Clients Not Checking Into Symantec System Center

By | January 12, 2007
0 Comment

I installed a new AV server. It is runinng Symantec AV 10.1 and Symantec System Center
The clients (running Symantec 10.1) did not check into the new server after pushing out a new install of AV.
The problem was with the reg keys and the certificate not being updated.
This script will copy the new certificate to the target computer, update the regkeys
and then it will restart the symantec service. Then in a few seconds the clients will check into
the Symantec System Center on their own!

 

This script has been updated!

I placed the second script below the first one, just incase anyone wants to use the old script.
To operate the new script, create a txt file with the names of the machines you need to have log into the SSC.

Then just drop the .txt file onto the script… The rest is automatic!

 

———-COPY EVERYTHING BELOW THIS LINE———-

'This script will install the correct certificate for the AV server.
'It will rewrite the registry keys on the target computer and restart the Symantec service.
'RUN THIS SCRIPT FROM THE AV SERVER
'Created by Cheyenne Harden 1.11.07

On Error Resume Next

const HKLM = &H80000002
Const OverwriteExisting = TRUE
Const DeleteReadOnly = TRUE
strComputer = Inputbox("Enter the name of the computer you would like to update.")
strService2 = "Symantec AntiVirus" 
strservice = "'" & strService2 & "'"
intSleep = 25000

ManipFile()
RegKey()
RestartService()

Sub ManipFile()
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.DeleteFile("\\" & strComputer & "\c$\Program Files\Symantec AntiVirus\pki\roots\*.cer"), DeleteReadOnly

Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.CopyFile "C:\Program Files\SAV\pki\roots\*.*" , "\\" & strComputer & "\c$\Program Files\Symantec AntiVirus\pki\roots", OverwriteExisting
End Sub

 

Sub RegKey()
'Write Reg Keys
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion"
oReg.CreateKey HKLM,strKeyPath

strValueName = "AlertDirectory" 'Name of a string you want to create
strValue = \\AV_Server_Name_Here\VPALERT$
oReg.SetStringValue HKLM,strKeyPath,strValueName,strValue

strValueName1 = "Parent" 'Name of a string you want to create
strValue1 = "AV_Server_Name_Here"
oReg.SetStringValue HKLM,strKeyPath,strValueName1,strValue1

strValueName2 = "RemoteHomeDirectory" 'Name of a string you want to create
strValue2 = "\\AV_Server_Name_Here\VPHOME"
oReg.SetStringValue HKLM,strKeyPath,strValueName2,strValue2
End Sub

 

Function RestartService()
'restart symantec service
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where Name ="_
& strService & " ")
For Each objService in colListOfServices
objService.StopService()
WSCript.Sleep intSleep   'Gives the service time to shutdown
objService.StartService()
Next
End Function

 

———-COPY EVERYTHING ABOVE THIS LINE———-

 

 

PLEASE MAKE SURE NO WORD WRAPPING IS HAPPENING IN YOUR SCRIPT!!!

To make this script work you will need the items below!

1. Run this script from the AV Server.
2. Make sure the admin account has access to the target computers services and c$ share.
3. Change Reg keys to fit your AV server:
strValue = "\\AV_Server_Name_Here\VPALERT$"
strValue1 = "Print_Server_Name_Here"
strValue2 = "\\AV_Server_Name_Here\VPHOME"

This information is provided "AS IS" with no warranties expressed or implied.

 

**************************************************************************************************** 
*****************************Below starts the update to this script***************************** 
****************************************************************************************************

 

———-COPY EVERYTHING BELOW THIS LINE FOR THE NEW SCRIPT———-

 'This script will install the correct certificate for the AV server.
'It will rewrite the registry keys on the target computer and restart the Symantec service.
'RUN THIS SCRIPT FROM THE AV SERVER as Administrator
'Created/Updated by Cheyenne Harden 11.28.07

On Error Resume Next

const HKLM = &H80000002
Const ForReading = 1
Const OverwriteExisting = TRUE
Const DeleteReadOnly = TRUE

objFileName = ""
IsAlive = False
FileName = ""
FileName2 = ""
strService2 = "Symantec AntiVirus" 
strservice = "'" & strService2 & "'"
intSleep = 30000

Set objFSObj = CreateObject("Scripting.FileSystemObject")
Set objArgs = WScript.Arguments
Set objTextFile = objFSObj.OpenTextFile(objArgs(0), ForReading)

Do Until objTextFile.AtEndOfStream
 strComputer = objTextFile.Readline
       
 If strComputer = "" Then
  WScript.Quit 
 Else
  Ping()
   If IsAlive = True Then
    FileExistsServer()
   End If

 End If

Loop

Function Ping()
 Const OpenAsASCII = 0
    Const DoesNotExist = 0
    Const ForReading =  1
   
    Set objShell = CreateObject("WScript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
  objTempFile = objFSO.GetSpecialFolder(2).ShortPath & "\" & objFSO.GetTempName
  objShell.Run "%comspec% /c ping.exe -n 2 -w 500 " & strComputer & ">" & objTempFile, 0 , True
    Set fFile = objFSO.OpenTextFile(objTempFile, ForReading, DoesNotExist, OpenAsASCII)
   
