/build/static/layout/Breadcrumb_cap_w.png

Issues with custom inventory rule using ShellCommandTextReturn

I am attempting to get the encryption status of a Symantec PGPWDE encrypted disk and returning the results as a custom inventory field so it can be run in a report and put side by side with the enrollment server data.  I was able to accomplish this on our Macs with no issue but am having difficulties on the PC side. After creating the rule, no machines show in the software-to-computer deployment detail after forcing a few to update.

I created a custom inventory rule selected all Windows OS options and include the following:
ShellCommandTextReturn(cmd /c "C:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde" --status)

I've looked through a few dozen of articles and most are about not including "cmd /c" or quotes which is not the case here.  The command itself works fine if run from a command window and displays the disk status so I don't think it's the path or command. I've also tried using %ProgramFiles(x86)% and 8.3 format for the directories.  As well, I included a \ between /c and "c:\ (ie /c \"C:\Program Files..) as seen in one article.

Am I leaving out anything noticeable?




1 Comment   [ + ] Show comment
  • I was able to accomplish the Windows portion of this by creating a script to pipe output a text to file as the logged in user. Then CIR to read the output text file.

    Could you share what command you used to get the Mac command of pgpwde working? - monkeydavidn 8 years ago

Answers (4)

Posted by: erush 8 years ago
Yellow Belt
1
For Windows, an alternate method to script a text file is to create the PGPprefs.xml with the full adminPrefs section from an enrolled user's PGPprefs.xml in the SYSTEM user's AppData folder. The whole reason it fails for SYSTEM is due to adminPrefs.

1. You can create a default PGPprefs.xml for SYSTEM by first running the ShellCommandTextReturn pgpwde --status check. Or you can just grab the file from an enrolled user's appdata location and skip 2. But I prefer not to have other pref fields configured if unnecessary.

2. Then replace the entire "adminPrefs" key section from opening <dict> to closing </dict> from an enrolled users PGPprefs.xml file "C:\Users\<username>\AppData\Roaming\PGP Corporation\PGP\".
    <key>adminPrefs</key>
    <dict>
        ....
    </dict>

3. After that either copy file with a script or do a non persistent file sync to the SYSTEM user's AppData folder depending on 32/64 bit OS:
%WinDir%\SysWOW64\config\systemprofile\AppData\Roaming\PGP Corporation\PGP\
%WinDir%\System32\config\systemprofile\AppData\Roaming\PGP Corporation\PGP\

(for file sync I say non-persistent as you only need to copy it over once, when running pgpwde commands the file may update parameters in the pref xml)

After PGPprefs.xml exists with production adminPrefs key settings, SYSTEM user can run the command no problem so ShellCommandTextReturn will then work.


Also remember that --status without specifying disk will only show disk 0, so you may want to run a status check for each disk.
Posted by: dwally 9 years ago
Orange Senior Belt
0
Can the pgpwde --status pipe it's output to a text file?  If yes, try the following...

I use this method for gathering data and it usually works.  This will be in 2 parts.

Part 1 - Create a Script.
Use the scripting module and create a script that runs C:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde" --status" > c:\windows\temp\pgp.txt

Part 2 - Create a Custom Inventory rule that reads in the output from the PGPWDE --Status Command.
ShellCommandTextReturn(cmd /c more +3 C:\windows\temp\pgp.txt)

I use the more +3 to bypass the Microsoft header information.

Hope this helps.

Comments:
  • What command do you use to create a custom rule that reads in the output file in Ubuntu ? - gandam.kumar 4 years ago
Posted by: monkeydavidn 8 years ago
White Belt
0
I was able to get this to work for Windows using the script to pipe output to text then CIR the text.

What command did you use to get pgpwde working on the Mac? I can't seem to figure that out.

Comments:
  • For the Mac I use:
    ShellCommandTextReturn(/usr/local/bin/pgpwde --status) - erush 8 years ago
Posted by: SDNBTP 9 years ago
Third Degree Blue Belt
0

Have you tried this?

ShellCommandTextReturn(cmd /c ""C:\Program Files (x86)\PGP Corporation\PGP Desktop\pgpwde" --status")

If I run your command with single quotes (the way you posted it), it says 'C:\Program' is not recognized as an internal command which tells me it's probably not passing the whole string during the cmd /c.


Comments:
  • I think that was also suggested in another post that I ran across. I just tried it and still the same results. The syntax appears to be correct but I'm just not sure where I'm going wrong. Thank you for the suggestion though! - csutton79 9 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