Home    SecuLution Dokumentation back next
Welcome
SecuLution technique and terminology
Quick start
Test setup in 30 minutes
Best practice in everyday use
Full setup and deployment in 5 hours
Installation of components
Install Appliance
AdminWizard installation
Agent installation
Syslog server installation
Initial configuration tasks
Configure basic settings
Agent configuration
Configure automated tasks
Manage whitelist
Initial whitelist generation
Import trustworthy software
Learn mode
Check deployment and learning progress
Audit
Add entries to whitelist
Drag'n'drop
Individual lernmode
Import from directory
PermanentLernUser
Log alarms
Cleanup whitelist
Manually delete unused entries
Delete entries using a pattern
Clean up classifications
Managed Whitelist
Managed Whitelist
Actions
Actions
Referring rules to objects
Offline mode
Offline mode
Devices
USB device management
USB device encryption
RCM
Agent deployment (RemoteClientManagement)
ArpWatch
ArpWatch
Logs
Logs
FAQ
setup.ini

Configure automated tasks


Preparations for scripting the AadminWizard

  • Start the AdminWizard in GUI mode
  • Select menu Extra > Scripting > Store password in registry
  • Select menu Extra > Directories > MS-Active-Directory > Update now

WSUS server preparations

  • Check that "download update files to this server only when updates are approved" is not turned on (WSUS config, Update Files and Languages):



Create and customize the nightly.bat

Most tasks that you would normally do manually in the AdminWizard's GUI can be automated in scripts. A detailed description of how to use command line arguments for the AdminWizard in a script can be found in the file "example-script.bat" which is located in the AdminWizards directory.

To prepare the "nightly.bat":
  • Go to the directory in which the AdminWizard is installed (usually "C:\Program Files (x86)\SecuLution\AdminWizard")
  • Copy the file "example-script.bat" to a new file (e.g. "nightly.bat")
  • Edit "nightly.bat" according to your requirements
Recommended configuration:
  • set logfile=D:\Logs\SecuLution-Script-logfile.txt
    Defines filename and path for script logfile

  • call:messageoutput "xxx"
    Writes the message "xxx" to the logfile.

  • call:Errorreporting %ERRORLEVEL%
    Writes the last commands success or error reason to the logfile

  • start /w SecuSurfAdminWizard.exe -terminate
    Ensures that only one instance of the AdminWizard is running.

  • start /w SecuSurfAdminWizard.exe -deleteoldwsusentries 60
    Deletes WSUS entries that have not been used for 60 days from SecuLutions whitelist (ruleset size reduction).

  • start /w SecuSurfAdminWizard.exe -deleteoldentries 180
    Deletes any entry from SecuLutions whitelist that has not been used for 180 days (ruleset size reduction).

  • start /w SecuSurfAdminWizard.exe -importdir "\\%masterimage%\c$\"
    Imports any files from drive "C:\" of the computer defined in the variable "masterimage" (if applicable).

  • start /w SecuSurfAdminWizard.exe -importexpand y:\Software\
    Imports and expands (msi/zip/rar/...) files from trusted path if the filename is new and unknown.

  • start /w SecuSurfAdminWizard.exe -importexpandfile y:\download\setup.exe
    Imports and expands (msi/zip/rar/...) one file.

  • start /w SecuSurfAdminWizard.exe -importifchanged y:\Software\
    Imports and expands (msi/zip/rar/...) new or changed files from trusted path if the hash is new or unknown.

  • start /w SecuSurfAdminWizard.exe -wsus d:\wsus\wsuscontent\
    Recursively imports and expands new WSUS patches.

  • start /w SecuSurfAdminWizard.exe -updatead
    Imports objects (Groups, Computers and Users) from the ActiveDirectory.

  • start /w SecuSurfAdminWizard.exe -exportruleset d:\backups\SecuSurf-Backup-%isodate%.ssf
    Creates a backup file of SecuLutions database.



