All posts tagged group policy

vbScript: Adding and Removing a Domain Group to a Local Group

By andrew on 3 Comments

Yes, I still use vbscript. Someday, I’ll get to work in an environment where everything is upgraded. Until then, I have to rely on the tried and true vbscript.

One of the most common uses of a Group Policy startup script is for adding users to the local admin group. Just google it and you will find hundreds of scripts doing just that, batch files, posh, vbscript, perl, etc. I wrote the script below because I wanted the flexibility to reuse this script at any client and for any group (not just Administrators but Remote Desktop Users or Power Users).

The config section takes three arguements: Action, strLocalGroup, strDomainGroup.

  • Action: Can be either “Add” or “Remove”. It will either add the domain group to the local group or remove it.
  • strLocalGroup: The name of the local group (e.g. Administrators, Power Users, etc.). I tested w/ all the standard built-in groups.
  • strDomainGroup: The name of the domain group to add to the local group. Note: The workstation has to be a member of the same domain the group resides in.

Download the script (zipped): add-remove-domain-group-to-local-group

'======================================================
' VBScript Source File
' NAME: Add/Remove Domain Group to Local Group
' AUTHOR: Andrew J Healey
' DATE  : 2011.07.08
' COMMENT: Will add or remove the domain group specified 
'	  to/from the local group specified.
' USAGE: Modify the config section to match your env. 
'	The "Action" can be "Remove" or "Add"
'======================================================

Option Explicit
Dim strDomainGroup, strLocalGroup, Action

'--------- START CONFIG SECTION ---------
Action = "Add" ' or Remove
strLocalGroup = "Administrators"
strDomainGroup = "Local-Workstation-Admins"
'--------- END CONFIG SECTION ---------

' Enable error handling routine to ensure startup
' script doesn't throw error at users
On Error Resume Next

Dim strDomain, strComputer
Dim objNetwork, objLocalGroup, objDomainGroup

Set objNetwork = CreateObject("WScript.Network") 
strDomain = objNetwork.UserDomain
strComputer = objNetwork.ComputerName

Set objLocalGroup = GetObject("WinNT://" & _
		 strComputer & "/" & strLocalGroup) 
Set objDomainGroup = GetObject("WinNT://" & _
		 strDomain & "/" & strDomainGroup)

' Do Work
Select Case Action
	Case "Remove"
		objLocalGroup.Remove(objDomainGroup.ADsPath)
	Case "Add"
		objLocalGroup.Add(objDomainGroup.ADsPath)
End Select

' Clean up objects
Set objDomainGroup = Nothing
Set objLocalGroup = Nothing 
Set objNetwork = Nothing

Installing Java via Script and Group Policy

By andrew on 1 Comment

Due to some software requirements, there was a need to get JRE 1.5.0_09 rolled out across our enterprise. The requirements were pretty straight forward:

  • Only install on client operating systems (Windows 2000, Windows XP, Windows Vista and Windows 7)
  • Detect the versions of Java installed. If 1.5.0_09 is installed, exit.  If 1.5.0_08 or less was installed, install this version.  If it has a newer version, do nothing.

The best way of determining the Java versions is to look in %program files%.  On 64-bit machines, this is “C:program files (x86)Java”.  On 32-bit, this is “C:program filesJava”.  The script accounts for this.

I wanted to post this because several of the functions used are very useful.  The share hosting the jre runtime needs to have wide open read-only access so the Local System account can access share (Domain Computers).  This script can then be applied to machine accounts in group policy as a startup script.  If you want to test this, just comment out line 111.

Cheers!
Download Compressed (.zip) script

'======================================================
' VBScript Source File
' NAME: Java Runtime Environment Installation
' AUTHOR: Andrew J Healey
' DATE  : 2010.07.15
' COMMENT: This script will install the jre references based on processor, existing 
' 				   installations, and operating system.  This script is to be run at startup
'				   under the Local System account. No user interaction is required for 
'				   this script to work properly.
'======================================================

Option Explicit

If isClientOperatingSystem = False Then wscript.quit

Dim jreVerMajor, jreVerMinor
Dim strCommand, strPathToInstall, strInstallFile, strArguments

