Software-deployment tools such as Microsoft Systems Management Server (SMS) are a preferred method of software deployment for most organizations. However, your organization might not have the budget to support buying and implementing this type of tool. Other choices are to use a tool that's built into the Windows OS (e.g., Group Policy Objects—GPOs) or a custom logon script. I prefer custom logon scripts because they provide a flexible method for configuring, installing, and maintaining systems. One practical use for logon scripts is to automate deployment of software and patches. Here, I show you how to create a VBScript logon script that does exactly that. You can modify the script to use in your own environment.
The Basic Logon Script
Table 1 lists required and optional features for our logon script. The essential requirement is for the script to install and uninstall software and patches. The script must also let an administrator turn on or off individual software or patch installations. Optionally, the script should display messages, collect information, and configure the OS and applications.
Using these requirements, I created a basic logon script—Install.vbs—which Listing 1 shows. The script reads through an input file that contains commands, executes those commands line by line, and displays installation messages on screen. I chose to use Microsoft Internet Explorer (IE) to display the on-screen messages, although you could use another method to do so.
Install.vbs meets all our essential requirements for a logon script. First, it performs the key requirement of installing and uninstalling software and patches by acting as a wrapper that reads a command from the provided input file and executes it line by line, similar to executing a batch file. The script uses the FileSystemObject object's OpenTextFile method to open and read the commands from the input text file and uses the WScript.Shell object's Run method at callout B in Listing 1 to execute the read command.
For example, suppose that you want to delete all files in a temporary directory, run installpkg1.vbs to install WinZip, update your virus scanner's .dat files by running updatevs.cmd, and install a security update for Microsoft Data Access Components (MDAC). To perform these tasks, you'd create an input file that contains one command per line and save it as a text file called installer_input.txt. When Install.vbs runs, it reads installer_input.txt and executes the commands in it line by line, in the order in which they're listed in the file. The sample text file in Listing 2 shows that the script will execute the Del command, installpkg1.vbs, updatevs.cmd, and the MDAC installation command. (Several lines in Listing 2 wrap to the next line because of space constraints.) In our example, a central server hosts all the installation files, so in the text file I've included the Universal Naming Convention (UNC) path (i.e., the absolute path) to the install share on the server.
The script also performs the second required function: During execution, it displays the installation messages on the user's screen. You can script this display capability in several ways. For example, you could use a WScript.Echo command to pop up a message, or use the WScript.StdOut property to write the output to the console. However, to use either method in unattended mode (i.e., to avoid displaying a pop-up window that the user must click to continue script execution), you need to run the script with the CScript scripting host.
Alternatively, you can use IE to display messages, which is the method I use in Install.vbs. You can use the InternetExplorer.Application automation object to create a new document window and write to the window by using the object's Write method. You can find detailed information about the InternetExplorer.Application object at http://msdn.microsoft.com/workshop/browser/webbrowser/reference/objects/internetexplorer.asp?frame=true.
As callout A in Listing 1 shows, Install.vbs begins by initializing the display-window properties and setting the visible property to true to make the window visible at runtime. The script also stores the new IE document object (the display-window object) in the oDoc variable. The code at callout B then passes to the DocWrite subroutine at callout C the message that will be written in the IE display window.
Install.vbs provides the third essential function for our logon script: It lets you turn an installation on or off at will. You can enable a command's execution simply by adding the command to the input text file. Conversely, deleting a command from the input text file disables execution of the command.
Finally, Install.vbs meets the two optional requirements for the logon script: configuring the OS and applications and collecting information. For example, if you want to change the default WinLogon display message (which appears when a user presses Ctrl+Alt+Delete in Windows NT or later), you'd include in the input text file the command
regedit /s winlogon.reg
where the winlogon.reg file contains the registry configuration that you want to set. To collect information, such as available disk space, you can include in Install.vbs a command to execute a program or a script that gathers such information.
Identifying the OS Type
Now that we've created a simple mechanism for serially executing commands that install or uninstall software or patches, the next step is to give Install.vbs the ability to detect an OS, thereby ensuring that you don't install software on a server or domain controller (DC). In other words, we must ensure that the software is deployed only to systems running specific OSs—in our example, Windows XP or NT 4.0 Workstation. (You can specify other Windows OSs if you want.)
