A big benefit of scripting is the time you can save when you have to perform a task on many machines. When you run a script that needs to connect to many machines, you can encounter a small snag: The script might encounter machines that are inaccessible. One scripting technique that you can use to work around this problem is to record the inaccessible machines in an output log, then use the output log as an input file for future script runs. Let's look at how you can incorporate this technique when writing a script that adds a local group to 500 machines.
Suppose a hardware vendor recently delivered 500 Windows 2000 Professional PCs to your company. After several initial spot inspections showed that the PCs were what the company ordered, the vendor's contractor deployed the PCs throughout the company.
After that deployment, several problems surfaced. All the computers were supposed to have a global group named HelpDesk added to the local Administrators group, but the HelpDesk group members discovered that the contractor didn't add this group to every PC. To work around this problem, the group members began using the local Administrators account to log on to make configuration changes. This workaround led to the discovery of another problem: The local Administrators account had been renamed on some machines. (In Windows NT 4.0, the Administrators group is a built-in group that you can't rename. In Win2K and later, you can rename this group.) Thus, the HelpDesk group members had a difficult time performing tasks that required administrative privileges.
Management asked you to resolve these problems. Because 500 PCs were deployed, you knew that checking and changing permissions manually with an administration tool such as User Manager would be too time-consuming. Thus, you decided to automate the process with a script. When you started looking into how to resolve the problems, you ran into another snag: The PCs' machine accounts are members of a domain to which you don't have Domain Admins permissions. Because Domain Admins group membership is restricted, the domain administrators agreed to provide you with the names and passwords of four local Administrators accounts used for the PCs. However, the domain administrators didn't have a list of which accounts to use on which PCs.
Because you're unsure of which account name and password to use, creating a script that accesses and performs tasks on 500 PCs might seem like a daunting task. However, administrators must often face such challenges when writing scripts. The key is to tackle the project in steps. In this case, for each PC, the script Populate Groups .bat needs to determine whether the PC is turned on, find the correct account and password to log on, determine whether the HelpDesk group exists, and if not, add that group.
Determining Whether the PC Is On
You first need to determine whether the target PC is turned on. To test for connectivity, you can embed a Ping command inside a For command, as the Pingit routine in Listing 1 shows. The Ping command pings the PC, and the For command searches the Ping command's output for the string Reply. If the For command finds that string, the script proceeds to the Tstmem routine, which Listing 2 shows. If the For command doesn't find the string, the script concludes that a ping failure has occurred, so it writes the PC's name to the rerun log called runagain .txt. The script will use this output log as an input file for the next script run. The script displays a message that it's adding the PC to the rerun log, increments an operations counter named Leftcntr, then proceeds to the end of the file. (For information about counters in Populate Groups.bat, see the Web-exclusive sidebar "Using Counters to Track Successes and Failures," http:// www.winscriptingsolutions.com, InstantDoc ID 23064.)
Logging On
To log on to the target PC, you can use the Net Use command. The syntax you need to use is
Net Use [device] \\computer\share
[password]
[\user:domain\username]
where device is the PC's drive letter, \\computer\share is the PC's Universal Naming Convention (UNC) name, and password is the password for the local account that username specifies. In this case, the username must include the domain.
Because you don't know which account to use when you log on to the PCs, you need to test each local Administrators account by chaining together a series of Net Use commands. As callouts A, B, C, and D in Listing 2 show, four of the Net Use commands contain usernames and passwords. In these four Net Use commands, the double ampersand (&&) tells the command processor to execute the command that follows only if the previous command executed successfully. Thus, the script sets the User variable and goes to the Addthem routine, which Listing 3, page 6, shows, only if the script successfully executes the preceding Net Use command; the successful execution of the Net Use command hinges on whether that command contains the correct username and password for the target PC. If all the Net Use commands fail, the script notes the PC's name in addlog .csv, displays an error message, and increments the Logoncntr counter.