Automated Install Script

Due to a huge increase in employee numbers I decided it was time to speed up the deployment process. I had worked with automatic install scripts before whilst at IBM’s Innovation Centre, in fact I rewrote most of them to match newer OS versions etc.

So with a little experience behind me I decided to write a script from scratch that installed the following:

  • .Net 4 (see older post)
  • Adobe Reader
  • Adobe Flash
  • Java Run Time
  • Office 2010 SP1
  • Windows Activation
  • Internal Help Desk application
  • Cisco VPN client (for customer access)

OK, so those who are experts in this will see a very simple, perhaps clunky script, but for what I need it’s perfect. Complete with comments and prompts the script is only 42 lines. and requires only 1 click to run and a further 3 for the Windows activation and Office installer.

A note on deploying Office 2010 - I created my own .mum file and inserted into the Updates folder in the installer location to create this I ran setup.exe /admin and made it as silent as possible to install, meaning you only have to click “Install Now”, it even activates Office for me. For help on this I actually used Microsoft documentation! (http://technet.microsoft.com/en-us/library/dd630736.aspx)

Here’s my entire script (with product keys and file locations modified for security purposes):

@ECHO OFF
rem —————Installer Coded by Jonathan Ward 13/06/2012———————
rem ——————————Major Update 18/06/2012————————————
rem **Updates 19/06/2012** :- Office SP1 & Java included
echo Welcome to Auto Installer
echo Activating Windows 7… EXPECT 2 POPUPS (click OK)
"%windir%\system32\slmgr.vbs" /ipk [key goes here]
"%windir%\system32\slmgr.vbs" /ato
echo …done
echo Installing .Net 4 Runtime…
"\[file location]\netlogon\dotNetFx40_Full_x86_x64.exe" /quiet /norestart
echo …done
echo Installing Adobe Reader…
"[file location]\newpc\AdobeRdr1000.exe" /sAll /msi /norestart ALLUSERS=1 EULA_ACCEPT=YES
echo …done
echo Installing Adobe Flash…
"[file location]\newpc\flash_iexplore.exe" -install
"[file location]\newpc\flash_firefox.exe" -install
echo …done
echo Installing Java Runtime…
"[file location]\newpc\java.exe" /s
echo …done
echo Installing Cisco VPN…
mkdir %USERPROFILE%\Desktop\cisco
xcopy “[file location]\newpc\cisco” %USERPROFILE%\Desktop\cisco /Y /q
start /wait msiexec.exe /q /i “%USERPROFILE%\Desktop\cisco\vpnclient_setup.msi” /norestart
xcopy “[file location]\All PCF” “%ProgramFiles%\Cisco Systems\VPN Client\Profiles” /Y /q
rd /s /q %USERPROFILE%\Desktop\cisco
echo …done
echo Installing Microsoft Office 2010… (Click Install Now)
"[file location]\Office 2010\setup.exe" /config "\[file location]\Office 2010\ProPlus.WW\config.xml"
echo …done
echo Installing Microsoft Security Essentials…
"[file location]\newpc\mse.exe" /s /runwgacheck /o
echo …done
echo Installing Service Desk…
md “%ProgramFiles%\Beoley Mill Software Ltd\BMS ServiceDesk”
xcopy “[file location]\Updates\Dev\*.*” “%ProgramFiles%\[file location]” /Y /E /q
start cscript “[file location]\csnew.vbs”
echo …done
echo Installer complete!
pause

I hope that some of you find this useful in your own script developments.

DotNet4 One-off install script (network deployment)

We needed to deploy .Net4 to all desktops and laptops within the domain in order to be able to use the new version of our in-house developed service desk system, the most critical application in our business outside of Email.

So I found/ modified this script below and added it to group policy as a computer startup script, it worked a treat internally but those on VPN only needed to run the script manually, so I ended up sending it out to everyone anyway!

setlocal

REM *********************************************************************
REM Environment customization begins here. Modify variables below.
REM *********************************************************************

REM Enter the Product Name.
set ProductName= Microsoft .NET Framework 4 Extended

REM Set DeployServer to a network-accessible location containing the Office source files.
set DeployServer=\dc1\netlogon\

REM Set LogLocation to a central directory to collect log files.
set LogLocation=”C:\Windows\Logs”

REM *********************************************************************
REM Deployment code begins here. Do not modify anything below this line.
REM *********************************************************************

