I'm the kind of person who likes to dig in and use a bit of scripting to provide a solution to a systems management problem. But over the years, experience has shown that using scripts to overcome specific difficulties isn't always the best solution. Scripts can end up being complex, and unless the rest of the IT staff also has good coding skills, any required modification can pose a problem in the future. For that reason, I always recommend that IT shops look at Group Policy and Group Policy Preferences before investigating custom scripted solutions.
Group Policy Preferences offer advanced functionality that can replace a legacy logon script, but there will be occasion to apply a custom solution. FastTrack Scripting Host (FSH) is a replacement for native VBScript and Windows PowerShell. Although VBScript and the Windows Script Host (WSH) are not especially difficult to learn, a lot of development time and testing by someone who has the skills to work with and debug the scripting language is required when tasks become more complex. As for PowerShell, it is finding its place in newer versions of Windows but is harder to learn and closer to real programming than VBScript is.
Getting the Job Done
Though much of what FSH does can be achieved by using VBScript or PowerShell, there's no doubt that FSH is faster in initial coding and testing. The product also provides some useful workarounds for problems that are specific to the kind of scripting tasks that systems administrators commonly undertake. The development environment uses a drag-and-drop interface to build code, with helpful descriptions of syntax and function at the bottom of the main window. As you can see in Figure 1, the product guides you through forming each line of the script. This "one task, one line of code" paradigm makes FSH easy to learn, but that's not to say that it doesn't require any understanding. I was able to compile some basic scripts without reading up on the syntax, but that might not be the case for those with little or no scripting experience.
It's easy to include attractive GUI elements in FSH scripts, beyond the basic dialog boxes and text input that VBScript offers. You also have the option to add icons, menus, buttons, and other elements. To run a FSH script from your company's Netlogon share, all you need to do is include FSH.exe and the .fsh script in the share. No client-side component is required. However, if you use the free FastTrack Logon component, then the necessary files will be automatically copied from the Netlogon share to the user's application directory and run locally, for more efficient execution.
FSH supports what it refers to as offline scripts. A small executable -- SmartDock -- runs in the background, detects IP address changes, and then triggers a script to run. This capability is especially useful for notebook users who connect to different networks or via a VPN, should the user environment need to be customized for specific network connections.
Solving Tricky Problems
One of the biggest issues with traditional scripting methods, such as VBScript, is that if you need to call an executable or run a routine by using credentials other than those of the logged-on user, you'll either need to prompt the user to enter an alternate username and password -- which is hardly ideal -- or need to embed the credentials in the script, a method that is insecure. FSH allows systems administrators to distribute scripts, either in native .fsh format or as .exe files, with embedded credentials that use strong encryption. Even notebook users without administrative privileges can be sent a quickly created and tested script that runs with admin privileges to install a piece of software or carry out an essential piece of maintenance.
Although other products can achieve the same result, FSH doesn't rely on any components, other than the .exe that the end user runs, to make this happen. In addition, FSH contains a series of commands to simplify dealing with User Account Control (UAC) prompts under Protected Administrator accounts (i.e., administrator accounts that have UAC enabled).
.msi and .exe Packaging
Another powerful feature is the ability to distribute scripts as Windows Installer (.msi) or standard .exe files. Although interesting in its own right, this ability results in a much more intriguing capability: to repackage -- or wrap -- software installers as .msi files without using snapshots. If you've ever created an .msi installer file from before-and-after system snapshots, for use with a software distribution system such as Group Policy or System Center Configuration Manager (SCCM), then you know how hit-and-miss the results can be. Repackaging generally requires a lot of testing and a certain amount of experience. FSH scripts can be used to repackage programs without bypassing the installer logic, which is key to reliable deployment. Any elevation of privilege can be handled from within the installer itself. Windows Installer packages that you create by using FSH support the Windows Installer Major Upgrade flag, allowing automatic redeployment if a new package is detected.
The product's SyncDir command is for file synchronization tasks, such as backing up a Microsoft Outlook .pst file to a server. SyncDir is multithreaded and works at block level, resulting in efficient file-transfer jobs. Although Windows 7 Offline Files also supports block-level transfers (client to server only), there might be instances in which SyncDir has advantages -- for instance, if your clients run Windows XP.
A Swiss-Army Knife for Systems Administrators
Many of the tasks for which FSH might be deployed can be accomplished in other ways, and in many cases you should stick to standard technologies such as Group Policy Preferences, if they meet your needs for configuring user environments. Nevertheless, Group Policy Preferences have their limitations. If you have tricky problems to solve, such as elevating privilege securely from inside a script or repackaging legacy applications, then this product might be the answer.
FastTrack Scripting Host