[Samba] parallel administration tool for PCs?

malte.mueller at ewetel.net malte.mueller at ewetel.net
Wed Sep 10 06:47:14 GMT 2008 

----- Nachricht von mathog at caltech.edu ---------
      Datum: Tue, 09 Sep 2008 15:01:08 -0700
        Von: David Mathog <mathog at caltech.edu>
Antwort an: David Mathog <mathog at caltech.edu>
    Betreff: [Samba] parallel administration tool for PCs?
         An: samba at lists.samba.org


> This is a bit off topic, but I'm looking for a convenient way to manage
> N "identical" Windows PCs, using as much as possible 1 command to do the
> same thing on all of them.  The capabilities I'm looking for, preferably
> in a single tool are, given a designated master machine and N clones of
> that master:
>
> 1.  Compare all (or to a specified depth) files below some directory on
> the workstations, displaying differences.  For instance, compare the
> directory tree below C:\Program Files.
>
> 2  After determining which subset of the differences from (1) need to be
> pushed, designate those files and "put", whereupon all such files are
> copied from the master to the N remote machines.
>
> 3. Select a .bat file in the synchronized directory tree, invoke "run",
> whereupon it runs inside a DOS shell on all remote machines.  The output
> from that run is saved and diffed, so that anything that went wrong on
> one of the machines may be spotted.
>
> 4  Run a program on the master (using Windows GUI), and it runs
> on all the other machines at once, applying the same key strokes and
> mouse events to all of them at once.  For instance, do an install on the
> master and everything happens the same way on the other N machines.
> If something different happens along the way, the option to address that
> machine specifically would be provided.  This one is sort of the holy
> grail for Windows administration, I'm not entirely sure that the Windows
> GUI even provides a place to hack in between the mouse and keyboard to
> achieve this.
>
> I already have a collection of tools for doing bits and pieces of this,
> but nothing that covers all of these bases:
>
>> From Samba there is smbclient, which if buried in a script can be used
> for the file transfers, so long as port 445/tcp is open on each
> workstation.  That isn't too bad a security hole since it can be
> restricted through the firewall to only talk to one controlling machine.
> It is relatively easy to make it talk to N machines by addressing them
> sequentially within a script, although it also requires one more machine
> running Linux to perform all the smbclient operations.  Tar can do
> the directory traversals, but there seems not to be any way to generate
> checksums on the remote machines, so for a directory comparision one
> would have to move all the relevant data over the net back to the
> central machine.  Not very efficient if N is large and the disk space
> being traversed is also large.
>
> UltraVNC lets me do any console operation remotely, but only one machine
> at a time.  If there was some way to run UltraVNC in parallel it would
> almost do what (4) requires, but currently all one can do is switch from
> display to display, and then repeat the same commands on each.
>
> Disk cloning (ghost and the like).  Massive overkill when just a few
> files need to be tweaked.  Plus on Windows if the partition being copied
> includes C:\Windows (and it always does for me) the whole sysprep etc.
> dance must be carried out.
>
> md5deep generates a tree'd md5sum report, which could be used for the
> file comparisons in (1), but it just runs on one machine at a time.
>
> Boot all machines under linux.  This lets me use ssh to run scripts,
> and since NTFS can be mounted read/write these days, access to the
> XP directories is possible from linux.  That makes the file
> synchronization relatively straightforward, but at the cost of having
> to run a completely different OS, and the loss of the ability to run
> programs within Windows.
>
> Thanks,
>
> David Mathog
> mathog at caltech.edu
> Manager, Sequence Analysis Facility, Biology Division, Caltech
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
----- Ende der Nachricht von mathog at caltech.edu -----

I use the autoexnt service for such purposes. Autoexnt runs with  
admin-privileges at startup, before anyone logges in. Users can log in  
though. It is available at least for win2k and winXP, but I don't know  
about Vista.
I have written a small webservice (a servlet in my case, I am a bit  
biased towards java) that "builds" (it just concatenates some text  
files) a batch file for the client depending on it's IP. The client  
fetches that batch file using wget and executes it. I use it to bring  
client-PC back into the domain after imaging but sometimes I also copy  
just some files. The server side logic proved to be usefull because  
win2k sometimes seemed not to be able to resolve it's own name  
correctly after the imaging process.
You might want to watch for security issues.

Hope this helpes
Malte Müller

More information about the samba mailing list