Netbooks: Setting Student as Admin’s during deployment

3761637114_47d8ac8cf0 As part of our config for the Student Netbook SOE, we’re going to make each Student an Administrator on their netbook. We don’t want to make every student an administrator on the machines, because of the security/privacy issues that may arise. If every Student is an administrator then it’s possible for them to log onto another Students machine and look/edit/delete/copy their files.

When we unboxed the netbooks we attached our Asset tags (BGSID) and used the barcode scanner to grab the BGSID and Serial for each netbook and put them into Excel. We thought we could use this data and run a post imaging script from Altiris to set the student admin on each machine after they’re sysprep’d and before they’re given out to Students.

We created a SQL database with one table, see below. The image shows our test data, but we’re able to copy the BGSID’s and Serials from the spreadsheet to the database and assign a username for each netbook. The database also has a field for MachineName, which is blank initially and is populated when the script is run. Altiris automatically names the machines, according to the template we’ve specified, but we thought it would be handy to grab the machine name and store it next to the Serial as the machines are assigned to Students.
We can also be sneaky, and use the StudentUserName field to query AD and grab the Student’s firstname and surname to make sticky labels for their machine and maybe their bags too… will see

image001

‘______________________ Start SetStudentAdmin.vbs __________________________
‘Option Explicit

dim adoConn, adoRS, adoStrm
Set adoConn = CreateObject(“ADODB.Connection”)
Set adoRS = CreateObject(“ADODB.Recordset”)
Call GetBGSID

‘_______________________________________________________________________

Sub GetBGSID()

Dim NetBookSerial

winmgmt1 = “winmgmts:{impersonationLevel=impersonate}!//.”
Set SNSet = GetObject( winmgmt1 ).InstancesOf (“Win32_BIOS”)

for each SN in SNSet
NetBookSerial = SN.SerialNumber
Next

adoConn.Open “Provider=SQLOLEDB;Data Source=lumberjack;User ID=sa;Password=12345;Initial Catalog=Netbooks;”
adoRS.Open “select * from netbooks where (Serial = ‘” & NetBookSerial & “‘)”, adoConn, 1, 3

Set objWshNet = CreateObject(“WScript.Network”)
strDomain = objWshNet.UserDomain
strComputer = objWshNet.ComputerName
Set objGroup = GetObject(“WinNT://” & strComputer & “/Administrators,group”)

strUser = adoRS.fields.item(3)

Set objUser = GetObject(“WinNT://” & strDomain & “/” & strUser & “, user”)

If Not objGroup.IsMember(objUser.ADsPath) Then
objGroup.Add(objUser.ADsPath)
End If
adoRS.fields.item(4) = strComputer

adoRS.Update
adoRS.Close
adoConn.Close

End Sub
‘______________________ End SetStudentAdmin.vbs ___________________________

Scripting Switch Configuration Backup

Here’s is a short VBS script which telnet’s into your ProCurve switch and sends a config backup to your TFTP Server. The code can easily be changed to telnet into pretty much any device that supports configuration via telnet.

This code is a modified version of a snippet posted on the VBForums

Dim objShell
Dim objNetwork

Set objNetwork=CreateObject("WScript.Network")

strTitle="Telnet Demo"
strDefaultServer="Server01"
strDefaultUser=objNetwork.UserDomain & "\" & objNetwork.UserName
strDefaultPassword="P@ssw0rd"

strComputer=InputBox("What server or device do you want to connect to?",_
strTitle,strDefaultServer)
If Len(strComputer)=0 Then WScript.quit



strPassword="password"

Set objShell=CreateObject("wscript.shell")
'Start Telnet
objShell.Run "Telnet " & strComputer
'Give app a chance to get started
WScript.Sleep 5000
objShell.AppActivate "Telnet " & strComputer

'Send login credentials
objShell.SendKeys strUsername & "~"
WScript.Sleep 2000
objShell.SendKeys strPassword & "~"
WScript.Sleep 2000

'Send commands
WScript.Sleep 200
objShell.SendKeys "~"
WScript.Sleep 200
objShell.SendKeys "copy startup-config tftp 172.16.1.15 "& strComputer &"_config.txt"
WScript.Sleep 1000
objShell.SendKeys "~"

'give lengthy commands time to finish
'WScript.Sleep 10000

'make sure we get window again
objShell.AppActivate "Telnet " & strComputer
'run another command
'objShell.SendKeys "net share"
'WScript.Sleep 200
objShell.SendKeys "~"

'Close session
'make sure we get window again
objShell.AppActivate "Telnet " & strComputer
objShell.SendKeys "exit"
WScript.Sleep 200
objShell.SendKeys "~"
objShell.SendKeys "exit"
WScript.Sleep 200
objShell.SendKeys "~"
WScript.Sleep 200
objShell.SendKeys "y"
objShell.SendKeys "~"
WScript.Sleep 200
objShell.SendKeys "~"

Save this text in a .vbs file and run via “cscript switchbak.vbs“ from the command line

If your modifying the script to run on something other than a ProCurve switch ,you may have to tweak/add/remove the Sleep and SendKeys ”~” . Using the SendKeys and the tilde will send a carriage return to the telnet session

Also, if you’d like to run this script you will need a TFTP server, free download from Solawinds

To make the back script a useful tool I’ve set it to run and query an MS SQL database to get the addresses for our ProCurve switches and have scheduled it to run regularly. I will post an update with how I’ve set that up sometime soon. The Script is essentially the same but I’ve removed the prompt for the device address and added the database connection query, will post the details shortly

If you have setup the ProCurve Manager then you may find this post redundant, but, I’ve found it to be a handy script to have, and send backup config files to a server where they are easily accessible in a disaster, hopefully…