Asset Management Suite

 View Only
Back to Library

Installing/Upgrading the Altiris Agent via Active Directory Group Policy Startup Scripts (Including Windows Vista and Above Clients) – Notification Server 7 

Sep 21, 2010 12:53 PM

Ever since the release of Windows Vista and the UAC (User Account Control), installing software via logon and startup scripts has changed. In most situations, most Altiris administrators will opt to rollout the Altiris Agent via an automated push via the Altiris Notification Server. However, this push only occurs at scheduled times. Using group policies, we can install the agent whenever a machine is booted up. For this we need group policy.

 

This also helps in the situation, which it is not possible to get local administrator rights on the computers you will be managing due to security or political concerns, thus the active directory administrators will be taking care of the agent installations. So the following document will show you how to create a Group Policy object and apply it to workstations. Also it will give you the vbscript to accomplish this. The script, will first check for the existence of the Altiris Agent, if it exists, if not it will install the Altiris Agent. If the agent exists, it will check the agents’ version, if it is version 6, the agent will be upgraded. If it is version 7, it will then check that it is pointing to the correct server. If it is pointing to the correct server, nothing will happen. If it is not pointing to the correct server, the agent will be redirected to the correct. So let’s start with the configuration.

Note: You must have domain admin rights to perform this article

1. Open up an explorer windows to your local domain controller’s NETLOGON share, as shown (My network in this example is thenetworkguru.local)

 

2. Copy the file, AeXNSC.exe from your Altiris NS server nscap share to this directory. This file will be located at the following location, \\nsserver\nscap\bin\win32\x86\NSClient Package

3. Download the PS Utilities from the following Microsoft site, http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx,and extract the files. Then copy the psexec.exe to your domain controller NETLOGON share, where you copied the AeXNSC.exe file also.

4. This is needed for Vista/7 clients as UAC runs the startup scripts under a limited SYSTEM account context. However, we need full SYSTEM access. That is what psexec is used for.

5. Now under the domain controllers NETLOGON share, right click and create a text file called, InstallAltirisAgent.vbs. Be sure, that its file extension is vbs, not txt. This may require you to turn of the Folder Option, hide known file extensions

6. In the file, copy the following script

' Declare Constants

const HKEY_LOCAL_MACHINE = &H80000002     ' HKEY LOCALMACHINE

Const conFileExistPath = "\Altiris\Altiris Agent\"          ' Install Path of Altiris Agent

Const conFileName = "AeXNSAgent.exe"         ' Agent Executable to check for existance

Const conPackageLocation = "\\hqdc01.thenetworkguru.local\NETLOGON\AeXNSC.exe"       ' Location to Altiris Install

Const conInstallPath = "\AeXNSC.exe -s -a ns=""hqns01.thenetworkguru.local"" NOSTARTMENU NOTRAYICON /s /NOADDREMOVE"' Altiris NS Agent Install Command Line

Const conRedirectPathFileName = "AeXAgentUtil.exe"                ' File to Redirect Altiris Agent

Const conCMDOptions =  "/server:hqns01.thenetworkguru.local /web:http://hqns01.thenetworkguru.local/Altiris"                ' Options to Redirect Altiris Agent

Const conKeyPath = "SOFTWARE\Altiris\Altiris Agent\Servers"   ' Reg Path to Altiris Server

Const conKeyPath64 = "SOFTWARE\Wow6432Node\Altiris\Altiris Agent\Servers"   ' x64 Reg Path to Altiris Server

Const conKeyName = ""       ' Reg Value to find, blank = (default)

Const conServerName = "hqns01.thenetworkguru.local"             ' Altiris NS Server Name

Const conPSExecLoc = "\\thenetworkguru.local\NETLOGON\psexec.exe"  ' Path to PSEXEC for Win Vista/7

 

' Declare Variables

Dim strComputer                                                  ' Computer to connect to WMI Server

Dim objWMIService                                             ' Object to connect to WMI Service

Dim osShell                                                          ' Shell object to get environmental variables

Dim oReg                                                                                 ' Registry object to get current NS Server setting

Dim colItems                                                        ' Array of Win32_ComputerSystem Objects

Dim objItem                                                          ' Single instance of Win32_ComputerSystem from above variable

Dim strSystemType                                                                ' Type of system x86 or x64

Dim strRootDrive                                                   ' Root drive of current system

Dim strProgramFilesPath                                   ' Path to Altiris Agent Program Files Directory              

Dim strFullPath                                                    ' Full Path to AeXNSAgent.exe file   