Setup via Task Scheduler

  • Start Windows Task Scheduler
  • Configure an automated task to run the script "nightly.bat" (at least 90 minutes after WSUS sync)
  • The option "start in" must be set to the AdminWizards directory
  • In "Programm/Script" the full path, enclosed in quotation marks. The line "Start in (optional)" must not have quotation marks, even if it includes spaces!
Scheduler


Relocating the WSUS Server

In case of relocating the WSUS server, we recommend to also move the AdminWizard to the new WSUS server. Note also that updates that were saved on the WSUS server on the same day the WSUS server was relocated, might not be included in SecuLutions database. You will find more information about this here.

Example-Script.bat, from AdminWizard install directory:


@echo off

rem ############################################################
rem Example script to run the SecuLution-AdminWizard in batch mode
rem ############################################################

rem IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT
rem IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT
rem IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT

rem Some features require configuration which are made in the
rem SecuLution AdminWizard running in GUI mode! !!!READ THIS!!!

rem ##### THIS FILE WILL BE OVERWRITTEN ########################
rem Please copy this file to a new name since this example
rem script will be overwritten with new updates. Then
rem edit the new file and configure the options as desired!

rem ##### LOGIN PASSWORD REQUIRED ##############################
rem The AdminWizard needs a password to login to the SecuLution
rem appliance. To stored the password encrypted in the registry
rem start the AdminWizard into GUI mode, login, select menu
rem Extra/Scripting/store password in registry

rem ##### LDAP ROOT REQUIRED ###################################
rem In order to replicate objects from your ActiveDirectory the
rem AdminWizard needs to know the LDAP root to use. This will be
rem configured upon first start of the replication process in in
rem GUI mode. Start the AdminWizard and select the menu
rem Extra/Directories/MS-Active-Directory/update now

rem ############################################################
rem #### END OF IMPORTANT REQUIREMENTS #########################
rem ############################################################



rem ############################################################
rem #### VARIABLES #########################
rem ############################################################

rem if %logfile% is not defined, no logs will be written
rem set logfile=D:\Logs\SecuLution-Script-logfile.txt

rem usage of a sample computer is recommended
rem set masterimage=nameofsamplecomputer

rem Convert German date notation dd.mm.yyyy to ISO date yyyy-mm-dd
for /f "delims=. tokens=1,2,3" %%a in ('echo %date%') do set isodate=%%c-%%b-%%a

rem ############################################################
rem #### END OF VARIABLES #########################
rem ############################################################


rem ############################################################
rem Recommended configuration
rem remove "rem" from all required "call" and "start" lines
rem ############################################################

rem first make sure to change the active directoy to the AdminWizard installation directory
rem cd to drive (usually c:) %~d0
%~d0
rem cd to path (usually C:\Program Files (x86)\SecuLution\SecuSurf-Admin-Wizard) %~dp0
cd %~dp0

rem make sure no remaining instance is running
rem recommended without modification
rem call:messageoutput "terminate"
rem start /w SecuSurfAdminWizard.exe -terminate
rem call:Errorreporting %ERRORLEVEL%

rem save and create backup of SecuLution database
rem recommended, configure path
rem call:messageoutput "exportruleset"
rem start /w SecuSurfAdminWizard.exe -exportruleset d:\SecuLution\backups\%isodate%.ssf
rem call:Errorreporting %ERRORLEVEL%

rem delete unneeded WSUS entries to keep ruleset small
rem recommended without modification
rem call:messageoutput "deleteoldwsusentries"
rem start /w SecuSurfAdminWizard.exe -deleteoldwsusentries 60
rem call:Errorreporting %ERRORLEVEL%

rem delete orphaned entries to keep ruleset small
rem recommended without modification
rem call:messageoutput "deleteoldentries"
rem start /w SecuSurfAdminWizard.exe -deleteoldentries 180
rem call:Errorreporting %ERRORLEVEL%