IF NOT “%ProgramFiles(x86)%”==”” (goto ARP64) else (goto ARP86)

REM Operating system is X64. Check for 32 bit Office in emulated Wow6432 uninstall key
:ARP64
reg query “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%”
if NOT %errorlevel%==1 (goto End)

REM Check for 32 and 64 bit versions of Office 2010 in regular uninstall key.(Office 64bit would also appear here on a 64bit OS)
:ARP86
reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%ProductName%”
if %errorlevel%==1 (goto DeployOffice) else (goto End)

REM If 1 returned, the product was not found. Run setup here.
:DeployOffice
start /wait %DeployServer%\dotNetFx40_Full_x86_x64.exe /quiet /norestart
echo %date% %time% Setup ended with error code %errorlevel%. » %LogLocation%\%computername%.txt

REM If 0 or other was returned, the product was found or another error occurred. Do nothing.
:End

Endlocal

New VPN Solution

We used to use Routing and Remote Access (RRAS) under Windows 2008 to provide an Active Directory friendly route into the network (we have a lot of remote workers) - And while this is not a fancy solution it did just work. Well, that was until our new WatchGuard Firewall got in the way!

The WatchGuard XTM series is fantastic value for money offering various routing and firewall options for any small-medium network. the XTM 505 is a fantastic piece of kit which during the testing phase has proven to be significantly better that our older x2500 model, which was showing its age.

I’m still yet to figure out exactly what the problem with RRAS and out firewall was, something to do with protocol routing with GRE and PPTP when using 1:1 NAT, however I found so many articles on this and still after following them all to the letter, nothing worked. I couldn’t get in (neither could anyone else) - So I trusted my instinct and this article: http://blog.bruteforcetech.com/archives/470 - Hats off to the guy who wrote it, magnificent overview of how to get it working. Only took 30 minutes to implement the article and then another 15 or so to fiddle around with placing rules on the firewall to allow protocols etc.

What I like about the solution is on my WatchGuard System Manager dashboard I can see who is connected (via RADIUS) and how many bytes they’ve used as well as the IP address they are connected on. This is the first full day of the new solution and I have 6 people from around the UK connected without any issues. FInally I have replaced RRAS with something less glitchy and perhaps easier to manage.

I reused my VPN server as the RADIUS server, but may be able to free it up by putting RADIUS on one of the domain controllers, which would hopefully speed the LDAP lookups up.

Coming Soon… The Great Conficker Battle of 2012

Oh yes, it hasn’t gone away just yet, Conficker is still as big as ever. To get some background try this link:

http://en.wikipedia.org/wiki/Conficker

I will be posting my personal experience very soon, well as soon as its over…

New Final Year Project Site

I have just converted by FYP micro-site into WordPress, so if your interested in virtualisation and private clouds head over to: http://www.johnnyward.me.uk/linux/fyp

Graduation Ceremony 2012

My Graduation Ceremony took place yesterday ay Symphony Hall, Birmgham.

The pictures can be founf here: http://johnnyward.me.uk/galleries/graduation

Nagios Notification Script

Originally posted at johnnyward.co.uk (http://www.johnnyward.co.uk/nagios-notification-script/)

I decided to write my own script for Nagios to send emails to external addresses when MS Exchange goes down in our organisation (which has been happening quite often lately!)

my exchangescript.sh file is called by a command created in the nagios command.cfg file as below:
#Exchange notifications
define command{
command_name notify_ex_mail
command_line sh /etc/nagios3/exchangescript.sh “$NOTIFICATIONTYPE$” “$SERVICEDESC$” “$HOSTALIAS$” “$HOSTADDRESS$” “$SERVICESTATE$” “$LONGDATETIME$” “$SERVICEOUTPUT$” “$CONTACTEMAIL$”
}

The “$PARAMETER$” inputs are created by nagios and therefore would not make sense outside of a Nagios config file.

