Guide to deploy MyUSBOnly via Windows Logon Script Revision 1.1. Menu



Similar documents
Endpoint Client Installation using Group Policy (Logon Script):

Autograph 3.3 Network Installation

XMap 7 Administration Guide. Last updated on 12/13/2009

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

How To - Implement Single Sign On Authentication with Active Directory

MSI Admin Tool User Guide

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Create, Link, or Edit a GPO with Active Directory Users and Computers

Password Manager Windows Desktop Client

Quick Start Guide. IT Management On-Demand

Quick Start Guide. User Manual. 1 March 2012

PC Power Down. MSI Deployment Guide

NetSpective Logon Agent Guide for NetAuditor

ACTIVE DIRECTORY DEPLOYMENT

4cast Client Specification and Installation

Management Utilities Configuration for UAC Environments

Using Logon Agent for Transparent User Identification

Automatic Network Deployment

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Deployment of Keepit for Windows

MailStore Outlook Add-in Deployment

Download/Install IDENTD

ContentWatch Auto Deployment Tool

Automating client deployment

nitrobit group policy

CYCLOPE let s talk productivity

Mirtrak 6 Powered by Cyclope

Cyclope Internet Filtering Proxy

Web-Access Security Solution

DriveLock Quick Start Guide

How to Connect to Berkeley College Virtual Lab Using Windows

System Area Management Software Tool Tip: Agent Deployment utilizing. the silent installation with Active Directory

Copyright. Disclaimer. Introduction 1. System Requirements Installing the software 4

How to monitor AD security with MOM

SMART Sync Windows operating systems. System administrator s guide

SAS 9.3 Foundation for Microsoft Windows

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Network Setup Instructions

TECHNICAL SUPPORT GUIDE

PowerMapper/SortSite Desktop Deployment Guide v Introduction

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

CODESOFT Installation Scenarios

Setting Up a Backup Domain Controller

Network installation guide. Version th February 2015

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

For Active Directory Installation Guide

Network Edition Download / Installation Instructions

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Administration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit

Snow Inventory. Installing and Evaluating

Sage ERP Accpac 6.0A. SageCRM 7.0 I Integration Guide

EventTracker: Support to Non English Systems

XEROX, The Document Company, the stylized X, and the identifying product names and numbers herein are trademarks of XEROX CORPORATION.

Option 1 Using the Undelete PushInstall Wizard.

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

Insight Video Net. LLC. CMS 2.0. Quick Installation Guide

Running 4D Server as a Service on Windows

IIS, FTP Server and Windows

Remote Desktop Reporter Agent Deployment Guide

Deploying NetSupport Manager. or NetSupport School. Overview. Available Installers. There are 4 main ways to install NSM or NSS, these are as follows:

Server Edition Administrator s Guide

DeviceLock Management via Group Policy

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS

ESET REMOTE ADMINISTRATOR. Migration guide

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Setting up Active Directory Domain Services

IBM Connections Plug-In for Microsoft Outlook Installation Help

Appendix E. Captioning Manager system requirements. Installing the Captioning Manager

About This Guide Signature Manager Outlook Edition Overview... 5

Module 8: Implementing Group Policy

User Profile Wizard 3.5

Wazza s QuickStart 13. Leopard Server - Windows Domain

ILTA HANDS ON Securing Windows 7

Installing Active Directory

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Advanced Event Viewer Manual

SpamTitan Outlook Addin V2.0

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

M86 Authenticator USER GUIDE. Software Version: Document Version:

Installing Client GPO Software

THE POWER OF GROUP POLICY

1. Installation Overview

Windows Administration Terminal Services, AD and the Windows Registry. INLS 576 Spring 2011 Tuesday, February 24, 2011

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Quick Instructions Installing on a VPS (Virtual Private Server)

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

MCSE TestPrep: Windows NT Server 4, Second Edition Managing Resources

Windows 7 Hula POS Server Installation Guide

Configuration for Professional Client Access

Getting Started with Vision 6

AD Certificate Distribution

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

TrueEdit Remote Connection Brief

Transcription:

Menu INTRODUCTION...2 HOW DO I DEPLOY MYUSBONLY ON ALL OF MY COMPUTERS...3 ADMIN KIT...4 HOW TO SETUP A LOGON SCRIPTS...5 Why would I choose one method over another?...5 Can I use both methods to assign Logon scripts?...5 How do I configure a Logon script for a user on the "Profile" tab in AD Users & Computers?...6 Assigning the script to the user...6 How do I configure a Logon script with Group Policy?...7 What permissions are required for Logon scripts to run?...7 MYUSBONLY LOGON SCRIPT SOURCE FILE...9 Prerequisite (Prepare the master MyUSBOnly.bin configuration file)...9 MyUSBOnly Logon Script Batch File (i.e. logonscript.bat)...10 TESTING THE LOGON SCRIPT...12 1

