7 Replies Latest reply on Feb 12, 2019 11:44 AM by karlehenry

    Installing software with VBS Script

    karlehenry Apprentice

      We just upgraded or Encryption Platform and need to upgrade our clients as well as install the client when we provision new machines.  We have a .vbs script which works when run locally.  Even when we manyally run it from the share, it installs successfully.

       

      However, When we run this from Ivanti EPM 2018.3, the distribution package runs and completes that it was successful, but nothing was installed.

       

      When reviewing the logs it never gets past running bdehcfg.exe as it seems from the vbs script which will be posted below.

       

      I have tried the following:

      1. SWD using actions and launching an executable.

      2. SWD using custom and manually typing the execution path of either cscript or wscript

      3. creating an OS Provisioning task to do the same.

       

      I have tried including a map unc path to the share when launching.  Anyones help is appreciative, I am trying to avoid having to re-script this entire vbs script to work for us.

       

      VBS SCRIPT FOUND BELOW THIS LINE IN RED TEXT

      ------------------------------------------------------------------------

      Option Explicit

       

       

      ' ##############################################################################################

      ' Sophos SafeGuard Enterprise

      ' Advanced Client Installation & Upgrade Script V4

      '

      ' Original Author: jdegon - Sophos Professional Services

      ' Modified/Edited by: vmauhar - Sophos Professional Services

      ' Copyright: ©2018 Sophos

      ' Version: 8.1 Edited 11-28-18

      '

      'Changes:  Added in File Encryption Engine Build 22 for SGN 8.10.0.323 Patch.

      '          Added in a new reboot option at the bottom for reboot delays.

      '

      ' THIS SCRIPT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED

      ' OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR

      ' FITNESS FOR A PARTICULAR PURPOSE.

      '

      ' This script is not supported under any Sophos standard support program or service.

      ' The script is provided AS IS without warranty of any kind. Sophos further disclaims all

      ' implied warranties including, without limitation, any implied warranties of merchantability

      ' or of fitness for a particular purpose. The entire risk arising out of the use or performance

      ' of the sample and documentation remains with you. In no event shall Sophos, its authors,

      ' or anyone else involved in the creation, production, or delivery of the script be liable for

      ' any damages whatsoever (including, without limitation, damages for loss of business profits,

      ' business interruption, loss of business information, or other pecuniary loss) arising out of

      ' the use of or inability to use the sample or documentation, even if Sophos has been advised

      ' of the possibility of such damages.

       

       

      ' ##############################################################################################

      ' ## Return codes produced by script when using automated deployment solution such as SCCM

      ' ##############################################################################################

      '-- EXITCODE - 0 (Zero)  - Successful install

      '-- EXITCODE - 1 (One)   - Pending reboot detected

      '-- EXITCODE - 2 (Two)   - Version of SafeGuard detected can not be upgraded

      '-- EXITCODE - 3 (Three) - User clicked "Cancel" on popup window

      '-- EXITCODE - 4 (four)  - Both ApplicationBasedFileEncryption and LocalBasedFileEncryption were selected

      '-- EXITCODE - 5 (five)  - SGN Client Patch failed installation

      '-- EXITCODE - 6 (Six)   - Windows Pro detected with Windows7_Bitlocker = "Yes" & Windows7_ProDefault2SGN = "No" options selected

      '-- EXITCODE - 7 (Seven) - OS detected is not supported

      '-- EXITCODE - 8 (Eight) - Installation of SGNClient.msi failed, review debug logs or windows event viewer for cause

       

       

      ' ##############################################################################################

      Dim SGxClientPreinstall, SGNClient, SGNClient_x64, SGNConfigManaged, strLaunchSGNClient, strLaunchSGNPatch, SGNPatch32, SGNPatch64

      Dim SGNInstallationLog, POACFG, SGNDirectoryLocation, strGetSGNStateInfo, SGNVersion

      Dim ApplicationBasedFileEncryption, LocalBasedFileEncryption, SGNVersionArray, SGNClientStatus

      Dim DeviceEncryption, DataExchange, FileShare, CloudStorage, strAddlocal

      Dim strSgnRegLoc,strSgnRegLocName,strSgnRegLocValue

      Dim EnableTPM, BitlockerCR, Windows7_Bitlocker, Windows7_ProDefault2SGN, BitlockerCRContinueBios

      Dim ImportTrustedRoot, TrustedRootCertificate

      Dim msgResult, msgWarningMessage, msgTitle, msgBody, msgTimeOutInSeconds, msgButtons, intButton

      ' ##############################################################################################

      ' ##############################################################################################

      '------------------------------------------------------------------------------'

