep up the nice work and thanks for what looks to be an excellent tool!

Fernando Madruga
_________________________
Later,   [b]Mad[/b]ruga

Top
#68680 - 2002-08-27 01:07 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Fernando Madruga Offline
Starting to like KiXtart

Registered: 2002-08-21
Posts: 149
Loc: Coimbra.Portugal.Europe.Earth....
Did you check Howard A. Bullock's Corporate Logon Script? It does have some nice touches that could be of use to your KSMS...
 
-------------------
Later,
  Madruga
_________________________
Later,   [b]Mad[/b]ruga

Top
#68681 - 2002-08-27 02:42 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Curiosity is killing me. What aspects of my logon script framework did you like?

[ 27. August 2002, 14:43: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#68682 - 2002-08-27 04:10 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Fernando Madruga Offline
Starting to like KiXtart

Registered: 2002-08-21
Posts: 149
Loc: Coimbra.Portugal.Europe.Earth....
Basically, the idea of keeping most of the files "cached" on the client PC and using a checksum program to check for validity/updateness of those files copying them over if needed...

Even though I have a server on *most* of our sites, some sites *do* have a very slow link (32 Kbps shared by some 10 ppl)...

In fact, this could lead to another suggestion for KiXtart: compressed scripts! Even though it could be a very simple compression, that could save some bandwidth and serve as some sort of basic "hide from curious user"...
_________________________
Later,   [b]Mad[/b]ruga

Top
#68683 - 2002-08-27 05:18 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
If you are talking about scripts alone, then I'm not that concerned about compressions. Dial-up users are already taking advantage of build-in compression. Other users ISDM/Fram-Relay might not really benefit from a decrease in download time from e.g. 5 seconds to 2 seconds.

YMMV
_________________________
There are two types of vessels, submarines and targets.

Top
#68684 - 2002-08-27 06:00 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Fernando Madruga Offline
Starting to like KiXtart

Registered: 2002-08-21
Posts: 149
Loc: Coimbra.Portugal.Europe.Earth....
3 secs here, another 3 elsewhere, and when you look again your logon time decreases substancially...

Especially when we're talking about "adding", that is, currently I have *NO* logon script for my users; if they start having to wait 20 seconds, that will be 20 seconds *more* than they were used to!

The second, "hidden" advantage would be to "conceal" those scripts from some prying eyes... Surelly, there could be still someone left that went all the way looking on the net for KIX32.EXE and finds out how to "uncompress" them, but hey, that simple way of "hiding" stuff from end users works with 99.99% of them!

Besides, if Kix had some compress/decompress routines built in, then it would very easy to copy the compressed DLLs,scripts,UDFs,OCX,whatevers and simply copy those (when needed) from the server... And then we'd be talking about some potencial major savings... [Smile]

Just my 0.02 € worth... [Smile]
_________________________
Later,   [b]Mad[/b]ruga

Top
#68685 - 2002-08-27 06:28 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Fernando Madruga Offline
Starting to like KiXtart

Registered: 2002-08-21
Posts: 149
Loc: Coimbra.Portugal.Europe.Earth....
Just curious: on your site, what are the typical times for the logon batch/script to carry out it's duties?
_________________________
Later,   [b]Mad[/b]ruga

Top
#68686 - 2002-08-27 07:04 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
fernando, we could build a compress script for you.
I have very basic syntax in mind and that compressed file can still be compressed by normal compression utilities and methods.
all it needs is compression "table" introduced at the client or...
if the script is really big (say 30k+) it will still decrease the size when introduced in the script.

well, actually it should work already with script sizes of over 2k...
_________________________
!

download KiXnet

Top
#68687 - 2002-08-27 07:10 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Network is a 10/100MBits switched Class-C subnet.

Login script
Total size of 142KB with commented code and all required .INI files. Executables/DLLs on local computers, scripts/INIs in NETLOGON folders.

4-6 seconds for P3 and faster, unless first login of a virgin account, then it's ca. 30 seconds in order to set up customizations.

10-60 seconds for slower computers.

Add 30 seconds for each drive that's unavailable or printer that's offline.

KSMS
30-40 seconds for clean computers (P3 and faster)
60-180 seconds for slower computers (depends on processor/RAM)

Installations add time, of course, as well as potential reboots.

KSMS is executed at night as to not interrupt daytime productivity.
_________________________
There are two types of vessels, submarines and targets.

Top
#68688 - 2002-08-29 06:36 PM Re: KiXtart Systems Management Server (Part III, The Client) [a.k.a The Complete Package]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
fernando, I have been thinking a little this comp thing...

one way could be converting the script by keywords in it.

say script has structure:
code:
$ReturnCode=writevalue("me_key","me_value","me_data","REG_SZ")
$ReturnCode=writevalue("me_key","you_value","you_data","REG_SZ")
$ReturnCode=writevalue("me_key","him_value","him_data","REG_SZ")
? "me_key written"
exit 0

translating this with keywords can be done with some udf stuff, reducing the functionnames to one char...
but found problem with that solution as shortening of commands do not worky...

so went other way.
make a reference of keywords used in the script and list them in ini-like way in the scripts bottom.
then the script could be got to:
code:
$code="1=2(3,4,5,6) 1=2(3,7,8,6) ..."
for each $line in split($code)
$t=""
for each $letter in split($line,"")
$t=$t+readprofilestring("@scriptpath"+"\@scriptname","k",$letter)
next
$e=execute("$t")
next

exit 0
[k]
1="$ReturnCode"
2="writevalue"
3="me_key"
4="me_value"
5="me_data"
6="REG_SZ"
7="you_value"
8="you_data"
9="him_value"
10="him_data"
11="?"
12="me_key written"
13=

as the basic idea...
I don't want to code the whole stuff directly to this bb-window but I think you get the idea...

[ 29. August 2002, 18:43: Message edited by: Lonkero ]
_________________________
!

download KiXnet

Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 515 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.077 seconds in which 0.03 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org