rem import new files from trusted path (if applicable)
rem see details below, configure path
rem call:messageoutput "importdir"
rem start /w SecuSurfAdminWizard.exe -importdir "\\%masterimage%\c$\" "scriptmode;-importdir;%masterimage%;%isodate%"
rem call:Errorreporting %ERRORLEVEL%

rem import new WSUS entries
rem see details below, configure path
rem call:messageoutput "wsus"
rem start /w SecuSurfAdminWizard.exe -wsus d:\wsus\wsuscontent\
rem call:Errorreporting %ERRORLEVEL%

rem import ActiveDirectory objects Groups, Computers and Users
rem recommended without modification
rem call:messageoutput "updatead"
rem start /w SecuSurfAdminWizard.exe -updatead
rem call:Errorreporting %ERRORLEVEL%

rem ############################################################
rem END OF Recommended configuration
rem ############################################################




rem ############################################################
rem Detailled information about the different command lines follow
rem ############################################################


rem ############################################################
rem ##################### no password ##########################
rem ############################################################
rem When the AdminWizard is prepared to be started in script
rem mode, the login password is being stored in the registry as
rem explained above. You can create a shortcut to start the
rem AdminWizard without prompting for a login password.
rem ############################################################
rem SecuSurfAdminWizard.exe -dontaskforpassword



rem ############################################################
rem ##################### TERMINATE ############################
rem ############################################################
rem Only one instance of SecuSurfAdminWizard may run at a time
rem on one computer. In case an earlier instance did not
rem terminate properly, all running instances can be closed
rem using the -terminate switch.
rem ############################################################
rem start /w SecuSurfAdminWizard.exe -terminate
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -terminate



rem ############################################################
rem ##################### IMPORT ONE FILE ######################
rem ############################################################
rem Import ONE new program into SecuSurfs database, no matter
rem if this program is new or not. The file will not be expanded
rem (unpacked).
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -import z:\Software\New-Version.exe



rem ############################################################
rem ##################### IMPORT RECURSIVE #####################
rem ############################################################
rem Import all programs from the given directory and all sub-
rem directories into SecuSurfs database. The only difference to
rem the -import command is that this command does not import
rem ONE program, but ANY program fron the given directory and
rem all subdirectories.
rem
rem Note:
rem This command imports all programs WITHOUT expanding packed
rem programs and regardless if the program may already have been
rem previously imported.
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -importdir z:\Software\


rem ############################################################
rem ################# IMPORT RECURSIVE AND EXPAND ##############
rem ############################################################
rem This command imports the contents of any directory and all
rem subdirectories, unpacks (expands) any file which has been
rem compressed with commonly used packing algorhythms and import
rem the content of the file. Recursive depth is 5.
rem
rem Note:
rem This command will regard any file as new if the fileNAME has
rem been changed since the last time the command was used on the
rem same directory or if the filename has never been found in
rem that directory before. Files which have been replaced by a
rem new version but still have the same name will NOT be imported.
rem
rem Note:
rem The host on which the Admin-Wizard is being started with
rem the -importexpand switch should _NOT_ have the SecuLution-Agent
rem running because extracting files may require starting them,
rem which will be blocked for new patches if the agent is running!
rem
rem Note:
rem During the very first run of this program no files are added
rem to SecuSurfs database. Any further execution of this command
rem will import all files that have been added since the last time
rem the command was run.
rem
rem Note:
rem Supports unpacking CAB, EXE, ZIP, RAR, MSI and many more
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -importexpand d:\deployment\content\


rem ############################################################
rem ##### IMPORT and EXPAND (unpack) ONE FILE (recursive) ######
rem ############################################################
rem This command will import one file, unpack (expand) it (if
rem compressed with commonly used packing algorhythms) and import
rem the content of the file. Recursive depth is 5.
rem
rem Note:
rem This command will process any given file even it was imported
rem before.
rem
rem Note:
rem The host on which the Admin-Wizard is being started with
rem the -importexpand switch should _NOT_ have the SecuLution-Agent
rem running because extracting files may require starting them,
rem which will be blocked for new patches if the agent is running!
rem
rem Note:
rem Supports unpacking CAB, EXE, ZIP, RAR, MSI and many more
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -importexpandfile y:\download\setup.exe