Introduction There are two ways to deploy (install) MyUSBOnly and update configuration file to all your remote computers. (a) By using Admin Kit to broadcast the configuration to all your computers. Pros You don t need a Windows Server or Windows AD Server You can assign IP range for broadcast the configuration Cons Cannot perform first time deployment (Installation) Cannot update configuration if remote computer is power off Can only change main settings (i.e. password, whitelist) in remote computer (b) By using Windows Logon/Start Script to perform installation and update. Pros Can perform first time deployment (Installation) Can change all settings in remote computer Cons You need a Windows Server or Windows AD Server If you are not sure which one is appropriate, choose (b) if you have Windows AD Server and choose (a) if you do not have Windows AD Server. Quick Tips: You can skip to MyUSBOnly Logon Script Source File section directly in case you are familiar with Windows logon script. 2

How do I deploy MyUSBOnly on all of my computers The easiest way to perform a silent install is to execute.msi package of MyUSBOnly during logon script. We will show you the detail here. First, make sure you have the latest.msi package file, download.msi package at: http://www.myusbonly.com/dload/myusbonly_setup.msi You can perform manual install by execute the following from command prompt and replace with your product serial number: msiexec /qb /i myusbonly_setup.msi ENABLE_ADMIN=1 SERIAL_NUMBER="XXXXX-XXXX" Silent Mode: msiexec /quiet /qn /i myusbonly_setup.msi ENABLE_ADMIN=1 SERIAL_NUMBER="XXXXX-XXXX" Skip to How to setup a logon scripts section below if you decide to using a logon script to perform both installation and configuration action. 3

Admin Kit If you decide to use Admin Kit to broadcast the configuration of MyUSBOnly to all your computers, you can download the user guide of Admin Kit below: http://www.myusbonly.com/dload/myusbonly%20admin%20kit%20user%20guide%20english.pdf 4

How to setup a logon scripts There are two ways to assign Logon scripts. First, you can specify the Logon script on the "Profile" tab of the user properties dialog in the Active Directory Users and Computers MMC. Second, you can specify a Logon script in Group Policy. Why would I choose one method over another? You would assign a Logon script on the "Profile" tab of the user properties if you have client computers with Windows 95, Windows 98, Windows ME, or Windows NT. Group Policy is not applied on computers with these operating systems. If all of your clients have at least Windows 2000, you could use Group Policy to assign Logon scripts. Can I use both methods to assign Logon scripts? You can, but if a user logs on to a computer with Windows 2000 or above, both Logon scripts will run. 5

How do I configure a Logon script for a user on the "Profile" tab in AD Users & Computers? The logon script is the file that does the actual action. So we'll start by creating that script. The default location for logon scripts is the NETLOGON share, which, by default, is shared on all Domain Controllers in an Active Directory forest, and is located in the following folder: %SystemRoot%\sysvol\sysvol\<DOMAIN NAME>\scripts Or \\<SERVERNAME>\sysvol\<DOMAIN NAME>\scripts Where %SystemRoot% is usually C:\Windows or C:\Winnt and <Domain Name> is the DNS name of the domain, similar to whatlink.local <ServerName> is similar to DCServer1. This folder, which is a part of the SYSVOL special folder, is replicated to all the Domain Controllers in the domain. This folder is replicated to all Domain Controllers in the domain. The usual practice is to enter the name of the Logon script, for example "NetLogon.bat", in the field labeled "Logon script" on the "Profile" tab for the user and place this file in the NetLogon share. The Logon script will run for the user when they Logon to any computer that is joined to the domain. You can also enter a UNC path in the "Logon script" field and place the file in another location. However, this location should be one that is replicated to all Domain Controllers. Alternatively, you can use a script or utility to assign the Logon script to the "scriptpath" attribute of the user object in Active Directory. Assigning the script to the user Next, we need to decide what user should have the logon script. You can only link ONE logon script to each user, and you must do it ONE USER AT A TIME. 6

How do I configure a Logon script with Group Policy? Logon scripts can also be configured in Group Policy. However, Group Policy only applies to clients with Windows 2000 or above. The setting in Group Policy is "User Configuration", "Windows Settings", "Scripts (Logon/Logoff)", "Logon". Best practice is to copy the file you want for the Logon script to the Windows clipboard, open the "Logon" setting in the Group Policy editor, press the "Show Files..." button, and paste the desired file in the dialog. You can select the file and edit it in this dialog as well. This is easier than navigating in Windows Explorer to the folder where Group Policy Logon scripts are saved. However, if you do have to navigate to the folder, the path on the Domain Controller is: %SystemRoot%\sysvol\sysvol\<domain DNS name>\<policy GUID>\user\scripts\logon Again, %SystemRoot% is usually "c:\winnt" and <domain DNS name> is the DNS name of the domain, similar to "MyDomain.com". <policy GUID> is a hexadecimal string representing the GUID (unique identifier) of the specific Group Policy Object (GPO). Group Policies are assigned to a domain, site, or organizational unit in Active Directory. The Logon script setting applies to all users in the domain, site, or organizational unit to which the GPO applies. You will notice that you assign a Logon script to all users in the container at once, rather than having to assign the "scriptpath" attribute for each user. This makes it much easier to assign Logon scripts to many users. However, since the same Group Policy applies to all users in the domain, site, or organizational unit, you must code the Logon script to accommodate all users. What permissions are required for Logon scripts to run? Logon and Logoff scripts run with the credentials of the user. It is recommended that the group "Domain Users" be given permission to any resources used by either of these scripts. For example, if the Logon or Logoff script writes to a log file, the group "Domain Users" should be 7

