Logon / Startup Script Scan Setup

By installing and configuring ScanWin in a centrally accessible location, it can be run as part of a user logon script or a device startup script.  In this mode, ScanWin will inventory the local device and save the results to a central location, with one data store file per device.  These individual device data stores can then be imported into an instance of ScanWin.  ScanWin will only inventory the device if it has not yet been scanned, or a re-scan is due.

This has the benefit that it is not restricted by device firewalls and will run with the local logged on user’s credentials. This requires that Microsoft .NET Framework v4.5.2 or later is installed on each device that will run ScanWin.

The following describes how to deploy ScanWin to perform a network inventory scan via logon script.  It covers basic setup for a small environment, further planning may be required for larger multi-site networks.

On a server that is centrally accessible, create a folder to hold ScanWin and a folder to hold the collected data, for example:

  • C:\ScanWin: Root folder that will be shared (Read Only)
  • C:\ScanWin\ScanWin:  Folder to hold the ScanWin application files (Read Only)
  • C:\ScanWin\Data: Folder to hold the collected data files (Read and Write)

Set permissions on the root folder so that Authenticated Users have Read & execute, List folder contents and Read permissions and apply to subfolders and files:

Set the permissions on the Data folder so that the Authenticated Users group have Modify, Read & execute, List folder contents, Read and Write:

Share the root folder and add Authenticated Users to the share permissions, granting Change and Read permissions:

When combined with the folder permissions, this grants authenticated users read only rights to the share and the ScanWin application, and read/write permissions to the data folder, so the data store files can be created and updated when users logon.

\\SERVER01\ScanWin                                  Root folder shared read only access

\\SERVER01\ScanWin\ScanWin                  ScanWin application folder in the share read only access

\\SERVER01\ScanWin\Data                         Data folder in the share read/write access

Copy the contents of the ScanWin folder from C:\Program Files (x86)\Autodesk\ScanWin\ into the shared C:\ScanWin\ScanWin folder:

There should be exactly 42 files present once the copy is complete.

Using a text editor such as Notepad, edit the ScanWin.exe.config file within the ScanWin folder, and make the following changes:

  • DataStorePath:  Set to the UNC path to the data folder within the share, making sure there is a trailing ‘\’.
  • PerComputerDataStore:  Set to True, so each device running ScanWin saves to a separate data store in the DataStorePath.

For example:

      <setting name="DataStorePath" serializeAs="String">

        <value>\\SERVER01\ScanWin\Data\</value>

      </setting>

      <setting name="PerComputerDataStore" serializeAs="String">

        <value>True</value>

      </setting>

From a remote machine, run ScanWin from the ScanWin application folder from within the share with the parameters "/c localhost /fp /lu /rp /sl" to scan the local computer, for example:

<p>\\SERVER01\ScanWin\ScanWin\ScanWin.exe /c localhost /fp /lu /rp /sl</p>

Confirm that it has run correctly and saved the results within the Data folder within the share.  If no results appear in the Data folder, confirm your permissions are set properly.

A batch file should be used to execute ScanWin which will be itself called by the logon script or will itself be the logon script.  The following is the recommended script to be used:

<p>@ECHO OFF
REM Batch script to start ScanWin to scan the local machine
Title Autodesk ScanWin

REM Set the path to the ScanWin directory share
SET SCANWIN_DIR="\\SERVER01\ScanWin"

REM Only run if .NET Framework 4.5.2 or later is installed
REG QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\.NETFramework,Version=v4.5.2" 2&gt;nul
IF ERRORLEVEL 1 (
    GOTO DOTNETNOTINSTALLED
) ELSE (
    GOTO DOTNETINSTALLED
)

:DOTNETINSTALLED
REM Execute ScanWin to perform a scan of the local machine
IF DEFINED COMPUTERNAME (
REM Use the actual computer name when available
START "ScanWin Local Scan" /B /D "%SCANWIN_DIR%\ScanWin" "ScanWin.exe" /c %COMPUTERNAME% /o "%SCANWIN_DIR%\Data\%COMPUTERNAME%" /fp /lu /rp /sl
) ELSE (
REM If not, use localhost to identify the local machine
START "ScanWin Local Scan" /B /D "%SCANWIN_DIR%\ScanWin" "ScanWin.exe" /c localhost /fp /lu /rp /sl
)
EXIT

:DOTNETNOTINSTALLED
REM .NET Framework 4.5.2 is not installed, create a log file to indicate this
IF DEFINED COMPUTERNAME (
ECHO %COMPUTERNAME% does not have .NET Framework 4.5.2 installed &gt; "%SCANWIN_DIR%\Data\%COMPUTERNAME%.LOG"
)
EXIT</p>

A copy of the above script can be downloaded here:

The SCANWIN_DIR variable must be modified to point to the share where the data and log files should be written.  For example:

SET SCANWIN_DIR="\\ACMEDC01\ScanWin"

The above script can be copied into the NETLOGON share for the domain or placed in the shared ScanWin folder.  If copying into the NETLOGON share for the domain, copy the batch script to:

C:\Windows\SYSVOL\sysvol\<domain>\scripts

To test running as part of a logon script, either call this batch script from the existing logon script, or if there is currently no logon script, for a test user, enter the batch script name in the Logon script field for the user:

Once it has been tested, it can be rolled out to all relevant users by amending each users Profile in Active Directory Users and Computers using the instruction above or it can be rolled out via Group Policy.  Instructions for using Group Policy are included below.

Configuring for Group Policy Deployment

Open the Group Policy Management console from Control Panel > System and Security > Administrative Tools

Expand the Domains tree, right-click a domain or OU name, and select Create a GPO in this domain and Link it here...

In the New GPO dialog box, give the GPO a descriptive name, then click OK

Locate the new GPO in the Domains tree (under the domain or OU that you selected above), right-click it, and select Edit

You now need to determine if you need to use a Logon Script or a Startup Script:

  • If your end users have administrative privileges to their local PC, use a Logon Script
  • If your end users do not have administrative privileges to their local PC, use a Startup Script
Configure Logon Script

In the Group Policy Management Editor, navigate to User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff), then double-click Logon in the right pane

In the Logon Properties window, click Show Files...

Copy the ScanWin_Network.cmd batch script into the folder and close the window

In the Logon Properties window, click Add...

Click Browse to open the logon script directory, then select the ScanWin_Network.cmd batch script and click OK

Verify that the script now appears in the list on the Logon Properties window, then click OK

Close the Group Policy Management Editor window for your GPO, then close the Group Policy Management window

Configure Startup Script

In the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown), then double-click Startup in the right pane

In the Startup Properties window, click Show Files...

Copy the ScanWin_Network.cmd batch script into the folder and close the window

In the Startup Properties window, click Add...

Click Browse to open the startup script directory, then select the ScanWin_Network.cmd batch script and click OK

Verify that the script now appears in the list on the Startup Properties window, then click OK

Close the Group Policy Management Editor window for your GPO, then close the Group Policy Management window

 

Once all PC's have been inventoried, double-click the ScanWin shortcut located on the desktop and import the results from the Data share using the steps included in the Importing Data Stores section.