      '--

      '-- VARIABLES TO BE SET BY CUSTOMER

      '--

      '------------------------------------------------------------------------------'

       

       

      ' Name of SGN PreInstall MSI from download (same for both x86 and x64 based systems)

      SGxClientPreinstall = "SGxClientPreinstall.msi"

       

      ' Name of SGN Client MSI from download for x86 based systems

      SGNClient =  "SGNClient.msi"

       

       

      ' Name of SGN Client MSI from download for x64 based systems

      SGNClient_x64 = "SGNClient_x64.msi"

       

       

      ' Name of SGN Client PATCH from download for x86 based systems

      SGNPatch32 =  "Hotfix Rollup 1901 for SafeGuard Enterprise Client 8.10.0.323.msp"

       

       

      ' Name of SGN Client PATCH from download for x64 based systems

      SGNPatch64 = "Hotfix Rollup 1901 for SafeGuard Enterprise Client 8.10.0.323_x64.msp"

       

       

      ' Name of SGN Configuration MSI created by the Management Center (same for both x86 and x64 based systems)

      SGNConfigManaged = "ClientConfig.msi"

       

       

      ' Name of log file created by the VBScript (will be created in "Logs" directory)

      SGNInstallationLog = "SGNInstallation.log"

       

       

      ' Name of POACFG file (Should be located in the "software" directory)

      POACFG = "POACFG_8_10.xml"

       

       

      '------------------------------------------------------------------------------'

      '-- SafeGuard Features - Yes/No - Note: Make sure you have the appropriate licensing before enabling a feature

      '------------------------------------------------------------------------------'

       

       

      '- Hard drive encryption

       

      DeviceEncryption = "Yes"

       

       

      '- You may choose either ApplicationBasedFileEncryption or LocalBasedFileEncryption if licensed, but not both

       

       

      ApplicationBasedFileEncryption = "No"

       

       

      LocalBasedFileEncryption = "No"

       

      '- LocalBasedFileEncryption Options

       

       

      DataExchange = "No"

       

       

      FileShare = "No"

       

       

      CloudStorage = "No"

       

       

      '------------------------------------------------------------------------------'

      '-- Windows 7 BitLocker Options - Yes/No

      '------------------------------------------------------------------------------'

       

      ' Do you want to use BitLocker to encrypt the local hard drive on Windows 7 Enterprise/Ultimate?

      Windows7_Bitlocker = "Yes"

       

      ' If Windows 7 Professional is detected, do you want to continue with SGN encryption?

      Windows7_ProDefault2SGN = "Yes"

       

       

      '------------------------------------------------------------------------------'

      '-- Import Trusted Root Certificate for SGN Client SSL - Yes/No

      '------------------------------------------------------------------------------'

       

       

      'Do you need this script to import the trusted root certificate for SGN Client SSL?

      ImportTrustedRoot = "No"

       

       

      'Name of TrustedRootCertificate cer file.

      TrustedRootCertificate = "TrustedRootCertificate.cer"

       

       

      '------------------------------------------------------------------------------'

      '-- User Warning message - Prompts before installation starts

      '-- - Displays warning message with an OK only or OK/Cancel. 

      '-- - Both have a timeout period where the installation will continue if user takes no action

      '------------------------------------------------------------------------------'

       

      'Would you like a warning message to be displayed to the end user before installation continues "Yes" or "No"

      msgWarningMessage = "No"

       

       

      'Title displayed in the popup window

      msgTitle = "SafeGuard Enterprise Installation"

       

       

      'Text displayed in the body of the popup window

      msgBody = "SafeGuard Enterprise encryption client is about to be installed. This will reboot you machine once the intallation is completed." & VbCrLf & VbCrLf _

      & "Be sure to save all your work before continuing with the installation."

       

       

      'If use does not click any button, installation will continue after set number of seconds

      msgTimeOutInSeconds = 60

       

      'Buttoms to be displayed.  Either "OK" only or "OK/Cancel"

      msgButtons = "OK"

       

       

       

       

      ' ##############################################################################################

      ' #  SCRIPT STARTS HERE - EDITS BELOW THIS SECTION SHOULD NOT BE REQUIRED

      ' ##############################################################################################

       

      Const HKEY_LOCAL_MACHINE = &H80000002

      Dim objWMIRoot : Set objWMIRoot = GetObject("winmgmts:\\.\root\CIMV2")

      Dim colItems : Set colItems = objWMIRoot.ExecQuery("SELECT * FROM Win32_OperatingSystem",,48)

      Dim colItemsTPM : Set colItemsTPM = objWMIRoot.ExecQuery("SELECT * FROM Win32_OperatingSystem",,48)

      Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")          

