CPC Clients
Configuring Clients to use the services provided by the CPC_Server.
Contents |
Windows Update
For Windows Update just use the standard wuau.adm file in your group policy. Either for AD or Zenworks
Set following in the policy:
Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Specify intranet MS update location
Place http://10.x.y.41 in both boxes.
You can point to the CPC server either through either IP or DNS entry.
Registry Settings
Turn on Windows Update
Switch on Windows Update. All settings managed by the server. It is recommended to tweak your settings to suit your environment. See Windows Update with schedule
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "ElevateNonAdmins"=dword:00000000 "WUServer"="http://10.x.x.41" "WUStatusServer"="http://10.x.x.41"
Windows Update with schedule
This reg file will setup up Windows update with the following settings.
- Intranet update location
- Retrieve and install updates on Wednesday at 3am
- Will not spam the user with "You have not rebooted since you updated your computer"
- Will give a warning if 3am Wednesday rolls around and people are logged in (go home)
A list and guide to most of the settings can be view at http://www.windowsnetworking.com/
To save the registry file paste the contents into notepad and save as file type .reg. Ensure the file type box is set to 'All Files'
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "WUServer"="http://10.28.204.41" "WUStatusServer"="http://10.28.204.41" "TargetGroupEnabled"=dword:00000000 "ElevateNonAdmins"=dword:00000001 "AcceptTrustedPublisherCerts"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] "NoAUShutdownOption"=dword:00000001 "NoAUAsDefaultShutdownOption"=dword:00000001 "NoAutoUpdate"=dword:00000000 "AUOptions"=dword:00000004 "ScheduledInstallDay"=dword:00000004 "ScheduledInstallTime"=dword:00000003 "UseWUServer"=dword:00000001 "RescheduleWaitTimeEnabled"=dword:00000000 "NoAutoRebootWithLoggedOnUsers"=dword:00000001 "DetectionFrequencyEnabled"=dword:00000000 "AutoInstallMinorUpdates"=dword:00000001 "RebootWarningTimeoutEnabled"=dword:00000001 "RebootWarningTimeout"=dword:0000000a "RebootRelaunchTimeoutEnabled"=dword:00000001 "RebootRelaunchTimeout"=dword:000005a0 "IncludeRecommendedUpdates"=dword:00000001 "AUPowerManagement"=dword:00000001
You can deploy the registry file using a batch file. The following batch file purges all settings before placing the new set in silently. Change the path on line 5 to reference your .reg file.
@echo off echo Clearing WSUS settings. . . reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /va /f echo Merging new entires. . . regedit.exe /s "F:\Public\reg_files\wsus.reg"
Symantec Antivirus
The folders created and shared by the SAV server on the CPC can be accessed by navigating to "//10.x.x.41" in Windows Explorer using the following login information:
- Username: infra\cpcread
- Password: cpcread1
Manual GRC.dat copy
- Login to the CPC with the username and password provided.
- Open the vplogon folder and copy the GRC.dat files.
- Then paste the GRC.dat file into C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\
Viewing/Modifying GRC.dat
In Support Tools folder on the SAV CD their is a program called Editor. You can use it to view the grc.dat file. Look at bottom of options for Parent Server and see what it says for the different grc.dat files.
Automating GRC.dat copy
The following two scripts are automated installs of the GRC.dat file. The GRC.dat file seems to be recreated periodically by the AV server. While clients that are already using the server do not need a new copy of the file, running it on every login would make sure that machines on their first connection get the latest version of the GRC.dat file.
- Replace any <driveletter> occurrences with a network drive that is NOT mapped by any other process at logon. This includes USB sticks/drives/devices needing letters. The letter is freed up after use in both instances.
- Put your own ip range in place of 10.x.x.41.
Batch File Setup
The batch file method is recommended for Novell schools. It will have a command window on the screen for the duration of the process.
@echo off REM *** CopyGRCdotDAT.bat REM *** Batch file to setup clients to use the CPC server. REM *** Authors Nick Howson REM *** Version 1 REM *** 17th December 2007 echo Connecting to AV server. . . net use <driveletter>: "\\10.28.204.41\vplogon" /user:infra\cpcread cpcread1 echo Copying data files. . . xcopy <driveletter>:\GRC.dat "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" /y echo Disconnecting. . . net use <driveletter>: /delete clear echo YOU MAY CLOSE THIS WINDOW end
The 'silent' VBScript can be launched by a batch file for schools in a non Windows environment using the 'wscript <script location>' command.
@echo off REM *** Launch the CPC AV setup script wscript F:\PUBLIC\scripts\CopyGRCdotDAT.vbs
VBScript Setup
The script will display no errors and no user interaction. If people login and out in quick succession the GRC.dat file will still be in use by Symantec. This will case the file to be unable to be copied. The line 'On Error Resume Next' forces the script to run regardless. This ensures that the unmapping at the end always runs.
' CopyGRCdotDAT.vbs
' VBScript to setup clients to use the CPC server.
' Authors Nick Howson
' Version 1
' 17th December 2007
On Error Resume Next
Dim objNetwork
Set objNetwork = WScript.CreateObject("WScript.Network")
strLocalDrive = "<driveletter>:"
strRemoteShare = "\\10.x.x.41\vplogon"
strPer = "FALSE"
strUsr = "infra\cpcread"
strPas = "cpcread1"
objNetwork.MapNetworkDrive strLocalDrive, strRemoteShare, strPer, strUsr, strPas
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.CopyFile "<driveletter>:\GRC.dat", "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5", True
objNetwork.RemoveNetworkDrive "<driveletter>:"
