mchipser

Member
  • Content count

    59
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mchipser

  1. I have been using the runonce keys in windows 7 for quite some time, but I finally hit something I can't figure out.. I am attempting to update an instance of Oracle DB and I am having an issue with how runonce is behaving.. I am using autoit to make the regkeys and they all seem to work normal, until the last step.. The code for each step is broken down into three steps.. 1. turn off / set services to demand (manual), 2. run the opatch command, 3. turn the services to automatic / on and run some sql files. Here is the code for the run once.. If @OSVersion = "WIN_7" then $path = "D:\"If @OSVersion = "WIN_2008R2" then $path = "C:\"RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx", "Flags", "REG_DWORD", "20")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx", "TITLE", "REG_SZ", "Running Oracle Update")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001", "", "REG_SZ", "Oracle Update Part 2")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001", "101", "REG_SZ", $path & @OSArch & "\OracleCPUSAMSEPart2.exe")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0001", "102", "REG_SZ", "shutdown -t 0 -r -f")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002", "", "REG_SZ", "Oracle Update Part 3")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002", "101", "REG_SZ", $path & @OSArch & "\OracleCPUSAMSEPart3.exe")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002", "102", "REG_SZ", "shutdown -t 0 -r -f")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0003", "", "REG_SZ", "Cleanup")RegWrite("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0003", "101", "REG_SZ", "D:\cleanup.exe")Since this is broken down into three steps here is the code for the steps, which is ran before the runonce keys are written Step1.exe (works / runs before the runonce keys are written) RunWait("sc config SAMSEFTP start= Demand","",@SW_HIDE)RunWait("sc config MSDTC start= Demand","",@SW_HIDE)RunWait("sc config OracleServiceSAMSE start= Demand","",@SW_HIDE)RunWait("sc config OracleOraDb11g_home1TNSListener start= Demand","",@SW_HIDE)RunWait('sc config "EFT Server" start= Demand',"",@SW_HIDE)RunWait("sc config MatSchedulerService start= Demand","",@SW_HIDE)RunWait("sc stop SAMSEFTP","",@SW_HIDE)RunWait("sc stop MSDTC","",@SW_HIDE)RunWait("sc stop OracleServiceSAMSE","",@SW_HIDE)RunWait("sc stop OracleOraDb11g_home1TNSListener","",@SW_HIDE)RunWait('sc stop "EFT Server"',"",@SW_HIDE)RunWait("sc stop MatSchedulerService","",@SW_HIDE)Step2.exe (works) If @OSVersion = "WIN_7" then $path = "D:\"If @OSVersion = "WIN_2008R2" then $path = "C:\"FileInstall(".\runOPatch.CMD", $path & @OSArch & "\files\runOPatch.CMD")FileInstall(".\regDll.CMD", $path & @OSArch & "\files\regDll.CMD")RunWait($path & @OSArch & "\files\runOPatch.CMD",$path & @OSArch)RunWait($path & @OSArch & "\files\regDll.CMD",$path & "app\sams.admin\product\11.2.0\dbhome_1\ODP.NET\bin\2.x")RunWait($path & @OSArch & "\files\regDll.CMD",$path & "app\sams.admin\product\11.2.0\dbhome_1\ODP.NET\bin\4")RunWait('sc config SAMSEFTP start= Auto',"",@SW_HIDE)RunWait('sc config MSDTC start= Demand',"",@SW_HIDE)RunWait('sc config OracleServiceSAMSE start= Auto',"",@SW_HIDE)RunWait('sc config OracleOraDb11g_home1TNSListener start= Auto',"",@SW_HIDE)RunWait('sc config "EFT Server" start= Auto',"",@SW_HIDE)RunWait('sc config MatSchedulerService start= Auto',"",@SW_HIDE)Step3.exe (doesn't seem to run) #include ".\Services.au3"Global $ServiceStatus,$service_ServiceStatus("SAMSEFTP")_ServiceStatus("OracleServiceSAMSE")_ServiceStatus("OracleOraDb11g_home1TNSListener")RunWait('net start "EFT Server"','',@sw_hide)_ServiceStatus("MatSchedulerService")If @OSVersion = "WIN_7" then $path = "D:\"If @OSVersion = "WIN_2008R2" then $path = "C:\"FileInstall(".\RunCpu.sql", $path & @OSArch & "\files\RunCpu.sql")FileInstall(".\runUtlrp.sql", $path & @OSArch & "\files\runUtlrp.sql")FileInstall(".