(imported topic written by Chris91)
Is there any way that we can pull back the variable “LOGONSERVER” as a retrieved property. It look as though it works in Q and A but not when you create a retrieved property in the console. We are currently running version 5 ?
Cheers
Chris
(imported comment written by Rolf.Wilhelm91)
Hi Chris,
this variable is a temporary variable, which exists only in the userspace. Also, because of its temporary nature, it is not saved in the registry at all.
Because the BigFix Client is running as “LocalSystem”, there is from my point of view no simple way to retrieve this information without taking further actions to prepare this. QNA is running in userspace, therefore you can retrieve this information from inside this context.
What do you want to do with the information from the LOGONSERVER ?
What you can do is to create a login script (using an AD policy or an entry in the run-registry-key of the machine itself) to dump this information into a text file and then try to retrieve the information inside with a BigFix relevance script.
Regards,
Rolf.
(imported comment written by brolly3391)
There is a tricky way to pull it from the registry.
Ben showed us how to access the Current User hive of the registry in this thread:
http://forum.bigfix.com/viewtopic.php?id=11
We can use that technique to query HKEY_USERS+User SID+\Volatile Environment
LOGONSERVER
and add some logic to handle the error that would occur when no user is logged on.
q: if exists key (“HKEY_USERS” & name of (key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry) & “\Volatile Environment”) whose (exists value “LogonServer” of it) of registry then (value “LogonServer” of key (“HKEY_USERS” & name of (key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry) & “\Volatile Environment”) of registry) as string else “Not Logged On”
A: \SERVERNAME
T: 9.092 ms
I: singular string
(imported comment written by Steve91)
Hi Brolly/All
Sorry to drag this one up again but I’ve been using this retrieved property since I saw it (thanks by the way)
Just one query, it works fine if someone is logged on, and retrieves the logonserver correctly, but if the machine is logged off the property errors.
Instead of returning “Not Logged On” it just returns in the console (singular expression refers to nonexistant object)
I’ve tried incorporating it into an action script and the script executes fine when a user is logged in but fails at the first “if” statement after “//Determine correct GRC” if no one is logged in
I’m sure most of the problem is down to my syntax (example of some of the action script is displayed below), could you possibly advise please?:-
if {name of operating system = “WinNT”}
parameter “dirAVapp” = “C:\WINNT\Profiles\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5”
else
parameter “dirAVapp” = “C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5”
endif
parameter “logonServer” = “{if exists key (“HKEY_USERS” & name of (key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry) & “\Volatile Environment”) whose (exists value “LogonServer” of it) of registry then (value “LogonServer” of key (“HKEY_USERS” & name of (key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry) & “\Volatile Environment”) of registry) as string else “Not Logged On”}”
//Determine correct GRC
if {parameter “logonServer” = “\GLASGOWDC1”}
appendfile copy “__Download\GRCDATS\Glasgow\GRC.dat” “{parameter “dirAVapp”}\GRC.dat”
elseif {parameter “logonServer” = “\BRADFORDDC1”}
appendfile copy “__Download\GRCDATS\Bradford\GRC.dat” “{parameter “dirAVapp”}\GRC.dat”
etc…
etc…
etc…
else
appendfile copy “__Download\GRCDATS\Miscellaneous\GRC.dat” "{parameter “dirAVapp”}\GRC.dat
endif
copy __appendfile copygrc.dat
dos start /min copygrc.dat
I was expecting the above to copy the relevant GRC.dat file if the logonserver value was returned and to copy the “Miscellaneous” GRC if “Not Logged On” was returned but it doesn’t seem to work that way if no one is logged on, because the “Not Logged On” value is not returned.
Hope this makes some sense and grateful for any advice
Cheers
Steve
(imported comment written by brolly3391)
Steve,
I see what is happening with the property. I should have used another layer of IF THEN to check to make sure there is a current user before using it. The condition on the IF statement in the first example was erroring so the entire statement would error and the ELSE would not take effect.
try this improved version:
q: if exists current user then (if exists key (“HKEY_USERS” & name of (key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry) & “\Volatile Environment”) whose (exists value “LogonServer” of it) of registry then (value “LogonServer” of key (“HKEY_USERS” & name of (key whose ((it = name of current user as lowercase OR it starts with name of current user as lowercase & “@” ) of (it as string as lowercase) of value “Logon User Name” of key “Software\Microsoft\Windows\CurrentVersion\Explorer” of it) of key “HKEY_USERS” of registry) & “\Volatile Environment”) of registry) as string else “Unknown Error”) else “Not Logged On”
A: \LOGONSERVER
T: 4.259 ms
I: singular string
We did a similiar trick with our GRC.DAT files. We had initially tried to copy them from the AV server VPHOME directory directly but we ran into problems with the BES Client not having access to a network resource because it runs in system context so we just copied our existing grc.dats up to the BES Webroot. We keyed our rollouts based on Location By IP instead of logon server, but either concept should work. We also did a check on the current parent server and if it was already correct, then we did not mess with the GRC.DAT for that machine.
RELEVANCE:
exists setting “Location by Ip Range” whose (value of it = “LOCATION A1” OR value of it = “LOCATION A2” OR value of it = “LOCATION A3” ) of client AND exists folder “C:\Program Files\Symantec Client Security\Symantec AntiVirus” whose (exists file “rtvscan.exe” whose (version of it >“10.0.0.0”)of it) AND exists key “HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion” whose(exists value “parent” whose (it > “AVSEVER1” OR it < “58d174175c7df68837d1fca49f2527559a41be50” ) of file “GRC.DAT” of folder “__Download”}
COPY “__Download\GRC.DAT” “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\GRC.DAT”
We were on BES 5 when I wrote it, so I had to write a single fixlet for each server insetad of using IF THEN in the action script. I have to admit that it makes the relevance a lot easier and if we change a servername it is easier to maintain. I also used a hard coded location to the AV client rather than using the registry value to do a lookup of where the AV client is installed.
Cheers,
Brolly
(imported comment written by Steve91)
Thanks again Brolly, tested it this morning and I’m getting much better results.
I am still getting a few hundred machines which keep returning an error though (“singular expression refers to nonexistent object”)
Is there any way I can query this error i.e. basically tell my action script if this error occurs then to do something, as you might in vbscript…If Err.Number 0 Then…etc.?
possibly along the lines of :-
if {parameter “logonServer” = “error???”}
appendfile etc… etc…
The action language reference says that if a parameter returns an error then that parameter is undefined, so I’m unsure how to take an action against it or if possible at all
Cheers
Steve
(imported comment written by brolly3391)
Steve,
I reworked this several times with different approaches and came to the conclusion that I could dramatically simplify things if I took one thing for granted. There should only be one key[value] HKEY_USERS+userSID+\Volatile Environment
LogonServer
, and we don’t care what SID it belongs too.
q: if exist value “LogonServer” of keys “Volatile Environment” of keys of key “HKEY_USERS” of registry then value “LogonServer” of keys “Volatile Environment” of keys of key “HKEY_USERS” of registry as string else “Not Logged On”
A: \LOGONSERVER
T: 1.062 ms
I: singular string
It is so much faster than my original approach of finding the SID of the current user, checking to make sure the keys and values and current user all exist and then surgically pulling the value out of the registry from it’s known location. We can just query all the keys and report the one that matches.
As far as troubleshooting the other method, I would take a few of the error machines and inspect the registry directly to see if any of the keys or values we would have been looking at were missing.
I do not know the answer to your question about parameters. I do not think there is any advanced error handling of relevance used in Action Script. Parameters are new to 6.0 and I am still learning the subtleties of their use.
Cheers,
Brolly