Posts Tagged ‘Logon Script’

The problems described in the symptoms section occur because of a lock on the Service Control Manager (SCM) database.  As a result of the lock, none of the services can access the SCM database to initialize their service start requests. To verify that a Windows computer is affected by the problem discussed in this article, run the following command from the command Prompt:

sc querylock

The output below would indicate that the SCM database is locked:

QueryServiceLockstatus – Success
IsLocked : True
LockOwner : .\NT Service Control Manager
LockDuration : 1090 (seconds since acquired)

There is no additional information in the Event Logs beyond those from the Service Control Manager indicating that Service startup requests have timed out. The underlying root cause is a deadlock between the Service Control Manager and HTTP.SYS.

Resolution

You can modify the behavior of HTTP.SYS to depend on another service being started first.  To do this, perform the following steps:

  1. Open Registry Editor
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\HTTP and create the following Multi-string value: DependOnService
  3. Double click the new DependOnService entry
  4. Type CRYPTSVC in the Value Data field and click OK.
  5. Reboot the server

NOTE: Please ensure that you make a backup of the registry / affected keys before making any changes to your system.

 

Advertisements

Issue: We had a System running Server 2008 and when it would boot it would hang with “Applying User Settings”.  When it would finally load, many of the services were not started.
Diagnosis: http://support.microsoft.com/kb/2004121 – This Microsoft Article explains the issue associated with the SCM database being locked:

sc querylock
The output below would indicate that the SCM database is locked:
QueryServiceLockstatus – Success
IsLocked : True
LockOwner : .\NT Service Control Manager
LockDuration : 1090 (seconds since acquired)

Resolution: You can modify the behavior of HTTP.SYS to depend on another service being started first.  To do this, perform the following steps:

  1. Open Registry Editor
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\HTTP and create the following Multi-string value: DependOnService
  3. Double click the new DependOnService entry
  4. Type CRYPTSVC in the Value Data field and click OK.
  5. Reboot the server

 

NOTE: Please ensure that you make a backup of the registry / affected keys before making any changes to your system.


To update your Norton antivirus files with shell scripting, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Download the latest Intelligent Updater file from http://www.symantec.com to the new directory.
  3. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

Set IUPDATER=iufile

%IUPDATER% /Q > Nul

Here, IUPDATER is a variable containing the complete path and file name of the Intelligent Updater executable.


To update your McAfee antivirus engine and/or signature files with shell scripting, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS

Set SDAT=”superdat

Set DAT=”datfile

Set NAILOG=”textlog

Set DDAY=”DOTW

For /F “Tokens=1” %%I in (‘Date /T’) Do Set Day=%%I

If %DAY% EQU %DDAY% Goto UENGINE

%DAT% /F /PROMPT /REBOOT /SILENT /LOGFILE

%NAILOG%

GOTO END

:UENGINE

%SDAT% /F /PROMPT /REBOOT /SILENT /LOGFILE %NAILOG%

GOTO END

:END

Set SDAT=

Set DAT=

Set NAILOG=

Set DAY=

Here, SDAT is a variable containing the complete path and file name of the SuperDAT executable; DAT is a variable containing the complete path and file name of the DAT executable; NAILOG is a variable containing the complete path and file name of the status log text file; and DDAY is the day of the week (Mon, Tue, Wed, Thu, Fri, Sat, Sun) to run the SuperDAT as opposed to the daily DAT file.


Although it’s not essential, many administrators like to display a greeting to the user depending on the time of day. To display a time-based greeting from the command line, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS

For /F “Delims=: Tokens=1” %%I in (‘Time /T’) Do Set Hour=%%I

For /F “Delims=: Tokens=2” %%I in (‘Time /T’) Do Set Min=%%I

For /F “Delims=0,1,2,3,4,5,6,7,8,9 Tokens=2” %%I in

(‘Set Min‘) Do Set AP=%%I

If %AP% EQU p Goto PM

Set Greet=Good Morning

Goto End

: PM

If %Hour% EQU 12 Set Hour=0

If %Hour% LSS 12 Set Greet=Good Evening

If %Hour% LSS 6 Set Greet=Good Afternoon

:End

Echo %Greet%

Set Hour=

Set Min=

Set AP=

Note The highlighted code above should be placed on one line.

Here, the Time /T command indicates the local system time.


Determining whether a client is logging in through the network or remote access helps you specify which parts of the script to run. CheckRAS is a command-line, SMS resource kit utility to determine whether a user is using remote access. To determine whether the current user is using remote access during a logon script, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS ; Clears the screen

Set RAS=NO

fullpath\CheckRAS > Nul

If %errorlevel% EQU 1 Set RAS=YES

Here, fullpath is the full path where the CheckRAS utility is located, and RAS indicates whether the current user is using remote access or not.


