Category: Windows – Group Policy


Java Remote Install via GPO and Permissions

Filed Under: Windows - Group Policy by Christopher Webb — Leave a comment
June 29, 2009

Alright, so we had some training that needed the latest Java(6u14) to work.  I extracted the .msi and pushed it out by GPO by doing the following:

Download the version you want from: http://java.com/en/download/manual.jsp

Install Java to the machine you are using.  Once done, go to

C:\documents and settings\<your username>\application data\sun\java\jre<version> folder.

In this folder, there is an msi and a file called data1.cab.  Copy this to a file share accessible by the clients.

Go to GPMC and add  a new GPO, go to Computer Settings>Software Settings>Software Installation>Right click and add new.  Put in the UNC to the msi file(the cab must be in the same directory as the msi btw).  Then set any permissions you want by going to the properties after it is added.

This is the basic way to get Java to install via GPO.  We had one issue, where the training application needed users to have admin rights to the Java folder for the training to run.  Here is what I did for that.

First, make sure you have PSExec installed on the machine you ware working on.

Run a command psexec \\<remote machine name> echo y| cacls “c:\program files\java” /g “<domain>\domain users”:f

This grants any domain users on the machine have /f(full access) to the java folder.  The echo y| is piped in because, cacls command doesnt have a switch to automatically answer y/n to confirm.  this pipes in the y after you run the command.

There is a great program out there for modifying settings in MSI files.  It’s called orca.  you can get it here. Once installed you can do a ctrl+f to find settings and change them.  Some googling may be needed to find what values things need to be set to, but this is one that I do with Java to make it not prompt users for updates constantly.

In orcca, open the jre<version> msi and go to Property table(left column) and find AutoUpdateCheck in the right side.  Change the value to 0(zero).  Then save the msi.  For more options, you can find info on sun’s website and just by looking through the msi in orca.  A lot of the options are selfexplanatory, but there is the ability to go way more in depth than I currently know how, as well.


Tags: , , , , , , , , , , , , ,
Comment

VBScript/GPO to Change Network Speed/Duplex settings

Filed Under: Windows - Group Policy, Windows - Scripting by Christopher Webb — 2 Comments
June 4, 2009

OK, so I have a project where there is a system in place to monitor user desktops and it is getting a 1 second lag.  I Can’t give much more detail than that, but the manufacturers of the software recommended setting the network speed of all servers/clients in the environment to 100M/Full.  This is only affecting a portion of our network and all of our equipment is GB/Full.  There are 80 users and 4 servers that need these changes made.  I needed a way to automate this switch to those particular machines, so I turned to VBscript and GPO.

Here is the script I used:


Option Explicit
Const HKEY_LOCAL_MACHINE = &H80000002
Const ForReading = 1

CheckAllNICS

Sub CheckAllNICS
Dim objFSO : Set objFSO = WScript.CreateObject(“Scripting.FileSystemObject”)
Dim InputFile, ArrayFile, i
InputFile=”localhost”

ArrayFile = Split(Trimws(InputFile),vbcrlf)

For i = 0 To UBound(Arrayfile)
If IsOnline(Arrayfile(i)) Then
IdentifyNIC(Arrayfile(i))
Else
WScript.Echo ArrayFile(i) & “,OFFLINE”
End If
Next
End Sub

Sub IdentifyNIC(strComputer)
Dim objReg
Dim blnNicFound
Dim strKeyPath,arrSubKeys,subkey,strValue
On Error Resume Next
blnNicFound = True
Set objReg = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” & strComputer & “\root\default:StdRegProv”)
If Err Then
WScript.Echo strComputer & “,ERROR READING REGISTRY”
Exit Sub
Else
strKeyPath = “System\Currentcontrolset\Control\Class\{4D36E972-E325-11CE-BFC1-08002be10318}”
objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

