6 Replies Latest reply on Aug 3, 2012 4:17 AM by nbaumann

    Duplicate computer names in Epo 4.6 for non-persistent vdi desktops

      We’re testing Mcafee Move with Citrix Xendesktop non-persistent desktops.

      Mcafee Move works fine, but because the guid of the Mcafee agent is generated every time when a non-persistent desktop restarts we end up with duplicate computer names in Epo 4.6.

      The computer entries eventually end up in the inactive agents group, but is there a better automated solution?

        • 2. Re: Duplicate computer names in Epo 4.6 for non-persistent vdi desktops
          andrep1

          You could have a server task run every hous to delete systems identified by a query where you filter on system name "is duplicated" and last communication "is not within" whatever interval you set...

           

          Here's a sample query to do it (save as an .xml and import the definition in queries):

           

          - <queries>

          - <query>

          <name language="en">test</name>

          <description language="en" />

          <property name="target">EPOLeafNode</property>

          <property name="tableURI">query:table?orion.table.columns=EPOLeafNode.NodeName%3AEPOLeafNode.LastUpdate&or ion.table.order.by=EPOLeafNode.NodeName&orion.table.order=asc</property>

          <property name="conditionURI">query:condition?orion.condition.sexp=%28+where+%28+and+%28+duplicatedComputerNam e+EPOLeafNode.NodeName+%29+%28+olderThan+EPOLeafNode.LastUpdate+604800000++%29+% 29+%29</property>

          <property name="summaryURI">query:summary?orion.sum.query=false&orion.query.type=table.table</property>

          </query>

          </queries>

          • 3. Re: Duplicate computer names in Epo 4.6 for non-persistent vdi desktops
            mirelp

            I'm having exactly the same issue. The MAC address and system name are persistent on the VM but Agent GUID changes on each reboot. This works fine in most cases (as MAC is the same so ePo knows it's the same system) except when a machine reboots twice within a short period of time.

             

            Let's take this scenario when a VM is up and running and ePo has all the correct info about the VM: hostname, MAC address and AgentGUID

            1. VM is rebooted - Agent GUID is changed, hostname and MAC are the same

            2. VM McAfee agent will check in to ePo and report the new Agent GUID - ePo AgentGUID is updated (as expected)

            3. A few minutes later for some reason, VM MAC field is cleared on ePO (Why??) - MAC address has not been changed (NOT EXPECTED)

             

            If VM is rebooted again (when ePO MAC is empty) it will cause a duplication and VM will be added to ePO Lost & Found container. If instead you wait an hour or so before rebooting the VM, MAC address is already updated on ePO and no duplication occurs.

             

            In a prod environment with many users, VMs can be rebooted in a short period of time and this will cause issues. If the duplicated machine is placed in Lost and Found, a different policy will be applied from ePO. In my case, I use tags to mark MOVE machines and apply policies like MOVE offload server address or to disable the install of full AV client.

             

            In conclusion, it is critical for us not to have duplications and to have the systems placed in the correct OU container.

             

            Andre, thank you for posting the script - I will try to see if this helps. Can you please let me know if there is a way to also move the duplicated machine to the correct OU container (let's say if IP address matches an IP range move  system to  "Virtual Desktop" OU)?

             

            How do you find the performance of MOVE?

             

            Thank you

             

            FYI: ePO 4.6, McAfee Agent 4.6, MOVE 2.0. Virtual Desktops are hosted on Hyper-V and VMs are Windows 7 and provisioned by Xen Desktop

             

            Message was edited by: mirelp on 31/12/11 13:14:11 CST

             

            Message was edited by: mirelp on 31/12/11 13:17:47 CST
            • 4. Re: Duplicate computer names in Epo 4.6 for non-persistent vdi desktops

              Hi Frank,

               

              This was a complete pain in the backside for us to get working, but we seem to have it nailed now. We basically had to come up with a script that clears out the values cached in the registry by the ePO agent and writes in a GUID based on the hostname (since the MAC address *could* change between reboots, this is the safest way for us). You need to set this up as a Machine Startup Script on your gold master via gpedit.msc and change the McAfee Framework Service to Manual start through services.msc. When the service starts up, it'll collate the missing information (MAC address, IP address etc) and will check into ePO. Because the GUID is being generated from the hostname every startup, before the ePO agent is loaded, it will always have the same GUID and will prevent ePO duplicates.

