none
Help needed witha VB script RRS feed

  • Question

  • I am trying to run a script and return control to the SCCM task sequence, something not working right

    Can someone here help me out? the decryption part runs fine, but control not returned to the task sequence.

    set wshShell = WScript.CreateObject ("WSCript.shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Decrypting = 1
    Decrypt = "c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --decrypt --passphrase ""myphrase"" --disk 0"
    Do While decrypting = 1
     wshshell.Run Decrypt,1,true
     wscript.sleep 2000
    Loop
    Set colProcessList = GetObject("Winmgmts:").ExecQuery ("Select * from Win32_Process")

    For Each objProcess in colProcessList
    If objProcess.name = "pgpfsd.exe" then
    DecRuning = True
    End if
    Next
    ' what to do
    If DecRuning then
    decrypting = 1

    Else
    End If
    WScript.Quit

    Friday, March 29, 2013 8:53 PM

Answers

  • I have worked with SCCM for close to 6  years now and pretty familiar with what it can do, I never had the "pleasure" to decrypt PGP drives. Bit locker and Mcafee are easy as they ahve the tools fo rthis, but not Symantec.

    I have two scripts now, they are both a part of the TS, one does decryption, and one detects the status. The no longer reboot unexpectedly.

    thanks again for the help and the pointing me to the right direction..

    Tested on about 15 laptops so far, works every single time.

    ' *****************************************************************************
    '
    ' Decrypt a PGP drive prior of deploying Windows 7
    ' We need to check the status of the decryption process before we continue
    ' this can be done by generating a status file and periodicall check it
    ' the first script starts decryption and writes the fist status file
    ' this will be script # 1,
    ' <><><><><><><>
    ' // Set objFSO = CreateObject("Scripting.FileSystemObject")
    ' // Set wshShell = WScript.CreateObject ("WSCript.shell")
    ' // Set objFSO = CreateObject("Scripting.FileSystemObject")
    ' // Decrypt = "c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --decrypt --passphrase ""passphrase"" --disk 0 --dedicated-mode"
    ' // Status = "CMD /c c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --Status>C:\status.txt"
    ' // wshshell.Run Decrypt,1,True
    ' // wshshell.Run Status,1,True
    ' <><><><><><>
    ' This is script # 2
    ' Place both scripts under the Refrssh Scenario as the first group
    ' condition to run can be the existance of PGP folder / file like pgpwde.exe.
    ' REFRESH ONLY
    '       Decryption Group
    '       Script #1
    '       Script #2

    '       Uninstall PGP if needed (we always do)

    ' First Version by Shrek46
    ' Date: 3/31/2013
    '  Credits: http://who10.hubpages.com/hub/Using-VBScript-To-Search-Inside-Files

    ' *****************************************************************************
    Set wshShell = WScript.CreateObject ("WSCript.shell")
    Dim objFSO, strLine, objReadFile, strFound, strReboot, strStatus
    ' if we want to reboot once decryption is done, although there is no need during TS.
    'strReboot = "shutdown -r -t 60 -f "
    'Command Line to generate the decryption status
    strStatus = "CMD /c c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --Status>C:\status.txt"
    'Start working
    Do Until strFound > 0
     
    wshshell.Run strStatus,1,True 
    Set objFSO = CreateObject("Scripting.FileSystemObject")
     'Read the status file
      Set objReadFile = objFSO.OpenTextFile("C:\status.txt", 1, False)
     'Reads until EOF.
     Do Until objReadFile.AtEndOfStream
      'Sets the line being read to a variable named strLine.
      strLine = objReadFile.ReadLine
      'Trims the strLine variable to remove any leading or trailing spaces.
      strLine = Trim(strLine)
      'Look for this line in Status.txt
      If InStr(strLine, "Disk 0 is not instrumented by bootguard.") Then
       strFound = 1
       ' If this file is a part of an SCCM Task sequence, leave both lines below commented
       ' The script will return control to SCCM (thanks the scripting  guy forum for the input)
       'WScript.quit()
       'wshshell.Run strReboot,1,True
        strLine = Trim(strLine)
       End If
      Loop
      'for as long as the text we search is not found,
      WScript.echo strLine
      Set objFSO = Nothing
      ' Sleep for 10 minutes befroe writing the next status file.
     WScript.Sleep 600000
     Loop
     

    Saturday, March 30, 2013 10:38 PM

All replies

  • Remove WScript.Quit.

    Look in event log and SCCM logs to see if the script is throwing an exception.

    The following won't work becuse you will neve get out of this loop;

    Do While decrypting = 1
     wshshell.Run Decrypt,1,true
     wscript.sleep 2000
    Loop

    Just use:

    wshshell.Run Decrypt,1,true

    When running under SCCM I thought you needed to use teh SCCM session object to create objects.

