Startup Checklist

From wiki.adammorgan.org
Jump to: navigation, search

General Info

This script is designed to run on every workstation at startup. It's intended to simplify software deployment and workstation configuration by replacing multiple startup scripts in various GPOs with a single script that conditionally runs each of the others. It also reduces the startup-time of workstations by allowing scripts to be run only once (by checking log entries). It's been exhaustively tested in a mid-size organization (several thousand computers running Windows XP,7, and 8, x86 and x64).

startup_checklist.bat

@echo off
::Designed to run on every workstation at startup (2k, xp, 7, 8) 
 
CLS
ECHO Running Startup_Checklist.bat, please wait...
 
:Variables
::LOG FILES
set p_log=C:\MYORGfiles\general.log
set _storeserver=myfileserver

::OS VERSION (sets %_os% = win2k, winxp, vista, win7, or win8)
CALL :get_os
 
:Start
::Log that this script began
ECHO. >> %p_log%
ECHO -------------------- STARTUP_CHECKLIST.bat -------------------- >> %p_log%
ECHO %date% %time% STARTUP_CHECKLIST Started >> %p_log%
::synch mcpsfiles
CALL \\%_storeserver%\scripts\install\MYORGfiles_synch.bat

::--------------- MISCELLANEOUS -----------------
::disable unnecessary startup items
regedit /s \\%_storeserver%\scripts\config\startups_disable.reg
::delete unnecessary scheduled tasks (non-win2k only)
IF NOT %_os%==win2k (
CALL \\%_storeserver%\scripts\config\schedtasks_delete.bat
)
::create APlus icon, if not already present. link file is configured to look in \system32 for its icon.
IF NOT EXIST "%ALLUSERSPROFILE%\desktop\APlus Students.lnk" (
COPY /Y \\%_storeserver%\netinstalls\als30\Aplus1.ico %SYSTEMROOT%\System32
COPY /Y "\\%_storeserver%\netinstalls\als30\Aplus Students.lnk" "%ALLUSERSPROFILE%\desktop"
)
::do some post-install cleanup for the AVG installation
IF EXIST %windir%\temp\avg_ipw_x64_all_2013_3267a6170.exe del %windir%\temp\avg_ipw_x64_all_2013_3267a6170.exe
IF EXIST %windir%\temp\avg_ipw_x86_all_2013_3267a6170.exe del %windir%\temp\avg_ipw_x86_all_2013_3267a6170.exe
IF EXIST %windir%\temp\AvgSetup2.ini del %windir%\temp\AvgSetup2.ini
IF EXIST C:\avg_ipw_x64_all_2013_3267a6170.exe del C:\avg_ipw_x64_all_2013_3267a6170.exe
IF EXIST C:\avg_ipw_x86_all_2013_3267a6170.exe del C:\avg_ipw_x86_all_2013_3267a6170.exe
IF EXIST C:\AvgSetup2.ini del C:\AvgSetup2.ini

 
::--------------- SOFTWARE -----------------
:Scripts_Software

::AVG 2013
SET _logavgsetup=AVG2013_install_rev3_completed_by_startup_checklist
::skip AVG check if already logged
findstr /m "%_logavgsetup%" %p_log% >NUL
IF %errorlevel%==0 GOTO AVGcheck_end1
::skip install if files already present
IF EXIST "C:\Program Files\AVG\AVG2013\avgscanx.exe" GOTO AVGcheck_end1
IF EXIST "C:\Program Files (x86)\AVG\AVG2013\avgscanx.exe" GOTO AVGcheck_end1
::skip install if Microsoft Security Essentials is installed (for some Ncomputes which use MSE)
IF EXIST "C:\Program Files\Microsoft Security Client\msseces.exe" GOTO AVGcheck_end1
IF EXIST "C:\Program Files (x86)\Microsoft Security Client\msseces.exe" GOTO AVGcheck_end1
::Call install script (AVG is not installed)
CALL \\%_storeserver%\scripts\install\AVG_install.bat
ECHO %date% %time% %_logavgsetup% >> %p_log%
::AVG install script automatically restarts computer in 2 sec.
::skip to end of checklist, to avoid long startup times, since AVG is large package.
GOTO eof_startup_checklist
:AVGcheck_end1