If your environment consists solely of systems running Windows 2000 or later, you can opt to use Windows Management Instrumentation (WMI) to identify the OS. You can add to your script code that reads the WMI Win32 OperatingSystem class's Name property to retrieve the OS type and reads the Win32_ComputerSystem class's DomainRole property to identify the OS role. Listing 3 shows a sample function—DetectOS—that you can include in the Install.vbs script to retrieve the OS name.
You can also use the DetectOS function to detect Windows 98 or later in your environment, provided you've installed the WMI Core components on your Win98 or later systems before using the script. (You can download the WMI Core components for NT 4.0 Server and NT 4.0 Workstation at http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=afe41f46-e213-4cbf-9c5b-fbf236e0e875.)
For mixed environments (i.e., environments that include NT 4.0 systems that don't have WMI Core services installed), you can use a utility such as GetType to detect the OS type. GetType, which is included in the Management section of the Microsoft Windows 2000 Resource Kit, is a command-line utility that lets you detect the type of OS that's installed on a local or remote machine. When executed, the utility queries the registry for the computer's installation type and accordingly sets the error level (%ERRORLEVEL%). Table 2 shows the error levels that GetType (gettype.exe) returns. As you can see, you can't use GetType to identify systems running Windows Server 2003 or XP. To identify systems that have those OSs installed, you can add to your logon script code that uses the For command to parse the Ver command output, as Listing 4 shows. The Ver command returns an OS's version information, which the For command parses to identify the installed OS version.
The Last Step: Creating the Command Batch File
The final step is to write a command that you can use to execute the Install.vbs logon script. Listing 5 shows LogonScr.cmd, a batch file that you can use in a mixed environment. The code begins by issuing the Echo Off command to disable the display of the commands that the batch script is executing. Next, at callout A, the code checks whether the system is running NT. (If your environment includes older OSs such as Win98 or Windows Me, consider installing WMI for Win98 or use the For and Ver combination that I described earlier to identify the OS type.)
After the script has verified that the system is running NT, the script checks whether the system is running Windows 2003. If so, the script simply ends. Next, the script checks whether the OS is XP and, if so, the script skips to the XP section. If the script finds that the OS type isn't XP, the code at callout C calls gettype.exe to identify whether the system is running Win2K or NT 4.0.
You'll want to include error-handling code in the batch script. The code at callout B uses the If command to check whether the gettype.exe file exists and ends the script if it doesn't find the file. To obtain more information about the If command, including command syntax, open a command-shell window and enter
at the command line.
LogonScr.cmd's next task is to execute the Install.vbs script according to the OS type. To do this, LogonScr.cmd requires a version of Install.vbs that's customized for the particular OS type and is stored in a unique folder. You'll need to create these customized scripts and their folders before you run LogonScr.cmd. To create them, follow these steps:
- Create three folders named WindowsXP, Windows2000, and WindowsNT.
- Copy Install.vbs into each folder.
- Create the installer_input.txt file in each folder. In each version of installer_input.txt, include the specific commands for each OS type.
- Include the path (absolute or relative) in the batch file for each OS type, as the code near the end of Listing 5 shows, to execute Install.vbs from the Windows2000, WindowsNT, and WindowsXP folders, respectively.
Running the Logon Script
To run the logon script on a user's computer, you simply set the logon script property of a user's object in Active Directory (AD) to LogonScr.cmd. You can use the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in. If you have NT's Directory Services in an NT domain, you can use the User Manager for Domains. After the logon script property is set, during the user's next logon LogonScr.cmd will run, detecting the OS type and executing the Install.vbs script. When Install.vbs is executed, it runs the commands in the order they're listed in the input text file and displays the installation messages as the commands are executed, as Figure 1 shows. After executing the last command in the list, the script closes the IE display window, as the code at callout C in Listing 1 shows, then ends.
The Install.vbs and LogonScr.cmd logon scripts offer an appealing alternative to running around the office installing software and patches on individual workstations, especially in environments that have a mix of systems running different OSs. These scripts can lighten your burden as a Windows administrator by helping you deploy software and patches in a timely fashion.