Slashdot Mirror
Distributing Custom Modifications to 4000 Windows Boxen?
kenp2002 asks: "I recently tried to disable my Sleep Key on a Dell GX150. I found several ways to do this manually, but now I have to find a way to script a solution to do this on over 4000 machines! I tried keyboard re-mapping both through tools (which didn't see any ACPI keys) and through Microsoft's documentation (the old HKLM\Keyboard Layout change). Does anyone know of a solution on how to either remap or disable the Sleep key through a script or a really good internet resource where I can find information on issues like this? Keyboard filter drivers are not an option unless it can auto-install itself."
"I am on several Linux mailing lists but have never found a good NT mailing list where I can ask such questions from other admins.
I am stumped and Appdeploy wasn't much help, either.
I must prevent users from putting the machine into suspend and amazingly Microsoft will prevent a user, through administrative policy, from turning the machine off, but not suspending it! Any suggestions would greatly reduce my stress level and earn my eternal gratitude. "
Software to 4000+ boxes... easy, just install Outlook, a few choice lines of script.. well, it works for a load of viruses anyway! ;-)
Just pry off that key... worked well enough for me, at least.
What i would try:
.reg file. Simply drop a token file out somewhere and run an if loop to prevent it from having to do it each and every time. If you're not in a domain, hire cheap help...
1: Use a pro duct called "Advanced Registry Tracer" [search for it, you'll find it] to see the registry change made when you modify it from the Power options > Advanced control panel applet (granted you're using 2000 or XP). On a side note, ART is a kickass tool. There are many handy little uses for it.
2: If you are in a domain, simply assign a startup script. Execute a batchfile which updates the registry via a
Dell has a utility called OpenManage that allows you to push BIOS updates, update certain drivers, etc. from a centralized computer on the domain. I've only used it in the testing labs (I'm at Dell) so I don't know the street price of this app.
Cruising the internet on my TI-99/4A @ a whopping 300 baud!
Are these boxes running NT with Dell "enhancements" or is this really 2000 or XP? NT didn't support power management so any that's in there is from Dell.
If these are 2000/XP boxes, do you have WMI enabled? If so you could connect to each box through a script and change the appropriate registry setting. You can also use WMI if you have explicitly installed it on NT. If you have 4000 Windows boxes you should definitely already be using WMI.
Do you have a common company-wide home page set for these users? Do they use IE4 or higher? If yes to both, you could put an ActiveX control on that home page and have it make the changes you need. Since your company home page is on the network behind the firewall it will be in the "local intranet" security zone and the user won't be queried when the ActiveX is installed.
Or put a script on a share and execute it as part of login policy.
If you are running 4,000 pc's w/o a domain, quit.
Conformity is the jailer of freedom and enemy of growth. -JFK
1. What OS are the machines running?
2. What level of Access do the users have, admin, poor shumck user?
3. Do you have SMS Installer available to you(its a programing environment for writing install scripts)?
4. Do you have Winbatch available to you? (you will need either 3 or 4 not both)
5. Do you have the Resource kit for whatever os they are running?
You just need a script that removes the key written in one of the two installers above. To deploy it you need to know what level of access the users have...if they all generally have admin(unfortunately most companies are that stupid to give all the users this level of access to thier own machines) then you can deploy the script in the logon. Otherwise, Group policies could be used, or SMS. That failing grab a copy of Darkside its a utility for alllowing you as a n admin to removely excute things on someone elses machine. PSexec could also be used for this as well.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Ya know, i think you just found slashdot a new revenue stream. :)
WINNT-L: Windows NT/2000 Discussion List is a good place to ask questions and look for answers. Their archive is online but you have to be subscribed to search it. I think they host some other good mailing lists but I'm only subscribed to this one.
I know its evil but set up a rshd on all these and then you dont have these problems
unix solved this a long time ago with nfs or rsh
lost of people do rshd and I suspect that you could get a sshd for win32 as well
oh and name your box's well (-;
regards
john jones
sysinternals make loads of good tools for doing that kinda thing, often free and sometimes with source code
thank God the internet isn't a human right.
On a more positive note, if you have 4000 machines and you don't have ghost GET IT, you NEED IT! You'll save 1000's of hours building machices. I personally loaded 100 machince from no OS-to ready to put on the floor (each with a unique hostname and static-ip address) in about 1 hour.
101010b 2Ah 52o
I was actually more poking around from some good mailing lists to subscribe to versus answers. I am very greatful for the responses. The problem with scripting and what not is they are Kiosk systems made for us by Dell. I can only push to the machine via an FTP script (These machines are the most ultra-locked down systems I have seen in my 7+ years consulting!). I found a keyboard filter driver to use and a M$ tool called devcon to auto install it. I am still searching for a few good NT/2000/XP mailing lists to subscribe to. The problem has been soved thanks to the help of the slashdot community. Now I just need some leads on Uber mailing lists to join! Thanks again people, you've been a great help.
