XCEND Tech Tips: Installing/Upgrading the Altiris Agent via Active Directory Group Policy Startup Scripts – NS7
September 22nd, 2010
[Download a PDF version of this entry]
Ever since the release of Windows Vista and the UAC (User Account Control), installing software via logon and startup scripts has changed. In most situations, most Altiris administrators will opt to rollout the Altiris Agent with an automated push via the Altiris Notification Server. However, this push only occurs at scheduled times. Using group policies, we can install the agent whenever a machine is booted up.
This also helps when it is not possible to get local administrator rights on the computers you will be managing due to security or political concerns, so that the active directory administrators will be taking care of the agent installations. The following document will show you how to create a Group Policy object and apply it to workstations. It will also give you the vbscript to accomplish this. The script will first check for the existence of the Altiris Agent; if not found, it will install the Altiris Agent. If the agent exists, it will check the agents’ version. Version 6 agents will be upgraded; if version 7 is found, it will then check that it is pointing to the correct server and make any necessary redirections.
Note: You must have domain admin rights to perform these tasks.
1. Open up an explorer windows to your local domain controller’s NETLOGON share, as shown (my network in this example is thenetworkguru.local).
2. Copy the file AeXNSC.exe from your Altiris NS server nscap share to this directory. This file will be located at \\nsserver\nscap\bin\win32\x86\NSClient Package.
3. Download the PS Utilities from the following Microsoft site: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx. Extract the files, then copy the psexec.exe to your domain controller NETLOGON share, where you copied the AeXNSC.exe file also. This is needed for Vista/7 clients as UAC runs the startup scripts under a limited SYSTEM account context. However, we need full SYSTEM access. That is what psexec is used for.
4. Under the domain controllers NETLOGON share, right click and create a text file called InstallAltirisAgent.vbs. Be sure that its file extension is vbs, not txt. This may require you to turn off the Folder Option “Hide Known File Extensions.”
5. In the file, copy the following script:
| ‘ Declare Constants const HKEY_LOCAL_MACHINE = &H80000002 ‘ HKEY LOCALMACHINE Const conFileExistPath = “\Altiris\Altiris Agent\” ‘ Install Path of Altiris Agent Const conFileName = “AeXNSAgent.exe” ‘ Agent Executable to check for existance Const conPackageLocation = “\\hqdc01.thenetworkguru.local\NETLOGON\AeXNSC.exe” ‘ Location to Altiris Install Const conInstallPath = “\AeXNSC.exe -s -a ns=”"hqns01.thenetworkguru.local”" NOSTARTMENU NOTRAYICON /s /NOADDREMOVE”‘ Altiris NS Agent Install Command Line Const conRedirectPathFileName = “AeXAgentUtil.exe” ‘ File to Redirect Altiris Agent Const conCMDOptions = “/server:hqns01.thenetworkguru.local /web:http://hqns01.thenetworkguru.local/Altiris” ‘ Options to Redirect Altiris Agent Const conKeyPath = “SOFTWARE\Altiris\Altiris Agent\Servers” ‘ Reg Path to Altiris Server Const conKeyPath64 = “SOFTWARE\Wow6432Node\Altiris\Altiris Agent\Servers” ‘ x64 Reg Path to Altiris Server Const conKeyName = “” ‘ Reg Value to find, blank = (default) Const conServerName = “hqns01.thenetworkguru.local” ‘ Altiris NS Server Name Const conPSExecLoc = “\\thenetworkguru.local\NETLOGON\psexec.exe” ‘ Path to PSEXEC for Win Vista/7 ‘ Declare Variables Dim strComputer ‘ Computer to connect to WMI Server Dim objWMIService ‘ Object to connect to WMI Service Dim osShell ‘ Shell object to get environmental variables Dim oReg ‘ Registry object to get current NS Server setting Dim colItems ‘ Array of Win32_ComputerSystem Objects Dim objItem ‘ Single instance of Win32_ComputerSystem from above variable Dim strSystemType ‘ Type of system x86 or x64 Dim strRootDrive ‘ Root drive of current system Dim strProgramFilesPath ‘ Path to Altiris Agent Program Files Directory Dim strFullPath ‘ Full Path to AeXNSAgent.exe file Dim strRedirectPath ‘ Full Path to AeXAGEntUtil executable along with command line options Dim objFileSys ‘ File System Object used to check for file existenance Dim objFSO ‘ File System Object used to get file version Dim objFileVersion ‘ File Version of current AeXNSAgent.exe Dim strRC ‘ Return Code for Run method Dim strServerValue ‘ Notification Server Name from registry Dim colOSItems ‘ Collection Of Operating System Detail Items Dim objOSItem ‘ Individual OS Item Dim strOSVersion ‘ Windows Version ‘ Create Shell to get Environmental Variables Set osShell = CreateObject(“WScript.Shell”) ‘ Create WMI Connection to local computer strComputer = “.” Set oReg = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” & strComputer & “\root\default:StdRegProv”) ‘ Get System