Mapping printers through a logon script provides an easy method to remotely update printer connections. Con2PRT (Connect To Port) is a Windows 2000 Resource Kit utility used to control printer connections from the command line. The basic syntax of the con2PRT utility is as follows:

Con2prt /commands \\server\printer

Here, server is the name of the printer server containing the shared printer to map. The available commands are:

  • /F—Removes all printer connections
  • /C—Connects to the printer specified
  • /CD—Connects to the printer specified and marks it as the default printer

To remove all current printer connections and map a default printer using con2PRT, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

Set Pserver=server

Set DPrinter=Printer

fullpath\con2prt /F

fullpath\con2prt /CD \\%server%\%printer%

Here, pserver is the variable holding the printer server name; dprinter is the variable holding the name of the printer share; and fullpath is the full path where con2prt is located.

Adding Printers Using the PrintUI DLL

Windows 2000/XP/2003 includes the PrintUI.dll to add and remove printers from the command line. To use the PrintUI.dll, you must call the PrintUIEntry function through the rundll32 command. To add a default printer using the PrintUI DLL, start a command prompt and enter the following:

rundll32 printui.dll,PrintUIEntry /in /y /n \\pserver\dprinter

Here, pserver is the name of the print server and dprinter is name of the printer share.


Mapping drives by group membership allows you to control which drives and resources will be available to which users. The resource kit utility IfMember allows you to determine a user’s group membership from the command line. The basic syntax of the IfMember utility is as follows:

IfMember /Commands Groups

Here, Groups are any group, separated by spaces, whose membership you want to check. An errorlevel of 1 indicates the user is a member of the specified group. The available commands are as follows:

  • /List—Lists all groups the user belongs to
  • /Verbose—Displays all group matches

To map a network drive according to group membership and display the status from the command prompt, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS ; Clears the screen

Fullpath\IfMember GroupName > Nul

If Not %errorlevel% EQU 1 Goto End

Set Drive=DriveLetter

Set Share=\\server\sharename

Echo Mapping drive %Drive% to %Share%

Net Use %Drive%: /Delete && CLS

Net Use %Drive%: %Share%

If %errorlevel% EQU 0 CLS && Echo Map Successful && Goto End

CLS && Echo Error mapping drive %Drive% to %Share%

:End

Here, fullpath is the full path where the IfMember utility is located; GroupName is the name of the group to check membership; driveletter is the drive letter to map a share to; NEQ is the “not equal to” operator; EQU is the “equal to” operator; server contains the sharename you want to map to; and && allows you to run a second command after the first has completed.


Mapping common drives for all users allows you to present a central resource location for applications or data.  To map a network drive and display the status from the command prompt, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS ; Clears the screen

Set Drive=DriveLetter

Set Share=\\server\sharename

Echo Mapping drive %Drive% to %Share%

Net Use %Drive%: /Delete && CLS

Net Use %Drive%: %Share%

If %errorlevel% EQU 0 CLS && Echo Map Successful && Goto End

CLS && Echo Error mapping drive %Drive% to %Share%

:End

Here, driveletter is the drive letter to map a share to, and server contains the sharename you want to map to.


Synchronizing the local system to a central time source allows you to perform enterprise-wide tasks simultaneously. The basic syntax to synchronize the local clock with a specified time source is as follows:

Net Time \\server/commands

Here, \\server is the name of the time source server to sync with. This parameter is only necessary when syncing with a specific server. If this parameter is omitted (Net Time), the system will search the local domain for a time source server. /commands are any of the following parameters:

  • /SET—Sets the local time to the time source server
  • /Y—Forces to sync the time with the server specified, regardless of whether the server is a time source server or not
  • /DOMAIN:domainname—Searches the specified domain for a time source server

The following script attempts to sync the local system time with the server named servername. If this fails, the domain will be searched for a time source to sync with. To execute this script, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS ; Clears the screen

Set TServer=ServerName

Echo Syncing the time with %TServer%…

Net Time \\%TServer% /set /yes

If %errorlevel% NEQ 0 CLS && Goto Domain

CLS && Echo Sync Successful

Goto End

:Domain

Echo Searching the local domain for a time-server…

Net Time /set /yes

If %errorlevel% EQU 0 CLS && Echo Sync Successful && Goto End

CLS && Echo Time Sync Error

:End

Here, tserver is a variable containing the name of the time source server; NEQ is the “not equal to” operator; and && allows you to run a second command after the first has completed.