Automating Imaging and
Software Configuration
Regular upgrades and backups of the 120
tablet PCs in use at Midwest Palliative & Hospice
CareCenter were becoming an increasingly
onerous task, with one particularly nasty
disk-imaging session finally convincing Jeff
Ramsier, the center’s network administrator,
to find a more efficient solution.
“We had four people working on the
upgrade—including me—and it still took us
more than 12 hours to finish just the tablets,”
says Jeff. “[The] night we performed the install
was at the end of a 30-hour day. We had to work
on all 120-plus tablets with only seven power
supplies … and half the batteries were almost
dead.” Jeff recounts how he and his support staff
were forced to run from machine to machine,
switching power supplies in order keep the
laptops charged for the imaging process. “Once
one of tablets goes down, the whole ghost imaging
process stops until you get the [downed]
tablet back up.”
Determined to not go through a similar
ordeal in the future,
Jeff set to work on
developing a series
of Visual Basic scripts
that could help automate
some of the
organization’s most
common administrative
tasks. “For the
most part, I did this
all myself,” says Jeff.
“Microsoft’s ‘Hey,
Scripting Guy!’ Web
site [www.microsoft.com/technet/scriptcenter/resources/qanda/default.mspx]
helped with some of
the VB scripting.”
Jeff’s scripted solution helped automate
many services, including installation of client
software, printers, and faxes. It also configures
installed software and synchronizes the laptop
with the Misys medical software that the care
center uses.
Now Jeff can easily image and update
laptops as needed and has successfully transformed
a time-consuming and error-prone
process into a streamlined and efficient system.
The new process requires only about 20
minutes for ghost imaging. Jeff likes the fact
that he doesn’t have to be present to perform
installs and can install to and upgrade multiple
tablets at the same time. “This solution is
something that companies with a lot of tablets
or laptops could use,” he says. “Typically, in
companies, the techs take a lot of time to
image the tablets (or laptops), or they don’t
put much time into the image, so [the computer]
isn’t employee-friendly. This solution
offers the best of both worlds.”
Auditing Application Access
for Compliance
In heavily regulated industries, some of IT’s
most crucial projects are bound to be driven
by compliance mandates. That was the case
for Michael Shire, who developed his winning
solution in response to Canadian government
regulations that require auditing a
company’s access to individuals’ personal
financial information. Michael’s employer,
a telecommunications firm, directed IT to
track users’ access to a payroll application
(who, when, and how they gained access).
Because access to the application is controlled
through membership in AD security
groups, Michael opted to fulfill the requirement
by devising a way to monitor all ADgroup
modifications.
Michael initially looked into third-party
products as potential solutions, but “there
were no off-the-shelf packages that fulfilled the
requirements for the project,” he says. Michael
has only moderate experience with scripting
but, as he says, “I’m very good at solving puzzles,
and I have a high Google IQ,” so he relied
mainly on his research skills to track down the
components of the solution. “I pulled numerous
sample scripts from the Microsoft Scripting
Center and Google searches to accomplish
everything required.”
The solution Michael forged is basically a
VBScript script using
Windows Management
Instrumentation
to monitor all
new events in the
Windows security
event log. Michael
explains, “When
an event related to
a group modification
occurs, the data
from the event is
written to a log. All
AD group modifications
are logged;
however, monthly
reports specific to
the application are
generated from this
log in comma-separated
value format. The script must run on all
AD domain controllers (DCs) and keeps the
logs and reports in a locked-down set of folders.
The script is started as a service, where
Windows can ensure that it’s always running.
Should the service stop, a warning message is
written to the event log.” The monthly reports
are available to auditors upon request.
Michael’s solution offers the additional
advantage of being able to monitor all AD
groups for other types of auditing. “I think the
greatest benefit of the solution is its simplicity
and scalability. If future AD groups require
reporting, this can be easily accomplished
by looking at the current reporting scripts.
[The solution] can be applied to future DCs
without rebooting them. Further, the code can
be modified to look for other Windows event
log entries, not just AD group modifications.
You could call it Frankenstein’s VBScript, but
I find the results much more pleasant to live
with!”
End of Article
Prev. page
1
2
[3]
next page -->
