Running Trend Officescan in Provisioned Clients
Sometimes there is software that just won’t work “out of the box” on a provisioned image when in shared image mode. Trend OfficeScan Antivirus client is one such beast. Here’s a solution.
The problem arises because when the client registers with the management server, it uses a unique GUID. Now, if all our provisioned images contain the same unique GUID, your management server is not going to be able to differentiate between any of your provisioned clients, and you’ll be in a mess when it comes to reporting on infections or virus definition updates. This is only a problem when you are running your clients in shared image mode as any personalisation is lost between reboots. You can’t “sysprep” the server at each bootup otherwise you end up with lots of duplicate clients in the management console due to a new GUID being created at every boot.
So, Trend needs a little bit of tweaking to work correctly inside a provisioned image. Using a startup script, in combination with the Trend “imgsetup.exe” sysprep tool, (KB article here) you can ensure each provisioned client obtains a unique GUID, and then retains this across reboots.
Attached is a vbscript that allows Trend to operate correctly. The script uses a local cache disc to store the unique GUID, but theres no reason why you couldnt modify this to store the GUIDs centrally on a share, and read them from there if you didn’t have a local cache disc available. The imgsetup utility is part of the OfficeScan installation, although note if you’re using 64-bit provisioned clients you need to request the 64-bit version from Trend support (see this KB article)
You should configure the script to run at server startup (either in a local or group policy startup script)
Im summary the script checks whether the GUID file is present on permanent cache disc.
If so:
– Writes the GUID it into the registry
– Starts the Trend services
If not:
– Runs the Trend “sysprep” tool “ImgSetup.exe”
– Sets the Trend services to manual startup
– Reads the GUID created and writes in to the permanent cache disc
This has the effect that a client will maintain its GUID across reboots, and the correct values will be in the registry when the Trend services start.
‘ Trend Startup Script V1.0‘ Note: Edit the “Cache drive” variable below to reflect the drive letter of the local hard disc‘ The Trend ImgSetup.exe needs to be in c:\temp\trend‘ The script write to a logfile in C:\temp\Trend\Trend_log.txt‘ Script by Daniel Gothard & Neil SpellingsOption ExplicitOn Error Resume NextDim WSHShell, FSODim objFolder, objFileDim WSHEnvironmentDim WSHFileSystemDim EnvDim strFolder, strFile, strRegGUID, strRegClientString, strLogFilePath, strCacheDriveConst ForReading = 1Const ForWriting = 2Const ForAppending = 8Set WshShell = WScript.CreateObject(“WScript.Shell”)Set FSO = CreateObject(“Scripting.FileSystemObject”)Set WSHEnvironment = WSHShell.Environment(“PROCESS”)strCacheDrive = “d”strFolder = strCacheDrive & “\Trend”strFile = “Trend.txt”strLogFilePath = “C:\temp\Trend\Trend_log.txt”‘ The file deletion text is left in just for when the image is in private mode just in case it is not deleted before‘ being put back into standard mode.If FSO.FileExists(trLogFilePath) ThenFSO.DeleteFile(trLogFilePath)End ifSet objFile = FSO.CreateTextFile(strLogFilePath)objFile.CloseIf FSO.DriveExists(strCacheDrive) ThenIf FSO.FolderExists(strFolder) ThenIf FSO.FileExists(strFolder & “\” & strFile) ThenRead_GUIDLogFile (strFile & ” file found. Exiting script.”)Wscript.QuitElseSet objFile = FSO.CreateTextFile(strFolder & “\” & strFile)LogFile (strFile & ” file not found. Running Check_Trend procedure.”)Check_TrendLogFile (“Check_Trend procedure complete – exiting script.”)Wscript.QuitEnd ifElseLogFile (strFolder & ” not found. Creating folder and file.”)Set objFolder = FSO.CreateFolder(strFolder)Set objFile = FSO.CreateTextFile(strFolder & “\” & strFile)LogFile (“Running Check_Trend Procedure after creating folder and file.”)Check_TrendWscript.QuitEnd IfElseLogFile(strCacheDrive &” drive could not be found. Quitting the script.”)Wscript.QuitEnd if‘The following procedure will run if the Trend sysprep process needs to be executed.