A-what now?

Unscrupulous Modifier.

From a Peter, Paul, and Mary Live in Concert, the song “Blue.” You can get the album here. I’ll wait.

OK.

So there’s a bit of patter in that song where Paul talks about an “unscrupulous modifier of folk songs.” Well, I’m an unscrupulous modifier of scripts. Bash, perl, Powershell, batch, whatever works. I’ll scrape stuff from here and there and everywhere and then mash it together into something that works.

So I’ve decided to share what works for me so other people can take it and run with it for themselves. I’ll try to attribute my sources whenever possible, and if you recognize something that’s yours that I didn’t attribute, please let me know so I can. Conversely, if you post one of my scripts, please attribute it to me, as well.

I’m also going to use this to talk about other system administration tasks, shortcuts, and projects.

Assuming I actually keep writing. We shall see, eh?

Landesk: force a full inventory scan on ip change

Landesk has a task that is installed as part of the agent that will run a miniscan when the IP address of the computer changes. Unfortunately, miniscan doesn’t work with brokerconfig, which is the place you’re most likely to get an IP change (ie, when the computer disconnects from the company VPN.) This script will remove the miniscan task and replace it with a full sync scan (a lesser scan will not change the IP address in the inventory). Make sure you replace below with… well, you know.

@ECHO OFF
"C:\Program Files\LANDesk\LDClient\localsch.exe" /del /taskid=778
"C:\Program Files\LANDesk\LDClient\localsch.exe" /exe="c:\Program Files\LANDesk\LDClient\LDIScn32.EXE" /cmd="/NTT=:5007 /S= /I=HTTP:///ldlogon/ldappl3.ldz /NOUI" /ipaddr /taskid=2778

Fix Windows Advanced Firewall for Landesk

Landesk will automatically open these ports for you when you install the agent. In the active firewall profile. Which doesn’t help you if it’s a laptop, or you accidentally install before you join the domain, or if you’re not on a domain and you change your firewall to private, etc, etc, etc. Here’s a quick and dirty script to fix it.

@echo off
netsh advfirewall firewall set rule name="LANDesk Message Service" new profile=any
netsh advfirewall firewall set rule name="LANDesk Ping Discovery Service" new profile=any
netsh advfirewall firewall set rule name="LANDesk Remote Control Agent" new profile=any
netsh advfirewall firewall set rule name="LANDesk Targeted Multicast" new profile=any
netsh advfirewall firewall set rule name="LANDesk(R) Management Agent" new profile=any
netsh advfirewall firewall set rule name="LANDesk(R) Management Agent" new profile=any

Disable common Windows auto updaters

Here’s a script that will disable auto updaters for Acrobat, Reader, and Java. This is useful in an environment where you need to control such things and don’t want phone calls from 100 users asking, “Should I click OK on this update?” every time Oracle releases another x.x.x java update.

@ECHO OFF
:: Disables common auto updaters
:: Created by Ken Carlile

::Acrobat and Reader
REG ADD "HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockdown" /v bUpdater /t REG_DWORD /d 00000000 /f

REG ADD "HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat\8.0\FeatureLockdown" /v bUpdater /t REG_DWORD /d 00000000 /f

REG ADD "HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockdown" /v bUpdater /t REG_DWORD /d 00000000 /f

REG ADD "HKLM\SOFTWARE\Policies\Adobe\Adobe Acrobat\9.0\FeatureLockdown" /v bUpdater /t REG_DWORD /d 00000000 /f

REG ADD "HKLM\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockdown" /v bUpdater /t REG_DWORD /d 00000000 /f

::Java
REG ADD "HKLM\SOFTWARE\JavaSoft\Java Update\Policy" /v EnableJavaUpdate /t REG_DWORD /d 00000000 /f