When provisioning new computers, replacing failed equipment, or refreshing hardware, it may be necessary to be able to control the allocation of GUIDs.In some circumstances, a new GUID may be required while in other circumstances there may be a need to associate with an existing GUID.
How can I control the allocation of the GUID to meet needs that may not follow the standard GUID allocation processes integrated in Notification Server?
GUID_Control.vbs (attached to this article) enables control over the GUID allocation process.The program has several options and requires minimal configuration to customize it to work in your environment.
The following describes the different features and processes for this utility.
Caution:Improper use of the GUID_Control.vbs could result in duplicate GUIDs and / or inventory data loss. It is recommended that automatic merging of records be disabled if using this utility in the provisioning process.
Locate the section heading identified by the following lines:
'=============================================================== '+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ '=============================================================== ' CHANGE THESE
Modify the text sqlServer = "169.254.0.199" by placing the IP address or FQDN of the Microsoft SQL server hosting your Notification Server Database between the double quotes.If this causes a concern related to security, read section below headed Security Concern.
Modify the text sqlDatabase = "Altiris" by placing the database name for your Notification Server Database contained on the identified Microsoft SQL server between the double quotes.If this causes a concern related to security, read section below headed Security Concern.
Modify the text sqlUsername = "publicAccess" by placing the SQL account to be used for the connection between the quotes. Note that the account used must be a SQL Server authentication account (not Windows Integrated or domain based) and must be given DBDatareader access to the database. If this causes a concern related to security, read section below headed Security Concern.
Modify the text sqlPassword = "password" by placing the password for the account identified in step 6 between the double quotes. If this causes a concern related to security, read section below headed Security Concern.
Optional step recommended if the script will be run in a batch mode or through Deployment Server.The value identified in this step should be modified if the mechanism for calling the GUID_Control.vbs will be cScript (recommended for DS execution and CMD script executions). Modify silentMode = 0 to silentMode = 1 for silent operation and exit code returns.
Save changes to GUID_Control.vbs
GUID_Control.vbs command usage:
For most implementations, the recommended method for running the GUID Control script is cScript.exe GUID_Control.vbs arguments.
This set of arguments will use the SQL connection to locate the GUID of the last computer sending basic inventory to the Notification Server and matching the Name and Domain criteria given.The GUID identified will be written to the registry of the machine where the script is run.Additionally, all previous registry values for GUIDs related to the local Altiris Agent will be purged, the “Altiris Agent” service will be set to Automatic startup, service will start, agent will send basic inventory, and, finally, request configuration update.The target computer will now be fully associated with the GUID.
The -? Switch will display help for GUID_Control.vbs.
The –p switch will prepare a machine for image capture by stripping all instances of the associated GUID from registry, stopping the “Altiris Agent” service, setting the “Altiris Agent” service start to Disabled and deleting all files from “C:\Program Files\Altiris\eXpress\Inventory”.
The –n switch will cause the agent to be given a unique, new GUID.It will generate a new GUID, write the GUID to the machine registry, delete all files from the “C:\Program Files\Altiris\eXpress\Inventory” directory, set “Altiris Agent” startup setting to Automatic, start the Altiris agent, send basic inventory and request new configuration.
Accesses the Altiris database and determines the GUID associated with the [Source Machine Name] and [Source Machine Domain].Then assigns the GUID to the machine where the script is being run.
-p = Prepare machine for imaging.This clears all GUID entries from the NSClient and deletes inventory.
-n = Generate new unique GUID that is not associated with old record.
-? = Access this help.
Loading Environment Variables:
In addition to providing arguments to the script, the script must be modified to be able to attach to the NS Database in order to function properly.At the beginning of the script, the following values must be entered.The section below must be configured for the database connection to the Altiris NS Database.
sqlServer - Specify the SQL Server housing the Altiris NS Database
sqlDatabase - Specify the NS Database name
sqlUsername - Specify the SQL Server login ID.This can NOT be Windows Integrated login and the login requires datareader access to specified database.
sqlPassword - The password for the SQL Authentication account specified
SilentMode variable setting to 1 enables silent mode for support of returning exit codes.
SilentMode error returns:
1 - Either database record is not found or the SQL connection failed.
2 - NO ARGUMENTS SPECIFIED
3 - DOMAIN ARGUMENT MISSING
4 - TOO MANY ARGUMENTS
Implementing environment variables to enable SQL connectivity may be a cause for concern.Unfortunately, there is no other way to identify the computer/domain/GUID combination for old computers when migrating a GUID to a new computer. There are two options for addressing this concern.Below the options are outlined.
Option 1: Do not configure these parameters.All functions of the GUID_Control.vbs will function except GUID_Control.vbs [Source Machine Name] [Source Machine Domain].
Option 2: After configuring the required connection values in the script, use the following process to encode the script to make it illegible to standard text readers and extremely difficult to decode.Note that the script will still function when encoded as the WSH just in time (JIT) compiler will decode it at execution.