For Each subkey In arrSubKeys

objReg.GetStringvalue HKEY_LOCAL_MACHINE, strKeyPath & “\” & subkey,”DriverDesc”, strValue
Select Case strValue
Case “3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)”
WScript.Echo “** CHECK DUPLEX SETTING MANUALLY **”
Exit Sub
Case “Broadcom NetXtreme 57xx Gigabit Controller”, “Broadcom NetXtreme Gigabit Ethernet”
CheckDuplexValue strKeyPath & “\” & subkey, “RequestedMediaType”, strComputer, strValue
Set strIntel = “false”
Exit Sub
Case “Broadcom NetXtreme Gigabit Ethernet”
CheckDuplexValue strKeyPath & “\” & subkey, “RequestedMediaType”, strComputer, strValue
Set strIntelA = “false”
Exit Sub
Case “HP NC7781 Gigabit Server Adapter
WScript.Echo “** CHECK DUPLEX SETTING MANUALLY **”
Exit Sub
Case “HP NC7782 Gigabit Server Adapter
WScript.Echo “** CHECK DUPLEX SETTING MANUALLY **”
Exit Sub
Case “Intel(R) 82540EM Based Network Connection”, “Intel(R) PRO/100 VE Network Connection”, “Intel(R) 82566DM-2 Gigabit Network Connection”, “Intel(R) PRO/100 VM Network Connection”, “Intel(R) PRO/1000 EB Network Connection with I/O Acceleration”, “Intel(R) PRO/1000 MT Network Connection”
CheckDuplexValue strKeyPath & “\” & subkey, “SpeedDuplex”, strComputer, strValue
Set strIntel = “true”
Exit Sub
Case “Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller”
CheckDuplexValue strKeyPath & “\” & subkey, “ConnectionType_A”, strComputer, strValue
Exit Sub
Case “NVIDIA nForce Networking Controller”
CheckDuplexValue strKeyPath & “\” & subkey, “ForceSpeedDpx”, strComputer, strValue
Exit Sub
Case “Realtek RTL8139C+ Fast Ethernet NIC”
WScript.Echo “** CHECK DUPLEX SETTING MANUALLY **”
Exit Sub
Case Else
blnNicFound = False
End Select
Next

If Not blnNICFound Then
WScript.Echo “Unknown NIC on ” & strComputer
End If

End If
End Sub

‘ON INTEL 4 = 100/FULL, ALL OTHERS 6 = 100/FULL, 0 = AUTO FOR EVERY KNOWN NIC

Sub CheckDuplexValue (strDuplexSettingKeyPath,strDuplexSettingSubKey,strComputer,NICType)
Dim strValue
Dim objReg : Set objReg = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” & strComputer & “\root\default:StdRegProv”)
objReg.GetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, strValue
If strValue <> 6 Then
objReg.SetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, “6″
objReg.GetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, strValue
‘WScript.Echo strComputer & “,” & NICType & “,” & strDuplexSettingSubKey & “,” & strValue
End If
If strIntel = “true” Then
objReg.SetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, “4″
objReg.GetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, strValue
‘WScript.Echo strComputer & “,” & NICType & “,” & strDuplexSettingSubKey & “,” & strValue
End If

End Sub

Private Function trimWS(sTxt)
Dim oRE : Set oRE = New RegExp
oRE.Pattern = “(^\s+)|(\s+$)”
oRE.Global = True
trimWS = oRE.Replace( sTxt, “” )
End Function

Function IsOnline(PCName)
Dim objItem
Dim objPing : Set objPing = GetObject(“winmgmts:{impersonationLevel=impersonate}”)._
ExecQuery(“select * from Win32_PingStatus where address = ‘” & PCName & “‘”)

For Each objItem in objPing
If IsNull(objItem.ReplySize) Then
IsOnline = False
Else
IsOnline = True
End If
Next

End Function

So, basically, you need to find the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}001

This is for any NIC on Windows XP.

The Line “DriverDesc” is the Driver name, it much match one of the names in the script above(I left the settings for all the various, to help ease the pain a bit).  Most Drivers will either have a DWORD for “RequestedMediaType”(Broadcom) or “SpeedDuplex”(Intel).  You will have to test to find for others, refer to the script if it helps.  The Registry values to set all cards to auto is “0″(zero), for ALL NICs.  to set to 100/Full, its 6(broadcom) or 4(intel).  adjust the script to meet your needs.

Then, I first tried to call the script from the user’s normal logon file: a batch script.  this would have worked, except users need admin rights to run vbscripts.  Since this is a high security environment, that was not an option.  So I linked a GPO to the OU for the computers I needed the settings changed on.  The GPO was:

Computer Configuration>Windows Settings>Scripts>Startup.  Simply put the path to the script and have the users reboot their machines.  When the machines come up, all pcs will be at the correct speed.

Leave a comment if you have any questions.  I would be glad to go more in depth about how the script works, if anyone cares to know.

 

UPDATED 3/12/12:

I have attached 2 files to this post.  One of them is one of my 8 versions of this script.  It was the most recent and slightly different as it is only working with 2 NICs (named SpeedDuplex2b.txt).  The other files is a properly formatted version of the script in this post (named SpeedDuplex-FromPost.txt).

Hope this helps:

SpeedDuplex-FromPost

SpeedDuplex2b


Tags: , , , , , , , , ,
Comment

Switch to our mobile site