DEPLOYMENT VIA LOGIN SCRIPT

Why and when to deploy through a login script?

Audits via login script are by far the most widespread method, since they pose the advantage of assuring ongoing diffusion and control of the agents without need of installing software on the PCs. This method guarantees that ALL the machines connecting to the network will be automatically scanned by the SXSi agent.

If you want to prevent any local installation, chose to deploy the agent through the network login script.

Command lines to insert in the login script

Before calling the Synexsys agent, you must ensure that the Synexsys Inventory ..\client folder has been shared so that it is visible from all the PCs you wish to audit. Even if SXSi can deal with long or complex names, try to avoid them as they could easily become a source of trouble.

REMARK: if needed, the ..\client folder and its sub-folders can be placed on one or several other servers (such as login servers).

It is strongly advised:

to end the share name by a dollar sign ($) so that it will not be visible by a simple browse of the network.

to assign a "Read only" access to the share, ("Authorisations" button). Remote PCs only need to read the information contained in this folder.

to control the parameters of file ..\client\config\config.ini using the agent configuration program or directly from the file.

More particularly:

 


 

SERVER=IP Address or HOSTNAME of the Synexsys Server (HOSTNAME is recommended during evaluation tests if the Synexsys server is installed on a DHCP machine).

 

PORT=IP Port of the Synexsys Server (5026 by default, but it can be modified). Make sure the port is accessible and there is no firewall forbidding the access.

 

TEMP=Local temporary folder: either an existing environment variable such as %temp or a local path such as "C:\SXSi\TEMP". (the path will be created automatically on the audited PC).

 

SID=Folder where the workstation's unique identifier (SID) will be stored. It can be either an existing environment variable such as %windir or a local path such as "C:\SXSi". (the path will be created automatically on the audited PC).

then enter the following command in the login script (normally a file named login.bat):

2000/XP/2003 Clients

 

START /PRIORITY /B /D \\server_name\share_name sxsiagent.exe /H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm**] /DETAIL

   
NT4 Clients
 

START /D\\server_name\share_name /PRIORITY /B sxsiagent.exe /H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm**] /DETAIL

IMPORTANT: on NT4, no space should be left between /D and the path. The path should also carry no spaces. Quotation marks are also not allowed.

   
Win95 and Win98 Clients
  START \\server_name\share_name\sxsiagent.exe /H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm**] /DETAIL

** Parameters [/Dnn|/Thhmm] are taken into account after the frequency (F) parameters. This prevents from keeping the agent in memory while it has no audits to perform.

where:

START [/B /D] is a command used in batch files that executes another command in an independent process. It can be used for what follows the script to be executed without waiting for the audit to finish. The agent path must follow option /D.

START CANNOT BE EXECUTED FROM THE START / EXECUTE MENU. THE COMMAND MUST BE PLACED IN A BATCH FILE (.BAT) OR EXECUTED FROM A DOS WINDOW (START / EXECUTE / "CMD")

\\server_name makes reference to the server where the Synexsys agent ..\client folder is found.

\share_name makes reference to the name of the share where the Synexsys agent ..\client folder is found. I you used the "$" sign to hide your shared folder, don't forget to include it (share_name$).

sxsiagent.exe makes reference to the Synexsys Inventory agent found in ..\Client\bin\Agent

/H /W /S refers to the inventory nature (/H hardware, /W Windows, /S Files).

/Fxyy refers to the frequency of the audits:

 


 

x: H Hardware; W Windows; S Files

y: interval in number of: D1 to D31 days, W1 to W5 weeks, M1 to M12 months, or F "Forced" (no interval)

 


/FULL: this parameter allows you to force a full inventory each time. By default, an inventory is incremental compared to the previous one, and therefore a smaller transfer to the server is required. Using the option /FULL is normally not necessary.

/Dnn: allows delaying the audit nn minutes after the start of the agent. This option avoids potential slow-down at login script time and possible conflicts that the agent could have with 16 bits applications loading at startup.

 


 

Example: sxsiagent.exe /H /FHF /D30

Asks a forced hardware audit that will take place only 30 minutes after the agent has been loaded in memory.

 

 

/Thhmm: allows forcing the time of the audit. For instance, in order to perform the audit at non-peak times.