               

              Depending on the structure of your hostnames, you may wish to change "hostnameClean = Right(hostname,13)" to "hostnameClean = Left(hostname,13)" if the first 13 characters are more likely to be unique in your environment.

               

              Environment:

              VMware vSphere 4

              Citrix PVS 5.1

              Citrix XenDesktop 3.0

              McAfee ePO 4.6

              McAfee MOVE AV 2.0

               

              -------------------------------------------------------------------------------- --------------------------------------------------------------------------------

              Start guidgen.vbs

              -------------------------------------------------------------------------------- --------------------------------------------------------------------------------

              Option Explicit

              'Don't modify these values

              Const HKEY_LOCAL_MACHINE = &H80000002

              Dim AgentConfigValues

              Dim ComputerInfo, WindowsRegistry, WMIServices, WindowsServices, McAfeeService

              Set ComputerInfo = CreateObject("WinNTSystemInfo")

              Set WindowsRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegPro v")

              Set WMIServices = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

              Set WindowsServices = WMIServices.ExecQuery("Select * from Win32_Service Where Name ='" & AgentServiceName & "'")

              Dim hostname, hostnameClean, pad, padAmount, guidText, guidHex, hexChar, position, agentValue

               

              'Configuration Options

              'Registry key storing the ePO Agent settings and cached values

              Const AgentConfigKey = "SOFTWARE\Network Associates\ePolicy Orchestrator\Agent"

              'Service name (as stored in the registry) for the ePO service

              Const AgentServiceName = "McAfeeFramework"

              'Array of values to be deleted to ensure a fresh start when the ePO Agent loads

              AgentConfigValues = Array("ComputerName","IPAddress","IPHostName","LoggedOnUser","MacAddress","Subn etAddress","SubnetMask")

               

              'Working logic begins here

              'Get the hostname in UPPER CASE

              hostname = Ucase(ComputerInfo.ComputerName)

              'Remove any hyphens

              hostnameClean = Replace(hostname,"-","")

               

              'Check the length of the hostname:

              If Len(hostnameClean) > 13 Then

                        'If it is more than 13 digits long, take the last 13 digits (most likely to be unique)

                        hostnameClean = Right(hostname,13)

              ElseIf Len(hostnameClean) < 13 Then

                        'If it is less than 13 digits long, pad the beginning with spaces

                        'Work out how much padding is required

                        padAmount = 13 - Len(hostnameClean)

                        For pad = 1 to padAmount

                  'Add a space to the front of the string

                  hostnameClean = " " & hostnameClean

                        Next

              End If

               

              'Prefix the cleaned hostname with "EPO"

              guidText = "EPO" & hostnameClean

               

              'Start the GUID with a brace

              guidHex = "{"

              'For each character in the cleaned hostname with EPO prefixed

              For position = 1 to 16

                        'Convert the next character to Hex

                        hexChar = Hex(Asc(Mid(guidText,position,1)))

                        'Check the length:

                        If Len(hexChar) = 2 Then

                  'If it is two characters long, append it to the GUID

                  guidHex = guidHex & hexChar

                        ElseIf Len(hexChar) = 1 Then

                  'If it is one character long, append a 0 and the new character to the GUID

                  guidHex = guidHex & "0" & hexChar

                        Else

                  'If it is three characters long (shouldn't happen!), append the last two characters to the GUID

                  guidHex = Right(hexChar,2)

                        End If

               

                        'Add in hyphens after the correct number of characters (each string character is 2 hex characters)

                        Select Case position

                  Case 4

                    guidHex = guidHex & "-"

                  Case 6

                    guidHex = guidHex & "-"

