Location: Mail List

Ads

Skyscraper

The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy.  The Archives for this list can be found on this page.

 

List Posts

Forums >GPTalk >GPTalk Mailing List
Subject: [gptalk] Enumerating Group Membership via startup scripts
Prev Next
You are not authorized to post a reply.

AuthorMessages
davesharplesUser is Offline

Posts:55

03/24/2009 9:19 AM  
Hi, maybe a weird request / nothing to do with GPO's but worth a try.

We do our software installation via group policy and our main issue is with scripted installs - so no MSI and therefore no un-installation. At the moment we script the install, create a GPO and use security group filtering to see where it gets applied (used for licensed software such as adobe where we don't have a site license) - all well and good for getting it installed. However if the GPO gets unlinked from the OU then the software doesn't uninstall, so what we intend to do is remove the filtering from the GPO itself and put it in the script, therefore we can say if a member of the group, install if not uninstall all in one script (which will cater for those machines who don't need it applied anymore).

So to cut that long story short what I am looking for is some script / code we can run which will check whether the computer is in a specific group or not.

P.S. we are also looking at Spec Ops Deploy software to help us here as well.

Thanks

Dave
Subscriber Help: http://www.gpoguy.org/Subscribers-FAQ.aspx
List Info: http://www.gpoguy.com/GPTalk-Mailing-List.aspx
List archive (on-site): http://www.gpoguy.com/GPTalk-Mailing-List.aspx#archive
List archive (off-site): http://www.freelists.org/archives/gptalk
kevingayUser is Offline

Posts:5

03/24/2009 11:09 AM  
Well this kinda depends on how your AD security is set up. I've had
trouble getting machines to talk to AD when they run startup or shutdown
scripts since those are running under local system but by all accounts
should fall into the "Domain Computers" group. Anyway here what I would
do (in half-pseudo code). Also assuming you're using VBS.

_______________________________________________________
On error resume next
' Get the group you're looking for
strGroup = "grp-whatever"
err.clear
Set objGroup = Getobject("WinNT://domain.com/" & strGroup & ",group")
'This will select the group of machines that have the software.
'Error check, just in case
If err.number <> 0 then
Msgbox "Error occurred when setting object. Error: " &
err.number & " : " & err.description
End if
Err.clear

'Next search the group for the PC you're running on.
Set objNet = createobject("Wscript.Network")
For Each objMember in objGroup.Members
strCompID = ucase(objMember.name)
strComputerName = ucase(objNet.ComputerName)

if strCompID = strComputerName then
' do code to install or check install existence
Else
' do uninstall code
End if
Next

_____________________________________________________________

Of course change domain.com to your domain.
The trickiest part of this whole script is setting that object up top.
It may just be something screwy with my domain and doesn't like PC's to
enumerate it through scripts. Added some error checking in there to see
if you get an error when setting that object as well. The only Caveat to
this is that it doesn't check in groups below. So if you have a group
within a group it will not check that. You wouldn't want that anyway,
it's a lot of directory search overhead.

Thanks

Kevin

-----Original Message-----
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dave Sharples
Sent: Tuesday, March 24, 2009 8:13 AM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Enumerating Group Membership via startup scripts

Hi, maybe a weird request / nothing to do with GPO's but worth a try.

We do our software installation via group policy and our main issue is
with scripted installs - so no MSI and therefore no un-installation. At
the moment we script the install, create a GPO and use security group
filtering to see where it gets applied (used for licensed software such
as adobe where we don't have a site license) - all well and good for
getting it installed. However if the GPO gets unlinked from the OU then
the software doesn't uninstall, so what we intend to do is remove the
filtering from the GPO itself and put it in the script, therefore we can
say if a member of the group, install if not uninstall all in one script
(which will cater for those machines who don't need it applied anymore).

So to cut that long story short what I am looking for is some script /
code we can run which will check whether the computer is in a specific
group or not.

P.S. we are also looking at Spec Ops Deploy software to help us here as
well.

Thanks

Dave
Subscriber Help: http://www.gpoguy.org/Subscribers-FAQ.aspx
List Info: http://www.gpoguy.com/GPTalk-Mailing-List.aspx
List archive (on-site):
http://www.gpoguy.com/GPTalk-Mailing-List.aspx#archive
List archive (off-site): http://www.freelists.org/archives/gptalk

Subscriber Help: http://www.gpoguy.org/Subscribers-FAQ.aspx
List Info: http://www.gpoguy.com/GPTalk-Mailing-List.aspx
List archive (on-site): http://www.gpoguy.com/GPTalk-Mailing-List.aspx#archive
List archive (off-site): http://www.freelists.org/archives/gptalk
You are not authorized to post a reply.
Forums >GPTalk >GPTalk Mailing List > [gptalk] Enumerating Group Membership via startup scripts



ActiveForums 3.7

Members

MembershipMembership:
Latest New UserLatest:carmicklec
New TodayNew Today:1
New YesterdayNew Yesterday:1
User CountOverall:1399
People OnlinePeople Online:
VisitorsVisitors:0
MembersMembers:0
TotalTotal:0
Online NowOnline Now:

Ads

Banner Inv
Copyright 2009 by GPOGUY.COM
Terms Of Use