Integrating zCI Client Software in Active Directory

Writer: Thomas J. Löffler

This section explains exemplarily how to use the zCI in a Windows Domain. Other implementations of GPOs to automate zCI are possible, too.

To automate hard- and software data collection in a Windows Domain with zCI create a GPO which executes the freeware program Shellexecute. Shellexecute runs hidden, i.e. without user recognition and thus interruption of the data collection. The program Shellexecute runs the scripts DoZCi.bat and DoZCiPrep.bat from the local PC directory zCIHome. Shellexecute itself (as well as the two scripts) is available for a PC in the domain on the automatically mapped network drive (in this example it's the drive U:).
The Extra Registry Settings allows to open temp-zci.htm (which is generated by the zCI) from the systemdrive without a security warning message. The second picture shows how to set it.







A second GPO includes the server(s) mapped as drive U: on the PCs into the trusted zone. Therefore, the a program or script start without a security warning message.



A PC in a domain with these GPOs execute at a user logon the two scripts DoZCIPrep.bat and DoZCI.bat with the program Shellexecute.
The script DoZCIPrep.bat creates the directory zCIHome on the systemdrive and copies (if necessary) the files takedata.js, AACTRIFOMC.reg and DozCI.bat from the share U: to the local disk using temporarily the drive B: which is assumed to be always unused on all PCs in the domain.
Then, the script executes the file AACTRIFOMC.reg which activates Allow active content to run in files on My Computer in the Internet Options. This enables the execution of the file temp-zci.html created by zCI system without a securtity notification of the IE.
Last, the script executes the file DozCI.bat.

The script DozCI.bat collects the data once per month by starting the file takedata.js.

The script DoZCIPrep.bat

::: --- create a variable for the zCI log + script file
set SourceLW=B:
set SourcePartition=\zCIHome
set SourceServer=\\SERVER_ADDRESS

set LocalLW=%systemdrive%
set LocalPartition=\zCIHome

set ScriptName=takedata.js
set RegIEName=AACTRIFOMC.reg
set BatName=DozCI.bat

set SourcePath=%SourceLW%%SourcePartition%
set LocalPath=%LocalLW%%LocalPartition%

set ScriptSource=%SourceLW%\%ScriptName%
set RegIESource=%SourceLW%\%RegIEName%
set BatSource=%SourceLW%\%BatName%

set ScriptLocal=%LocalPath%\%ScriptName%
set RegIELocal=%LocalPath%\%RegIEName%
set BatLocal=%LocalPath%\%BatName%

::: --- check the zCI home
IF EXIST %LocalPath% GOTO ShowLocalPath>NUL

MKDIR %LocalPath%>NUL

:ShowLocalPath
ATTRIB -H %LocalPath%>NUL

::: --- connect to server
set Serverconnect=%SourceLW% %SourceServer%%SourcePartition%

net use %Serverconnect%>NUL

::: --- copy and execute registry change for IE
IF EXIST %RegIELocal% GOTO DoRegIE>NUL

IF NOT EXIST %RegIESource% GOTO CheckRegzCI>NUL
COPY /Y %RegIESource% %RegIELocal%>NUL

IF NOT EXIST %RegIELocal% GOTO CheckRegzCI>NUL

:DoRegIE
regedit /s %RegIELocal%>NUL

::: --- copy and execute registry change for takedata.js
:CheckScript
IF EXIST %ScriptLocal% GOTO CheckDozCI>NUL

IF NOT EXIST %ScriptSource% GOTO CheckDozCI>NUL
COPY /Y %ScriptSource% %ScriptLocal%>NUL

::: --- copy the script DozCI.bat
:CheckDozCI
IF EXIST %BatLocal% GOTO DoScript>NUL

IF NOT EXIST %BatSource% GOTO NothingToDo>NUL
COPY /Y %BatSource% %BatLocal%>NUL

IF NOT EXIST %BatLocal% GOTO NothingToDo>NUL

::: --- call the DoZCI.bat script
:DoScript
CALL %BatLocal%>NUL

@echo off>NUL

:NothingToDo
ATTRIB +H %LocalPath%>NUL
net use %SourceLW% /DELETE>NUL

@ECHO ON>NUL

The script DoZCI.bat

::: --- create a variable for the zCI log + script file
set LocalLW=%systemdrive%
set LocalPartition=\ZCIHome
set LogName=zCI.log
set ScriptName=takedata.js

set ZCILocal=%LocalLW%%LocalPartition%
set LogFile=%ZCILocal%\%LogName%
set ScriptFile=%ZCILocal%\%ScriptName%

::: what day and what month is today?
for /f "tokens=1,2,3,4* delims=/ " %%i in ('date /t') do set ratDAY=%%i&set ratMM=%%j&set ratDD=%%k&set ratYYYY=%%l>NUL
SET todayDATE=%ratDD%/%ratMM%/%ratYYYY%

::: --- check whether the file zCI.log exists. If not create it
ATTRIB -H %ZCILocal%>NUL

IF EXIST %LogFile% GOTO ZCIexists>NUL

ECHO > %LogFile%
ECHO %todayDATE% >> %LogFile%

GOTO CallScript>NUL

::: --- read the timestamp in the file and compare it with actual date
:ZCIexists
for /f "tokens=1,2,3* delims=/ " %%i in (%LogFile%) do set zciDD=%%i&set zciMM=%%j&set zciYYYY=%%k>NUL
SET datezCI=%zciMM%/%zciYYYY%

::: --- calculate the difference of the years expressed in months
for /f "tokens=1,2,3,4* delims=/ " %%i in ('date /t') do set pratDAY=%%i&set pratMM=%%j&set pratDD=%%k&set pratYYYY=%%l>NUL
for /f "tokens=1,2,3* delims=/ " %%i in (%LogFile%) do set pzciDD=%%i&set pzciMM=%%j&set /A pzciYYYY=%%k>NUL

SET /A diffZCIYYYY=%pratYYYY%-%pzciYYYY%
SET /A diffZCIYYYYMM=%diffZCIYYYY%*12
SET /A diffZCIMM=100%pratMM%%%100-100%pzciMM%%%100
SET /A lastZCIMM=100%diffZCIYYYYMM%%%100+100%diffZCIMM%%%100

::: --- if time difference more than one month execute the zCI inventory script
IF %lastZCIMM% LSS 1 GOTO NothingToDo>NUL

::: --- create/update an entry into the inventory zCI.ethz.ch + renew the logfile
:CallScript
CALL %ScriptFile%>NUL

::: --- renew the logfile
DEL %LogFile%>NUL
ECHO > %LogFile%
ECHO %todayDATE% >> %LogFile%

:NothingToDo
ATTRIB +H %ZCILocal%>NUL

@ECHO ON>NUL