NetRun - Version 0.4 Beta By Yizhar Hurwitz, Israel ========================= HI! What is this? ============= This is a utility for Network Administrators, which allows them to schedule commands (batch files or other files) to run on specific days intervals, or only once on each client. NetRun is intended to be run from login scripts. This can be useful for implementing: * Anti Virus updates. * Automatic backups of client data or system files with batch files. * Periodic or "one time" Messages to users using a text file. * One time "push" installation to clients of a specific file/application. Software requirements: ===================== Win9x/NT4/2000 for the client computers. Win9x/NT4/2000 for the administrator computer. For the impersonation (RunAs) feature on NT4 clients, SUSS and SU from NT4 reskit must be installed on each client machine. Please see more info later in this document. Hardware requirements: ===================== Nothing special. Installation: ============= Place all files on the same folder. Can be any folder on the server. For NT Server you can put the files in the "NetLogon" share (Normally C:\WINNT\SYSTEM32\REPL\IMPORT\SCRIPTS) for easy access from the login scripts, but this is only optional. For Novell, use Public/Login or any other folder. How does it work? ================= 1) Admin: The administrator uses NREDIT.EXE to define tasks to run and schedule them. These tasks should be saved as "NETRUN.DAT" on the same network folder where NETRUN.EXE is. The administrator places a command to launch NETRUN.EXE from the login script of the users (all users or specific users). 2) Clients: When the users login on the next time, and NETRUN.EXE executes, it reads NETRUN.DAT for instructions. Each command on the file has an ID which is used by each client to track when was this command last executed. When it is time to run a command from the file, the client computer executes that command, and stores the task ID and current date in its Registry. (So it can tell on next login if the command should be executed again). This minimal information is stored in: HKLM\SOFTWARE\NETRUN\DATA on each client. Tips: ===== * The program can also be used on a stand-alone PC as a scheduler which does not run all the time like other schedulers for performing periodic backups and such. For this to work just place a shortcut to NETRUN.EXE in "Startup". This way you can also test the program before implementing it on the network. * To define a task that will run on each execution of NetRun.exe, define it's schedule as "Every 0 Days". * To specify decisions/actions by computer name or user name, use these special variables as parameters for your command: %%C (will be replaced with ComputerName in CAPITAL) %%U (will be replaced with UserName in CAPITAL) Pass these as parameters to a batch file, and inside the batch test for %1 %2 etc... * Please note: This version of the program does no special error checking, but just tries to launch the program. If for example a setup program fails, NetRun will not retry (until next time to run the program, if scheduled). If you wish to run a "Run-Once" program again, simply change it's ID and NetRun will ignore previous schedules. Impersonation: ============== On NT4 clients, normally the user has only limited permissions and rights on the client machine, and this causes problems when trying to install software from login script. There are several ways to deal with it, and using NetRun can be one of them. The Windows NT Resource Kit introduces a utility called SU, which allows running programs as a different user (like SetUser from UNIX). SU can only run if a service named SUSS is installed on the client machine. SU and SUSS are not included with NetRun. If you need this feature, you must obtain and install them by yourself. (You may also contact me by email for more information: yizhar@mail.com) NRedit (NetRun editor) supports a special option for administrators to input the logon credentials and command to execute, and they will automatically be saved in encrypted format to prevent misuse by malicious users. NetRun.exe will read and decrypt this information, and will execute the program SU with the command line and credentials supplied by the administrator. NREdit will not allow viewing credentials or editing the impersonated command, for security reasons, but it will allow changes to the schedule, message before/after, changes to task ID, and Enable/Disable of impersonated task. Administrators must be aware of the security compromise involved when using impersonation. To minimize the risk, here are some tips: * Create a special purpose user account, like "SetupUser", and add it to the "Domain Admins" global group on the NT server. This will give this account administrator privileges on the NT workstations as well. * Enable this account only for the period needed. * Also, if not needed longer, remove the impersonated commands from NETRUN.DAT (using NREDIT.EXE) * Use event viewer (security) to track activity of this account such as Logon/Logoff. You will have to set the "Audit" options as needed in "User Manager for domains". FreeWare: ========= This version of NetRun (including NREDIT) is freeware. You may use it and also copy to friends. As with any program - "USE ON YOUR OWN RISK". Future updates I might add: =========================== * If there will be need, I'll add an option to select where the client data will be stored (Registry or INI file). * A help file and more "hints" will be added if I get responses that someone out there besides myself is using it. * Better error checking. Version history: ================ 0.4 Beta, May 2000 - Support for impersonation (running a task as a different user on NT4). For this to work, SU and SUSS from NT4 RK must be installed on client. 0.3 beta - Support for messages to user, before or after task execution. Windows Explorer menu item and button for fast access. 0.2 beta - Support for special variables: %%C %%U (See the tips section above). 0.1 beta, September 1999 - first release. Contact: ======== If you're using NetRun (or interested) please let me know: yizhar@mail.com (or yizhar@usa.net if any problem) You'll find some more programs I wrote on this page: http://come.to/yizhar (or http://teachers.sivan.co.il/yizhar ) Enjoy! Yizhar