check for Windows service NOT installed?
We are in the process of migrating between management tools here, and I was wondering if there is a way of configuring analysis.cfg to check that a Windows service is not installed. This would allow me to check that machines with the old tool installed do not have the new one, and vice versa.
I tried checking for stopped, but that fails because it's Not Found.
I'm hoping to set up something similar to below
running old AV but not new AV
CLASS=win32 HOST=%^(host1|host2)\. SVC "InoTask" startup=automatic status=started SVC "MsMpSvc" startup=%.* status=stopped COLOR=yellow
running new AV but not old AV
CLASS=win32 EXHOST=%^(host1|host2)\. SVC "InoTask" startup=%.* status=stopped COLOR=yellow SVC "MsMpSvc" startup=automatic status=started
If the functionality doesn't exist at present, I'll submit it as a feature request.
If all else fails, I can monitor the client channel and roll my own check in perl against the [svcs] section.
David.
-- David Baldwin - Senior Systems Administrator (Datacentres + Networks) Information and Communication Technology Services Australian Sports Commission http://ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 david.baldwin at ausport.gov.au Leverrier Street Bruce ACT 2617
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au
This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
So I worked out an easy way to do this for the particular services in question - luckily they all have a .exe process running (which is not true of all services), so I just used a PROC test instead.
Config fragment below.
running old AV but not new AV
CLASS=win32 HOST=%^(host1|host2)\. SVC "InoTask" startup=automatic status=started PROC MsMpEng.exe 0 0
running new AV but not old AV
CLASS=win32 EXHOST=%^(host1|host2)\. PROC InoRT.exe 0 0 SVC "MsMpSvc" startup=automatic status=started
Now to clean up the hosts that has flushed out :)
David.
We are in the process of migrating between management tools here, and I was wondering if there is a way of configuring analysis.cfg to check that a Windows service is not installed. This would allow me to check that machines with the old tool installed do not have the new one, and vice versa.
I tried checking for stopped, but that fails because it's Not Found.
I'm hoping to set up something similar to below
running old AV but not new AV
CLASS=win32 HOST=%^(host1|host2)\. SVC "InoTask" startup=automatic status=started SVC "MsMpSvc" startup=%.* status=stopped COLOR=yellow
running new AV but not old AV
CLASS=win32 EXHOST=%^(host1|host2)\. SVC "InoTask" startup=%.* status=stopped COLOR=yellow SVC "MsMpSvc" startup=automatic status=started
If the functionality doesn't exist at present, I'll submit it as a feature request.
If all else fails, I can monitor the client channel and roll my own check in perl against the [svcs] section.
David.
-- David Baldwin - Senior Systems Administrator (Datacentres + Networks) Information and Communication Technology Services Australian Sports Commission http://ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 david.baldwin at ausport.gov.au Leverrier Street Bruce ACT 2617
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au
This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
participants (1)
-
david.baldwin@ausport.gov.au