      Dim objShell : Set objShell = CreateObject("WScript.Shell")                 

      Dim objNetwork : Set objNetwork = WScript.CreateObject("WScript.Network")

      Dim objReg : Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

      Dim objWMIService : Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

      Dim objWMIShutdown : Set objWMIShutdown = GetObject("winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\.\root\cimv2") 

      Dim strComputer : strComputer = objshell.ExpandEnvironmentStrings("%Computername%")

      Dim objItem

       

      '------------------------------------------------------------------------------'

      '-- Create scripting log file 

      '------------------------------------------------------------------------------'                                                     

      Dim LogFile : LogFile = objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & objNetwork.ComputerName & "_" & SGNInstallationLog

      Dim ScriptingLog : Set ScriptingLog = objFSO.createtextfile(LogFile , True)

       

      '------------------------------------------------------------------------------' 

      '-- Logging Options Selected                                                    

      '------------------------------------------------------------------------------' 

      ScriptingLog.writeline "SGN Modules selected for install" & VbCrLf _

      & Chr(9) & "DeviceEncryption - " & DeviceEncryption & VbCrLf & VbCrLf _

      & Chr(9) & "ApplicationBasedFileEncryption - " & ApplicationBasedFileEncryption & VbCrLf _

      & Chr(9) & "LocalBasedFileEncryption - " & LocalBasedFileEncryption & VbCrLf _

      & Chr(9) & " - DataExchange - " & DataExchange & VbCrLf _

      & Chr(9) & " - FileShare - " & FileShare & VbCrLf _

      & Chr(9) & " - CloudStorage - " & CloudStorage & VbCrLf

       

      ScriptingLog.writeline "Additional options selected for install" & VbCrLf _

      & Chr(9) & "Windows7_Bitlocker - " & Windows7_Bitlocker  & VbCrLf _

      & Chr(9) & "Windows7_ProDefault2SGN - " & Windows7_ProDefault2SGN & VbCrLf _

       

      '------------------------------------------------------------------------------'

      '-- Pending Reboot Check - Checks to see if a pending reboot is required.

      '--

      '-- EXITCODE - 1 (One) - Pending reboot detected

      '------------------------------------------------------------------------------'

      Dim strRenamePath : strRenamePath = "SYSTEM\CurrentControlSet\Control\Session Manager"

      Dim strRenameName : strRenameName = "PendingFileRenameOperations"

      Dim strRenameValue : objReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strRenamePath,strRenameName,strRenameValue

       

      If IsNull(strRenameValue) Then

      ScriptingLog.writeline "A pending reboot was not detected, installation will continue" & VbCrLf

      Else

      objReg.DeleteValue HKEY_LOCAL_MACHINE, strRenamePath, strRenameName

      ScriptingLog.writeline "A pending reboot was deleted, installation will continue" & VbCrLf

      End If

       

       

      '------------------------------------------------------------------------------'

      '- Warning message if configured                           

      '------------------------------------------------------------------------------'

      If msgWarningMessage = "Yes" Then

       

       

      If msgButtons = "OK" Then

      intButton = 0

      ElseIf msgButtons = "OK/Cancel" Then

      intButton = 1

      Else

      ScriptingLog.writeline "Message button appears to be missconfigured, defaulting to OK/Cancel"

      End If

       

       

      msgResult = objShell.Popup(msgBody, msgTimeOutInSeconds, msgTitle, intButton + 64)

      End If

       

       

      Select Case msgResult

      Case -1

      ScriptingLog.writeline "Timeout reached on popup message, installation will continue"

      wscript.echo "Timeout reached on popup message, installation will continue"

      Case 1

      ScriptingLog.writeline "User clicked " & chr(34) & "OK" & chr(34) & " on popup message, installation will continue"

      wscript.echo "User clicked " & chr(34) & "OK" & chr(34) & " on popup message, installation will continue"

      Case 2

      ScriptingLog.writeline "User clicked " & chr(34) & "Cancel" & chr(34) & " on popup message, installation will not continue"

      wscript.echo "User clicked " & chr(34) & "OK" & chr(34) & " on popup message, installation will not continue"

      wscript.quit(2)

      End Select

      '------------------------------------------------------------------------------'

      '- Determine if processor is 32 or 64 bit                              

      '------------------------------------------------------------------------------'

      Dim SGNClientMSILocationFile : SGNClientMSILocationFile = chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & SGNClient & Chr(34)

      Dim SGNClient_x64MSILocationFile : SGNClient_x64MSILocationFile = chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & SGNClient_x64 & Chr(34)

      Dim SGNClientMSPLocationFile : SGNClientMSPLocationFile = chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & SGNPatch32 & Chr(34)