Dim strRedirectPath                                            ' Full Path to AeXAGEntUtil executable along with command line options

Dim objFileSys                                                     ' File System Object used to check for file existenance

Dim objFSO                                                           ' File System Object used to get file version

Dim objFileVersion                                                               ' File Version of current AeXNSAgent.exe

Dim strRC                                                               ' Return Code for Run method

Dim strServerValue                                                               ' Notification Server Name from registry

Dim colOSItems                                                   ' Collection Of Operating System Detail Items

Dim objOSItem                                                     ' Individual OS Item

Dim strOSVersion                                                                  ' Windows Version

 

' Create Shell to get Environmental Variables

Set osShell = CreateObject("WScript.Shell")

 

' Create WMI Connection to local computer

strComputer = "."

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

 

' Get System Architecture Type

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem")

 

For Each objItem in colItems

                strSystemType = objItem.SystemType

Next

 

' Get System Root Environment Variable

strRootDrive = osShell.ExpandEnvironmentStrings("%SystemRoot%")

 

' Based on System Type, Get Correct Program Files Folder

If (strSystemType = "X86-based PC") Then

                ' Get program files path

                strProgramFilesPath = osShell.ExpandEnvironmentStrings("%Programfiles%")

Else

                strProgramFilesPath = osShell.ExpandEnvironmentStrings("%Programfiles(x86)%")

End If

 

' Create Path to Current Altiris Agent AeXNSAgent.exe File

strFullPath = strProgramFilesPath & conFileExistPath & conFileName

 

' Check for AeXNSAgent.exe File Existenance

Set objFileSys = CreateObject("Scripting.FileSystemObject")

 

If objFileSys.FileExists(strFullPath) Then

                ' Get File Properties

                Set objFSO = CreateObject("Scripting.FileSystemObject")

                objFileVersion = objFSO.GetFileVersion(strFullPath)

 

                ' Create Full Command Line to Redirect Altiris Agent

                strRedirectPath = Chr(34) & strProgramFilesPath & conFileExistPath & conRedirectPathFileName & Chr(34) & " " & conCMDOptions

 

                ' Check File Version, If Version 6 upgrade, otherwise check server name

                If Left(objFileVersion,1) = 6 Then

                                ' Old Agent, Upgrade, Start by coping file to local harddrive:\Windows

                                Dim objCopyFile

                                Set objCopyFile = CreateObject("Scripting.FileSystemObject")

                                objCopyFile.CopyFile conPackageLocation, strRootDrive & "\AeXNSC.exe"

 

                                ' Check Operating System Version

                                Set colOSItems = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem",,48)

 

                                For Each objOSItem in colOSItems

                                                strOSVersion = objOSItem.Version

                                Next

 

                                If Left(strOSVersion,1) = 6 Then

                                                ' Run using PSEXEC

                                                strRC = osShell.Run ("cmd /c " & conPSExecLoc & " /accepteula -s " & strRootDrive & conInstallPath, 0, true)

                                Else                       

                                                ' Run Normally

                                                strRC = osShell.Run ("cmd /c " & strRootDrive & conInstallPath, 0, true)

                                End If

                Else

                                ' Version 7 Agent, Check Server Name Registry Key

                                If (strSystemType = "X86-based PC") Then

                                                oReg.GetStringValue HKEY_LOCAL_MACHINE, conKeyPath, conKeyName, strServerValue

                                Else

                                                oReg.GetStringValue HKEY_LOCAL_MACHINE, conKeyPath64, conKeyName, strServerValue

                                End If

 

                                ' Verify Server Name, if not our server, redirect Agent

                                If (strServerValue <> conServerName) Then

                                                ' Check Operating System Version

                                                Set colOSItems = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem",,48)

 

                                                For Each objOSItem in colOSItems

                                                                strOSVersion = objOSItem.Version

                                                Next

 

                                                If Left(strOSVersion,1) = 6 Then

                                                                ' Run using PSEXEC

                                                                strRC = osShell.Run ("cmd /c " & conPSExecLoc & " /accepteula -s " & strRedirectPath, 0, true)

 

                                                Else                       

                                                                ' Run Normally

                                                                strRC = osShell.Run ("cmd /c " & strRedirectPath, 0, true)

                                                End If

                                End If

                End If

Else

                ' No Agent, Install, first by copying AeXNSC.exe file to localdrive:\Windows

                Dim objCopyFile1

                Set objCopyFile1 = CreateObject("Scripting.FileSystemObject")

                objCopyFile1.CopyFile conPackageLocation, strRootDrive & "\AeXNSC.exe"

