This is a bit off topic, but I'm looking for a convenient way to manage N "identical" Windows PCs, using as much as possible 1 command to do the same thing on all of them. The capabilities I'm looking for, preferably in a single tool are, given a designated master machine and N clones of that master: 1. Compare all (or to a specified depth) files below some directory on the workstations, displaying differences. For instance, compare the directory tree below C:\Program Files. 2 After determining which subset of the differences from (1) need to be pushed, designate those files and "put", whereupon all such files are copied from the master to the N remote machines. 3. Select a .bat file in the synchronized directory tree, invoke "run", whereupon it runs inside a DOS shell on all remote machines. The output from that run is saved and diffed, so that anything that went wrong on one of the machines may be spotted. 4 Run a program on the master (using Windows GUI), and it runs on all the other machines at once, applying the same key strokes and mouse events to all of them at once. For instance, do an install on the master and everything happens the same way on the other N machines. If something different happens along the way, the option to address that machine specifically would be provided. This one is sort of the holy grail for Windows administration, I'm not entirely sure that the Windows GUI even provides a place to hack in between the mouse and keyboard to achieve this. I already have a collection of tools for doing bits and pieces of this, but nothing that covers all of these bases:>From Samba there is smbclient, which if buried in a script can be usedfor the file transfers, so long as port 445/tcp is open on each workstation. That isn't too bad a security hole since it can be restricted through the firewall to only talk to one controlling machine. It is relatively easy to make it talk to N machines by addressing them sequentially within a script, although it also requires one more machine running Linux to perform all the smbclient operations. Tar can do the directory traversals, but there seems not to be any way to generate checksums on the remote machines, so for a directory comparision one would have to move all the relevant data over the net back to the central machine. Not very efficient if N is large and the disk space being traversed is also large. UltraVNC lets me do any console operation remotely, but only one machine at a time. If there was some way to run UltraVNC in parallel it would almost do what (4) requires, but currently all one can do is switch from display to display, and then repeat the same commands on each. Disk cloning (ghost and the like). Massive overkill when just a few files need to be tweaked. Plus on Windows if the partition being copied includes C:\Windows (and it always does for me) the whole sysprep etc. dance must be carried out. md5deep generates a tree'd md5sum report, which could be used for the file comparisons in (1), but it just runs on one machine at a time. Boot all machines under linux. This lets me use ssh to run scripts, and since NTFS can be mounted read/write these days, access to the XP directories is possible from linux. That makes the file synchronization relatively straightforward, but at the cost of having to run a completely different OS, and the loss of the ability to run programs within Windows. Thanks, David Mathog mathog@caltech.edu Manager, Sequence Analysis Facility, Biology Division, Caltech
On Tuesday 09 September 2008 17:01:08 David Mathog wrote:> This is a bit off topic, but I'm looking for a convenient way to manage > N "identical" Windows PCs, using as much as possible 1 command to do the > same thing on all of them. The capabilities I'm looking for, preferably > in a single tool are, given a designated master machine and N clones of > that master: > > 1. Compare all (or to a specified depth) files below some directory on > the workstations, displaying differences. For instance, compare the > directory tree below C:\Program Files. > > 2 After determining which subset of the differences from (1) need to be > pushed, designate those files and "put", whereupon all such files are > copied from the master to the N remote machines. > > 3. Select a .bat file in the synchronized directory tree, invoke "run", > whereupon it runs inside a DOS shell on all remote machines. The output > from that run is saved and diffed, so that anything that went wrong on > one of the machines may be spotted. > > 4 Run a program on the master (using Windows GUI), and it runs > on all the other machines at once, applying the same key strokes and > mouse events to all of them at once. For instance, do an install on the > master and everything happens the same way on the other N machines. > If something different happens along the way, the option to address that > machine specifically would be provided. This one is sort of the holy > grail for Windows administration, I'm not entirely sure that the Windows > GUI even provides a place to hack in between the mouse and keyboard to > achieve this. > > I already have a collection of tools for doing bits and pieces of this, > > but nothing that covers all of these bases: > >From Samba there is smbclient, which if buried in a script can be used > > for the file transfers, so long as port 445/tcp is open on each > workstation. That isn't too bad a security hole since it can be > restricted through the firewall to only talk to one controlling machine. > It is relatively easy to make it talk to N machines by addressing them > sequentially within a script, although it also requires one more machine > running Linux to perform all the smbclient operations. Tar can do > the directory traversals, but there seems not to be any way to generate > checksums on the remote machines, so for a directory comparision one > would have to move all the relevant data over the net back to the > central machine. Not very efficient if N is large and the disk space > being traversed is also large. > > UltraVNC lets me do any console operation remotely, but only one machine > at a time. If there was some way to run UltraVNC in parallel it would > almost do what (4) requires, but currently all one can do is switch from > display to display, and then repeat the same commands on each. > > Disk cloning (ghost and the like). Massive overkill when just a few > files need to be tweaked. Plus on Windows if the partition being copied > includes C:\Windows (and it always does for me) the whole sysprep etc. > dance must be carried out. > > md5deep generates a tree'd md5sum report, which could be used for the > file comparisons in (1), but it just runs on one machine at a time. > > Boot all machines under linux. This lets me use ssh to run scripts, > and since NTFS can be mounted read/write these days, access to the > XP directories is possible from linux. That makes the file > synchronization relatively straightforward, but at the cost of having > to run a completely different OS, and the loss of the ability to run > programs within Windows. > > Thanks, > > David Mathog > mathog@caltech.edu > Manager, Sequence Analysis Facility, Biology Division, CaltechHave you considered doing these types of updates from a logon script? There are a number of tools you could use to do intelligent processing from a logon script environment. Check the Samba3-HOWTO for info on logon scripts. Cheers, John T. -- John H Terpstra "Don't do as I do; Show me better!" - Anonymous.
malte.mueller@ewetel.net
2008-Sep-10 06:53 UTC
[Samba] parallel administration tool for PCs?