      Dim SGNClient_x64MSPLocationFile : SGNClient_x64MSPLocationFile = chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & SGNPatch64 & Chr(34)

       

      Dim SGNClientMSI,SGNPatch_MSP,objProcessor

      Dim colSettings : Set colSettings = objWMIService.ExecQuery("SELECT * FROM Win32_Processor")

       

      For Each objProcessor In colSettings

      Dim cpuType : cpuType = objProcessor.AddressWidth

      If cpuType <> 32 Then

      SGNClientMSI = SGNClient_x64MSILocationFile

      SGNPatch_MSP = SGNClient_x64MSPLocationFile

      strSgnRegLoc = "SOFTWARE\WOW6432Node\Utimaco\SafeGuard Enterprise"

      strSgnRegLocName = "SGNInstallDir"

      objReg.GetStringValue HKEY_LOCAL_MACHINE,strSgnRegLoc,strSgnRegLocName,strSgnRegLocValue

      ScriptingLog.writeline "CPU architecture - x64 detected" & VbCrLf

       

      Else

      SGNClientMSI = SGNClientMSILocationFile

      SGNPatch_MSP = SGNClientMSPLocationFile

      strSgnRegLoc = "SOFTWARE\Utimaco\SafeGuard Enterprise"

      strSgnRegLocName = "SGNInstallDir"

      objReg.GetStringValue HKEY_LOCAL_MACHINE,strSgnRegLoc,strSgnRegLocName,strSgnRegLocValue

      ScriptingLog.writeline "CPU architecture - x86 detected" & VbCrLf

       

      End If

      Next

       

       

      '------------------------------------------------------------------------------'

      '-- Existing SafeGuard Client - Determine if existing SafeGuard Client is installed and what version

      '--

      '-- EXITCODE - 2 (Two) - Version of SafeGuard detected can not be upgraded

      '------------------------------------------------------------------------------'

       

       

      If objFSO.FileExists(strSgnRegLocValue & "SafeGuard Enterprise\Client\" & "SGNState.exe") Then

       

      ScriptingLog.writeline strSgnRegLocValue & "SafeGuard Enterprise\Client\" & "SGNState.exe"

      SGNDirectoryLocation = strSgnRegLocValue & "SafeGuard Enterprise\Client\"

       

      strGetSGNStateInfo = SGNDirectoryLocation & "SGNState.exe /l"

       

      Dim Result : Set Result = objShell.Exec(strGetSGNStateInfo)

       

      Dim SGNStateResults : Set SGNStateResults = Result.StdOut

      While Not SGNStateResults.AtEndOfStream

          Dim strLine : strLine = SGNStateResults.ReadLine

        

          If InStr(strLine, "Product version") Then

       

      SGNVersionArray = Split(strLine,":")

      SGNVersion = Trim(SGNVersionArray(1))

       

      If SGNVersion > "6" Then

      ScriptingLog.writeline "Version: " & SGNVersion & " of SafeGuard Client was found, upgrade will be performed."

      SGNClientStatus = "Upgrade"

      Else

      ScriptingLog.writeline "Version: " & SGNVersion & " of SafeGuard Client was found.  Upgrade is not supported from this version, existing script."

      wscript.quit(2)

          End If

          End If

      Wend

      Else

      ScriptingLog.writeline "Existing SafeGuard Client not found, new installation of SafeGuard will be performed"

      SGNClientStatus = "Install"

      End If

       

       

      '------------------------------------------------------------------------------'

      '-- Determine Operating System Version and Edition for later processing

      '------------------------------------------------------------------------------'

      For Each objItem in colItems      

      Dim OSVersionWmi : OSVersionWmi = objItem.Version

      Dim OSVersionSplit : OSVersionSplit = split(OSVersionWmi, ".")

      Dim OSVersion : OSVersion = OSVersionSplit(0) & OSVersionSplit(1)

       

      Dim OSEditionWmi : OSEditionWmi = objItem.Caption

      Dim OSEditionSplit : OSEditionSplit = split(OSEditionWmi, " ")

      Dim OSEdition : OSEdition = OSEditionSplit(3)

       

      Next

       

      '------------------------------------------------------------------------------'

      '- Prepair HDD for Bitlocker Encryption (if required)       

      '------------------------------------------------------------------------------'

      If ((OSVersion = 62 or OSVersion = 63 or OSVersion = 100) or (OSVersion = 61 and Windows7_Bitlocker = "Yes")) and (DeviceEncryption="Yes") and (OSEdition <> "Professional") Then

       

       

      ScriptingLog.writeline "Preparing HD for Bitlocker using bdehdcfg command" & VbCrLf

      wscript.echo "Running bdehdcfg..."

      wscript.echo "  This operation will prepare the hard drive for BitLocker encryption."

      wscript.echo "  Depending on its current status, this operation may take a few minutes."