given read/write access to the file or the folder where the log file is located. Most users have limited privileges on the local computer, so Logon and Logoff scripts will have the same limited privileges. Startup and Shutdown scripts run with the credentials of the computer object. It is recommended that the group "Domain Computers" be given permission to any resources used by the Startup or Shutdown scripts. However, Startup and Shutdown scripts have System privileges on the local computer. This gives Startup and Shutdown scripts access to the local file system and registry. If you plan to make any configuration or desktop changes with Logon or Startup scripts, remember that changes to the user (or to the HKEY_CURRENT_USER hive of the local registry) should be made in Logon scripts. Changes to the computer (or to the HKEY_LOCAL_MACHINE hive of the local registry) should be made in a Startup script. 8

MyUSBOnly Logon Script Source File AutoInstall by logon script (for Domain User) Run install script manually (for non domain user) #Both installation will add a job in windows Scheduled Tasks which will update the MyUSBOnly configuration and USB whitelist for every 3 hours. Prerequisite (Prepare the master MyUSBOnly.bin configuration file) 1. Install and config MyUSBOnly setting on your local computer. 2. Find MyUSBOnly.bin file on your local computer, your need to config and save the setting in MyUSBOnly first. (for example, you should change the password, add whitelist USB device and report manager server IP) Find MyUSBOnly.bin file in Windows XP C:\Documents and Settings\All Users\Application Data\MyUSBOnly\MyUSBOnly.bin Find MyUSBOnly.bin file in Windows Vista C:\ProgramData\MyUSBOnly\MyUSBOnly.bin 3. Copy above MyUSBOnly.bin from your local computer to Windows Server Shared Folder 4. Modify the logon script batch file below with correct COPY_FROM_SERVER_SHARED_PATH and SOFTWARE_SERIAL_NUMBER 5. Copy the logon script batch file to Windows Server Shared Folder 6. Copy myusbonly_setup.msi and key.bin (if any) file to Windows Server Shared Folder 7. Test and setup the logon script to your Windows Server 9

MyUSBOnly Logon Script Batch File (i.e. logonscript.bat) @echo off rem ### --- MUST CHANGE - BEGIN ### set COPY_FROM_SERVER_SHARED_PATH=\\192.168.1.1\netlogon_script rem Note: rem Change value of COPY_FROM_SERVER_SHARED_PATH rem Copy myusbonly_setup.msi, MyUSBOnly.bin, key.bin (if any) to above folder rem MyUSBOnly.bin file is MyUSBOnly main configuration file rem You can find it at C:\Documents and Settings\All Users\Application Data\MyUSBOnly\ set SAVE_INSTALLATION_LOGFILE=\\192.168.1.1\netlogon_script\MyUSBOnly_InstallLog.txt set SOFTWARE_SERIAL_NUMBER=XXXXX-XXXXX rem ### --- MUST CHANGE - END ### Download the full script at http://www.myusbonly.com/dload/myusbonly_logonscript.txt Quick Tips: Download the full script at http://www.myusbonly.com/dload/myusbonly_logonscript.txt Rename it to myusbonly_logonscript.bat 10

Note: If you need to deploy the software on specific computers instead of all computers on the network, please use the following script http://www.myusbonly.com/dload/myusbonly_logonscript_machinename.txt http://www.myusbonly.com/dload/myusbonly_matchname.txt The script has addition routing to match with the computer name Rem ######################################### Install into specific machine (ComputerName/IP) only Rem ### Match with Computer Name (Machine Name) SET TOFINDNAME=%COMPUTERNAME% Download the full script at http://www.myusbonly.com/dload/myusbonly_logonscript_machinename.txt myusbonly_matchname.txt (Example: One Computername per line) STATION21 STATION22 STATION24 STATION25 STATION28 Submit Software installation policy in Active Directory (For Domain User only) This policy can install the program to new computer and update program as new version on existing workstation by restart computer. #It will generate for 4 process while update program to new version. After restart the computer again, the problem will fix automatically. 11

Testing the logon script 1. On one of the computers that is part of the domain, logoff the specific user account. 2. Logon and test. If the logon script doesn't work for you, go back to the basics and see if it works at all by double-clicking on it. See if it's placed in the right path the NETLOGON share on one of the DCs, and see if it has replicated to the other DCs. Also check permissions by trying to manually run the script from the right path but while logged on as the user, and not as an administrator. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information