ScriptologyThings we've figured out how to do with

simple batch scripts (so we don't have to

touch computers)

Who?

• Pat and Lori

Where

• Cornell

• 22,000 students

• 18 labs (include CIW)

• Around 500 computers

What?

• Scripting

Why?

• Fixes,

• Monthly patching,

• software adds upon request

• Lack of skilled techs

• Steady increase in usage and requests

How?

• Ghost

• Deep Freeze

• Windows batch

Free utilities that we use

• 7za.exe (7zip command line tool)

• NirCmd.exe (Swiss army knife tool, shortcut, elevate…)

• WUInstall.exe (to launch Windows updates)

• BGInfo (Put info on the desktop image)

Just why? Setx

• setx /m TANNERHOST "en-pq.coecis.cornell.edu"

The Basics: generally useful commands

• If/then/else

• Goto

• If exist

• PrintUI

• Reg (Add/Delete)

• Start (Start /Wait)

• SC (Stop/Start)

• Exit /b ###

• Msiexec

• Shutdown.exe –r –t #

• Wmic

• Del, rmdir, move, etc…

The Basics: Thaw/Freeze

• Copy DFC.exe to local client

• "c:\windows\system32\dfc.exe" PasswordHere /thawnextboot

• Power Control Reboot

• Power Control will continue the script

• Script continues with Logon

The Basics: Logon/Logoff

• REM autologon and reboot or quit if autologon set

• if exist c:\scripts\adauth.txt (GOTO Process) else (GOTO End)

• :Process

• REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon" /v DefaultDomainName /t REG_SZ /d cornell.edu /f

• REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon" /v DefaultUserName /t REG_SZ /d CIT-Labs /f

• REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon" /v CachePrimaryDomain /t REG_SZ /d cornell.edu /f

• REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon" /v DefaultPassword /t REG_SZ /d PasswordHere /f

• REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f

• exit /b 99 (Error trapped at console, causes a power control reboot)

• GOTO End

• :End

The Basics: Install

• MSIExec

• msiexec /i C:\temp\Mathcad15WixInstaller.msi /passive

• Exe

• REM Install Matlab

start /wait c:\temp\install\setup.exe -inputFile c:\temp\my_installer_input.txt

(this install uses an input file to answer all the questions throughout the install)

• Simple install – c:\temp\setup.exe /q or /s

The Basics: uninstall

• WMIC sample

• wmic product where name="Autodesk Inventor Content Center Libraries 2015

(Desktop Content)" call uninstall /nointeractive

• MSI sample

• MsiExec.exe /X{5783F2D7-0111-0409-0110-0060B0CE6BBA} /qn

• HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Pick a Printer…(from a list of 87!)

• REM Determine lab and set proper default printer

• REM Grab machine name and number (or N or P for Instructor and Op)

• set name=%computername%

• set name=%name:~4,5%

• set number=%computername:~-1%

• REM Go to the right lab section to process

• Goto %name%

Pick a Printer (2)

• :BLUE-

• if %number%==N GOTO BlueEven (Instructor Station)

• If %number%==P GOTO BlueOdd (Operator Station)

• SET /A OddEven=%number% %% 2

• if %OddEven%==1 GOTO BlueOdd

Pick a Printer (3)

• :BlueEven

• printui.exe /y /n\\net-print-win.cit.cornell.edu\engr-lib3d

• GOTO End

• :BlueOdd

• printui.exe /y /n\\net-print-win.cit.cornell.edu\engr-lib1

• GOTO End

Net-Print to PaperCut

• Thaw/Logon

• Launch Devices and Printers Control Panel

• Delete old software, printers and Drivers

• Install new software, printers and drivers

• Set printers to Duplex

• Set default print queue

Launch Control Panel

• REM Open Devices and Printers control panel

• REM Printers create much faster with it open

• start control printers

Delete old Printers and Queues

• REM Remove old Net-Print printers and queues

• REM Set Adobe PDF as default

• printui.exe /y /n "Adobe PDF"

• REM delete old printers

• printui.exe /dl /n "Net-Print Holding Queue" /q

• printui /q /gd /n\\net-print-win.cit.cornell.edu\accel1

• printui /q /dn /n\\net-print-win.cit.cornell.edu\uris4c

Delete Old Printers and Queues (2)

• REM Restart print spooler to free up any drivers that may be in use

• net stop spooler

• net start spooler

• REM Delete old Drivers from the system

• printui.exe /dd /m "Xerox Phaser 4400N NPPS" /q

Delete Old Software

• REM Remove old Net-Print software

• if exist c:\windows\kerberosviewer.exe (goto PROCESS) else (goto END)

• :process

• msiexec /fv c:\temp\kerberosticketviewer.msi /q (Repair: runs from source

and recaches local package)

• msiexec /x c:\temp\kerberosticketviewer.msi /q

• rd /s /q "C:\Program Files\Cornell University\Net-Print\"

• :end

Unzip and install PaperCut Client

• REM unzip PC-Client

• cmd /c c:\7za.exe x "C:\temp\PC-Client.zip" -

o"C:\Temp\“

• REM Install PaperCut Client

• msiexec /i c:\temp\pc-client-admin-deploy.msi /passive

Install Driver

• REM Install the PaperCut Global PostScript Driver

• Printui /ia /m "PaperCut Global postScript" /h "x64" /v

"Type3 - UserMode" /f

c:\temp\PaperCutWHQL\PCGlobal.inf

Install the new Print Queues

• REM install printer(s)