                  Case 8

                    guidHex = guidHex & "-"

                  Case 10

                    guidHex = guidHex & "-"

                        End Select

              Next

              'End the GUID with a brace

              guidHex = guidHex & "}"

               

              'Remove existing configuration values

              For Each agentValue In AgentConfigValues

                        WindowsRegistry.DeleteValue HKEY_LOCAL_MACHINE,AgentConfigKey,agentValue

              Next

               

              'Set new AgentGUID and correct ComputerName

              WindowsRegistry.SetStringValue HKEY_LOCAL_MACHINE,AgentConfigKey,"AgentGUID",guidHex

              WindowsRegistry.SetStringValue HKEY_LOCAL_MACHINE,AgentConfigKey,"ComputerName",hostname

               

              'Start the ePO Agent

              For Each McAfeeService in WindowsServices

                        McAfeeService.StartService()

              Next

               

              'Done!

              -------------------------------------------------------------------------------- --------------------------------------------------------------------------------

              End guidgen.vbs

              -------------------------------------------------------------------------------- --------------------------------------------------------------------------------

               

              Hope this helps...

               

              Message was edited by: craigg.barr on 07/03/12 03:36:33 CST
              • 5. Re: Duplicate computer names in Epo 4.6 for non-persistent vdi desktops

                Hi:

                 

                Can you send me the query xml,  i have duplicated computers and I want to used your query.  Thanks

                 

                Message was edited by: maritereperez on 3/23/12 7:59:50 AM CDT
                • 6. Re: Duplicate computer names in Epo 4.6 for non-persistent vdi desktops
                  nbaumann

                  Hi,

                   

                  We're using VDI automated pools and McAfee agent 4.6 with VSE 8.7. In ePO I had duplicate hosts because the McAfee agent GUID and MAC address change when the client is being reprovisioned on logoff/reboot/shutdown. To bypass this issue and keep the threat history data of the clients, we wrote an autoit script which exports/imports the agent GUID, sequence number and the agent's ssl private/public key files when the vdi client shuts down or starts up. We invoke the script using a GPO startup/shutdown logon script. Without copying the agent's ssl key files we had the issue that the clients did not communicate with the ePO after they have been reprovisioned.

                   

                  So far this works well in our situation. This way we don't need to run queries/tasks on ePO to remove duplicate systems.

                  To use the script you may follow these steps.

                   

                  1. Download autoit from www.autoitscript.com
                  2. To simplify maintenance and have the logfiles centrally, we created an network share with modify rights for everyone (you may restrict it to the computers running vdi)
                  3. Create the following subfolders
                    \config
                    \log
                    \scripts
                  4. Copy and Paste the code below to a file called "ConfigureMcAfee.au3".
                  5. Compile the script using Autoit and copy the exe to the "scripts" directory.
                  6. Disable the access protection policy setting "Prevent McAfee services from being stopped" for the VDI clients
                  7. Create a GPO, assign it to the VDI clients and add a startup/shutdown script
                    Parameters for Shutdown: \\<server>\<share>\scripts\ConfigureMcAfee.exe shutdown
                    Parameters for Startup: \\<server>\<share>\scripts\ConfigureMcAfee.exe startup

                   

                  regards,
                  Nik

                   

                  And here's the code:


                  #cs ------------------------------------------------------------------------------- --------

                    AutoIt Version: 3.2.2.0
                    Author:         BN95

                    Revision: 20.02.2012/BN95: initial version
                                  02.08.2012/BN95: export/import agent private/public keys also to prevent HTTP 502 issues.