rem ############################################################
rem ##### IMPORT ONE FILE                                 ######
rem ############################################################
rem This command will import one file.
rem
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -importfile y:\download\program.exe


rem ############################################################
rem ############ IMPORT and EXPAND all NEW files ###############
rem ############################################################
rem Periodically import the contents of a Software-Distribution
rem directory which contains trusted software into SecuSurfs
rem database. Start this whenever new software was stored.
rem The command will look for changed files since the last run
rem of this command on the same directory.The detection
rem is based on the "Last Changed" date of the file.
rem
rem Note:
rem The command does NOT look for file NAMES and will re-
rem import a file with the same name if the contents of
rem the file have changed.
rem
rem Note:
rem During the very first run of this program no files are added
rem to SecuSurfs database. Any further execution of this command
rem will import all files that have changed since the last time
rem the command was run.
rem
rem Note:
rem Do not use this command to import WSUS updates since the
rem WSUS cleanup wizard will touch all files and therefore mark
rem them as NEW.
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -importifchanged y:\SoftwareDistributionPath




rem ############################################################
rem ##################### IMPORT WSUS ##########################
rem ############################################################
rem Periodically import the contents of the WsusContent Directory
rem or any other directory which contains trusted software
rem into SecuSurfs database. Start this command 30 minutes after
rem your WSUS server has downloaded the latest patches from
rem Microsoft. The command will look for unknown files, extract
rem them and import them into SecuSurfs database.
rem
rem Because unpacking hotfix files for XP and Windows 2003 may
rem require the execution of these files, it is recommended to
rem run this script as administrator with high privileges and
rem UAC turned off.
rem
rem Note:
rem The command looks for unknown file NAMES and will not re-
rem import a file with the same name even if the contents of
rem the file have changed.
rem
rem Note:
rem The host on which the Admin-Wizard is being started with
rem the -wsus switch should _NOT_ have the SecuLution-Agent
rem running because extracting files requires starting them,
rem which will be blocked for new patches if the agent is running!
rem
rem Note:
rem If your WSUS Server will provide patches for Windows Vista
rem or later versions while your WSUS Server runs on Win2k3, you
rem will need a new version of EXPAND. See this link
rem http://technet.microsoft.com/en-us/library/cc722332(v=ws.10).aspx
rem You may also run the command on an OS which includes a version
rem of expand.exe which is capable of IDC like Windows Vista and
rem later versions.
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -wsus d:\wsus\wsuscontent\



rem ############################################################
rem ##################### RELOAD AD OBJECTS ####################
rem ############################################################
rem Update all users, groups and computers from the ActiveDirectory
rem into SecuLution database.
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -updatead



rem ############################################################
rem ################## DELETE OLD ENTRIES ######################
rem ############################################################
rem Removes entries from SecuSurfs database that have not been
rem used for x days.
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -deleteoldentries 180


rem ############################################################
rem ################ DELETE OLD WSUS ENTRIES ###################
rem ############################################################
rem Removes WSUS entries from SecuSurfs database that have not
rem been used for x days by any client.
rem Depending on the configuration of the WSUS server, WSUS can
rem import more than 100 new signatures every day. All these
rem signatures can be safely deleted from the database after
rem they have not been used by any client for 60 days to avoid
rem an infinite increase of SecuSurfs database.
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -deleteoldwsusentries 60



rem ############################################################
rem ####################### BACKUP  ############################
rem ############################################################
rem Export RuleSet and AD_config for backup purposes
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -exportruleset d:\backups\SecuLution-Backup-%DATE%.ssf



rem ############################################################
rem ####################### RESTORE  ###########################
rem ############################################################
rem Import RuleSet and AD_config from backup
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -importruleset d:\backups\filename.ssf