       

      Dim exeBitlockDiskToolcmd : exeBitlockDiskToolcmd = "bdehdcfg -target default"

      Dim LanchBitlockDiskTool : LanchBitlockDiskTool = objShell.Run(exeBitlockDiskToolcmd,0,True)

       

      wscript.echo "  **Completed**"

      wscript.echo ""

       

      Else

      ScriptingLog.writeline Chr(9) & "BitLocker Encryption is not being used, HDD Preparation skipped" & VbCrLf

      End If

       

       

      '------------------------------------------------------------------------------'

      '- Increase IRPStack resource (recommended)

      '------------------------------------------------------------------------------'

      Dim dwStackPath : dwStackPath = "SYSTEM\CurrentControlSet\Services\lanmanserver\parameters"

      Dim dwStackName : dwStackName = "IRPStackSize"

      Dim dwStackValue : dwStackValue = "33"

      objReg.SetDWordValue HKEY_LOCAL_MACHINE,dwStackPath,dwStackName,dwStackValue

       

       

      '------------------------------------------------------------------------------'

      '- Disable Microsoft Customer Expirience feature (recommended)

      '------------------------------------------------------------------------------'

      Dim dwCEIPPath : dwCEIPPath = "SOFTWARE\Microsoft\SQMClient\Windows"

      Dim dwCEIPName : dwCEIPName = "CEIPEnable"

      Dim dwCEIPValue : dwCEIPValue = "0"

      objReg.SetDWordValue HKEY_LOCAL_MACHINE,dwCEIPPath,dwCEIPName,dwCEIPValue

       

       

      '------------------------------------------------------------------------------'

      '- Complete import of trusted root cert

      '------------------------------------------------------------------------------'

      If ImportTrustedRoot = "Yes" Then

      Dim CertMgrFile : CertMgrFile = chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\certmgr.exe" & Chr(34)

      Dim RootCertFile : RootCertFile = chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & TrustedRootCertificate & Chr(34)

       

       

      Dim strInstallRootCert : strInstallRootCert = "cmd /c " & chr(34) & CertMgrFile & " -add -c " & RootCertFile & " -s -r localmachine root"  & Chr(34)

       

       

      ScriptingLog.writeline "Importing the " & Chr(34) & "TrustedRootCertificate" & Chr(34) & " for SSL communications." & VbCrLf

      wscript.echo "Importing the " & Chr(34) & "TrustedRootCertificate" & Chr(34) & " for SSL communications..."

       

       

      Dim RunRootCmd : RunRootCmd = objShell.Run(strInstallRootCert,1,True)

      wscript.echo "  **Completed**"

      wscript.echo ""

       

       

      End If

      '------------------------------------------------------------------------------'

      '- Selection of SGN Client components          

      '------------------------------------------------------------------------------'

       

       

      '-----------------------------------------------------------------------------------------------------------------------------'

      '-- Determine appropriate SGN options to install based on questions answered above and OS found

      '--

      '-- EXITCODE - 6 (Six) - Windows Pro detected with Windows7_Bitlocker = "Yes" & Windows7_ProDefault2SGN = "No" options selected

      '--

      '-- EXITCODE - 7 (Seven) - OS detected is not supported

      '------------------------------------------------------------------------------------------------------------------------------'

      ScriptingLog.writeline "Installation options being selected for OS - " & OSEditionWmi & VbCrLf

       

      Dim strAddlocalinit : strAddlocalinit = "ADDLOCAL=Client,CredentialProvider"

       

       

      If OSVersion = 62 or OSVersion = 63 or OSVersion = 100 Then 'Encryption options for Windows 8/8.1/10

       

      If DeviceEncryption="Yes" Then

      strAddlocal = strAddlocalinit & ",BaseEncryption,BitLockerSupport"

      ElseIf DeviceEncryption="No" Then

      strAddlocal = strAddlocalinit

      End if

       

      ElseIf OSVersion = 61 Then 'Encryption options for Windows 7

       

       

        If DeviceEncryption="Yes" and Windows7_Bitlocker = "No" Then

      strAddlocal = strAddlocalinit & ",BaseEncryption,SectorBasedEncryption"

      End if

       

      If DeviceEncryption="Yes" and Windows7_Bitlocker = "Yes" Then

      strAddlocal = strAddlocalinit & ",BaseEncryption,BitLockerSupport"

      End if

       

