Power Off Script?
Hello all,
I had a question about power-off scripts in the K1000. Currently I have a shut-down script for all desktops that runs every evening. I'd like to extend this script to shut down laptops as well, with one exception. Some employees take their laptops home and work on them, and I don't want these to shutdown. So I want to shutdown any laptop that is still on the local network, but not the laptops that are outside the network. I had considered using a smart label based on IP address, but I'm worried about the possiblity of the laptop being connected by an AMP connection but not updating the inventory before the script runs. Is there another way to make sure the computer is on the local network before running this script? Or is there a better way to achieve my goal. What do you guys recommend? -Ben M
Answers (5)
There's a few scripts out there to check IP address then run a script. These should be able to be modified to work with Kace.
http://transmitterdown.wordpress.com/2011/10/21/login-script-that-checks-current-ip-address-to-a-load-certain-script/
http://social.technet.microsoft.com/Forums/zh/ITCG/thread/d12847b1-9181-41a8-b166-4c4606b34cae
Comments:
-
That thought had occurred to me but our laptops all have IP addresses of 192.168.x.x at work. When they go home the KACE box sees their external IP address at home (which is how the smart label would work), but the computer will still see itself as whatever local IP address the home router gives it (which will probably also be 192.168.x.x). - Ben M 11 years ago
-
Yeah I was going to ask what your subnets were. - dugullett 11 years ago
-
I guess they would also be using VPN? It might be a lot of work to get to the end result, but I wonder if something like this would work?
@echo off
PING 192.168.x.x
IF %errorlevel% neq 0 goto exit
shutdown /s
:EXIT
exit
Just make sure the IP is something on your network. With 192.168 that might be a little difficult. You could ping the FQDN of something on your network. - dugullett 11 years ago -
No, most of them are not using a VPN. - Ben M 11 years ago
-
Actually that script might do what I want it to. I'll have to try some tests. - Ben M 11 years ago
Hey ben should be able to create a smart label based on the dnsdomain they are connected to
this will change at home since they are hooked to the isp's dns
Comments:
-
A custom software item for this would be
ShellCommandTextReturn(c:\windows\system32\wbem\WMIC.exe nicconfig get dnsdomain
and run the runkbot at startup so this get updated. Then you can base a label on this - SMal.tmcc 11 years ago -
I'm going to take a look at running the runkbot at startup and combine it with the IP address based smart label. - Ben M 11 years ago
-
http://www.itninja.com/blog/view/k1000-5-3-agent-commands-runkbot-exe - SMal.tmcc 11 years ago
-
Not sure how many machines you have, but I would try and limit that. Kace says not to have more than 50 machines check in at the same time with their script. You should be ok, but there's always the perfect storm.
I would also be concerned with login time. - dugullett 11 years ago-
I would only do this for machines that go off the network - SMal.tmcc 11 years ago
Ben just ran a report on our off campus laptops and it looks like they are using the ip from isp assigned to their router. we are a 10.xx.xx.xx network, I my network at home is a 10.10 but shows different in the report.
Comments:
-
Yea, the K1000 sees the external IP address on machines that are off of the network, not the internal address. That was how I was originally intending to set up my smart label. - Ben M 11 years ago
-
your original idea should be fine,. my at home TMCC laptop natted IP is currently 10.10.100.101 at home but shows as 75.142.249.58 here and if I go into my dsl router/modem that is it's current IP. Do what I did is create a report and check it to see if this will work or not - SMal.tmcc 11 years ago
Would it be simple enough to use the script function to show an alert before shutting down? If the users are actually using the computer then they'll have the opportunity to cancel the script from running.
Also, I'm guessing that you're running the shutdown script for power savings. Perhaps an alternative idea is to setup your laptops to suspend or hibernate after a given time period. This would effectively shutdown any laptops that aren't being used whether they are on the network or not.
We tried using IP ranges, DNS suffix, and the runkbot on a regular interval to update smart labels but it did not work very reliably for various reasons.We also have a notice displayed with a countdown timer, but people at home tend to walk away from their computer, and even a 60 minute countdown was not enough.
In retrospect, this simple method worked perfectly and still does after 6 months:
Use Verify step in your shutdown kscript to confirm your \\YOURDOMAIN\NETLOGON directory exists. If it does (Success) then shutdown. If it does not Break On Error and do nothing (I guess you could do something in Remediation but we had no need for that). If you don't have a NETLOGON share (not on a domain) you can use a different network based directory, but make sure that Computer SYSTEM account has access to it. If it does not in your Verify step do a "net use \\somelocation\somefolder /user:username password" to grant the computer SYSTEM account access otherwise it will always fail (this password is visible in KBOX logs so make sure it is a low privilege account with no rights, and the folder you are testing has no sensitive data in it as well).
This took care of our problem with laptops shutting down at home. I hope that helps.
Verify
Verify that the directory “\\YOURDOMAIN\netlogon” exists.
On Success
Launch “$(KACE_DEPENDENCY_DIR)\shutdown.exe” with params “-f -l 1800 -m ”This is a scheduled nightly shutdown, please press Cancel to continue working.“”.
Comments:
-
very creative, You should test this on a laptop at home that is VPN'd in and see if that dir exists. - SMal.tmcc 11 years ago
-
You are correct--we use SSL VPN to provide specific apps, as there is no full network connectivity our approach works. If you do have full network connection for your users, it may not work for you.
One more thing to note: in 5.3 the directory path had to end in "\", and in 5.4 it does not. This made for a very interesting day after we upgraded and our customers started calling in about their laptops shutting down at home. Test, test, and test. - merklo 11 years ago