----- Nachricht von mathog@caltech.edu --------- Datum: Tue, 09 Sep 2008 15:01:08 -0700 Von: David Mathog <mathog@caltech.edu> Antwort an: David Mathog <mathog@caltech.edu> Betreff: [Samba] parallel administration tool for PCs? An: samba@lists.samba.org> This is a bit off topic, but I'm looking for a convenient way to manage > N "identical" Windows PCs, using as much as possible 1 command to do the > same thing on all of them. The capabilities I'm looking for, preferably > in a single tool are, given a designated master machine and N clones of > that master: > > 1. Compare all (or to a specified depth) files below some directory on > the workstations, displaying differences. For instance, compare the > directory tree below C:\Program Files. > > 2 After determining which subset of the differences from (1) need to be > pushed, designate those files and "put", whereupon all such files are > copied from the master to the N remote machines. > > 3. Select a .bat file in the synchronized directory tree, invoke "run", > whereupon it runs inside a DOS shell on all remote machines. The output > from that run is saved and diffed, so that anything that went wrong on > one of the machines may be spotted. > > 4 Run a program on the master (using Windows GUI), and it runs > on all the other machines at once, applying the same key strokes and > mouse events to all of them at once. For instance, do an install on the > master and everything happens the same way on the other N machines. > If something different happens along the way, the option to address that > machine specifically would be provided. This one is sort of the holy > grail for Windows administration, I'm not entirely sure that the Windows > GUI even provides a place to hack in between the mouse and keyboard to > achieve this. > > I already have a collection of tools for doing bits and pieces of this, > but nothing that covers all of these bases: > >> From Samba there is smbclient, which if buried in a script can be used > for the file transfers, so long as port 445/tcp is open on each > workstation. That isn't too bad a security hole since it can be > restricted through the firewall to only talk to one controlling machine. > It is relatively easy to make it talk to N machines by addressing them > sequentially within a script, although it also requires one more machine > running Linux to perform all the smbclient operations. Tar can do > the directory traversals, but there seems not to be any way to generate > checksums on the remote machines, so for a directory comparision one > would have to move all the relevant data over the net back to the > central machine. Not very efficient if N is large and the disk space > being traversed is also large. > > UltraVNC lets me do any console operation remotely, but only one machine > at a time. If there was some way to run UltraVNC in parallel it would > almost do what (4) requires, but currently all one can do is switch from > display to display, and then repeat the same commands on each. > > Disk cloning (ghost and the like). Massive overkill when just a few > files need to be tweaked. Plus on Windows if the partition being copied > includes C:\Windows (and it always does for me) the whole sysprep etc. > dance must be carried out. > > md5deep generates a tree'd md5sum report, which could be used for the > file comparisons in (1), but it just runs on one machine at a time. > > Boot all machines under linux. This lets me use ssh to run scripts, > and since NTFS can be mounted read/write these days, access to the > XP directories is possible from linux. That makes the file > synchronization relatively straightforward, but at the cost of having > to run a completely different OS, and the loss of the ability to run > programs within Windows. > > Thanks, > > David Mathog > mathog@caltech.edu > Manager, Sequence Analysis Facility, Biology Division, Caltech > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > >----- Ende der Nachricht von mathog@caltech.edu ----- I use the autoexnt service for such purposes. Autoexnt runs with admin-privileges at startup, before anyone logges in. Users can log in though. It is available at least for win2k and winXP, but I don't know about Vista. I have written a small webservice (a servlet in my case, I am a bit biased towards java) that "builds" (it just concatenates some text files) a batch file for the client depending on it's IP. The client fetches that batch file using wget and executes it. I use it to bring client-PC back into the domain after imaging but sometimes I also copy just some files. The server side logic proved to be usefull because win2k sometimes seemed not to be able to resolve it's own name correctly after the imaging process. You might want to watch for security issues. Hope this helpes Malte M?ller
David Mathog wrote:> This is a bit off topic, but I'm looking for a convenient way to manage > N "identical" Windows PCs, using as much as possible 1 command to do the > same thing on all of them. The capabilities I'm looking for, preferably > in a single tool are, given a designated master machine and N clones of > that master: >This sounds like it would be better done architecturally with Active Directory + group policies/SMS etc ... or you could just scrape around and sort-of get something working by hobbling together the kinds of technologies you previously mentioned... kind of. Can't vouch for it though. Fyi I recommend vbs/wsh for the gui keystrokes by the way... I have personally find that a very useful little language. -h -- Hari Sekhon