                    Purpose:
                    - export/import McAfee Agent GUID to network share to avoid duplicate VDI systems in ePO
                   
                  #ce ------------------------------------------------------------------------------- --------

                  ;autoit options
                  AutoItSetOption("ExpandEnvStrings",1)
                  AutoItSetOption("TrayAutoPause",0)
                  AutoItSetOption("TrayMenuMode",1)
                  AutoItSetOption("MustDeclareVars",1)

                  ;--------------------
                  ;variable declaration
                  ;--------------------

                  Global $bErrors        ;indicates whether errors occured
                  Dim $bLogInit        ;indicates whether logfile has been initialized
                  Dim $lf          ;handle to logfile

                  Dim $PackageName       ;name of the current package
                  Dim $userdomain        ;user's domain ("FACTORYXP", "PSICH")
                  Dim $logfile        ;full path to logfile
                  Dim $inifile        ;full path to inifile

                  Dim $RegBase        ;registry key path (e.g. HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall)
                  Dim $RegKeyName        ;registry key name (e.g. {26A24AE4-039D-4CA4-87B4-2F83216013FF})
                  Dim $RegValueName       ;registry value name (e.g. DisplayIcon)
                  Dim $RegValue        ;registry value (e.g. C:\Program Files\Java\...)
                  Dim $i, $j, $k        ;counters
                  Dim $iRet         ;return value
                  Dim $sOperation
                  Dim $bError

                  Dim $Timeout
                  Const $cTimeoutLimit = 30000    ;limit to wait for processes to close [ms]

                  Const $cFrameworkServiceName = "McAfeeFramework"
                  Const $cFrameworkServiceImage = "FrameworkService.exe"
                  Const $cMcShieldServiceName = "McShield"
                  Const $cMcShieldServiceImage = "McShield.exe"
                  Const $cWUService = "wuauclt"
                  Const $cMcAfeeAgentGUIDBase = "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent"
                  Const $cWUAgentGUIDBase = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"
                  Const $cMcAfeeAgentKeyStoreDir = "%ALLUSERSPROFILE%\Application Data\McAfee\Common Framework\keystore\"

                  Dim $ConfigDir

                  ;--------------------------
                  ;environment initialization
                  ;--------------------------

                  $userdomain = EnvGet("USERDOMAIN")

                  ;get command line arguments
                  If StringLen($CmdLineRaw) = "" Then
                  Msgbox(0x40010, @ScriptName, "Command line argument is not optional. Provide argument 'startup' or 'shutdown'.")
                  Exit(-1)
                  Endif

                  $ConfigDir = @ScriptDir & "\..\config\"
                  $inifile = $ConfigDir & @ComputerName & ".ini"

                  ;determine operation mode
                  If StringLower(StringStripWS($CmdLineRaw,3)) = 'startup' Then
                  $logfile = @ScriptDir & "\..\log\" & @ComputerName & "-02-" & @UserName & "-startup.log"
                  $sOperation = "startup"
                  ElseIf StringLower(StringStripWS($CmdLineRaw,3)) = 'shutdown' Then
                  $logfile = @ScriptDir & "\..\log\" & @ComputerName & "-01-" & @UserName & "-shutdown.log"

                  $sOperation = "shutdown"
                  Else
                  Msgbox(0x40010, @ScriptName, "Invalid command line argument. Provide argument 'startup' or 'shutdown'.")
                  Exit(-1)
                  EndIf

                  ;---------
                  ;main code
                  ;---------

                  ;~ If StringMid(@ComputerName,8,1) = 7 Then
                  ;~  ;only make changes on test pool, do not touch productive clients...
                  ;~  WriteLog("Running on VDI test pool." & @CRLF & @CRLF)

                  ;~ Else

                  If $sOperation = "startup" Then
                    ;startup
                   
                    If FileExists($inifile) Then
                     ;stop McAfee Agent if running
                     WriteLog("Checking for running McAfee agent...")
                     If ProcessExists($cFrameworkServiceImage) <> 0 Then
                      WriteLog(@Tab & $cFrameworkServiceImage  & " is running.")
                      WriteLog(@Tab & "Stopping " & $cFrameworkServiceName  & "...")
                      $iRet = ShellExecuteWait(@SystemDir & "\net.exe", "stop " & $cFrameworkServiceName)
                      If $iRet = 0 Then
                       WriteLog(@Tab & @Tab & "Service successfully stopped.")
                       WriteLog(@Tab & "Waiting for '" & $cFrameworkServiceImage & "' to disappear...")
                       While ProcessExists ($cFrameworkServiceImage) <> 0 and $Timeout < $cTimeoutLimit
                        Sleep(250)
                        $Timeout = $Timeout + 250
                       WEnd
                       WriteLog(@Tab & @Tab &"Success.")
                      Else
                       WriteLog(@Tab & @Tab & "Failed to stop service.")
                       $berror = true
                      EndIf ;$iRet = 0
                     