 


 

Example: sxsiagent.exe /H /FHF /T1230

Asks a forced hardware audit that will be carried out at 12:30.

 


/PRIORITY: this optional parameter allows defining the priority Windows assigns to the agent's process. The Synexsys agent does not use many system resources, but given the tasks it needs to perform and based on local PC performance, lowering process priority may be convenient in certain situations.

Replace the term PRIORITY by one of the following possibilities:

/REALTIME
/HIGH
/ABOVENORMAL (since Win2000)
/NORMAL (default)
/BELOWNORMAL (since Win2000)
/LOW

/BELOWNORMAL could be the most appropriate option in most cases

ATTENTION: it is strongly advised not to assign the REALTIME level of priority to the agent as this will prevent any other process from running on the PC during the audit.

 


/DETAIL: Only use this option in specific cases or when advised to use it by the Synexsys support team. This optional parameter allows obtaining a more detailed hardware audit when data is stored in the area above 1 MB of the local BIOS (DMI information is there sometimes). Certain machines may not function correctly if this option is selected.

 


Put the following code in your login script to launch the appropriate command line according to the local operating system :

call server_name\share_name\getwinver.exe
if errorlevel 6 goto wxp
if errorlevel 5 goto wnt
if errorlevel 1 goto w9x
if errorlevel 0 goto wother
:wxp
echo Processing agent for Windows 2000, Windows XP, Windows 2003
START /PRIORITY /B /D "\\server_name\share_name" sxsiagent.exe /H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm] /DETAIL
goto end
:wnt
echo Processing agent for Windows NT
START /D\\server_name\share_name /PRIORITY /B sxsiagent.exe /H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm] /DETAIL
goto end
:w9x
echo Processing agent for Windows 9x (Millenium, 98, 98SE et 95)
START \\server_name\share_name\sxsiagent.exe /H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm] /DETAIL
goto end
:wother
echo OS Unknown
:end

 

Launch the agent with another network account's prerogatives

Using the sxsirun.exe launcher, you may execute the agent with the prerogatives of a different network account. To obtain a detailed explanation of the possible parameters, you may execute "sxsirun.exe /?" from the command line.

sxsirun.exe is in the same folder as the sxsiagent.exe and has to be used in the following way:

sxsirun.exe APP=application USER=user_name PWD=password DOMAIN=domain_name [/WAIT] [/VERBOSE]

where:

APP=sxsiagent.exe

 

 

USER, PWD, and DOMAIN allow launching a process with the prerogatives of a different network account.

To do it: Windows requires that the 4 following rights are assigned to the account:

Act as part of the operating system
Increase quotas
Open a session locally
Replace a process level token

USER=user_name

PWD=password: passwords are encrypted for security reasons. To generate a password, you must use the SXSICRYPT.EXE tool (available on demand) using the "ONLY4U" keyword.

DOMAIN=domain

 

 

/WAIT=wait until the process launched using sxsirun.exe is finished (this option should not be used normally)

/VERBOSE=displays the execution details of sxsirun.exe

Examples :

2000/XP/2003 Clients

 

START /PRIORITY /B /D sxsirun.exe APP=“\\server_name\share_name\sxsiagent.exe” PARAM="/H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm] /DETAIL" USER=user_name PWD=password DOMAIN=domain_name [/WAIT] [/VERBOSE]
   
NT4 Clients
  START /D\\server_name\share_name /PRIORITY /B sxsirun.exe APP=sxsiagent.exe PARAM="/H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm] /DETAIL" USER=user_name PWD=password DOMAIN=domain_name [/WAIT] [/VERBOSE]

IMPORTANT: on NT4, no space should be left between /D and the path. The path should also carry no spaces. Quotation marks are also not allowed for the path.

   
Win95 and Win98 Clients
  START sxsirun.exe APP="\\server_name\share_name\sxsiagent.exe" PARAM="/H /W /S /FHy /FWy /FSy /FULL [/Dnn|/Thhmm] /DETAIL" USER=user_name PWD=password DOMAIN=domain_name [/WAIT] [/VERBOSE]

* Refer to the previous chapters for an explanation of the commands that are not in bold characters.


Related Subjects

Deployment through the Console (NT/2000/XP/2003)

Other Deployment Possibilities (95/98/Me/NT/2000/XP/2003)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Last Update: 21.01.2005