Announcement

Collapse
No announcement yet.

Copying files to a bunch of machines

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Copying files to a bunch of machines

    How do I go about copying new or updated files (.ini, .vbs) to %systemroot%, %programfiles% for restricted users (XP) that are in the field users, and connect through VPN.

    Since this needs to be done on a fairly large number of machines I thought about doing it through GPO and logon scripts, but since all are restricted users that won't work because of the lack of permissions.
    Then I thought about doing it using startup scripts, but that also won't work since they are not connected to the network when they start their computers.

    Any and all ideas how to copy over new or updates files to a bunch of machines on a consistent basis are more then welcome.

  • #2
    Re: Copying files to a bunch of machines

    I was only looking at logon/startup scripts, if anyone comes up with a different solution, that solves this please let me know. I there's a method of doing this that I haven't thought of.

    Comment


    • #3
      Re: Copying files to a bunch of machines

      Originally posted by CypherBit View Post
      Then I thought about doing it using startup scripts, but that also won't work since they are not connected to the network when they start their computers.
      That is not true, wired computers authenticate during startup and then receive the GPO computer configurations.

      Try @xcopy "unc\sourcefile(s)" "destinationfolder" /y /c /q /h /r /D to copy the files, during startup, from the share to the local computer.
      The 'everyone' or the 'authenticated users' group must assigned share permissions and also added to the ntfs security for the shared folders ('Read' permissions on the folder containing the files to be copied, and 'Read and Execute' permissions on the folder that contains the batchfile).

      note. The /D switch with the xcopy command above, causes that existing file(s) only are overwritten if the lastmodified date of the new file is more recent than the existing file. This switch is recomended for logon/startup-scripts - so the file(s) will not be copied over and over again to the same computer at each startup, but of course there can be situations where you cannot use this switch!

      \Rems

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: Copying files to a bunch of machines

        Rems, thank you for your reply.

        I'm not entirely clear what you mean by
        That is not true, wired computers authenticate during startup and then receive the GPO computer configurations.
        Since the computers are in the field and connect to our network by using the Cisco VPN client, how can they do the above?
        Any articles, URLs I need to read would be greatly appreciated.

        Comment


        • #5
          Re: Copying files to a bunch of machines

          CypherBit, guess I wasn't awake yet when I was reading the first line of your question that time :sorry: Wat I said was just for local communication.

          If Logon scripts are perfoming well with the VPN logon, then you could consider to use a secondlogon with alternate credentials for the 'copy command' in the logonscript. PSExec is a tool that can help.

          However, always be careful if you want to provide administrators names with its passwords in a plaintext script.
          The best practice is Don't, an 'if you do' good practice is - Use an accountname and password of an account that is a member of the local administrators group, and that has only administrator privileges on the clients.
          Keep name and password separated,
          - hardcode just the account's name in the script, and
          - provide the password only as 'logonscript parameter'.
          - Encode the script.
          - Frequently change password of the account and on the parameter bar.

          It is possible to create a special Domain account for that purpose. Just a normal useraccount with non privileges or extended rights what so ever in the domain. Add this account to the local administrators group (or 'Power Users' group if this would be sufficient) on every client computer.
          However, this is not an easy job to do, if it is not possible to apply a computer configuration et all?? - like using the Restricted Groups - policy
          .


          \Rems

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: Copying files to a bunch of machines

            Rems, I could easily use Restricted Groups (already do, so my service account is added to the local admin group), but the reason for this post is:

            - I want to change the Cisco vpnclient.ini so everyone in our organization would have the exact same settings when the Cisco VPN client opens and that is that the Application Launcher setting in the client would be ticked and would point to a .vbs script which I'd also like to copy to that %programfiles%\Cisco Systems\VPN Client folder.
            The .vbs script checks for the password age, forces an AV update and runs the logon script.
            Logon scripts currently do not work for in the field users when logging in with the Cisco client.

            This is my priority and I just have to figure out a way to do it, so this isn't done manually

            - the second thing not as urgent is I want to change files on a consistent basis in %systemroot% and elsewhere.

            Comment


            • #7
              Re: Copying files to a bunch of machines

              I think I can help. What we must do is:
              1) check if vpn connection is established, by pinging VPN gateway (example, it may be any internal server)
              2) if it is, copy proper files to right place, if not - get a BSOD (well, a nice info will do)
              that is! right ?

              Code:
              @echo off
              ping [your_internal_ip_here] -n 1
              echo errorcode: %ERRORLEVEL% 
              
              IF ERRORLEVEL ==1 GOTO Err
              IF ERRORLEVEL ==0 GOTO Ok
              
              :Err
              echo "No VPN connection. Please establish a VPN connection!"
              GOTO END
              
              :Ok
              echo "VPN OK"
              copy \\[your_internal_ip_here]\vpnclient.ini "%PROGRAMFILES%\Cisco Systems\VPN Client"
              copy \\[your_internal_ip_here]\script.vbs %USERPROFILE%
              GOTO END
              
              :End
              You can add "if exist" clause for copying files or other to suit your needs. Hope this helps.
              Cheers!

              Comment


              • #8
                Re: Copying files to a bunch of machines

                ponton, I appreciate your reply, but I'm not quite certain under what context and when would that batch run that would allow me to copy files to %programfiles%, %systemroot%,...

                Comment

                Working...
                X