                     Else
                      WriteLog(@Tab & "McAfee agent service is not running.")
                     EndIf ;ProcessExists($cFrameworkService) <> 0 Then
                    
                     ;stop McShield Service if running
                     WriteLog("Checking for running McShield service...")
                     If ProcessExists($cMcShieldServiceImage) <> 0 Then
                      WriteLog(@Tab & $cMcShieldServiceImage  & " is running.")
                      WriteLog(@Tab & "Stopping " & $cMcShieldServiceName  & "...")
                      $iRet = ShellExecuteWait(@SystemDir & "\net.exe", "stop " & $cMcShieldServiceName)
                      If $iRet = 0 Then
                       WriteLog(@Tab & @Tab & "Service successfully stopped.")
                       WriteLog(@Tab & "Waiting for '" & $cMcShieldServiceImage & "' to disappear...")
                       While ProcessExists ($cMcShieldServiceImage) <> 0 and $Timeout < $cTimeoutLimit
                        Sleep(250)
                        $Timeout = $Timeout + 250
                       WEnd
                       WriteLog(@Tab & @Tab &"Success.")
                      Else
                       WriteLog(@Tab & @Tab & "Failed to stop service.")
                       $berror = true
                      EndIf ;$iRet = 0
                     Else
                      WriteLog(@Tab & "McShield service is not running.")
                     EndIf ;ProcessExists($cFrameworkService) <> 0 Then
                    
                     WriteLog("Importing GUID's from inifile...")
                     ;import McAfee Agent GUID from inifile
                     $i = IniRead($inifile,"General","McAfeeAgentGUID","")
                     If $i = "" Then
                      WriteLog(@Tab & "Unable to parse McAfee Agent GUID from inifile.")
                      $berror = true
                     Else
                      ;update Agent GUID
                      WriteLog(@Tab & "Found McAfee Agent GUID: '" & $i & "'")
                      WriteLog(@Tab & "Updating registry...")
                     
                      If RegWrite($cMcAfeeAgentGUIDBase,"AgentGUID","REG_SZ",$i) = 1 Then
                       WriteLog(@Tab & @Tab & "success.")
                      Else
                       WriteLog(@Tab & @Tab & "failed.")
                       $berror = true
                      EndIf
                     EndIf ;$i = "" Then
                    
                     ;import McAfee Agent Sequence Number from inifile
                     $i = IniRead($inifile,"General","McAfeeSequenceNumber","")
                     If $i = "" Then
                      WriteLog(@Tab & "Unable to parse McAfee Agent Sequence Number from inifile.")
                      $berror = true
                     Else
                      ;update Agent GUID
                      WriteLog(@Tab & "Found McAfee Agent Sequence Number: '" & $i & "'")
                      WriteLog(@Tab & "Updating registry...")
                     
                      If RegWrite($cMcAfeeAgentGUIDBase,"SequenceNumber","REG_DWORD",$i) = 1 Then
                       WriteLog(@Tab & @Tab & "success.")
                      Else
                       WriteLog(@Tab & @Tab & "failed.")
                       $berror = true
                      EndIf
                     EndIf ;$i = "" Then
                    
