cancel
Showing results for 
Search instead for 
Did you mean: 
SOM2010
Level 10
Report Inappropriate Content
Message 1 of 10

How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

We have over 5000 EEPC client machines (v5.1.8) installed.  We built these using Autodomain to harvest existing Windows user profiles and automate creation and assignment of EEPC UserIDs to machine objects. This works very well. The problem is that we have tech admin IDs also being harvested from machines which they built (possibly years ago) which they will never support and we want to automate removing them from the machines.  We want to automate a process which reads a machine name from a .cvs file and passes it to sbadmcl to DELETE USER any "$*" EEPC userIDs which it finds on the machine.  We can perform this manually one machine at a time using sbadmcl but would like a way to automate it across a specific maching group.

Thanks.

1 Solution

Accepted Solutions

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

Here is the code, put it in batch, replace DATABASE, GROUP, ADMIN, PASSWORD and run it.

@echo off
SETLOCAL EnableDelayedExpansion

sbadmcl.exe -command:DumpMachineUsers -database:"DATABASE" -group:"GROUP" -adminuser:ADMIN -adminpwd:PASSWORD -file:allusers.txt

for /f "tokens=1,2 delims=," %%i in (allusers.txt) do (
set var=%%j
set var=!var:~0,1!

if "!var!"=="$" (sbadmcl.exe -command:RemoveUser -database:"DATABASE" -machine:"%%i" -user:"%%j" -adminuser:ADMIN -adminpwd:PASSWORD)

)

9 Replies

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

While you can create vbs for it, such a simple task can be performed on the server itself.

If you have "file.csv" with machine and user names, you can run from command line:

for /f "tokens=1,2 delims=," %i in (file.csv) do (
sbadmcl.exe -command:RemoveUser -database:DATABASE -machine:%i -user:%j -adminuser:ADMIN -adminpwd:PASSWORD

)

SOM2010
Level 10
Report Inappropriate Content
Message 3 of 10

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

from the server running a command line of :

for /f "tokens-1,2 delims=," %i in users.csv do (sbadmcl.exe -command:RemoveUser -database:EEPCEnterprise -machine:%j -adminuser:admin - adminpwd:password)

will read the users.csv file and iterate through every machine in the database looking for userIDs which start with a $ and remove all it finds?

Does the .csv file need to have any machine names in it or can I just have one line with the userID to remove = to $*  ?

Also, I have multiple groups, I only want to run this on a specific group of machines.

thanks,

p.s. - attached shows a sample of the type of userIDs I want to remove on all machines. I don't know which userids are assigned to any specific machine.

Message was edited by: SOM2010 on 1/28/10 1:09:46 PM CST
Highlighted

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

Unfortunately you must be explicit with machine and user names.

You can preprocess information obtained from group, to find out all necessary combinations.

sbadmcl.exe -command:DumpMachineUsers -database:EEPCEnterprise -group:MACHINEGROUP -adminuser:admin - adminpwd:password -file:allusers.txt

When processing "allusers.txt" file instead of "users.csv", perform some condition check on user field, prior to RemoveUser part.

SOM2010
Level 10
Report Inappropriate Content
Message 5 of 10

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

since we can find users in the Manager Console with a wildcard, will I also be able to pass a wild card value for the userID as $* from the allusers.txt file to sbadmcl ?

also, is there any documentation about:    for /f "tokens-1,2 delims=" %i in .... do (  )                 command ?

Message was edited by: SOM2010 on 1/28/10 1:28:45 PM CST
rbarstow
Level 10
Report Inappropriate Content
Message 6 of 10

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

Google "batch for", for instructions on the FOR command in batch files.

Personally, I prefer to use .vbs to build the sbadmcl command-string, then issue it using objShell.run.

That also allows me to obfuscate the admin credentials.

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

Here is the code, put it in batch, replace DATABASE, GROUP, ADMIN, PASSWORD and run it.

@echo off
SETLOCAL EnableDelayedExpansion

sbadmcl.exe -command:DumpMachineUsers -database:"DATABASE" -group:"GROUP" -adminuser:ADMIN -adminpwd:PASSWORD -file:allusers.txt

for /f "tokens=1,2 delims=," %%i in (allusers.txt) do (
set var=%%j
set var=!var:~0,1!

if "!var!"=="$" (sbadmcl.exe -command:RemoveUser -database:"DATABASE" -machine:"%%i" -user:"%%j" -adminuser:ADMIN -adminpwd:PASSWORD)

)

SOM2010
Level 10
Report Inappropriate Content
Message 8 of 10

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

using this technique I successfully cleaned up 2,704 machines today in about 15 minutes. Thanks for the help !!

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 9 of 10

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

why did'nt you just delete the users themselves? I'm not sure I understand why you would unset them from machines, but leave them in EEM?

SOM2010
Level 10
Report Inappropriate Content
Message 10 of 10

Re: How to pass variables to sbadmcl in vbscript from .cvs file

Jump to solution

The names I needed removed from machines are the userIDs for computer technicians who originally built the machines some time ago, (up to as long as 12-18months).  We utilized our technicians from various locations around the state to deploy a managed desktop.  In the end, these technicians will very likely never again need to provide any type of support on the machines they deployed because of the geographic distance. i.e. we had technicians travel from the Upper Peninsula of Michigan to Detroit to deploy upwards of 300-400 machines in a weekend, multiple times.  When they did that they logged into Windows with their AD admin accounts, there by leaving their cached profile on the machine(s).  This was before we purchased SafeBoot.  As we're deploying the EEPC client with Autodomain.vbs, it is working almost perfectly to add these Windows profiles to the machine object in the EEPC Manager Console  - machines which the same technicians will never be supporting. We have asked and even told the techs (who have access to the Manager Console) to remove their own IDs from these machines, but pulling teeth is easiter it appears.

So in the interest of keeping network traffic to a minimum and the number of userIDs assigned to machines in check for general security practices, we wanted them removed.  I didn't have time to individually examine each machine and manually remove them.  I've been doing that, but losing ground over time.

We left them in EEM because they also have EEPC encrypted laptops they use daily so deleting them would have created a different problem.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community