Prevent Scripts from Running on Servers
Use VBScript to prevent scripts from running on a specific type of machine.
January 19, 2010
Some scripts might cause problems if you run them on specific machine types. For example, you wouldn’t want domain logon scripts to run on your Terminal Server machines or other specialized systems. Although you can use Group Policy to handle this problem for logon scripts, a more general technique exists that works from within a script and lets you prevent a script from running on a particular type of machine, on a per-script basis. This solution also works for other specialized tasks.
Preventing a script from running on a specific type of machine is fairly simple if you know where to find the information about a system’s domain role. The Windows Management Instrumentation (WMI) class called Win32_ComputerSystem contains a numeric DomainRole value. Table 1 lists the DomainRole values and their meanings.
Table 1: DomainRole Values and Meanings
Value | Meaning |
---|---|
0 | Standalone workstation |
1 | Member workstation |
2 | Standalone server |
3 | Member server |
4 | Backup domain controller |
5 | Primary domain controller |
In general, standard logon scripts need to run only on member workstations, which have a DomainRole value of 1. You might also want to allow logon scripts to run on non-member machines that are running a workstation OS—for example, if you have home PCs that connect over a VPN and manually run a logon script to obtain resource mappings. To allow for such a case, you’d want to allow the script to run if the system has a DomainRole value of 1 or less.
The simplest solution is to use a bit of VBScript that checks the DomainRole value and quits the script if the DomainRole value is greater than 1. Listing 1 contains such a snippet of VBScript.
You can use the same technique as a safeguard for any script that you want to run only on particular platforms. For example, if you have a script that should run only on member servers but that is accessible from multiple locations or is synchronized across many machines with different roles, you can use the code with the line
if cs.DomainRole > 1 Then
changed to
if cs.DomainRole <> 3 Then
Listing 1: OnServerQuit.vbs
Dim instances, instance, cs
Set instances = GetObject(_
"winmgmts://./root/cimv2")._