                     ;import agent private/public keys file
                     WriteLog("Importing McAfee agent private key...")
                     If FileExists($ConfigDir & @computername & "\" & "agentprvkey.bin") Then
                      ;copy file to config dir
                      If FileCopy($ConfigDir & @computername & "\" & "agentprvkey.bin", $cMcAfeeAgentKeyStoreDir, 1+8) = 1 Then
                       WriteLog(@TAB & "Imported agent private key file successfully.")
                      Else
                       WriteLog(@TAB & "Error importing agent private key file.")
                       $bError = true
                      EndIf
                     Else
                      ;unable to locate agent key files
                      WriteLog(@TAB & "Unable to locate agent key file at '" & $ConfigDir & @computername & "\" & "agentprvkey.bin', nothing to import")
                     EndIf ;FileExists($ConfigDir & @computername & "\" & "agent*.bin") Then

                     WriteLog("Importing McAfee agent public key...")
                     If FileExists($ConfigDir & @computername & "\" & "agentpubkey.bin") Then
                      ;copy file to config dir
                      If FileCopy($ConfigDir & @computername & "\" & "agentpubkey.bin", $cMcAfeeAgentKeyStoreDir, 1+8) = 1 Then
                       WriteLog(@TAB & "Imported agent public key file successfully.")
                      Else
                       WriteLog(@TAB & "Error importing agent public key file.")
                       $bError = true
                      EndIf
                     Else
                      ;unable to locate agent key files
                      WriteLog(@TAB & "Unable to locate agent key file at '" & $ConfigDir & @computername & "\" & "agentpubkey.bin', nothing to import")
                     EndIf ;FileExists($ConfigDir & @computername & "\" & "agent*.bin") Then

                     ;starting McAfee McShield Service
                     If ProcessExists($cMcShieldServiceImage) = 0 Then
                      WriteLog("Starting " & $cMcShieldServiceName  & "...")
                      $iRet = ShellExecuteWait(@SystemDir & "\net.exe", "start " & $cMcShieldServiceName)
                      If $iRet = 0 Then
                       WriteLog(@Tab & @Tab & "Service successfully started.")
                      Else
                       WriteLog(@Tab & @Tab & "Failed to start service (" & $iRet & ").")
                       $berror = true
                      EndIf ;$iRet = 0 Then
                     Else
                      WriteLog($cFrameworkServiceName  & " is already running.")
                     EndIf ;ProcessExists($cFrameworkService) = 0 Then

                     ;starting McAfee Agent
                     If ProcessExists($cFrameworkServiceImage) = 0 Then
                      WriteLog("Starting " & $cFrameworkServiceName  & "...")
                      $iRet = ShellExecuteWait(@SystemDir & "\net.exe", "start " & $cFrameworkServiceName)
                      If $iRet = 0 Then
                       WriteLog(@Tab & @Tab & "Service successfully started.")
                      Else
                       WriteLog(@Tab & @Tab & "Failed to start service (" & $iRet & ").")
                       $berror = true
                      EndIf ;$iRet = 0 Then
                     Else
                      WriteLog($cFrameworkServiceName  & " is already running.")
                     EndIf ;ProcessExists($cFrameworkService) = 0 Then
                    Else
                     WriteLog("Unable to locate inifile '" & $inifile & "'. Nothing to import.")
                    EndIf ;FileExists($inifile) Then
                  Else
                    ;shutdown
                   
                    ;export McAfee Agent GUID to inifile
                    $i = RegRead($cMcAfeeAgentGUIDBase,"AgentGUID")
                    If $i <> "" Then
                     WriteLog("McAfeeAgentGUID: '" & $i & "'")
                    Else
                     WriteLog("Unable to read AgentGUID from registry.")
                    EndIf
                   
                    WriteLog("Exporting GUID to inifile...")
                    If IniWrite($inifile,"General","McAfeeAgentGUID",$i) = 1 Then
                     WriteLog(@TAB & "success.")
                    Else
                     WriteLog(@Tab & @Tab & "failed.")
                     $berror = true
                    EndIf

                    ;export McAfee Agent Sequence number to inifile
                    $i = RegRead($cMcAfeeAgentGUIDBase,"SequenceNumber")
                    If $i <> "" Then
                     WriteLog("Sequence number: '" & $i & "'")
                    Else
                     WriteLog("Unable to read SequenceNumber from registry.")
                    EndIf
                   
                    WriteLog("Exporting sequence number to inifile...")
                    If IniWrite($inifile,"General","McAfeeSequenceNumber",$i) = 1 Then
                     WriteLog(@TAB & "success.")
                    Else
                     WriteLog(@Tab & @Tab & "failed.")
                     $berror = true
                    EndIf
                   
                    ;export agent private/public keys file
                    WriteLog("Exporting McAfee agent private/public keys...")
                   
