Posts Tagged ‘server’
February 1st, 2012 | 
Author: I added a batch script I wrote to install SNMP on a bunch of machine back on Jan. 14, 2012 (http://www.anthonyreinke.com/2012/01/14/installing-snmp-through-the-command-line/). I have since modified the script. Changing the file from a .bat to a .cmd will allow you to right click and run as administrator on Windows 2008. Also I noticed in 2008, it defaults in to having the localhost as the only system that can communicate to the SNMP Service.
PsExec.exe @hosts.txt -s -c installsnmp.cmd
Below is the file to download. Rename the file to installsnmp.cmd
installsnmp.cmd.txt
As always, please contact me if you have questions.
@echo off
cls
REM Detect if the system is Windows Server 2003 systeminfo | find "2003" > nul if %ERRORLEVEL% == 0 goto 2003
REM Detect if the system is Windows XP systeminfo | find "XP Pro" > nul if %ERRORLEVEL% == 0 goto XPPro
REM Detect if the system is Windows XP systeminfo | find "2008" > nul if %ERRORLEVEL% == 0 goto 2008
REM If the system is Windows Vista, Windows Server 2008, or higher, REM they have the required files built in. goto ERROR
:2003 REM If Windows 2003, set the path to the i386 directory REM Note: The path needs to be one level above the i386 directory REM Example: if the path is \\server\share\windows2003\i386\ then REM the path would be \\server\share\windows2003\ REM Note that the you need both a 32bit and 64bit versions
if (%PROCESSOR_ARCHITECTURE%) == (AMD64) ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\Win2003x64\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\Win2003x64\\" ) > %temp%\setW2003Path.reg
IF (%PROCESSOR_ARCHITECTURE%) == (x86) ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\Win2003\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\Win2003\\" ) > %temp%\setW2003Path.reg
REM Installing the created Registry File regedit /s /q %temp%\setW2003Path.reg
goto SNMP
:XPPro REM If Windows XP Professional, set the path to the i386 directory REM Note: The path needs to be one level above the i386 directory REM Example: if the path is \\server\share\windowsXP\i386\ then REM the path would be \\server\share\windowsXP\ if (%PROCESSOR_ARCHITECTURE%) == (AMD64) ( ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\XPProx64\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\XPProx64\\" ) > %temp%\setXPProPath.reg ) ELSE IF (%PROCESSOR_ARCHITECTURE%) == (x86) ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\XPPro\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\XPPro\\" ) > %temp%\setXPProPath.reg )
REM Installing the created Registry File regedit /s /q %temp%\setXPProPath.reg.reg
goto SNMP
:2008 REM Since 2008 stopped using the sysocmgr.exe to install features, in Vista and higher REM you need to use the servermanagercmd.exe to add features. A great list of the REM features and their command line install string is at: REM http://www.techrepublic.com/blog/datacenter/install-windows-server-2008-features-with-servermanagercmd/294
servermanagercmd.exe -install SNMP-Services
goto Strings
:SNMP REM Building the Unattended Install
( echo ;SetupMgrTag echo [NetOptionalComponents] echo SNMP=1 echo [SNMP] echo Any_Host=YES ) > %temp%\snmp.txt
REM Installing the SNMP application with the Unattended Install
sysocmgr /i:%windir%\inf\sysoc.inf /u:%temp%\snmp.txt
goto Strings
:Strings
REM Removing the public string ( echo Windows Registry Editor Version 5.00 echo. echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\ValidCommunities]
REM Removing the only allow localhost communication, by default 2008 will only allow the REM localhsot to talk to the SNMP service echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMP\Parameters\PermittedManagers]
REM Setting the SNMP strings echo.
REM Setting the SNMP Contact Info echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\RFC1156Agent] echo "sysContact"="Server Administrators" echo "sysLocation"="Server Room" echo "sysServices"=dword:0000004f echo. REM Setting the Read Only and Read Write Communities echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\ValidCommunities] echo "readonly"=dword:00000004 echo "readwrite"=dword:00000008 echo. REM Creating the Permitted Managers Key echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMP\Parameters\PermittedManagers] echo. ) > %temp%\setupsnmp.reg
REM Installing the created Registry File
regedit /s /q %temp%\setupsnmp.reg
REM Cleaning Up
IF EXIST %temp%\setupsnmp.reg del %temp%\setupsnmp.reg IF EXIST %temp%\setW2003Path.reg del %temp%\setW2003Path.reg IF EXIST %temp%\setXPProPath.reg.reg del %temp%\setXPProPath.reg.reg IF EXIST %temp%\snmp.txt del %temp%\snmp.txt
echo %COMPUTERNAME% Complete >> \\server\share\SNMP\SNMPInstall.txt
goto END
:ERROR echo. echo Could not determine the OS type pause
goto END
:END
Posted in 
Tags: 
I needed a way to mass install SNMP to the servers in my environment. The problem I was having was Microsoft Windows Server 2003 needing files from the CD. We don’t copy the i386 directory from the CD for two reasons. We store the files on the network and drive space is limit on a lot of servers. The batch script will check if the server is 2003. If it is 2003, it will point the install cd to a network path or a local path. Next it builds the unattended install file. Once the file is written, the system will add the SNMP feature per the unattended file. After SNMP is installed, the registry keys are set for the SNMP community strings. Lastly the script removes the temporary files it created.
Use this script in combination to PSTools’ PSExec and you can mass install. Create a list of systems you want to install this on and call it hosts.txt. Each server needs to be on it’s own line and it is best to use the fully qualified name or IP Address. Copy the hosts.txt and installsnmp.bat file in to your PSTools directory and run the following command:
PsExec.exe @hosts.txt -s -c installsnmp.bat
Download the Install SNMP Batch File, just rename to a .bat file.