      If DeviceEncryption="Yes" and Windows7_Bitlocker = "Yes" and OSEdition = "Professional" and Windows7_ProDefault2SGN = "No" Then

      ScriptingLog.writeline "Bitlocker is not supported on Windows 7 Professional, installation will not continue"

      wscript.quit(6)

      End if

       

      If DeviceEncryption="Yes" and Windows7_Bitlocker = "Yes" and OSEdition = "Professional" and Windows7_ProDefault2SGN = "Yes" Then

      ScriptingLog.writeline "Bitlocker is not supported on Windows 7 Professional, installation will continue using DeviceEncryption module" & VbCrLf

      strAddlocal = strAddlocalinit & ",BaseEncryption,SectorBasedEncryption"

      End if

       

      If DeviceEncryption="No" Then

      strAddlocal = strAddlocalinit

      End if

       

        Else  

        ScriptingLog.writeline "OS detected does not appear to supported, exiting installation"

      wscript.Quit(7)

      End If

       

       

      If ApplicationBasedFileEncryption = "Yes" and LocalBasedFileEncryption = "Yes" then

      ScriptingLog.writeline "You have enable both ApplicationBasedFileEncryption and LocalBasedFileEncryption, which is not supported.  Only one of these options can be selected"

      ScriptingLog.writeline "Please review selections and try again"

      wscript.Quit(4)

      End if

       

      If ApplicationBasedFileEncryption = "Yes" then

      strAddlocal = strAddlocal & ",NextGenDataProtection"

      End If

       

      If LocalBasedFileEncryption = "Yes" then

       

       

      If DataExchange = "Yes" Then

      strAddlocal = strAddlocal & ",SecureDataExchange"

      End If

       

      If FileShare = "Yes" Then

      strAddlocal = strAddlocal & ",FileShare"

      End If

       

      If CloudStorage = "Yes" Then

      strAddlocal = strAddlocal & ",CloudStorage"

      End If

      End if

       

      ScriptingLog.writeline "AddLocal options being used for SGN client installation" & VbCrLf & Chr(9) & strAddlocal & VbCrLf

       

       

      '------------------------------------------------------------------------------'

      '- Complete installation of SGxClientPreinstall.msi

      '------------------------------------------------------------------------------'

      If OSVersion < 100 Then

      Dim strSGxPreInstallMSILocationFile : strSGxPreInstallMSILocationFile = chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & SGxClientPreinstall & Chr(34)

      Dim strLaunchSGxPreInstall : strLaunchSGxPreInstall = "msiexec /i " & strSGxPreInstallMSILocationFile & " /passive /L*v " & Chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & objNetwork.ComputerName & "_SGxPreInstall.log" & Chr(34) & " /norestart"

      ScriptingLog.writeline "SGxClientPreinstall - msiexec command being used to install..."

      ScriptingLog.writeline Chr(9) & strLaunchSGxPreInstall & VbCrLf

      wscript.echo "SafeGuard PreInstallation is being performed..."

      wscript.echo ""

      Dim intRetValSGxPreInstall : intRetValSGxPreInstall = objShell.Run(strLaunchSGxPreInstall,0,True)

      Else

      ScriptingLog.writeline "Skipping installation of PreInstall, its not required for Windows 10..."

      wscript.echo "Skipping installation of PreInstall, its not required for Windows 10..."

      wscript.echo ""

      End If

      '------------------------------------------------------------------------------'

      '- Complete installation of SGN Client MSI

      '--

      '-- EXITCODE - 8 (Eight) - Installation of SGNClient.msi failed, review debug logs or windows event viewer

      '------------------------------------------------------------------------------'

      If SGNClientStatus = "Install" Then

      strLaunchSGNClient = "msiexec /i " & SGNClientMSI & " /passive " _

      & "/L*v " & Chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & objNetwork.ComputerName & "_SGNClientInstallation.log " & Chr(34) _

      & " POACFG=" & Chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & POACFG & Chr(34) _

      & " " & strAddLocal & " /norestart"

       

      ScriptingLog.writeline "SafeGuard Client Installation will be performed"

      wscript.echo "SafeGuard Client Installation will be performed..."

      wscript.echo ""

      ScriptingLog.writeline "SGNClient - msiexec command being used to install..."

      ScriptingLog.writeline Chr(9) & strLaunchSGNClient & VbCrLf

       

      ElseIf SGNClientStatus = "Upgrade" Then

      strLaunchSGNClient = "msiexec /i " & SGNClientMSI & " /passive " _

      & "/L*v " & Chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & objNetwork.ComputerName & "_SGNClientInstallation.log " & Chr(34) _

      & " POACFG=" & Chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & POACFG & Chr(34) & " /norestart"

       

      ScriptingLog.writeline "SafeGuard Client Upgrade will be performed"

      wscript.echo "SafeGuard Client Upgrade will be performed..."

      wscript.echo ""

      ScriptingLog.writeline "SGNClient - msiexec command being used to upograde..."

