Windows Tip Sheet

Remote Scripting with Windows Script Host

Conquer your world of servers from home.

• By Don Jones
• 09/27/2004

Go “On Location” Without Getting Up
Are you one of those efficient administrators who insists on automating as many tasks as possible in your environment? Yeah, okay, me too. Maybe “lazy” is a better word than “efficient,” but it’s all the same to the boss, right? The hot tool for automation these days is scripting, whether you consider that to be writing VBScripts, command-line scripts, KiXtart, ScriptLogic or whatever. Writing scripts is definitely where it’s at for automated administration. One problem I’ve had recently, though, is a number of VBScript-based scripts I’ve written that need to be run locally on several different servers at about the same time.

Remember: “Lazy”
I’m well aware of the fact that I could tromp into the datacenter, load the script on each server, and run it. But some of the servers are sitting in datacenters on the other side of the planet, and I can’t afford enough shoe leather to tromp that far. Yeah, I know — Remote Desktop. Well, it so happens that some of these are NT 4.0 servers and some of the others don’t have Remote Desktop (or Terminal Services Remote Admin Mode) enabled.

All is not lost, of course. Windows Script Host (WSH), the bit that runs VBScripts, is capable of remote scripting. At least, the latest version (5.6) is capable of it, and that version is available for everything from Windows 95 and later, including my venerable NT file servers. WSH’s remote scripting capability can copy a script from my local machine to each of the remote servers, execute the script on the remote servers — where it runs locally — and then report back and tell me how everything went.

Suppose my script was named “c:\maint.vbs,” and that I needed to run it on a list of computers I’d entered into a text file named “c:\computers.txt,” listing one server name per line. Assuming that I’ve already deployed WSH 5.6 to all of these machines, which is easy enough, it’s packages in an MSI that SMS (or Group Policy) can push right out. Here’s the script I’d run on my local workstation to deploy the thing:

Dim oFSO, oTSin, oController, oRemote, sComputer
Set oController = CreateObject(“WSHController”)
Set oFSO = CreateObject(“Scripting.FileSystemObject”)
Set oTSin = oFSO.OpenTextFile(“c:\computers.txt”)

Do Until oTSin.AtEndOfStream
 sComputer = oTSin.ReadLine
 Set oRemote = oController.CreateScript(“c:\maint.vbs”, _
  sComputer)
 oRemote.Execute

 Do While oRemote.Status = 0
  WScript.Sleep 1000
 Loop

 WScript.Echo “Finished script on “ & sComputer

Loop
oTSin.Close
WScript.Echo “Finished all computers”

The WSHController object controls the copying of remote scripts. The CreateScript() method actually copies the script and returns an object — oRemote, in my example here — which represents the remote script. I then use the oRemote object’s Execute() method to run the remote script and check its Status property to see if it’s finished or not.

Remote scripting with WSHController might not solve every “lazy day” problem, but it’s definitely a cool way to push scripts out to multiple computers (automatically, with the script I’m using here) and run it.

Micro-Tips Did you know that you can copy GPOs from one domain to another? GPOs are stored as binary files on domain controllers, but the internals of the file aren’t tied to a specific domain or anything. Just figure out the GPO’s Globally Unique Identifier (GUID) in the source domain; you’ll find the GPO files in a folder named after the GUID, within a DC’s NETLOGON share. Create a new GPO in the target domain, and copy the contents of the GPO into that folder (which will have a different GUID name). Let file replication take place and your GPO is copied. Do you know how time sync works in an AD domain? It’s critical to the way Kerberos works, so be sure you do. Clients sync with the DC that authenticated them. DCs sync to their domain’s PDC Emulator. PDC emulators sync to their parent domain’s PDC Emulator, up to the forest root PDC Emulator, which should be configured to sync with an authoritative time source, like the U.S. Naval Observatory’s Atomic Clock or your Aunt Sarah’s old grandfather clock, whichever is easier.

More Resources
• My scripting-related Web site at http://www.scriptinganswers.com
• OnScript, a script editor with basic built-in remote scripting capabilities (lets you store and execute scripts remotely from within the editor’s UI): http://www.onscript.com
• Download WSH 5.6 for Win2000 and later: http://www.microsoft.com/downloads/details.aspx?familyid=C717D943-7E4B-4622-86EB-95A22B832CAA&displaylang=en
• Download WSH 5.6 for Win9x and NT: http://www.microsoft.com/downloads/details.aspx?familyid=0A8A18F6-249C-4A72-BFCF-FC6AF26DC390&displaylang=en