Install guest agent on vRA 7.4/7.5 automatically....sort of
Each time ther is an issue with deploying a blueprint its always something with the template. For instance, vRA is upgraded or certs have changed and the agents need to be updated. Also each month the templates need to updated with the latest patches.
I wrote a few scripts to automate and solve these issues quickly.
Be sure the read the README.md in the scripts folder
InstallAgentAsDarwin.bat
This script id designed to install the VRA Guest Agent and VRA Appd Agent using the script provide by vRA (with little modification )
- Change the variables in the top section of the script for vRA App, mgr and cert thumb prints
- Copy entire project and sub folder to c: drive.
- Right click this InstallAgentAsDarwin.bat and select runas administrator
- Type in Darwins password
- shutdown when done
The script prompts in the beginning for the Darwin's password. After that it will auto create the account and ensure no residual account profiles exists (if deleted before). It also set the local account to not expire and as a administrator If all variables are correct, script will download and install the agents After completed, it prompts to be shutdown. If left alone for 30sec, it will auto shutdown
InstallAgentAsSYSTEM.bat
Does exactly as the Darwin script above does but instead uses the bulletin SYSTEMS account (no password required). Fully automated
In addition to the above script installing the agents, it also creates a script folder and copies a vbscript (UserAndGroupControl.vbs) to it under c:\vRAGuestAgent folder. This script I wrote to manage local user accounts settings and passwords. Its has a bunch of switches that allow you to automatically add user to the local administrators group and configure the local administrator account.
This is especially useful during vRA deployment:
-
Create a property for each business group or whereever (eg: bg.security.group = <SecurityGroup>) that has a value of an AD security group.
-
Create a property definition for setting the windows password (windows.os.password)
-
Create a Property group:
VirtualMachine.Software0.Name = UserAndGroupControl VirtualMachine.Customize.WaitComplete = True VirtualMachine.Software0.ScriptPath = cscript c:\VRMGuestAgent\scripts\UserAndGroupControl.vbs /admin:newadmin /password:{windows.os.password} /group:{bg.security.group} /user:{Owner} VirtualMachine.Admin.UseGuestAgent = True
-
Make sure the values for the switches /password and /group should match property definition with squiggly brackets {}
-
Use the /admin switch to configure the admin account name based on what the vm has (eg. newadmin)
-
In the blueprint, add the windows password property, with show in request enabled, to the virtual machine custom properties.
-
In the blueprint, add the UserAndGroupControl property group to the virtual machine property group section.
-
In the blueprint, configure the VM so it joins the domain (cloneSpec)
-
Publish and Entitle the blueprint
-
Request the item, and if done correctly the password and security group will be passed during deployment, changing the load admin password and adding the group.
-
If you need to debug the UserAndGroupControl vbscript, use the /debug switch. The log is place right next to the script and will display the password in plain text.
UninstallAgent.bat
- Change the variables in the top section of the script for fqdn and wsus info
This script will remove the old Agents if they exists and delete their folders. Should be ran before any other if doing a cleanup It will also remove the Darwin account. However since the Darwin account was running as a service, it is considered to be in use even thought the active service has been removed. So there will be a residual folder residing in C:\Users folder. The InstallAgentAsDarwin.bat script will clean that up before creating a new Darwin account.
InstallUpdatesOnly.bat
this script installs updates from WSUS point. It will also install PowerShell 5.1 on Windows 7, 8 , 8.1, 2012 and 2012r2. Unlike typical scripts where registry key are set. This one use LGPO.exe to build the WSUS pointer locally. I did this so that it can be viewed and changed via gpedit.msc. There are a few prerequisites that must be done.
- Follow the README.md in the Updates folder