      ScriptingLog.writeline Chr(9) & strLaunchSGNClient & VbCrLf

      End if

       

      Dim intRetValSGNClient : intRetValSGNClient = objShell.Run(strLaunchSGNClient,1,True)

       

      If intRetValSGNClient = 0 or intRetValSGNClient = 3010 Then

      ScriptingLog.writeline Chr(9) & "Installation of SGNClient was successful" & VbCrLf

       

      Else

      ScriptingLog.writeline "Installation or Upgrade of SGNClient failed, please review installation log file"

      wscript.quit(8)

      End If

       

       

      '------------------------------------------------------------------------------'

      '- Complete installation of SGN Client Patch

      '--

      '-- EXITCODE - 5 (five)  - SGN Client Patch failed installation

      '------------------------------------------------------------------------------'

      strLaunchSGNPatch = "msiexec /p " & SGNPatch_MSP & " /passive /norestart"

       

      ScriptingLog.writeline "SafeGuard Client Patch Installation will be performed"

      wscript.echo "SafeGuard Client Patch Installation will be performed..."

      wscript.echo ""

      ScriptingLog.writeline "SGNPatch_MSP - msiexec /p command being used to install..."

      ScriptingLog.writeline Chr(9) & strLaunchSGNPatch & VbCrLf

       

       

      Dim intRetValSGNClientPatch : intRetValSGNClientPatch = objShell.Run(strLaunchSGNPatch,1,True)

       

      If intRetValSGNClientPatch = 0 or intRetValSGNClientPatch = 3010 Then

      ScriptingLog.writeline Chr(9) & "Installation of SGNPatch_MSP was successful" & VbCrLf

       

      Else

      ScriptingLog.writeline "Installation of SGNPatch_MSP failed, please review installation log file"

      wscript.quit(5)

      End If

       

       

      '------------------------------------------------------------------------------'

      '- Complete installation of Configuration Package

      '------------------------------------------------------------------------------'

      Dim SGNConfigManagedMSILocationFile : SGNConfigManagedMSILocationFile = chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & SGNConfigManaged & Chr(34)

      Dim strLaunchSGNConfigManaged : strLaunchSGNConfigManaged = "msiexec /i " & SGNConfigManagedMSILocationFile & " /passive /L*v " & Chr(34) & objFSO.GetParentFolderName(WScript.ScriptFullName) & "\" & objNetwork.ComputerName & "_SGNManagedConfig.log" & Chr(34) & " /norestart"

      ScriptingLog.writeline "SGNClientConfig - msiexec command being used to install..."

      ScriptingLog.writeline Chr(9) & strLaunchSGNConfigManaged & VbCrLf

      wscript.echo "SafeGuard Client Configuration is being performed..."

      wscript.echo ""

      Dim intRetValSGNConfigManaged : intRetValSGNConfigManaged = objShell.Run(strLaunchSGNConfigManaged,1,True)

       

      '---------------------------------------------------------------------------------------------'

      '-- Alternate Reboot Option

      '

      '  If you would like the user to be prompted to reboot the system at the end of the install

      '  you can use this section instead.  This will ask the person every 10 minutes to reboot.  If

      '  they select No, the machine will pause another 10 minutes each time until they select Yes.

      '  Simply remove the single quote (') from each line below and place a single quote in front

      '  of all 3 lines in the bottom section.

      '---------------------------------------------------------------------------------------------'

      ' Dim strComputer2, intRebootChoice

      ' Dim objWMIService2, objOperatingSystem

      ' Dim colOperatingSystems

       

       

      ' strComputer = "."

       

       

      ' do while 1>0

      ' intRebootChoice = msgbox("Install of SafeGuard complete! You need to reboot.  Choose No to be asked again in 10 minutes",308,"Reboot incoming")

      ' select case intRebootChoice

      '   case 6

      '    Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Shutdown)}!\\" & strComputer2 & "\root\cimv2")

      '    Set colOperatingSystems = objWMIService2.ExecQuery ("Select * from Win32_OperatingSystem")

      '    For Each objOperatingSystem in colOperatingSystems

      '     ObjOperatingSystem.Reboot(1)

      '    Next

      '   case 7

      '    wscript.sleep(60000)

      '   case else

      '    'shenanigans'

      ' end select

      ' loop

       

       

      '------------------------------------------------------------------------------'

      '-- Reboot computer

      '

      '  If you leave the bottom section alone, your computer will automatically reboot in 10 seconds.