\PatchCleanup.sql", $path & @OSArch & "\files\PatchCleanup.sql")RunWait("sqlplus /nolog @" & $path & @OSArch & "\files\RunCpu.sql",$path & "app\sams.admin\product\11.2.0\dbhome_1\Bundle\Patch28")RunWait("sqlplus /nolog @" & $path & @OSArch & "\files\runUtlrp.sql",$path & "app\sams.admin\product\11.2.0\dbhome_1\RDBMS\ADMIN")RunWait("sqlplus /nolog @" & $path & @OSArch & "\files\PatchCleanup.sql",$path & @OSArch & "\files")if FileExists($path & "app\sams.admin\product\11.2.0\dbhome_1\ccr\") Then DirRemove($path & "app\sams.admin\product\11.2.0\dbhome_1\ccr\",1)DirRemove($path & @OSArch &"\",1)func _ServiceStatus($service)RunWait("net start " & $service,'',@sw_hide)do$ServiceStatus = _Service_QueryStatus($service)sleep(5000)until $ServiceStatus[1] = "4"EndFuncI think the problem lies with how runonce keys are called.. Meaning the runonce runs step2, then runs the reboot command, then imediately launches step3.exe (i see the bolded text move onto the next item), then the system reboots.. upon reboot step3.exe is still there, but it sits there for a few seconds then moves onto cleanup.. So either the runonce is calling it or there is an issue with my step3.exe I can run each step manually and they run fine.. it is either the runonce or something else is nto running properaly.. I know there is something I am missing, but i cant figure it out.. and it is probably pretty easy.. Also the reboot in the runonce after step3 never happens.. This is another reason I think it is a runonce problem and not a autoit problem. Thanks for the help..
  2. I haven't seen any that would allow it, and the BIOS would have to support it, more so than the USB NIC, I think.. I know you wanted to know about USB boot NICs.. Have you tried booting from a floppy / flash drive and pass the pxe stack to the usb device? I'm not even sure you would want to do this, but just an idea.
  3. Well didn't work.. There is another piece to the puzzle.. If the cable is unplugged when doing the rollup, then after the system reboots we plug the cable back in, the cable is never seen to be plugged in. However if the cable stays plugged in while doing the rollup the cable is detected. This doesn't make any sense.
  4. It appears this is working.. I am still testing it though.. Thanks!!
  5. The problem is.. We start with image rev A and apply patches to systems that have the image every quarter, until a new rev B comes out. These revs all come from masters or as Microsoft likes to call them the reference machines. I manually update the masters and pull a new image for deployment which include the rollup. This image and the base image all work normal on the machine. I have two of these machines and they are both doing the same exact thing. I have 20 other models and they work normal. What timing could be the issue? When the patches are applied? I could add a sleep between those, or I can do a runonce and add each one on every reboot
  6. The other odd thing in this scenario is.. If i take a syspreped image of another system which has the updates and apply it to this POS it works fine.
  7. Any Ideas why this would happen?
  8. I am not sure how this thread has gotten out of hand, can anyone offer assistance to the problem posted in the original post?
  9. NOT really. There is must be something buggy in the way the board software manages dates/times. I already noticed it in some other occasions, the issue is normally because the stupid board software replaces the actual date with "today" or "yesterday", sometimes making absurds things, but evidently there is something else . RIght now, I see your first post as posted on the 13th, and bhplt's post on "yesterday" (which here means the 14th), but according to your screenshot you posted the first post on 13 February at 12:11 PM. You then edited it on 13 February at 12:12 PM. bhplt then managed to reply INSTANTLY on 13 February at 12:11 PM (he COULD NOT POSSIBLY have posted at the shown 9:11 PM quoting something you would have posted for the first time 3 hours later ). You were cross-posting/cross-editing at the same time, all within one minute between minute 11 and minute 12. jaclaz I believe 12PM is the afternoon which would make his response roughly 9 hours later. Which makes sense, because I posted the original before heading off to lunch on the 13th. EDIT: This also makes sense, because it is 1:19PM here, and it shows you posted at 12:24PM (afternoon not after midnight).. I am pretty sure the times associated with a post is based on the time zone you are in. This would indicate the time i posted the first message 9 hours later was the response, regardless of the time zone a person is in.
  10. Actually, it wasn't there because it was in the duplicate thread the OP had posted, which has since been deleted. Now he has posted the link in this thread as well, so we're all good. Cheers and Regards Actually if you look at the time stamp at which the post was edited, you would see it was before the post asking for the attachment.
