Quick links server automation:
As a systems administrator you may recognise this problem: Some users are unaware that their password will expire soon, because they received no notification in advance. This typically happens to users who rarely log out of their workstation, for instance VPN users. The user will be frustrated that there will be a working pause, once the expiration occurs and will consume time at the IT department to unlock the account. This problem could have been avoided, if the user had received an email notifying of the expiration.
Create a script and easily compile this into an exe file to solve this problem. An email will be sent to users that have password expiration within a configurable number of days. An email will be sent once a day until user changes password or the password expires.
Other commercial software used for the same task will have limitations of the level of customization. Building an application yourself based on your own script on the other hand, does not impose any limitations, as you can script any customization you might have in your organization the same way as when you are doing programming.
- Add valuable features to the script that applies to your company only, which could be:
- Send a notification to a subset of users only.
- A gateway to send an SMS to the end user’s cellular phone and phone numbers available in the Active Directory phone number attribute.
- When the password expiration gets below a certain threshold, for instance 2 days, get an email yourself and/or have one sent to the Help Desk to proactively contact the user. This feature can be added by adding another UserPasswordExpiresSoon condition and email notification.
- Populate a specific Active Directory attribute with the private email address of some users and an additional mail could be sent to this secondary email address.
Identifying user accounts that are no longer in use, is an important security issue in an organisation of any size. So it’s actually a great showcase of FastTrack functionality to showcase a fully customise-able FastTrack application that does this and more if you need it.
The example script below will list all user accounts that have not been logged on with within a configurable number of days. When running the script, the list presented could look like this:
Obsolete user list
In this example, it is pretty obvious that the “Print admin” account is a temporary account that has not been used for years. The “Demo user” account also looks suspicious. The others two accounts could be users that are no longer employed in the company. These will require further investigation to determine, if these can be deleted or disabled.
The advantage of scripting this instead of purchasing commercial software to do a similar job, is that with FastTrack, you can customise it any way you like and build your own custom versions of it – with little effort. For example:
You could compile an exe file for the Human Resource department to list all user candidates that might be obsolete.
With an extra UserIsAdmin condition, you could build a version for yourself that lists only domain admins, who have not logged on for a much shorter period of time.
You may only want to investigate a subset of users. The example script below looks at all users. To have it look at users only in a specific Organisational Unit, the collection AllUsers could simply be replaced by the UsersInOU collection. You could build additional logic to further filter the users listed, for instance based on other Active Directory attributes and properties.
Many of our customers have converted from Desktop Authority to FastTrack. The most common reason? FastTrack costs much less.
FastTrack Automation Studio offers most of the same features through an even simpler point and click configuration – but without the need to install, maintain and update a “client” on machines. It’s zero touch – nothing needs to be installed on clients and you do not need any extra infrastructure. FastTrack is even simpler than Desktop Authority.
FastTrack Benefits VS Desktop Authority
- Here are the main reasons to use FastTrack Automation Studio instead of Desktop Authority (DA):
- FastTrack Automation Studio costs much times less than DA.
- FastTrack Automation Studio is even easier to configure with point and click configuration than DA.
- Does not require you to install and maintain a “client” – you simply use Group Policy to push logon scripts and packages.
- FastTrack Automation Studio does not require any extra infrastructure at all.
- Microsoft best practice is to use Group Policy Objects (GPO) as much as possible. FastTrack Automation Studio builds components to deploy using GPO.
Farm App Deployment
It is often necessary to deploy an identical array of applications to a set of servers in a farm, especially with Remote Desktop Services RemoteApp or Citrix server farms, where the same array of applications must be available on all servers.
There are of course other solutions out there that can perform software installation tasks, but many of these solutions are expensive management frameworks, require additional infrastructure to run and manage, and can themselves be vulnerable to issues due to badly tested updates or issued caused by automatically installed O/S patches.
FastTrack Softwares Software Deployment solution is essentially, self contained within the FastTrack EXE. The solution is made up of two parts, a super thin client agent, and a simple file share that contains your software to distribute plus your configuration files. There’s nothing else – you could not make a thinner software distribution solution!