'============== BEGIN CONFIGURATION SECTION =================
jreVerMajor = "jre1.5.0_" 'As string
jreVerMinor = 9 'As Integer for <> operations
strPathToInstall = "\servernameSoftwareJava" 'Point to share \servernamesharefolder
strInstallFile = "jre-1_5_0_09-windows-i586-p.exe"
strArguments = "/s /v /qn ADDLOCAL=jrecore,extra IEXPLORER=1 REBOOT=Suppress JAVAUPDATE=0 SYSTRAY=0 WEBSTARTICON=0"
strCommand = strPathToInstall & strInstallFile & " " & strArguments
'============== END CONFIGURATION SECTION =================

If checkForJRE(jreVerMajor, jreVerMinor) = False Then
	Call InstallJava(strCommand)
End If

Private Function checkForJRE(ByVal jreVerMajor, ByVal jreVerMinor)
	Dim jrePath
	Dim blnMajorFound : blnMajorFound = False
	Dim blnMinorFound : blnMinorFound = False
	
	If is32bit Then
		jrePath = "C:Program FilesJava"
	Else
		jrePath = "C:Program Files (x86)Java"
	End If
	
	On Error Resume Next
		Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
		Dim objFolder : Set objFolder = objFSO.GetFolder(jrePath)
		Dim colSubfolders : Set colSubfolders = objFolder.Subfolders
		Dim objSubfolder
		
		For Each objSubfolder in colSubfolders
			If Left(objSubfolder.Name,Len(jreVerMajor)) = jreVerMajor Then
				blnMajorFound = True
				If CInt(Right(objSubfolder.Name,2)) >= jreVerMinor Then
					blnMinorFound = True
				End If
			End If
		Next
		
		If Err.Number <> 0 Then
			chechForJRE = True
			Exit Function
		End If
		
		If blnMajorFound = False And blnMinorFound = False Then
			checkForJRE = False
		Else
			checkForJRE = True
		End If
	On Error GoTo 0
	
	Set objSubfolder = Nothing
	Set colSubfolders = Nothing
	Set objFolder = Nothing
	Set objFSO = Nothing
	jrePath = Empty
	blnMajorFound = Null
	blnMinorFound = Null
	jreVerMajor = Empty
	jreVerMinor = Empty
End Function 

Private Function is32bit()
	'Get processor architecture; do not use remotely
	const HKEY_LOCAL_MACHINE = &H80000002
	Dim oReg,strKeyPath,strValueName
	Dim strValue
	On Error Resume Next
		Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\.rootdefault:StdRegProv")

		strKeyPath = "SYSTEMCurrentControlSetControlSession ManagerEnvironment"
		strValueName = "PROCESSOR_ARCHITECTURE"
		oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

		If Err.Number <> 0 or strValue = "x86" Then
			is32bit = True
		Else
			is32bit = False
		End If
		Err.Clear
	On Error GoTo 0
	
	Set oReg = Nothing
	strKeyPath = Empty
	strValueName = Empty
End Function 

Private Function InstallJava(ByVal strCommand)
	On Error Resume Next
		Dim objWshShell, intRC

		Set objWshShell = WScript.CreateObject("WScript.Shell")
		intRC = objWshShell.Run(strCommand, 0, True)

		If intRC <> 0 Or Err.Number <> 0 Then
			InstallJava = "Failed"
		Else
			InstallJava = "Success"
		End If
	On Error GoTo 0
	Set objWshShell = Nothing
	intRC = Empty
End Function 

Private Function isClientOperatingSystem()
	Dim objWMIService, objItem, colItems
	Dim strOS

	On Error Resume Next
		' WMI Connection to the object in the CIM namespace
		Set objWMIService = GetObject("winmgmts:\.rootcimv2")

		' WMI Query to the Win32_OperatingSystem
		Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")

		' For Each... In Loop (Next at the very end)
		For Each objItem in colItems
			strOS = objItem.Caption
		Next
		
		If InStr(strOS,"Windows 7") <> 0 Or InStr(strOS,"XP") <> 0 Or InStr(strOS,"2000 Professional") <> 0 Or InStr(strOS,"Vista") <> 0 Then
			isClientOperatingSystem = True
		Else
			isClientOperatingSystem = False
		End If
		
		If Err.Number <> 0 Then isClientOperatingSystem = False
		
		strOS = Empty
		Set objItem = Nothing
		Set colItems = Nothing
		Set objWMIService = Nothing
	On Error GoTo 0
End Function