  11. Senario: System works normal then I run a rollup of updates (script to install all updates in a folder), then the network card no longer detects the cable plugged in. We test on 10 models of laptops / desktops and this is the only one with this issue. This rollup is from July of last year, so the KBs / Updates are from that time period. Model : Compal BlB3 (Transource Roadrunner) Network Card : Realtek PCIe GBE Family Controller Operating system: Win7X86 SP1 / Win7x64 SP1 (happens on both OSs) List of KBs installed in rollup script: Windows6.1-KB2698365-x86.msu Windows6.1-KB2655992-x86.msu vbe62007-kb2596744-fullfile-x86-glb.exe Windows6.1-KB2691442-x86.msu msxml4-KB2721691-enu.exe Windows6.1-KB2719985-x86-6.0.msu Windows6.1-KB2718523-x86.msu rvkroots.exe works6322007-kb2596871-fullfile-x86-glb.exe infopath2007-kb2596666-fullfile-x86-glb.exe ipeditor2007-kb2596786-fullfile-x86-glb.exe msxml4-KB2721691-enu.exe 3rd party items installed in rollup script: jre-7u5-windows-i586.exe install_flash_player_11_active_x.exe Regedits in rollup script: disable Java phone home: HKLM\SOFTWARE\JavaSoft\Java Update\Policy","EnableJavaUpdate","REG_DWORD","0" Things I have done to attempt to fix it.. 1. Update drivers (no luck) 2. Install all items manually to determine what broke the nic (everything works fine) 3. reset IP stack, I didn't think this would work but i saw it on a forum somewhere I have attached a copy of the script, this is in autoit. Is there anything else I should try? Updates_July12.au3
  12. Yep, that was with the intent of disambiguating, as often happens the MS guys are using the same term to completely different concepts. Additionally I presume you are not blocking "USB Removable" you are blocking ALL Mass Storage devices belonging to the "Removable class" (i.e.also Firewire). http://technet.microsoft.com/en-us/library/cc772540(v=ws.10).aspx And by "exactly" I meant something like: http://gps.cloudapp.net/Default.aspx?PolicyID=2282#2281 IF the thing is done for some "serious" security reason, you might want/need to also look in the WPD classes. I don' t think that you can get a "by serial" limitation through GPO or Registry, see this: http://www.itexpertmag.com/security/danger-usb (AND relevant links in it) The "common" solution is a service running in the background, AFAIK, BUT you can use another approach, preventing installation of drivers: http://community.spiceworks.com/how_to/show/1488-lockdown-usb-to-specific-removable-usb-drives Basically you install all "authorized" devices, then you "lock" the install of any further device. (I have NO idea how much secure this approach is). Personally, I would TRY getting the Mass Production Tool for the "authorized" sticks and combine the solutions based on several ways: by Vid/PId <- this is the one that you reported as working but without the needed details by DeviceID <- with DeviceiD changed by the MPT, this is the approach with "Device ID" seen here: http://www.itexpertmag.com///images/stories/3308a/Step%20By%20Step%202/Shot%202.jpg by serial <- IF one of the above allows for specification of the serial by serial once installed the authorized ones <- this is the approach seen here: http://community.spiceworks.com/how_to/show/1488-lockdown-usb-to-specific-removable-usb-drives With the appropriate MPT you can customize Vid, PId, Device ID and serial, so that you create a "unique" set of "authorized" sticks. This way the "intruder" would probably need to bypass a couple of "layers" instead of just one. jaclaz The main problem with that approach, for me at least, is our systems are not local and sometimes on the other side of the world. I would need a way to allow certain Removable devices, but block all others. These removable devices need to be approved by management in order to get allowed onto the system. Again these systems are not on a domain, which make this much more difficult.
  13. The USB specs do impose a serial on any USB mass storage device (controller) and actually I would say 99.99% sticks I have ever seen do sport - from factory - such a serial number. The Vid and Pid on the contrary, besides same "brand" has often and still are misused, some brand will have their own Vid, some will use the generic Vid of the maker of the controller. A number of "brands" will additionally use te same Pid for very different models. HOW exactly you have (currently) blocled *all* "removable" USB storage devices? What exactly do you mean by "Removable" devices (most if not all USB stick controllers are set in factory as Removable but the bit can be "flipped" and you can have for a very large number of models/brands/controllers a USB stick set as "Fixed" - just like a USB hard disk normally is). jaclaz We are currently blocking via localGP via the Removable Storage Access. These systems are not part of a domain. Is there a better way to do this, and allow certain removable storage drives? EDIT: The GP we are using blocks, from what i can tell, all USB drives fixed or removable.
  14. I am attempting to block all removable USB storage devices, which is complete, but I am trying to allow certain devices to be installed. I was hoping i could do this by Hardware ID, but it appears if I have two thumb drives of the same brand both items will work since they share the same Hardware ID. It would be nice to allow items based on serial since that is different per flash drive or any removable media. .