                    If Not FileExists($ConfigDir & @computername & "\") Then
                     WriteLog(@TAB & "Creating '" & $ConfigDir & @computername & "\" & "'...")
                     If DirCreate($ConfigDir & @computername ) = 1 Then
                      WriteLog(@TAB & @TAB & "success.")
                     Else
                      WriteLog(@TAB & @TAB & "failed.")
                      $bError = true
                     EndIf ;DirCreate($ConfigDir & @computername ) = 1 Then
                    EndIf ;Not FileExists($ConfigDir & @computername & "\") Then
                   
                    If $bError = False Then
                     If FileExists($cMcAfeeAgentKeyStoreDir & "agent*.bin") Then
                      ;copy file to config dir
                      If FileCopy($cMcAfeeAgentKeyStoreDir & "agent*.bin", $ConfigDir & @computername & "\", 1+8) = 1 Then
                       WriteLog(@TAB & "Exported agent key files successfully.")
                      Else
                       WriteLog(@TAB & "Error exporting agent key files.")
                       $bError = true
                      EndIf ;FileCopy($cMcAfeeAgentKeyStoreDir & "agent*.bin", $ConfigDir & @computername & "\", 1+8) = 1 Then
                     Else
                      ;unable to locate agent key files
                      WriteLog(@TAB & "Unable to locate agent key files at '" & $cMcAfeeAgentKeyStoreDir & "', nothing to export")
                     EndIf ;FileExists($cMcAfeeAgentKeyStoreDir & "agent*.bin") Then
                    Endif ;$bError = False Then
                    
                  EndIf ;If $sOperation = "startup" Then

                  ;~ 
                  ;~ Else
                  ;~  WriteLog("Running on VDI productional pool. No changes will be done." & @CRLF)
                  ;~ EndIf

                  If $bErrors then
                  ;return "Fatal error during install operation."
                  QuitScript(1603,false)
                  Else
                  QuitScript(0,false)
                  EndIf

                  ;---
                  ;END
                  ;---

                  ;------------------------------------------------------------------------------- -------------------------------------------------------------------------

                  Func QuitScript($returnCode, $bSilent)
                  If not $bSilent then WriteLog ("Exiting script (" & $returnCode & ").")
                  Exit($returnCode)
                  EndFunc

                  ;------------------------------------------------------------------------------- -------------------------------------------------------------------------

                  Func Now()
                  Return "[" & @MDAY & "." & @MON & "." & @YEAR & " " & @HOUR & ":" & @MIN & ":" & @SEC & "]"
                  EndFunc

                  ;------------------------------------------------------------------------------- -------------------------------------------------------------------------

                  Func WriteLog($Line)
                  If Not $bLogInit Then
                    ;create/clear logfile
                    $lf = FileOpen($Logfile,8+2)
                    FileWriteLine ($lf, @CRLF & @CRLF & "------------------------------------------------------------------------------ ------------------")
                    FileWriteLine ($lf, Now() & " " & @ScriptName & " running as " &$userdomain & "\"  & @UserName & " on computer " & @ComputerName)
                    FileWriteLine ($lf, Now() & " AutoIt version " & @AutoItVersion & " running from " & @ScriptDir & @CRLF & @CRLF)
                    $bLogInit = true
                  Else
                    ;append to logfile
                    $lf = FileOpen($Logfile,1)
                  EndIf

                  FileWriteLine($lf, Now() & @TAB & $Line)
                  FileClose($lf)
                  EndFunc

                  ;------------------------------------------------------------------------------- -------------------------------------------------------------------------
                  ;------------------------------------------------------------------------------- -------------------------------------------------------------------------