'Script to Configure Scan Settings for ManageEngine Desktop Central and Install's Desktop Central Agent '======================================================================================================= 'WARNING: '******** ' This script Edits Windows Registry to configure the Settings required for scanning through WMI ' It is highly recomended to test the script in a Test Computer before rolling it across a Network On Error Resume Next 'Section 1: To Configure Basic Remote DCOM Settings '================================================== ' a. ENABLE Remote DCOM ' b. DCOM Authentication Level set as DEFAULT ' c. DCOM Impersonation Level as IMPERSONATE Set WshShell = WScript.CreateObject("WScript.Shell") 'To Enable Remote DCOM in the computer WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM","Y","REG_SZ" 'To Enable Remote DCOM via HTTP in the computer WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Ole\EnableDCOMHTTP","Y","REG_SZ" 'To Set Authentication Leval as Default WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel",0,"REG_DWORD" 'To Set Impersonation level as Impersonate WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel",3,"REG_DWORD" 'Section 2: To Configure Windows XP (SP2) Settings '================================================= ' a. DISABLE Simple File Sharing ' b. ENABLE RemoteAdmin in Firewall for Standard and Current Profile ' (RemoteAdmin will take care of Ports required by WMI for scanning) 'To Configure Windows XP Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") Set colServiceList = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") For Each objService in colServiceList osName = objService.Caption Next Set colServiceList = objWMIService.ExecQuery("Select * from Win32_Service where Name = 'SharedAccess'") For Each objService in colServiceList State=objService.State Next 'To configure only for Windows XP Workstations if osName="Microsoft Windows XP Professional" Then 'To Disable Simple File Sharing Security WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\forceguest",0,"REG_DWORD" if State="Running" Then 'To Enable Remote Admin in Firewall Set objFirewall = CreateObject("HNetCfg.FwMgr") 'For Current Profile Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set objAdminSettings = objPolicy.RemoteAdminSettings objAdminSettings.Enabled = TRUE 'For Standard Profile set objPolicyStdProfile = objFirewall.LocalPolicy.GetProfileByType(1) Set objAdminSettingsStdProfile = objPolicy.RemoteAdminSettings objAdminSettingsStdProfile.Enabled = TRUE end If end If 'Section 3: To add File and Printer Sharing in Windows Firewall Exception '========================================================================= WshShell.Run "netsh firewall set service type = FILEANDPRINT mode = ENABLE scope = ALL profile = ALL", 0 'The below section is added to add file and printer sharing & wmi exceptions in the windows firewall in vista and its higher versions WshShell.Run "netsh advfirewall firewall set rule group=" & Chr(34) & "File and Printer Sharing" & Chr(34) & " new enable=Yes",0 WshShell.Run "netsh advfirewall firewall set rule group=" & Chr(34) & "Windows Management Instrumentation (WMI)" & Chr(34) & " new enable=yes",0 '****************************************************************************************************** 'Section 4 : To install agent with the share path given as argument '==================================================================== checkOSArch = WshShell.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\PROCESSOR_ARCHITECTURE") if Err Then Err.Clear regkey = "HKEY_LOCAL_MACHINE\SOFTWARE\AdventNet\DesktopCentral\DCAgent\" else if checkOSArch = "x86" Then regkey = "HKEY_LOCAL_MACHINE\SOFTWARE\AdventNet\DesktopCentral\DCAgent\" else regkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AdventNet\DesktopCentral\DCAgent\" End IF End If ' Get Location and arguments of the script currdir = WSCript.Arguments.Item(0) agentVersion = WshShell.RegRead(regkey&"DCAgentVersion") if Err Then Err.Clear wshshell.Run "msiexec.exe /i """&currdir&""" ENABLESILENT=yes REBOOT=ReallySuppress /qn",0,True End If '*******************************************************************************************************************