::Firefox
::temporarily disabled for maintenance
GOTO startupchecklist_firefox_eof
SET _logfirefox=Firefox_v23_0_1_InstallCheck
findstr /m "%_logfirefox%" %p_log% >NUL
IF %ERRORLEVEL%==1 (
CALL \\%_storeserver%\scripts\install\firefox_install_v23_0_1.bat
ECHO %date% %time% %_logfirefox% >> %p_log%
)
:startupchecklist_firefox_eof

::Adobe Flash player for IE/Firefox
::win2k currently doesn't need this deployed, we're phasing those machines out
IF %_os%==win2k GOTO startup_checklist_flash_end
::winxp gets the current version
IF %_os%==winxp goto flash_current
::win7 gets flash 11.2 for the time being, because we've seen 
::problems with later versions on some of those machines
IF %_os%==vista goto flash_11_2
IF %_os%==win7 goto flash_11_2
::not yet tested on win8, skip deployment on these for now
IF %_os%==win8 goto startup_checklist_flash_end
 
:flash_current
set _logflash=installed_flash_11_9_900_152_rev2013dec3
findstr /m "%_logflash%" %p_log% >NUL
IF %errorlevel%==1 (
CALL \\%_storeserver%\scripts\install\flash\Flash11_9_900_152_install.bat
ECHO %date% %time% %_logflash% >> %p_log%
goto startup_checklist_flash_end
)
:flash_11_2
set _logflash=installed_flash_11_2_202_235_rev2013nov11
findstr /m "%_logflash%" %p_log% >NUL
IF %errorlevel%==1 IF %_os%==win7 (
CALL \\%_storeserver%\scripts\install\flash\Flash11_2_202_235_install.bat
ECHO %date% %time% %_logflash% >> %p_log%
goto startup_checklist_flash_end
)
:startup_checklist_flash_end

 
::Adobe Shockwave (xp7)
::don't deploy to win2k
IF %_os%==win2k goto startupchecklist_shockwave_end
::all other windows versions currently get this version
:shockwave_winxp7
set _logshockwave=shockwave12_0_2_122_installed_rev1
findstr /m "%_logshockwave%" %p_log% >NUL
IF %errorlevel%==1 (
CALL \\%_storeserver%\scripts\install\shockwave_install.bat
ECHO %date% %time% %_logshockwave% >> %p_log%
)
:startupchecklist_shockwave_end

::7-zip install (xp/7/8)
SET _log7zip=7-zip_9.20_install
findstr /m "%_log7zip%" %p_log% >NUL
IF %errorlevel%==1 (
CALL \\%_storeserver%\scripts\install\7zip_install.bat
ECHO %date% %time% %_log7zip% >> %p_log%
)
:startupchecklist_7zip_end

::2007 office compatability packs
GOTO startupchecklist_officecompatpack_end
SET _logofficecompat=office_compatpack_install
findstr /m "%_logofficecompat%" %p_log% >NUL
IF %errorlevel%==1 (
CALL \\%_storeserver%\scripts\install\office_compatpack_install.bat
ECHO %date% %time% %_logofficecompat% >> %p_log%
)
:startupchecklist_officecompatpack_end

:: ----------- END OF FILE -----------------
:eof_startup_checklist
::log that script finished successfully
ECHO %date% %time% STARTUP_CHECKLIST Ended >> %p_log%
EXIT
::---------- END OF CHECKLIST --------------
::------------------------------------------