-=[ Who Is John Galt? ]=-
but here's the deal. first, you apparently paid for 4000+ copies of windows whatever. call. your. vendor. even if ms only made a buck off each copy, and you know they made more, that's still $4,000+. they can afford to answer a question for you.
second, microsoft is extremly hostile to a large portion of the free software world - like the part that provides most of two gui's, the main compiler basic utilities across at least 4 free os's (one of which ms is extremely hostile to). so *WHY* in gods name do you think that people who make those systems their hobby or their livelihood shood actually spend time answering nt questions.
my attitude is, if you have a problem with a microsoft product call them or call a consultant. if you get poor support, well then maybe you should bring up that lack of support with your boss?
US Citizen living abroad? Register to vote!
If you have that many machines you should have some sort of asset management software in place already. (If you don't then maybe that's why the last few admins have left!)
Unless, of course, you do have some but it's Microsoft's SMS (which is worse than nothing at all).
But even if you don't have anything that fancy, hasn't anyone in your company ever heard of a login script?!?
FreeLinux said:
...
>You don't say what the manual ways are. I suspect that you are doing it with the Dell keyboard utility that Dell places on the desktop. This utility is more than likely making a registry change or has an ini file where it keeps the settings. You need to find out which and locate the change.
>Once you have located the change it is a simple matter to push it out to the other machines. First, there are management applications that you should look at. With 4000 machines to manage you should definitely be running a management application. Microsoft sells SMS which is somewhere between OK and weak. Novell sells ZenWorks for Desktops(yes it runs on NT/2000 too), which is outstanding for this kind of thing. Both of these products will allow you to easily scan the system to find the changes that the Dell utility is making. Both management systems will allow you to image these changes and then automatically push them out to the clients.
...
and then kenp2002 said:
> Correct on al counts but distribution is no problem I have access to Tivoli for managment. But I was seeking help on how to remap the sleep key (or a good mailing list) as I could not get it to work through the registry or most keyboard tools. I wasn't looking for how to distribute it. I should have made it clearer. You hve plenty of good ideas. Also these machines are Kisok machines, no workstation apps at all, just in house stuff.
(both below 2 so I'm quoting to make them seen)
I'll repeat FreeLinux's comment - do you have a manual way to remap it? I have personal experience with Novell's ZENWorks - it includes a utility called SnapShot that can, as FreeLinux said, find the changes made by another app quite easily. You can view the changes thus discovered and push them out through the management tool of your choice. I would hope that Tivoli has a tool like SnapShot. If it doesn't, then how are you packaging apps for distribution?
And again as FreeLinux said - ZENWorks will run just fine on NT/2K without any Netware in sight. The latest version (4, now in beta) will even run without Client32.
The Crystal Wind is the Storm, and the Storm is Data, and the Data is Life
Easy way to disable sleep key: knife under, lift up. A hammer might be too damaging to other keys.
Could you explain more completely how to do this?
Even better than DD is partimage for linux. It does what DD does, but it only reads the portion of the drive that's being used. I install a linux partition on all my [required] Win boxes and when a luser fscks one of them up, i just copy the partition back over from the linux drive (using a partimage boot CD). It's really made my life easy. I'm not sure what the URL is, but a quick search on google for "partimage" will produce it.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
Ok, strange enough the link is: http://www.partimage.org.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
It shouldn't be necessary to say this, but rsh is an enormous security hole! It authenticates using IP addresses only. Use ssh instead, it has the same functionality.
Dell uses something called the Netropa Multi-Media Keyboard. It has four extra buttons 3 are programmable using a utility called Dell Touch and the forth is the sleep button.
r entVersion\Run
These buttons, certainly the sleep button, rely on a psuedo service called MMKEYBD.EXE. While MMKEYBD.EXE is running, pressing the sleep key will put NT/2000 into sleep mode. To prevent this from happening you simply disable the service.
To disable the service open regedit and delete the following key value: HKey_Local_MAchine\Software\Microsoft\Windows\Cur
SZ Multimedia Keyboard
The next time the PC is started, MMKEYBD.EXE will not run and the sleep key will be dead. NOw, if you also need the other programmable keys to work, you still have a problem as I believe that they will also be dead when this service is stopped.
Dell uses something called the Netropa Multi-Media Keyboard. It has four extra buttons 3 are programmable using a utility called Dell Touch and the forth is the sleep button.
r entVersion\Run
These buttons, certainly the sleep button, rely on a psuedo service called MMKEYBD.EXE. While MMKEYBD.EXE is running, pressing the sleep key will put NT/2000 into sleep mode. To prevent this from happening you simply disable the service.
To disable the service open regedit and delete the following key value: HKey_Local_MAchine\Software\Microsoft\Windows\Cur
SZ Multimedia Keyboard
The next time the PC is started, MMKEYBD.EXE will not run and the sleep key will be dead. NOw, if you also need the other programmable keys to work, you still have a problem as I believe that they will also be dead when this service is stopped.
As for good mailing lists...... I've never seen one.