      '  It is recommended to comment out the top 2 lines below if you are using a deployment solution

      '  like SCCM or the like to deploy SafeGuard Clients.  LEt the deployment solution trigger the reboot

      '  dialog available in those products.

      '------------------------------------------------------------------------------'

       

       

      ' Dim strShutDownCmd : strShutDownCmd = "shutdown /r /f /t 10"

      ' Dim intShutDownCmd : intShutDownCmd = objShell.Run(strShutDownCmd,1,false)

      wscript.quit(0)

        • 1. Re: Installing software with VBS Script
          phoffmann SupportEmployee

          So the first thing that comes to mind is "user context" potentially being an issue.

           

          Remember that - by default - we run as LOCAL SYSTEM - which *CAN* cause issues with a few items (some AutoCAD software packages for instance require "full on local admin"). So you could try running the package as a local admin & see if that helps.

           

          Other than that, you can try to use something like PROCMON or so, to see / catch where things are going awry. I personally prefer using PowerShell over VBS, as it's much easier to add actually useful logging (so you have an easier way to find out where things break). That may be a potential thing to look into long-term (if you have a script that works that's fine, I'm personally of the opinion that VB is a pain in the back-end and thankfully replaceable these days).

           

          A few things / links that may help:

           

           

           

          That should hopefully give you a better idea of where things get stuck .

          1 of 1 people found this helpful
          • 2. Re: Installing software with VBS Script
            karlehenry Apprentice

            This is helpful.

             

            The thing is, I did try and use power shell to run the script and i yielded the same results.  I setup the exit codes in the package to match what is in the script and it always exits in code 0 which indicates success.  Your local admin idea is definitely worth a try but I I guess I may just have to bite the bullet and strip out the important stuff from the script and convert it all to Power Shell commands.

             

            I am going to check out the support links and see if I can find anything.

            Your feed back is very helpful, thank you for your time.

            • 3. Re: Installing software with VBS Script
              phoffmann SupportEmployee

              Ah - so careful with exit codes.

               

              Unless your powershell script explicity returns an exit code up the chain, it's likely to just return a "0" in the sense of "well - I ran ... and didn't barf at anything" ... so handing exit codes "up the chain" is a separate / important point.

               

              I've not had to do that (passing exit codes) in Powershell myself yet, but it shouldn't be more than a simple google search away.

               

              But yes, it's something that needs to be specifically added to a script.

              • 4. Re: Installing software with VBS Script
                karlehenry Apprentice

                The vbs script specifically has return codes it passes.  But you just gave me a great idea.. gonna use the default return codes and see what happens and if i get a different result.

                 

                I wonder if that portion of the script returns a code and SWD things its finished.

                • 5. Re: Installing software with VBS Script
                  phoffmann SupportEmployee

                  That's possible - the SDCLIENT log should tell you what return code it gets ... might be worth checking that out on the client...

                  • 6. Re: Installing software with VBS Script
                    karlehenry Apprentice

                    So here is some more insight that does not make any sense to me or my colleague who is more advanced with scripting.

                     

                    the command or configuartion we are trying to run is bdehdcfg which checks and prepares the hard drive partitions for Bitlocker

                     

                    From powershell on the device, I can run bdehdcfg.exe -target default and it runs perfectly fine.  but if you try to run the same powershell command using CUSTOM in SWD, you get the following error:

                     

                    The term 'c:\windows\system32\bdehdcfg.exe' is not recognized as the name of a

                    cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify

                    that the path is correct and try again.

                     

                    I have tried with the full path and without the fill path but it fails to run.  I believe this is what is causing my initial failures.

                     

                    I have checked the sdclient logs but found no additional useful information.

                    • 7. Re: Installing software with VBS Script
                      karlehenry Apprentice

                      I wanted to provide more insight on this as I got to the bottom of it.

                       

                      For whatever reason, regardless if the SWD is ran in 32 bit or 64bit mode, When ivanti tries to launch bdehdcfg.exe, windows changes the path behind the scenes from c:\windows\system32\ to c:\windows\syswow64. 

                       

                      Even if you specify c:\windows\system32 whether using variables or not.

                       

                      What I did to get around this was create several seperate install packages to do everything this VBS script can do.

                       

                      What I did for the BDEHDCFG part was this:

                       

                      copy-item c:\windows\system32\bde*.* c:\windows\syswow64.exe

                      bdehdcfg.exe -target default

                       

                      and that ran successfully with no problems.  Unless ran in 64bit, it fails.

                       

                      What I would like to now is what are the tricks with VBS files and how can I circumvent this?  any help is appreciated.