my exchangescript.sh file is here:
#!/bin/bash
## Send mail notification when nagios detects a problem - manual overide from Nagios defaults ##
## Script By Jonathan Ward 26/09/2011 ##
##Parameter List as defined in /etc/nagios3/commands.cfg
## $1 = Notification Type e.g. “PROBLEM”
## $2 = Service Description e.g. “Explorer.exe” OR “SMTP Status”
## $3 = Host Alias e.g “MyExchangeServer”
## $4 = Host Address e.g. “192.168.1.1”
## $5 = Service State e.g. “CRITICAL”
## $6 = Long Date and Time e.g. “Mon Sept 26 16:07:21 BST 2011”
## $7 = Service Output
# #$8 = Contact Email
##Set Message Subject - spaces won’t work?
msgsubject=’Exchange Issue’
##Set Email Addresses with spaces not commas etc.
msgto=”EMAIL ADDRESSES GO HERE”
##Set Message Body
msgbody=”Nagios is reporting $1 on $3 \n \nService $2 State is: $5 \n \nTime Reported: $6”
##Create subject in file /etc/nagios3/mailbody
#echo -e “$msgbody” > /etc/nagios3/mailbody
##Command to send email with subject and body
#mail -s “$msgsubject” “$msgto”
echo -e “’$msgbody’” | mail -s “$msgsubject” “$msgto” #using internal echo as body - prints -e in emails???
##delete body file for next run
#rm -f /etc/nagios3/mailbody
##Debugging lines go here…
# echo -e “$1 \n$2 \n$3 \n$4 \n$5 \n$6 \n$7 \n$8” > /root/scriptdebug #Copies values of parameters on seperate lines in /root/scriptdebug file
##TO TEST SCRIPT##
## /etc/nagios3/exchangescript.sh “notifcation type” “service description” “host alias” “host address” “service state” “long date time” “service output” “contact email”

Linux Script for monitoring Machine Room temperatures

Following on from one of my first projects at BMS, where I installed a server monitoring solution called Nagios, I have taken things one step further and started using the nagios scripts to provide in depth monitoring which I can target at specific people etc. I have used my knowledge gained from my older Nagios Notifcation Email script as reposted on this blog here.

The plan was to use the Dell OpenManage plugins that I spent so long configuring within Nagios, to send temperature updates via email. The final script (after 4+ hours testing etc.) looks like this:

#!/bin/bash
##ThermoMail.sh
## Send mail notification of Machine Room Temperatures##
## Script By Jonathan Ward 01/02/2012##

##./gettemp.sh (was spereate script)##
rm /root/temperatures
echo -e “Machine Room 1 status: ” > /root/temperatures
/usr/lib/nagios/plugins/check_openmanage -H [ipaddress] —only temp » /root/temperatures
echo -e “\n\nMachine Room 2 status: ” » /root/temperatures
/usr/lib/nagios/plugins/check_openmanage -H [ipaddress] —only temp » /root/temperatures
####

##Set Message Subject
msgsubject=’Machine Room Temperatures’

##Set Email Addresses with spaces not commas etc.
msgto=”mail@example.com

##Command to send email with subject and body
mail -s “$msgsubject” “$msgto”

##DEBUGGING LINES
#echo -e “$msgbody” > /root/mailtest

Now I know this looks a little crude, and could be tidied up with some symbolic links etc. but it is a simple solution and I have scheduled a cron job to run the script 4 times a day…

The output in the email looks like this:

Windows Server Backup with DAG

Following on from the Exchange 2010 issues I’ve been having, my last hurdle has been backups. I couldn’t figure out for the life of me why the daily backups of my Exchange installations were failing. So I followed a couple of YouTube videos and made minor changes. This still didn’t work, so after a day of not thinking about it, and clearing my mind I finally found this solution, which worked a treat:

Using Windows Server Backup on Database Availability Group Members

If a server hosting the data being backed up is a member of a database availability group (DAG) and hosts both active and passive database copies, you must disable the Microsoft Exchange Replication service VSS writer. If the Microsoft Exchange Replication service VSS writer is enabled, the backup operation will fail.

To disable the Microsoft Exchange Replication service VSS writer, perform the following steps:

Log on to the server by using an account that has local administrator access, and then start Registry Editor (regedit).
Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\ExchangeServer\v14\Replay\Parameters.
Add a new DWORD value named EnableVSSWriter, and set its value to 0.
Exit Registry Editor and then restart the Microsoft Exchange Replication service.

This solution is found here: http://technet.microsoft.com/en-us/library/dd876851.aspx

Web Development Projects

In my spare time (limited though it is!) I have been working on a website for a local church (where my better half happens to work) and am quite impressed with the start that’s been made…

So how about visiting http://www.holytrinitybelbroughton.co.uk - and if you have any ideas or suggestions fill in the form on the Contact page.

I have also redone my homepage at: http://www.johnnyward.me.uk and modified some settings on my main blog to fix the URL rewrites (http://www.johnnyward.co.uk). not bad for a new year so far…