On the ‘target’ where you want software to be installed, the FastTrack Management Client is easily created via its setup wizard. In the wizard, all you need to do is state the network path to the place you are storing your settings, your installation files, so your EXE, MSI and perhaps .FSH (FastTrack Script Files) and the details / credentials for the account that you will run to access this. You then push this client installer out via Group Policy to your target servers, and that is all that need to be done for software installation ‘target’ servers, which will work on virtually any Windows server O/S, going right back to Windows 2003.
Now that your targets are set up to ‘collect’ their software install instructions, you can visually configure FastTrack Software Deploy to determine what server gets what software. There are many rules and conditions which you can use to determine this, plus you can containerise all of your software distribution settings into completely separate ‘sites’. A configuration ‘site’ in Fasttrack can consist of servers located in different physical sites, or you could use some other means of categorisation, have separate sites for WEB & DEV and DB, or perhaps a site for VM servers and another for bare metal? It’s up to you. There is no limit on the number of sites you can create, and yes, you can create sites within sites too!
Once you’ve got your software install conditions created, your server install targets will check the central configuration file and will reads it’s software install ‘to do list’. Software will then be downloaded and silently installed onto the qualifying targets.
If you want to push out an application update, it’s a simple matter of re-uploading a new MSI on the distribution point, and un-checking a tick box in the configuraiton, and all servers which need the update will receive it and silently update when they next check in.
There are various tools and solutions out there today that can assist with O/S deployment, you can choose Microsoft’s recommended technique via Microsoft Windows Deployment Services (WDS) or a 3rd party imagining tool such as Symantec Ghost.
The problem with using WDS or image based solutions is that after you have created all of your initial images, over time, you will find that images will ‘degrade’ as pre-installed software and drivers require updating. This can leave you with a lot of time consuming image management.
FastTrack Automation Studio solves this problem by enabling you create far more cut down ‘gold’ images for O/S deployment jobs. These cut down images need only contain the absolute bare minimum O/S and driver options which are required to get the target to boot into Windows and attach to a network. With such a cut down image – you will likely need far fewer, and perhaps never need to edit or update these again.
Once your target system has taken the cut down gold image and has booted up, FastTrack takes over and feeds a ‘One Time Installer’ (OTI) that you have created with FastTracks Software Deployment builder. This OTI system allows you to batch install any number of applications and drivers to install post first stage O/S deploy.
The big time saver with this method, is that if in the future you need to update any single software or driver component, you only need to update your OTI file, and nothing else.
Using FastTracks powerful condition system, you can build multiple condition triggered OTI files, so that for example, servers running on VMs take one OTI whilst ‘Fat’ client VDI VMs take another.
Folder & File Sync
FastTrack Automation Studio SyncDir is quite simply the world’s fastest directory synchroniser to replicate or backup data. And this is without requiring anything installed at either end.
On a gigabit network with few source changes, SyncDir had been found to be six times faster than RoboCopy on ordinary synchronisation and hundreds of times faster on synchronisation with permissions. Because of its performance, SyncDir is commonly used for backing up users’ documents in logon scripts, but it can of course be used to enable high performance file & folder sync between source and target systems systems.
FastTrack is based on our own propitiatory script language called Fastback Script, so the flexibility of this is that any command, including those which execute backups like SyncDir, can be designed in your own custom scripts, enabling you to build a specialist backup application that perfectly matches your precise business requirements. Want to create an application which checks for disk health, and if fails, then automatically backs up a users documents folder and emails a system administrator whilst simultaneously logging the event in a back office SQL server database – no problem!
SyncDir versus SyncDirSecure
The difference between SyncDir and SyncDirSecure is that SyncDirSecure will also synchronize permissions. As a rule of thumb, the overhead is up to 20 percent over SyncDir. The more files that are changed or new, the less the overhead becomes. With just a few changes in the source, the overhead becomes marginal.