    This:
    set wshShell = WScript.CreateObject ("WSCript.shell")

    Should probably be this:

    set wshShell = CreateObject ("WSCript.shell")

    I believe that there is no WScript or WSH object under SCCM.


    ¯\_(ツ)_/¯

    Friday, March 29, 2013 8:58 PM
  • OK, pardon my VB ignorance, it is new to me.

    there are no exceptions, it is just running in the background.

    so this should work for me, because it started the process and immediately continued to the next part.

    set wshShell = CreateObject ("WSCript.shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Decrypting = 1
    Decrypt = "c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --decrypt --passphrase ""myphrase"" --disk 0"
    wshshell.Run Decrypt,1,true
    Set colProcessList = GetObject("Winmgmts:").ExecQuery ("Select * from Win32_Process")
    For Each objProcess in colProcessList
    If objProcess.name = "pgpfsd.exe" then
    DecRuning = True
    End if
    Next
    ' what to do
    If DecRuning then
    decrypting = 1
    Else
    End If



    Friday, March 29, 2013 9:26 PM
  • Don't know.  I have no idea what you are trying to do or if it will work.  I just pointed out some obvious possible places that could cause problems.

    I have no idea if the PGP utilities can run under SCCM.  You will have to contact he vendor for that.


    ¯\_(ツ)_/¯

    Friday, March 29, 2013 9:54 PM
  • I am trying to decrypt a drive prior of upgrading the OS, which is done using this line:

    PGPwde.exe --decrypt --passphrase ""myphrase"" --disk 0"

    this triggers a non-interactive process called PGPfsd.exe. What I am trying to do is trigger a reboot as soon as the process is no longer active, the terminates itself once decryption is done. At this point I either get an immediate reboot or cscript.exe still running in the background long after the decryption is completed.

    Friday, March 29, 2013 10:34 PM
  • Your line of code:


    wshshell.Run Decrypt,1,true

    You are using True as the last parameter, which means that the script will wait for the command to complete before continuing to the next line in the script. The only time this wouldn't work is if the program you're running starts a second process and then closes.

    Bill

    Friday, March 29, 2013 10:50 PM
    Moderator
  • Sorry, I had it all wrong. The process terminates as soon as the actual encryption starts, so I need to look for another way to determine when the disk is encrypted.
    Friday, March 29, 2013 11:51 PM
  • Decryption could take hours.  I don't think this will work over an SCCM session.\

    You are using proprietary encryption.  If you used MS bilocker you could query withWMI to see whaen the drive is decrypted.


    ¯\_(ツ)_/¯

    Friday, March 29, 2013 11:56 PM
  • Correct, but currently it has PGP, I must work with what I have, we are trying to avoid 2000 boots from bootable media.

    So as i found out, the only way for me is to run pgpwde --status, and output to a file, than read the file and look for a the phrase "Whole disk Decrypted". teh average decryption takes 3.5 to 4 hours, so i sort of have an idea how I want to do it, I will post back here ass soon as I need more help.

    I appreciate the input so far, great help.


    Saturday, March 30, 2013 1:43 AM
  • So I finally figured out what to do by running a decryption process my self, it took 2.5-3 hours.

    Here is where i am at now, it works fine, however I am struggling how to loop writing and checking the c:\status.txt file. I am trying to write the status every 10 minutes, and check it every 15.

    Dim strReboot
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    strReboot = "shutdown -r -t 60 -f "
    Set wshShell = WScript.CreateObject ("WSCript.shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Decrypt = "c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --decrypt --passphrase ""phrase"" --disk 0 --dedicated-mode"
    wshshell.Run Decrypt,1,True
    Status = "cmd /c c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --Status>C:\status.txt"
    wshshell.Run Status,1,True
    Dim objFSO, strLine, objReadFile
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    Set objReadFile = objFSO.OpenTextFile("C:\status.txt", 1, False)
    Do Until objReadFile.AtEndOfStream
    strLine = objReadFile.ReadLine
    strLine = Trim(strLine)
    If InStr(strLine, "not instrumented by bootguard") Then
    wshshell.Run strReboot,1,True
    End If
    Loop
    WScript.echo strLine
    Set objFSO = Nothing



    Saturday, March 30, 2013 1:52 PM
  • Why do you think you need to do this?  It appears to me that you are trying to use SCCM fro something that it is not intended to be used to do.

    SCCM is good for managing an enterprise with many systems.  It is not really useful for managing a single system remotely.

    Most drive encryption software updates the event log with major items.  The even log can be evented to tell us when a specific event occurs and then execute a script or send a message.


    ¯\_(ツ)_/¯

    Saturday, March 30, 2013 2:00 PM
  • Does not seem like you ever worked with Symantec Products where the most predictable thing is the unpredictable.