‘This is happens if the trend.txt file cannot be found.Sub Check_trendOn Error Resume NextDim strSource, strDestination, strFile2Dim strComputer, objWMIService, colServList, objService, errReturnCodestrFile2 = “ImgSetup.exe”strSource = “C:\temp\Trend\”strDestination = “C:\program Files\Trend Micro\OfficeScan Client\”LogFile (“Adding Run command for imgsetup.exe.”)wshshell.regwrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trend OfficeScan ImageSetup”, chr(34) & strDestination & strFile2 & chr(34) & ” -HideWindow”, “REG_SZ”If NOT FSO.FileExists(strDestination & strFile2) ThenLogFile (strDestination & strFile2 & ” not found.”)LogFile (“Copying ” & strFile2 & ” from ” & strSource)FSO.CopyFile strSource & strFile2, strDestinationEnd ifLogFile (“Running Trend Sysprep.”)WshShell.Run chr(34) & strDestination & strFile2 & chr(34), 0 , TRUE‘Sets tmlisten service startup mode to ManualstrComputer = “.”Set objWMIService = getObject(“winmgmts:” _& “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)Set colServList = objWMIService.ExecQuery (“Select * from Win32_Service where Name = ‘tmlisten'”)For Each objService in colServListLogFile(“Setting ” & objService.Displayname & ” to manual.”)errReturnCode = objService.Change(,,,, “Manual”)NextstrRegGUID = WshShell.RegRead (“HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID”)LogFile (“GUID =” & strRegGUID)objFile.CloseLogfile(“Writing ” & strRegGUId & ” to the ” & strFolder & “\Trend.txt file.”)Set objFile = FSO.OpenTextFile(strFolder & “\” & strFile, ForWriting)objFile.Writeline strRegGUIDobjFile.CloseLogFile (“Starting the Trend Realtime scan service.”)wshshell.run “net start ntrtscan”, 0, TRUELogFile (“Script Finished.”)End Sub‘The following procedure will run if the \trend\Trend.txt file is found.‘It will read the contents of the file and populate the GUID registry keySub Read_GUIDDim strLineSet objFile = FSO.OpenTextFile(strFolder & “\” & strFile, ForReading)LogFile (“Running Read_GUID procedure.”)Do While objFile.AtEndOfStream = FalsestrLine = objFile.ReadlineLogFile (“Writing GUID ” & strLine & ” to the registry.”)wshshell.regwrite “HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID”, strLine, “REG_SZ”LoopobjFile.CloseLogFile (“Starting tmlisten.”)LogFile (“Starting ntrtscan.”)wshshell.run “net start tmlisten”, 0, TRUEwshshell.run “net start ntrtscan”, 0, TRUELogFile (“Script Finished.”)End SubSub LogFile(Message)Dim LogFile, LogFileNameSet FSO = CreateObject(“Scripting.FileSystemObject”)Const ForAppending = 8set LogFile = FSO.OpenTextFile(strLogFilePath, ForAppending, True) ‘ Open the log file for writingLogFile.WriteLine now & ” – ” & Message ‘ Write a line of text to the log fileEnd Sub‘ Trend Startup Script V1.0′ Note: Edit the “Cache drive” variable below to reflect the drive letter of the local hard disc’ The Trend ImgSetup.exe needs to be in c:\temp\trend’ The script write to a logfile in C:\temp\Trend\Trend_log.txt’ Script by Daniel Gothard & Neil Spellings
Option Explicit
On Error Resume Next
Dim WSHShell, FSODim objFolder, objFileDim WSHEnvironmentDim WSHFileSystemDim EnvDim strFolder, strFile, strRegGUID, strRegClientString, strLogFilePath, strCacheDrive
Const ForReading = 1Const ForWriting = 2Const ForAppending = 8
Set WshShell = WScript.CreateObject(“WScript.Shell”)Set FSO = CreateObject(“Scripting.FileSystemObject”)Set WSHEnvironment = WSHShell.Environment(“PROCESS”)
strCacheDrive = “d”
strFolder = strCacheDrive & “\Trend”strFile = “Trend.txt”strLogFilePath = “C:\temp\Trend\Trend_log.txt”
‘ The file deletion text is left in just for when the image is in private mode just in case it is not deleted before’ being put back into standard mode.If FSO.FileExists(trLogFilePath) Then FSO.DeleteFile(trLogFilePath)End if
Set objFile = FSO.CreateTextFile(strLogFilePath)objFile.CloseIf FSO.DriveExists(strCacheDrive) Then
If FSO.FolderExists(strFolder) Then If FSO.FileExists(strFolder & “\” & strFile) Then Read_GUID LogFile (strFile & ” file found. Exiting script.”) Wscript.Quit Else Set objFile = FSO.CreateTextFile(strFolder & “\” & strFile) LogFile (strFile & ” file not found. Running Check_Trend procedure.”) Check_Trend LogFile (“Check_Trend procedure complete – exiting script.”) Wscript.Quit End if Else LogFile (strFolder & ” not found. Creating folder and file.”) Set objFolder = FSO.CreateFolder(strFolder) Set objFile = FSO.CreateTextFile(strFolder & “\” & strFile) LogFile (“Running Check_Trend Procedure after creating folder and file.”) Check_Trend Wscript.Quit End IfElse LogFile(strCacheDrive &” drive could not be found. Quitting the script.”) Wscript.QuitEnd if
‘The following procedure will run if the Trend sysprep process needs to be executed.’This is happens if the trend.txt file cannot be found.