 

                ' Check Operating System Version

                Set colOSItems = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem",,48)

 

                For Each objOSItem in colOSItems

                                strOSVersion = objOSItem.Version

                Next

 

                If Left(strOSVersion,1) = 6 Then

                                ' Run using PSEXEC

                                strRC = osShell.Run ("cmd /c " & conPSExecLoc & " /accepteula -s " & strRootDrive & conInstallPath, 0, true)

 

                Else                       

                                ' Run Normally

                                strRC = osShell.Run ("cmd /c " & strRootDrive & conInstallPath, 0, true)

                End If

End If

 

 

7. Change the following constants, replacing thenetworkguru.local with your active directory domain name. Also replacing hqns01.thenetworkguru.local with the Fully Qualified Domain Name for your Altiris 7 Notification Server

      a. conPackageLocation

      b. conInstallPath

      c. conCMDOptions

      d. conServerName

      e. conPSExecLoc

8. Open up Group Policy Management on one of your active directory domain controllers (This could be different if on a Windows 2003 domain controller)

9. Right click on the OU or Domain that you would like to apply this group policy object and click “Create a GPO in this domain, and link it here

10. In our example I will name it “Computer Startup Policies”

11. Right click on the group policy and click “Edit”, this will bring you to the following screen

12. We will now want to expand Policies-->Windows Settings-->Scripts. Click on Startup

13. Click on Add

14. Click browse and type \\domainname\NETLOGON in the filename section as shown below,

 

15. Now click on the InstallAgent.vbs and Click Open

 

16. Click OK, on the screen as shown above.

17. Now click Apply and then OK

18. Now close all windows and restart a machine in the chosen OU. If they didn’t have the Altiris Agent, they should get this upon next bootup.

 

Note:

To troubleshoot, the first thing to check is that the file AeXNSC.exe is copied to the local computers C:\Windows directory.

Check the event logs for any errors, if the file is copied down but the agent is not installed.

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Brian Nelson
Feb 20, 2014 04:05 PM

For the two previous commenters:

Make sure you're running this from a startup script (computer policy) as opposed to a logon script (user policy). The permissions of the logged-in user should have no bearing on the functionality of this setup.

 

For everyone:

The VB script provided here has an issue. At least with SMP 7.1.2, the agent is 64bit-native. Hence the two x86-specific checks in the VB script will fail on machines running x64 OS due to it looking in the wrong place for an existing agent. The result is that it won't 'see' an existing agent and instead attempts to install the agent every time the machine is booted.

I fixed this by removing the two IF stanzas that start with this:

If (strSystemType = "X86-based PC") Then

Then replace them with one of the lines below, as appropriate:

strProgramFilesPath = osShell.ExpandEnvironmentStrings("%Programfiles%")

oReg.GetStringValue HKEY_LOCAL_MACHINE, conKeyPath, conKeyName, strServerValue

 

I don't have any older agents in my environment to worry about (v6 or non-x64 v7 agents). If you do, you'd need to code some better logic into the VBS to check in all the correct places.

 

Migration User
Mar 19, 2012 10:04 AM

We're running into the same issue, as all our users are power users.  I don't know enough about VB to figure out where to add in administrator credentials, so I'm researching other methods.  We can't really push it out via the Altiris server, because it will end up on all the computers in our domain, which we don't want (and subnets don't work as people travel and move around so much).

I did change the configuration though, of this line, as I do want to allow it to appear in add/remove programs and the tray.  We've had too many issues with broken agents in the past to not want to be able to easily remove it.

Const conInstallPath = "\AeXNSC.exe -s -a ns=""hqns01.thenetworkguru.local"" NOSTARTMENU /s "' Altiris NS Agent Install Command Line

Migration User
Dec 08, 2011 01:32 AM

Thanks for this post. Our script was very similar to this when we started running into UAC issues. I added your psexec portion to our script but the return code is 5 which means access is denied. When I removed the portion of the script that executes psexe silently I receive a UAC prompt to run AeXNSC.exe

This happens when the user's local permissions are User and Power User.

Any ideas where we can go form here?

 

Some suggestions for your script that may help others:

 

1. Running tasks: We have a few smart users who have identified the Altiris Agent exe and found a way to prevent it from running on startup. We added a section in our script to detect if this process is running and if not take action.

2. Machine Guid: Similarly users have found way to prevent the Altiris agent from connecting to the server, so we added a section in our script to verify that the machine had a guid and that the ns server was set right. 

Related Entries and Links

No Related Resource entered.