rem ############################################################
rem ################## CHALLENGE RESPONSE ######################
rem ############################################################
rem start the challenge-response dialogue while server is down
rem ############################################################
rem
rem example:
rem start /w SecuSurfAdminWizard.exe -challengeresponse



rem ############################################################
rem ##################### LERN MODES ###########################
rem ############################################################
rem set learnmode on from command line
rem ############################################################
rem
rem start /w SecuSurfAdminWizard.exe -addlearnmode 0.0.0.0/0 0.0.0.0/0 60
rem this will add a new learnmode, learning from all IPs, rules
rem are valid for all IPs, learnmode will be on for 60 seconds
rem
rem will work with AD objects, too: $=user, /=host, &=group
rem
rem start /w SecuSurfAdminWizard.exe -addlearnmode /host2 0.0.0.0/0 600
rem will add a new learnmode that learn from the computer with
rem the name host2 for 10 minutes.
rem
rem start /w SecuSurfAdminWizard.exe -addlearnmode 0.0.0.0/0 0.0.0.0/0 0
rem this will set a learnmode to off
rem ############################################################
rem
rem example: See description



rem ############################################################
rem ##################### Debugging  ###########################
rem ############################################################
rem turn Debug Mode on and off from command line
rem ############################################################
rem
rem start /w SecuSurfAdminWizard.exe -turndebugmodeon
rem This will turn on debugging, a debug.txt file will be written
rem to the users temp directory.
rem
rem start /w SecuSurfAdminWizard.exe -turndebugmodeoff
rem This will turn off debugging.
rem ############################################################
rem
rem example: See description



rem ############################################################
rem ######################### REBOOT ###########################
rem ############################################################
rem reboot the SecuLution Server
rem ############################################################
rem
rem example
rem start /w SecuSurfAdminWizard.exe -rebootserver


rem ############################################################
rem Description of exit codes follows.
rem ############################################################

echo.&goto:eof


:messageoutput
if DEFINED logfile echo. %isodate% - %time%: %~1>>%logfile%
echo. %~1
goto:eof

:Errorreporting
if %~1 EQU 0 call:messageoutput "Command completed successfully."
if %~1 EQU 1 call:messageoutput "Command NOT completed successfully."
if %~1 EQU 101 call:messageoutput "Error accessing the registry. Does the user have enough rights? Is the password stored in the registry?"
if %~1 EQU 109 call:messageoutput "The password in the registry seems to be wrong."
if %~1 EQU 111 call:messageoutput "Another instance of the AdminWizard is already running. Please use that instance instead."
if %~1 EQU 112 call:messageoutput "Could not get challenge information from registry. Please use AdminWizard installation that had a valid connection to the server before."
if %~1 EQU 116 call:messageoutput "Server VM license not activated. Scriptmode aborted."
if %~1 EQU 125 call:messageoutput "Not all servers available. To avoid inconsistencies, the command has been aborted."
if %~1 EQU 131 call:messageoutput "The server is in learn mode. The command has been aborted."
if %~1 EQU 163 call:messageoutput "An error has occured while generating a new whitelist."
if %~1 EQU 191 call:messageoutput "Server error: Server does not accept new whitelists."
if %~1 EQU 194 call:messageoutput "The server did not accept the new whitelist. There is probably an inconsistency in the whitelist."
if %~1 EQU 195 call:messageoutput "The whitelist has been activated, but at least one server did not get it. This may result in an inconsistency of the servers databases."
if %~1 EQU 501 call:messageoutput "Unknown command line argument."
if %~1 EQU 512 call:messageoutput "File not found."
if %~1 EQU 513 call:messageoutput "File exists. Will not override."
if %~1 EQU 523 call:messageoutput "Directory not found."
if %~1 EQU 551 call:messageoutput "Active directory update error. Does the user have enough rights to access the AD?"
if %~1 EQU 751 call:messageoutput "The ruleset has changed on the server while the AdminWizard was processing this command."
goto:eof