9
ENTERPRISE
Because the computer boots several times, the script needs to check a value to see what phase of the
script is currently running. Because the computer will be Frozen at times, a value cannot be stored
in the Frozen partition. This means the value must be stored either on the network or in a Thawed
partition on the computer.
It is also important to understand that the above flowchart is a very simple model. In a real-world
example, the flowchart would most likely have additional steps to disable the keyboard and mouse
and check for the current version of the patch to run. Those steps are beyond the scope of this white
paper.
Logon Patch Maintenance Example
The following example uses an Active Directory environment to call a script file when a user logs on.
The following section describes how to create a script based on the earlier flowchart and implement
Group Policy to call this script when a user logs on. A full version of the script can be downloaded from
the following location:
http://www.faronics.com/Faronics/Documents/DFEnt_ADUpdateScript.zip
Creating the Update Script
This script checks to see if the computer requires updates. If the computer requires an update, it
prompts the user. If the user selects
Yes
, the computer is put into a Thawed state. At this point, the
patch is applied and the computer is returned to a Frozen state.
Use the following steps to create the script file one section at a time:
The script file can be created using many different editors. In this case, Notepad is used.
1.
Open Notepad and enter the following text to create the global assemblies:
‘ ********** GLOBAL ASSEMBLIES **********
Set objNet = CreateObject(“WScript.NetWork”)
This code segment creates an object called
objNet
used throughout the script.
2.
Enter the following text to create the global variables:
‘ ********** GLOBAL VARIABLES **********
strUNCPath = “\\FarDemo.local\NETLOGON\”
strMarkerFile = objNet.ComputerName & “.mar”
strMarkerCompleteFile = “COMPLETED-” & objNet.ComputerName & “.fin”
strUNCPath
is a variable that maps to a server. Modify the path to match that of the server
being used. This is where the marker files are created. The Marker files are used to determine
whether the machine requires an update and whether the update is completed.
strMarkerFile
is a variable holding the name of the marker file used to indicate whether an
update is running. Each marker file has the unique name equal to the machine the update is
running on.
strMarkerCompleteFile
is a variable holding the name of the file to indicate if the patch has
been run. If this file exists, the update has been run and is not required to run again.