Post by Pegasus [MVP]Post by Matthew CurialePost by Pegasus [MVP]Post by Matthew CurialeThanks for the replies Richard and Pegasus.
As an aside, we have a program called "agent.exe" that already does the
polling of machines on the network... Our problem right now is where to
place the call to the program. If we have it run at login, imagine 10
logins per computer, per day ... Thousands of computers across 40
buildings ... The load on the server would be ridiculous.
The script is definitely something that we'll look at in the very near
future, but for the moment, would we be able to call the agent.exe
program through the same methods (ie: using a semaphore file, through
computer startup scripts, or even a top level GPO)?
TIA ... again!
Matthew Curiale
If you want the load spread over the days and the weeks then you
probably have to trigger each audit from the server itself. You would
need to maintain a database of computer names and dates last polled. A
a) When the poll is due and if the machine is online, or
b) If the poll is overdue and when the machine logs on.
We do have a database that's been started, though I'm not sure if the
last date polled is in there; I'd have to go check. The program resides
on a seperate server from the DC.
This polling can be scripted into the logon script of the machines
themselves, then? And possibly with a time field that checks "if last logon
Post by Pegasus [MVP]30 days, execute agent.exe" ?
Matthew Curiale
If you script the polling into the logon script then you get a whopper of
a load every morning when people report for work, which is exactly what
you said you wanted to avoid.
If you run an inventory script remotely to query all computers in bulk, it
can be run from a client. The script will take a long time to run and will
generate some network traffic, but it will not burden any servers. Also, it
provides a snapshot taken in a short time span. You know when the inventory
is complete, and you can run it on demand whenever you wish. The only
downside is that some clients may be offline at the time, but even that can
be noted in the inventory. The example script I posted pings each computer
before attempting to connect. You could devise a scheme to run the script
repeatedly, but only query computers missed before.
If you use logon or startup scripts instead, you want a mechanism to make
sure the inventory is done once per time period. That's the purpose of the
semaphore file referred to. The trick is where to store it. Best would be to
save it somewhere where you can easily delete all the files, to trigger a
new inventory (assuming you want to run it periodically). I used to use
files named after the client computer saved in a shared folder on the
network. When the logon or startup script starts, it retrieves the NetBIOS
name of the local computer, then checks for the existance of a file with
that name (and *.txt extension) in the shared folder. If the file exists,
the script quits. Otherwise the inventory runs, the information is saved
somewhere on the network, and the file is created in the shared folder to
prevent a repeat of the inventory.
Remember that logon scripts run with the credentials of the user. You could
give the group "Domain Users" read/write permissions in the shared folder
(and where ever the inventory data is to be saved). However, make sure users
have permissions to retrieve the information you are collecting. If you use
Startup scripts, they run with the credentials of the local computer, which
has System privileges on the local computer and the credentials of the
computer object elsewhere in the domain. You can give the group "Domain
Computers" read/write permission in the shared folder (and where ever the
inventory data is to be saved).
One downside of logon/startup scripts is collecting the information
retrieved, which might be in separate files, one for each computer. Also,
you have no control over when the inventory script runs on each computer.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--