Issues with custom inventory rule using ShellCommandTextReturn
I am attempting to get the encryption status of a Symantec PGPWDE encrypted disk and returning the results as a custom inventory field so it can be run in a report and put side by side with the enrollment server data. I was able to accomplish this on our Macs with no issue but am having difficulties on the PC side. After creating the rule, no machines show in the software-to-computer deployment detail after forcing a few to update.
I created a custom inventory rule selected all Windows OS options and include the following:
ShellCommandTextReturn(cmd /c "C:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde" --status)
I've looked through a few dozen of articles and most are about not including "cmd /c" or quotes which is not the case here. The command itself works fine if run from a command window and displays the disk status so I don't think it's the path or command. I've also tried using %ProgramFiles(x86)% and 8.3 format for the directories. As well, I included a \ between /c and "c:\ (ie /c \"C:\Program Files..) as seen in one article.
Am I leaving out anything noticeable?
I created a custom inventory rule selected all Windows OS options and include the following:
ShellCommandTextReturn(cmd /c "C:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde" --status)
I've looked through a few dozen of articles and most are about not including "cmd /c" or quotes which is not the case here. The command itself works fine if run from a command window and displays the disk status so I don't think it's the path or command. I've also tried using %ProgramFiles(x86)% and 8.3 format for the directories. As well, I included a \ between /c and "c:\ (ie /c \"C:\Program Files..) as seen in one article.
Am I leaving out anything noticeable?
1 Comment
[ + ] Show comment
Answers (4)
Please log in to answer
Posted by:
erush
9 years ago
For Windows, an alternate method to script a text file is to create the PGPprefs.xml with the full adminPrefs section from an enrolled user's PGPprefs.xml in the SYSTEM user's AppData folder. The whole reason it fails for SYSTEM is due to adminPrefs.
1. You can create a default PGPprefs.xml for SYSTEM by first running the ShellCommandTextReturn pgpwde --status check. Or you can just grab the file from an enrolled user's appdata location and skip 2. But I prefer not to have other pref fields configured if unnecessary.
2. Then replace the entire "adminPrefs" key section from opening <dict> to closing </dict> from an enrolled users PGPprefs.xml file "C:\Users\<username>\AppData\Roaming\PGP Corporation\PGP\".
<key>adminPrefs</key>
<dict>
....
</dict>
3. After that either copy file with a script or do a non persistent file sync to the SYSTEM user's AppData folder depending on 32/64 bit OS:
%WinDir%\SysWOW64\config\systemprofile\AppData\Roaming\PGP Corporation\PGP\
%WinDir%\System32\config\systemprofile\AppData\Roaming\PGP Corporation\PGP\
(for file sync I say non-persistent as you only need to copy it over once, when running pgpwde commands the file may update parameters in the pref xml)
After PGPprefs.xml exists with production adminPrefs key settings, SYSTEM user can run the command no problem so ShellCommandTextReturn will then work.
Also remember that --status without specifying disk will only show disk 0, so you may want to run a status check for each disk.
1. You can create a default PGPprefs.xml for SYSTEM by first running the ShellCommandTextReturn pgpwde --status check. Or you can just grab the file from an enrolled user's appdata location and skip 2. But I prefer not to have other pref fields configured if unnecessary.
2. Then replace the entire "adminPrefs" key section from opening <dict> to closing </dict> from an enrolled users PGPprefs.xml file "C:\Users\<username>\AppData\Roaming\PGP Corporation\PGP\".
<key>adminPrefs</key>
<dict>
....
</dict>
3. After that either copy file with a script or do a non persistent file sync to the SYSTEM user's AppData folder depending on 32/64 bit OS:
%WinDir%\SysWOW64\config\systemprofile\AppData\Roaming\PGP Corporation\PGP\
%WinDir%\System32\config\systemprofile\AppData\Roaming\PGP Corporation\PGP\
(for file sync I say non-persistent as you only need to copy it over once, when running pgpwde commands the file may update parameters in the pref xml)
After PGPprefs.xml exists with production adminPrefs key settings, SYSTEM user can run the command no problem so ShellCommandTextReturn will then work.
Also remember that --status without specifying disk will only show disk 0, so you may want to run a status check for each disk.
Posted by:
dwally
10 years ago
Can the pgpwde --status pipe it's output to a text file? If yes, try the following...
Part 1 - Create a Script.
Use the scripting module and create a script that runs C:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde" --status" > c:\windows\temp\pgp.txt
Part 2 - Create a Custom Inventory rule that reads in the output from the PGPWDE --Status Command.
ShellCommandTextReturn(cmd /c more +3 C:\windows\temp\pgp.txt)
I use the more +3 to bypass the Microsoft header information.
Hope this helps.
Comments:
-
What command do you use to create a custom rule that reads in the output file in Ubuntu ? - gandam.kumar 5 years ago
Posted by:
monkeydavidn
9 years ago
I was able to get this to work for Windows using the script to pipe output to text then CIR the text.
What command did you use to get pgpwde working on the Mac? I can't seem to figure that out.
Comments:
-
For the Mac I use:
ShellCommandTextReturn(/usr/local/bin/pgpwde --status) - erush 9 years ago-
Thanks erush! - monkeydavidn 9 years ago
Posted by:
SDNBTP
10 years ago
Have you tried this?
ShellCommandTextReturn(cmd /c ""C:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde" --status")
If I run your command with single quotes (the way you posted it), it says 'C:\Program' is not recognized as an internal command which tells me it's probably not passing the whole string during the cmd /c.
Comments:
-
I think that was also suggested in another post that I ran across. I just tried it and still the same results. The syntax appears to be correct but I'm just not sure where I'm going wrong. Thank you for the suggestion though! - csutton79 10 years ago
Could you share what command you used to get the Mac command of pgpwde working? - monkeydavidn 9 years ago