Architecture Type Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2″) Set colItems = objWMIService.ExecQuery(“Select * from Win32_ComputerSystem”) For Each objItem in colItems strSystemType = objItem.SystemType Next ‘ Get System Root Environment Variable strRootDrive = osShell.ExpandEnvironmentStrings(“%SystemRoot%”) ‘ Based on System Type, Get Correct Program Files Folder If (strSystemType = “X86-based PC”) Then ‘ Get program files path strProgramFilesPath = osShell.ExpandEnvironmentStrings(“%Programfiles%”) Else strProgramFilesPath = osShell.ExpandEnvironmentStrings(“%Programfiles(x86)%”) End If ‘ Create Path to Current Altiris Agent AeXNSAgent.exe File strFullPath = strProgramFilesPath & conFileExistPath & conFileName ‘ Check for AeXNSAgent.exe File Existenance Set objFileSys = CreateObject(“Scripting.FileSystemObject”) If objFileSys.FileExists(strFullPath) Then ‘ Get File Properties Set objFSO = CreateObject(“Scripting.FileSystemObject”) objFileVersion = objFSO.GetFileVersion(strFullPath) ‘ Create Full Command Line to Redirect Altiris Agent strRedirectPath = Chr(34) & strProgramFilesPath & conFileExistPath & conRedirectPathFileName & Chr(34) & ” ” & conCMDOptions ‘ Check File Version, If Version 6 upgrade, otherwise check server name If Left(objFileVersion,1) = 6 Then ‘ Old Agent, Upgrade, Start by coping file to local harddrive:\Windows Dim objCopyFile Set objCopyFile = CreateObject(“Scripting.FileSystemObject”) objCopyFile.CopyFile conPackageLocation, strRootDrive & “\AeXNSC.exe” ‘ Check Operating System Version Set colOSItems = objWMIService.ExecQuery(“SELECT * FROM Win32_OperatingSystem”,,48) For Each objOSItem in colOSItems strOSVersion = objOSItem.Version Next If Left(strOSVersion,1) = 6 Then ‘ Run using PSEXEC strRC = osShell.Run (“cmd /c ” & conPSExecLoc & ” /accepteula -s ” & strRootDrive & conInstallPath, 0, true) Else ‘ Run Normally strRC = osShell.Run (“cmd /c ” & strRootDrive & conInstallPath, 0, true) End If Else ‘ Version 7 Agent, Check Server Name Registry Key If (strSystemType = “X86-based PC”) Then oReg.GetStringValue HKEY_LOCAL_MACHINE, conKeyPath, conKeyName, strServerValue Else oReg.GetStringValue HKEY_LOCAL_MACHINE, conKeyPath64, conKeyName, strServerValue End If ‘ Verify Server Name, if not our server, redirect Agent If (strServerValue <> conServerName) Then ‘ Check Operating System Version Set colOSItems = objWMIService.ExecQuery(“SELECT * FROM Win32_OperatingSystem”,,48) For Each objOSItem in colOSItems strOSVersion = objOSItem.Version Next If Left(strOSVersion,1) = 6 Then ‘ Run using PSEXEC strRC = osShell.Run (“cmd /c ” & conPSExecLoc & ” /accepteula -s ” & strRedirectPath, 0, true) Else ‘ Run Normally strRC = osShell.Run (“cmd /c ” & strRedirectPath, 0, true) End If End If End If Else ‘ No Agent, Install, first by copying AeXNSC.exe file to localdrive:\Windows Dim objCopyFile1 Set objCopyFile1 = CreateObject(“Scripting.FileSystemObject”) objCopyFile1.CopyFile conPackageLocation, strRootDrive & “\AeXNSC.exe” ‘ Check Operating System Version Set colOSItems = objWMIService.ExecQuery(“SELECT * FROM Win32_OperatingSystem”,,48) For Each objOSItem in colOSItems strOSVersion = objOSItem.Version Next If Left(strOSVersion,1) = 6 Then ‘ Run using PSEXEC strRC = osShell.Run (“cmd /c ” & conPSExecLoc & ” /accepteula -s ” & strRootDrive & conInstallPath, 0, true) Else ‘ Run Normally strRC = osShell.Run (“cmd /c ” & strRootDrive & conInstallPath, 0, true) End If End If |
6. Change the constants below, replacing thenetworkguru.local with your active directory domain name. Also replace hqns01.thenetworkguru.local with the Fully Qualified Domain Name for your Altiris 7 Notification Server.
conPackageLocation
conInstallPath
conCMDOptions
conServerName
conPSExecLoc
7. Open up Group Policy Management on one of your active directory domain controllers (this could be different if on a Windows 2003 domain controller).
8. Right click on the OU or Domain that you would like to apply this group policy object; click “Create a GPO in this domain”, and link it here. In our example I will name it “Computer Startup Policies.”
9. Right click on the group policy and click “Edit”; this will bring you to the following screen:
10. We will now want to expand Policies–>Windows Settings–>Scripts. Click on Startup.
11. Click on Add.
12. Click browse and type \\domainname\NETLOGON in the filename section as shown below.
13. Now click on the InstallAgent.vbs and select Open.
14. Click OK.
15. Click Apply and then OK.
16. Close all windows and restart a machine in the chosen OU. If they didn’t have the Altiris Agent, they should get this upon next bootup.
Note:
To troubleshoot, the first thing to check is that the file AeXNSC.exe is copied to the local computers C:\Windows directory. Check the event logs for any errors, and if the file is copied down but the agent not installed.
public relations job…
[...]Installing/Upgrading the Altiris Agent – NS7 | XCEND Group[...]…