    As I have stated earlier, I have to work with what i have right now, I found this as the best way to perform what I need. when breaking this to pieces it works exactly as I want, so I would like to combine this into one script.

    Thanks again for you help.

    Saturday, March 30, 2013 3:02 PM
  • Does not seem like you ever worked with Symantec Products where the most predictable thing is the unpredictable.

    As I have stated earlier, I have to work with what i have right now, I found this as the best way to perform what I need. when breaking this to pieces it works exactly as I want, so I would like to combine this into one script.

    Thanks again for you help.

    I have worked quite a bit with Symantec.  The issue is not Symantec but it is SCCM.  You are approaching SCCM like it is a one step process.  SCCM has task steps.  Use multiple steps.  Enable step two to run 3 or 4 hours after step 1.  If it fails have SCCM reschedule it 10 minutes later until it runs with no error.

    A step can be conditional on the result of the previous step and can be told to recycle a step until....

    This is how we do this with very simple scripts.  We let SCCM be the brains of the operation.  You are trying to defeat the design by making a script do the work of SCCM.


    ¯\_(ツ)_/¯

    Saturday, March 30, 2013 7:35 PM
  • I have worked with SCCM for close to 6  years now and pretty familiar with what it can do, I never had the "pleasure" to decrypt PGP drives. Bit locker and Mcafee are easy as they ahve the tools fo rthis, but not Symantec.

    I have two scripts now, they are both a part of the TS, one does decryption, and one detects the status. The no longer reboot unexpectedly.

    thanks again for the help and the pointing me to the right direction..

    Tested on about 15 laptops so far, works every single time.

    ' *****************************************************************************
    '
    ' Decrypt a PGP drive prior of deploying Windows 7
    ' We need to check the status of the decryption process before we continue
    ' this can be done by generating a status file and periodicall check it
    ' the first script starts decryption and writes the fist status file
    ' this will be script # 1,
    ' <><><><><><><>
    ' // Set objFSO = CreateObject("Scripting.FileSystemObject")
    ' // Set wshShell = WScript.CreateObject ("WSCript.shell")
    ' // Set objFSO = CreateObject("Scripting.FileSystemObject")
    ' // Decrypt = "c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --decrypt --passphrase ""passphrase"" --disk 0 --dedicated-mode"
    ' // Status = "CMD /c c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --Status>C:\status.txt"
    ' // wshshell.Run Decrypt,1,True
    ' // wshshell.Run Status,1,True
    ' <><><><><><>
    ' This is script # 2
    ' Place both scripts under the Refrssh Scenario as the first group
    ' condition to run can be the existance of PGP folder / file like pgpwde.exe.
    ' REFRESH ONLY
    '       Decryption Group
    '       Script #1
    '       Script #2

    '       Uninstall PGP if needed (we always do)

    ' First Version by Shrek46
    ' Date: 3/31/2013
    '  Credits: http://who10.hubpages.com/hub/Using-VBScript-To-Search-Inside-Files

    ' *****************************************************************************
    Set wshShell = WScript.CreateObject ("WSCript.shell")
    Dim objFSO, strLine, objReadFile, strFound, strReboot, strStatus
    ' if we want to reboot once decryption is done, although there is no need during TS.
    'strReboot = "shutdown -r -t 60 -f "
    'Command Line to generate the decryption status
    strStatus = "CMD /c c:\progra~1\pgpcor~1\pgpdes~1\PGPwde.exe --Status>C:\status.txt"
    'Start working
    Do Until strFound > 0
     
    wshshell.Run strStatus,1,True 
    Set objFSO = CreateObject("Scripting.FileSystemObject")
     'Read the status file
      Set objReadFile = objFSO.OpenTextFile("C:\status.txt", 1, False)
     'Reads until EOF.
     Do Until objReadFile.AtEndOfStream
      'Sets the line being read to a variable named strLine.
      strLine = objReadFile.ReadLine
      'Trims the strLine variable to remove any leading or trailing spaces.
      strLine = Trim(strLine)
      'Look for this line in Status.txt
      If InStr(strLine, "Disk 0 is not instrumented by bootguard.") Then
       strFound = 1
       ' If this file is a part of an SCCM Task sequence, leave both lines below commented
       ' The script will return control to SCCM (thanks the scripting  guy forum for the input)
       'WScript.quit()
       'wshshell.Run strReboot,1,True
        strLine = Trim(strLine)
       End If
      Loop
      'for as long as the text we search is not found,
      WScript.echo strLine
      Set objFSO = Nothing
      ' Sleep for 10 minutes befroe writing the next status file.
     WScript.Sleep 600000
     Loop
     

    Saturday, March 30, 2013 10:38 PM