• printui.exe /ga /n\\win.net-print.cornell.edu\campus-bw

• printui.exe /ga /n\\win.net-print.cornell.edu\campus-color

Set the Default Printer

• REM Set Default Printer

• REM Wait for printers to install

• timeout 60 (Reboot for Windows 10 systems)

• printui.exe /y /n\\win.net-print.cornell.edu\campus-bw

Set the Queues to Default to duplex

• REM set queue to duplex

• printui.exe /Sr /n\\win.net-print.cornell.edu\campus-bw

/a "c:\oadiprinter.dat" u f

• printui.exe /Sr /n\\win.net-print.cornell.edu\campus-

color /a "c:\oadiprinter.dat" u f

OneRing – Monthly Updates process

• Thaw and Logon

• Delete C:\temp (in case it was leftover from previous run)

• Download files (Updates.zip – includes Firefox, chrome, Java, flash, ….)

• Launch Windows Defender defs update and system scan batch file

• runs concurrently with updates

• Unzip Update Files

OneRing (2)

• Activate Windows and Office with KMS

• Update Adobe Air and Shockwave

• Update Firefox and cleanup desktop

• Launch Firefox

• Update Chome and cleanup desktop

• Launch Chrome (and close it again after 45 seconds)

OneRing (3)

• Update Adobe acrobat and clean desktop

• Update Flash for IE

• Update Flash for Firefox

• Uninstall old Java

• Install new Java

• Close Firefox (launch a while ago)

OneRing (4)

• Clean up Java install

• Update Adobe Creative Cloud (with Remote Update manager tool)

• Delete C:\temp folder

• Start Windows updates

• Move Green.cmd to startup folder

• Make sure AV scan has completed, then reboot

Windows Defender

• REM Delete folder if it was left in error

• If exist c:\scripts\AVDone rd /s /q c:\scripts\AVDone

• REM Update to the latest AV definitions

• "c:\Program Files\Microsoft Security Client\MPcmdRun.exe" -SignatureUpdate

• REM Launch Security Essentials quick scan

• "c:\Program Files\Microsoft Security Client\MPcmdRun.exe" -scan -1

• REM Create a folder to flag scan completion

• MD C:\scripts\AVDone

• exit

Update Firefox

• REM Update Firefox and clean up

• if exist c:\temp\firefoxsetup.exe start /wait

c:\temp\firefoxsetup.exe -ms

• del /q /f "C:\Users\Public\Desktop\Mozilla

Firefox.lnk"

Uninstall old Java

• REM Uninstall old Java installations

• if exist c:\temp\jdkupdate.exe wmic product where

"name like '%%Java 8%%'" call uninstall /nointeractive

• if exist c:\temp\jdkupdate.exe wmic product where

"name like '%%Java SE%%'" call uninstall /nointeractive

Install new Java

• REM Install new Java version

• if exist c:\temp\jdkupdate.exe start /wait

c:\temp\jdkupdate.exe

INSTALLCFG=C:\temp\javaconfig.txt

Close Firefox

• REM Kill Firefox for visibility

• cmd /c taskkill /im firefox.exe

Update Adobe Creative Cloud

• REM Update Adobe CC

• c:\temp\RemoteUpdateManager.exe

Launch Windows Updates

• REM Start Windows Updates

• "C:\scripts\wuinstall.exe" /install /criteria "IsHidden=0

and IsInstalled=0"

Move Green.cmd to startup folder

• REM Move Green.cmd to startup folder to notify of

Windows Updates success

• copy /y c:\scripts\green.cmd

"c:\ProgramData\microsoft\Windows\Start

Menu\Programs\Startup\"

Green.cmd

• cmd /k "color 27&echo

off&cls&echo.&echo.&echo.&echo.&echo Windows

Updates have completed successfully - ready to freeze!"

Make sure AV scan has completed

• REM Check to make sure AV scan is complete

• if exist c:\scripts\AVDone (goto Done) else (goto Wait)

• :Enter

• if exist c:\scripts\AVDone (goto Done) else (goto Wait)

• :Wait

• Timeout 15

• Goto Enter

• :Done

• RD /s /q c:\scripts\AVDone

After OneRing – Check Freeze/Thaw status

• REM run DFC.exe to get status

• c:\windows\system32\dfc.exe get /isfrozen

• if errorlevel 1 (exit /b 1) else (exit /b 2)

Cautionary note about Deep Freeze and

reboots

• Ghost Power control reboot

• Good for continuing a task

• Windows Shutdown –r –t 0 reboot

• Good for rebooting to a frozen state

• Power control to frozen state results in a boot loop.

Check to see if software is installed

• REM Check for MathCAD 15

• If exist "C:\Program Files (x86)\mathcad\MathCAD

15\" (exit /b 15) else (exit /b 20)

Registry adds

• Rem Add Registry key (Accept new IE add-ins)

• REG ADD

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVer

sion\Policies\Ext" /v NoFirsttimeprompt /t

REG_Dword /d 1

NirCmd fun

• REM Put up a screen

• start c:\nircmd.exe infobox "Updates in Progress! Do

not use this machine for any purpose." "Warning!"

A Note on Start

• Works

• Start c:\nircmd.exe

• Fails

• Start “c:\nircmd.exe”

• Start “” “c:\nircmd.exe”

OK, I’ll stop now….

• Questions?

• Comments?

• Better ways?

Thank You!

• Pat Washburn

• pjw2@cornell.edu

• Very Useful site:

• http://www.robvanderwoude.com/