Sub Check_trend On Error Resume Next Dim strSource, strDestination, strFile2 Dim strComputer, objWMIService, colServList, objService, errReturnCode
strFile2 = “ImgSetup.exe” strSource = “C:\temp\Trend\” strDestination = “C:\program Files\Trend Micro\OfficeScan Client\” LogFile (“Adding Run command for imgsetup.exe.”)
wshshell.regwrite “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trend OfficeScan ImageSetup”, chr(34) & strDestination & strFile2 & chr(34) & ” -HideWindow”, “REG_SZ” If NOT FSO.FileExists(strDestination & strFile2) Then LogFile (strDestination & strFile2 & ” not found.”) LogFile (“Copying ” & strFile2 & ” from ” & strSource) FSO.CopyFile strSource & strFile2, strDestination End if LogFile (“Running Trend Sysprep.”) WshShell.Run chr(34) & strDestination & strFile2 & chr(34), 0 , TRUE ‘Sets tmlisten service startup mode to Manual strComputer = “.”
Set objWMIService = getObject(“winmgmts:” _ & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)
Set colServList = objWMIService.ExecQuery (“Select * from Win32_Service where Name = ‘tmlisten'”)
For Each objService in colServList LogFile(“Setting ” & objService.Displayname & ” to manual.”) errReturnCode = objService.Change(,,,, “Manual”) NextstrRegGUID = WshShell.RegRead (“HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID”) LogFile (“GUID =” & strRegGUID) objFile.Close
Logfile(“Writing ” & strRegGUId & ” to the ” & strFolder & “\Trend.txt file.”)
Set objFile = FSO.OpenTextFile(strFolder & “\” & strFile, ForWriting) objFile.Writeline strRegGUID objFile.Close LogFile (“Starting the Trend Realtime scan service.”) wshshell.run “net start ntrtscan”, 0, TRUE LogFile (“Script Finished.”)End Sub
‘The following procedure will run if the \trend\Trend.txt file is found.’It will read the contents of the file and populate the GUID registry keySub Read_GUID Dim strLine Set objFile = FSO.OpenTextFile(strFolder & “\” & strFile, ForReading) LogFile (“Running Read_GUID procedure.”) Do While objFile.AtEndOfStream = False strLine = objFile.Readline LogFile (“Writing GUID ” & strLine & ” to the registry.”) wshshell.regwrite “HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID”, strLine, “REG_SZ” Loop objFile.Close LogFile (“Starting tmlisten.”) LogFile (“Starting ntrtscan.”) wshshell.run “net start tmlisten”, 0, TRUE wshshell.run “net start ntrtscan”, 0, TRUE LogFile (“Script Finished.”)End SubSub LogFile(Message) Dim LogFile, LogFileName Set FSO = CreateObject(“Scripting.FileSystemObject”) Const ForAppending = 8 set LogFile = FSO.OpenTextFile(strLogFilePath, ForAppending, True) ‘ Open the log file for writing LogFile.WriteLine now & ” – ” & Message ‘ Write a line of text to the log file End Sub
Leave a comment
You must be logged in to post a comment.