 Select Case InStr(fFile.ReadAll, "TTL=")
        Case 0
   IsAlive = False
   'WScript.Echo "False"
        Case Else
   IsAlive = True
   'WScript.Echo "True"
    End Select
    fFile.Close
    objFSO.DeleteFile(objTempFile)
    Set objFSO = Nothing
    Set objShell = Nothing
End Function

 

Function FileExistsServer()
 Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\AV SERVER NAME HERE\root\cimv2")
 Set colFileList = objWMIService.ExecQuery _
  ("ASSOCIATORS OF {Win32_Directory.Name='D:\Program Files\Symantec AntiVirus\pki\roots'} Where " _
   & "ResultClass = CIM_DataFile")

 For Each objFile In colFileList
  FileName = objFile.Name
   FileName = Right(FileName,52)
   'WScript.Echo FileName
  FileExistsClient()
  If FileName = FileName2 Then
   'WScript.Echo "Same"
  Else
   'WScript.Echo "Different"
   ManipFile()
   RegKey()
   RestartService()
   WScript.Sleep intSleep
   ServiceCheck()
  End If
 Next

End Function

 

Function FileExistsClient()
 Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
 Set colFileList = objWMIService.ExecQuery _
  ("ASSOCIATORS OF {Win32_Directory.Name='C:\Program Files\Symantec AntiVirus\pki\roots'} Where " _
   & "ResultClass = CIM_DataFile")

 For Each objFile In colFileList
  FileName2 = objFile.Name
   FileName2 = Right(FileName2,52)
   'WScript.Echo FileName2 
 Next
End Function

 

Function ManipFile()
 Set objFSO = CreateObject("Scripting.FileSystemObject")
  objFSO.DeleteFile("\\" & strComputer & "\c$\Program Files\Symantec AntiVirus\pki\roots\*.cer"), DeleteReadOnly

 Set objFSO = CreateObject("Scripting.FileSystemObject")
  objFSO.CopyFile "\\YOUR AV SERVER NAME HERE\D$\Program Files\Symantec AntiVirus\pki\roots\*.*" , "\\" & strComputer & "\c$\Program Files\Symantec AntiVirus\pki\roots", OverwriteExisting
End Function

 

Sub RegKey()
'Write Reg Keys
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion"
oReg.CreateKey HKLM,strKeyPath

strValueName = "AlertDirectory" 'Name of a string you want to create
strValue = "\\YOUR AV SERVER NAME HERE\VPALERT$"
oReg.SetStringValue HKLM,strKeyPath,strValueName,strValue

strValueName1 = "Parent" 'Name of a string you want to create
strValue1 = "AV SERVER NAME HERE"
oReg.SetStringValue HKLM,strKeyPath,strValueName1,strValue1

strValueName2 = "RemoteHomeDirectory" 'Name of a string you want to create
strValue2 = "\\YOUR AV SERVER NAME HERE\VPHOME"
oReg.SetStringValue HKLM,strKeyPath,strValueName2,strValue2
End Sub

 

Function RestartService()
 'restart symantec service
 Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
 Set colListOfServices = objWMIService.ExecQuery _
  ("Select * from Win32_Service Where Name =" & strService & " ")
 For Each objService in colListOfServices
  objService.StopService()
  WScript.Sleep intSleep
  objService.StartService()
 Next
End Function

 

Function ServiceCheck()
 Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
 Set colRunningServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name='Symantec AntiVirus'")

 For Each objService in colRunningServices
  'WScript.Echo objService.DisplayName  & VbTab & objService.State
  If objService.State = "Stopped" Then
   'WScript.Echo "Stopped"
   objService.StartService()
  Else
   'WScript.Echo "Running"
  End If
Next 
End Function

 

———-COPY EVERYTHING ABOVE THIS LINE FOR THE NEW SCRIPT———-

 

PLEASE MAKE SURE NO WORD WRAPPING IS HAPPENING IN YOUR SCRIPT!!!

To make this script work you will need the items below!

1. Run this script from the AV Server.
2. Make sure the admin account has access to the target computers services and c$ share.
3. Change Reg keys to fit your AV server:
strValue = "\\AV_Server_Name_Here\VPALERT$"
strValue1 = "AV_Server_Name_Here"
strValue2 = "\\AV_Server_Name_Here\VPHOME"
4. Change this line to reflect your AV SERVER

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\YOUR SERVER NAME HERE\root\cimv2")
5. Change this line to reflect the path to the Symantec certificate on your server (e.g., c:\…\)

("ASSOCIATORS OF {Win32_Directory.Name='D:\Program Files\Symantec AntiVirus\pki\roots'} Where " _

6. Change this line to reflect the path to the Symantec certificate on your server

objFSO.CopyFile "\\YOUR SERVER NAME HERE\D$\Program Files\Symantec AntiVirus\pki\roots\*.*" , "\\" & strComputer & "\c$\Program Files\Symantec AntiVirus\pki\roots", OverwriteExisting

This information is provided "AS IS" with no warranties expressed or implied.

Leave a Reply

Your email address will not be published. Required fields are marked *