::---------- SUBROUTINES -------------------
:get_os
set _os=0
ver | find "2000" > nul
if %ERRORLEVEL%==0 set _os=win2k
ver | find "XP" > nul
if %ERRORLEVEL%==0 set _os=winxp
ver | find "6.0.6000" > nul
if %ERRORLEVEL%==0 set _os=vista
ver | find "6.0.6002" > nul
if %ERRORLEVEL%==0 set _os=vista
ver | find "6.1.7600" > nul
if %ERRORLEVEL%==0 set _os=win7
ver | find "6.1.7601" > nul
if %ERRORLEVEL%==0 set _os=win7
ver | find "6.2.9200" > nul
if %ERRORLEVEL%==0 set _os=win8
ver | find "6.2.9600" > nul
if %ERRORLEVEL%==0 set _os=win8
EXIT /B
::--------- END OF SUBROUTINES -------------

GPO's

GPO: STARTUP_CHECKLIST

  • this is the production version that is pushed to all workstations.

GPO: STARTUP_CHECKLIST_test

  • used to test new additions and modifications. pushed only to the test group. once tested, the contents of this file can be copied into the production version "startup_checklist" so that they are applied to all machines.
  • "Fast Logon Optimization" has been disabled for all workstations, which means that workstations will wait until startup scripts completely finish before allowing users to login. This ensures that installations and configuration changes are applied without errors. For example, flash player installation may fail if user is allowed to log-in and open a web browser before flash has finished installing.

List

  • \\myfileserver\scripts\install\MYORGfiles_synch.bat
    • Creates local directory (C:\MYORG) on workstation (if not already present) and downloads any files in \\myfileserver\scripts\MYORG that aren't already present in the local directory. Any file you place in the server copy of this directory gets pushed to the workstations at startup.
  • \\myfileserver\scripts\config\startups_disable.reg. Removes common registry keys for unnecessary startup items like auto-updaters, etc.
  • \\myfileserver\scripts\config\schedtasks_delete.bat. Deletes unnecessary scheduled tasks, mostly for auto-updaters scheduled to run at startup.
  • AVG (run once) - Installs AVG Antivirus 2013 Business Edition.
  • Flash (run once) - Installs/updates Adobe Flashplayer for IE/Firefox.
  • Shockwave player (run once) - (xp/7/8).
  • 7-zip (run once) - a lightweight zip/rar/iso tool. installs x86 or x64 version as needed.
  • Office Compatibility Pack (run once) - Installs the 2007 compatibility packs (if required).

Usage

  • Don't add untested code to production scripts! Batch scripts don't fail gracefully: bad syntax in the checklist or any script it calls could break software or prevent login on every workstation in the county (no pressure).
  • Never call a batch script that contains an "EXIT" or "PAUSE", which will prematurely end the entire checklist script or cause the script to indefinitely hang, respectively.
  • Precede all lengthy commands (especially msiexec) with "START /WAIT". Otherwise, the script or sub-script will continue processing subsequent commands. This usually doesn't matter if the command only takes a second or two to finish running, but the safest choice is to always use "START /WAIT".
  • Individual batch scripts should be "called" (eg. "CALL \\myfileserver\scripts\somescript.bat"), so that they execute in the same cmd.exe instance and are allowed to finish before subsequent scripts are executed.
  • To run a script only once:
    • Ensure you log its completion (either in the called script or afterwards in the checklist).
    • Use "findstr" to check C:\MYORG\general.log for the exact string logged in your script. Call your script only if the string is not found.
    • If you update or tweak an item (eg. you altered shockwave_install.bat to install a more recent version), you can force that item to re-run on all workstations by adding or incrementing the "_rev#" suffix of the log string (eg. change shockwave11_6_8_638_installed_rev1 to shockwave11_6_8_638_installed_rev2).
    • The "housekeeping" items at the beginning (like synching MYORGfiles) are very quick and can be allowed to run every time.

Syntax Notes

  • Since this script is first tested on the testing domain, all UNC paths use the variable %_storeserver% to specify the server name. This simplifies moving the script from testing to production environment and vice-versa: only one line in the script has to be changed.
For the lab environment:
set _storeserver=mylabserver
For the production environment:
set _storeserver=myfileserver