Baseline.bat

skeleton batch file for baseline computer setup

As we are developping scripts to automate standardized configuration procedures, we might end up in the situation where in stead of clicking numerous 'next' buttons, we 're clicking numerous scripts to run them (or typing statement after statement at the prompt). That was not how we intended it. Fortunately, there's something like batch files - they were originally intended to process numerous commands / programs as a batch - so we could easily create a batch file that runs all the scripts to create a standard workstation, or a standard server ...

This, we will accomplish by calling the batch files and other scripts from one master script that then describes the "Baseline Setup" - e.g. a standardized workstation. Later, we may consider a menu, command line arguments, conditional statements or some other mechanism such as Group Policy Objects, to extend the base line setup and customize it for predefined groups of users or classes of computers.

What follows is a sample script (a batch file) that calls other batch files or executes visual basic scripts. The controll is always returned to the master script (baseline.bat). The script also features :

statements to make the logged on user member of the local group 'Administrators'

This is usefull so that the configuration can be saved in the logged on user's profile. It avoids having to use lots of 'RUNAS' statements (which al require passwords to be entered) while at the same time granting administrator rights to the user so that legacy software and the likes don't suffer from lack of priveligues.

a mechanism to automatically continue the script at a given point, after the system reboots

If, for some reason, the system needs to reboot, and the script has tyo continue afterwards, this point can be identified and labelled, so that the script continues at that point. This allows for certain changes to take effect through a reboot, while avoiding the need for multiple baseline scripts. The trick used here is calling the script from a RunOnce registry key, with a command line argument that brings it back to a given point (labelled :reboot1). The registry key in question is ccreated during the execution of (the first part) of the script.

Temporarily map driveletters to network shares for transparant access to network resources

If nothing else, this allows us to change UNC paths to network shares at the beginning of the script, in stead of having to check the whole script in case a server name needs to be modified or a sharename changed.

The batch file

	REM Koen Noens
	REM September 2005
	REM skeleton script for baseline computer setup


	rem var en drive letters
	set TheDomainName=KICKS

	net use b: \\store01\inst /persistent:no
	net use z: \\store01\distri /persistent:no


	REM handle arguments			this will jump the script forward after the reboot
	IF '%1'=='/reboot1' GOTO reboot1



	REM FIRST RUN only
	REM -----------------------------------------------------------------

	REM create RunOnce key to continue this script after reboot
	(
	ECHO Windows Registry Editor Version 5.00
	ECHO.
	ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
	ECHO "baselineconfig"="\"\\\\Store01\\inst\\setup\\base\\baseline.bat\" /reboot1"
	ECHO.
	) >> %temp%\baselinereboot1.reg

	regedit /S %temp%\baselinereboot1.reg
	del %temp%\baselinereboot1.reg

	
	REM  *****  DO STUFF ****************

	CALL checkNetwork.bat
	CSCRIPT doPatching.vbs


	REM support tools installeren

	msiexec -i "\\store01\inst\windows\tools\suptools.msi" /passive
	set path=%PATH%;"%ProgramFiles%\Support Tools"


	REM join computer to domain. OU for computer may be specified, 
	rem see netdom join syntax in support tools

	netdom join %COMPUTERNAME% /d:%TheDomainName% /ud:%TheDomainName%\administrator /pd:* /reboot

		REM netdom command forces the script to reboot ...




	REM ------------------------------------------------------------------------
	REM SCRIPT JUMPS HERE AFTER REBOOT
	:reboot1


	REM make logged on user member of local administrators, using domainadministrator credentials

	RUNAS /u:%Userdomain%\Administrator "net localgroup Administrators /ADD %Userdomain%\%Username%"

	
	::[do runonce trick again here & let user log off, then on again  for group membership to take effect ]



	REM  *****  DO MORE STUFF ****************


	CALL ODBCsetup.bat

	CALL z:\installMSOFFICE.bat


	CSCRIPT createDesktopIcons.vbs

	CSCRIPT b:\addNetworkPrinters.vbs


	START /WAIT "B:\PC_TeleSupport\pctelesupport-setup.exe /silent"




	REM ----------------------------------------------------------------------------
	REM FINAL PART


	rem cleanup

	REM Break Drive Letter mapping
	C:
	net use b: /DELETE
	net use z: /DELETE
	

	REM remove user from local Admins
	RUNAS /u:%Userdomain%\Administrator "net localgroup Administrators /DELETE %Userdomain%\%Username%"


	ECHO.
	ECHO Baseline configuration finished
	ECHO Please Reboot for all changes to take affect
	ECHO.