@echo off
echo %COMPUTERNAME% Started >> \\server\share\SNMP\SNMPInstall.txt
REM Detect if the system is Windows Server 2003 systeminfo | find "2003" > nul if %ERRORLEVEL% == 0 goto 2003
REM Detect if the system is Windows XP systeminfo | find "XP Pro" > nul if %ERRORLEVEL% == 0 goto XPPro
REM If the system is Windows Vista, Windows Server 2008, or higher, REM they have the required files built in. goto SNMP
:2003 REM If Windows 2003, set the path to the i386 directory REM Note: The path needs to be one level above the i386 directory REM Example: if the path is \\server\share\windows2003\i386\ then REM the path would be \\server\share\windows2003\ REM Note that the you need both a 32bit and 64bit versions
if (%PROCESSOR_ARCHITECTURE%) == (AMD64) ( ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\Win2003x64\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\Win2003x64\\" ) > %temp%\setW2003Path.reg ) ELSE IF (%PROCESSOR_ARCHITECTURE%) == (x86) ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\Win2003\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\Win2003\\" ) > %temp%\setW2003Path.reg )
REM Installing the created Registry File regedit /s /q %temp%\setW2003Path.reg
goto SNMP
:XPPro REM If Windows XP Professional, set the path to the i386 directory REM Note: The path needs to be one level above the i386 directory REM Example: if the path is \\server\share\windowsXP\i386\ then REM the path would be \\server\share\windowsXP\ if (%PROCESSOR_ARCHITECTURE%) == (AMD64) ( ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\XPProx64\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\XPProx64\\" ) > %temp%\setXPProPath.reg ) ELSE IF (%PROCESSOR_ARCHITECTURE%) == (x86) ( echo Windows Registry Editor Version 5.00 echo. echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup] echo "SourcePath"="\\\\server\\share\\Extracted\\XPPro\\" echo "ServicePackSourcePath"="\\\\server\\share\\Extracted\\XPPro\\" ) > %temp%\setXPProPath.reg )
REM Installing the created Registry File regedit /s /q %temp%\setXPProPath.reg.reg
goto SNMP
:SNMP REM Building the Unattended Install
( echo ;SetupMgrTag echo [NetOptionalComponents] echo SNMP=1 echo [SNMP] echo Any_Host=YES ) > %temp%\snmp.txt
REM Installing the SNMP application with the Unattended Install
sysocmgr /i:%windir%\inf\sysoc.inf /u:%temp%\snmp.txt
goto Strings
:2008 REM Since 2008 stopped using the sysocmgr.exe to install features, in Vista and higher REM you need to use the servermanagercmd.exe to add features. A great list of the REM features and their command line install string is at: REM http://www.techrepublic.com/blog/datacenter/install-windows-server-2008-features-with-servermanagercmd/294
servermanagercmd.exe -install SNMP-Services
goto Strings
:Strings
REM Removing the public string ( echo Windows Registry Editor Version 5.00 echo. echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\ValidCommunities]
REM Setting the SNMP strings echo. echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\RFC1156Agent] echo "sysContact"="Server Administrators" echo "sysLocation"="Server Room" echo "sysServices"=dword:0000004f echo. echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMP\Parameters\ValidCommunities] echo "readonly"=dword:00000004 echo "readwrite"=dword:00000008 ) > %temp%\setupsnmp.reg
REM Installing the created Registry File
regedit /s /q %temp%\setupsnmp.reg
REM Cleaning Up
IF EXIST %temp%\setupsnmp.reg del %temp%\setupsnmp.reg
IF EXIST %temp%\setW2003Path.reg del %temp%\setW2003Path.reg
IF EXIST %temp%\setXPProPath.reg.reg del %temp%\setXPProPath.reg.reg
IF EXIST %temp%\snmp.txt del %temp%\snmp.txt
echo %COMPUTERNAME% Complete >> \\server\share\SNMP\SNMPInstall.txt
I have used OSSEC in the past to watch the file system for changes. When I found that I can have the Splunk agent handle the monitoring itself, I was pretty excited. Since I would send my OSSEC data to Splunk anyways, it just seemed logical to have Splunk do everything.
In Windows, you need to edit the “c:program filesSplunketcsystemlocalinputs.conf” file. Of course your path could be different if you installed it in a different place. There are a lot of options and switches you can use. I went for the simplest set.
[fschange:d:temp]
recurse=true
pollPeriod=3600
This will monitor the d:temp folder and all files and folders under it. It will check the system every 3600 seconds (1 hour).
This has helped me keep track of the changes in my servers. I can see when a file was add/deleted/changed (due to the hash) and then look at who was logged in during the period that the file was changed.
Splunk article on the switches and FSCHANGE.
http://www.splunk.com/base/Documentation/4.0.3/Admin/Monitorchangestoyourfilesystem
recurse=true
followLinks=false
pollPeriod=60
I am sitting here on my main desktop writing this. On one tab of FireFox I have my Facebook open. On the next tab I have this page open. I have my uTorrent runningin the background. My laptop sits next to me with a VPN connection in to work. I am running scripts and adding accounts in to group and verifying that the servers got the correct grouping. My IDS is humming along. My ESXi server is pumping out the heat as the server tries to keep the 8 processors cool. I have 4 IM windows up on the laptop and 3 chat windows in facebook. I have 7 command prompt windows pinging servers asking them if they are still up.
It is now 1:35am and I have been up since 5:30am the day before. No worries, I got my energy drink (Monster Khaos). Odds are I will be in to work between 9 and 10am. Why? Because I have 40 tickets to complete and more to be assigned.
Such is the life of a geek.
B-)