So, some mandate from above has come down and you absolutely MUST have AV in your provisioned VMs (whether they be XenApp or XenDesktop). Forget that Citrix does everything they can to steer you away from this, and the VMs are read only, and…. Well, you get the idea. Either way, the powers that be said that there must be AV, and they are willing to pay for Atlantis or SSD storage or whatever it takes to make sure you’ve got enough IOPS to feed it.
So you say to yourself “Ok, it’s not my money anyway. As long as the performance is there and the end users get a solution that is acceptable to them, it makes no difference to me.” And then, the hard part: How do you make it work?? Trend registers each client machine against the OSCE server using the GUID of the installed Trend OSCE client, NOT the machine’s SID. But, since all the machines are basically carbon copies of that one base image, what’s a guy to do? So, you went home, you pulled out your hair, you drank some beers to get over the headache this all caused you, and now, you’ve wound up here. Fear not, brave Citrix admin: I’ll show you the way.
Now, anyone with some decent Googlefoo can certainly run across another blog from some guy with a surname I can’t pronounce and with a TLD of .eu. That’s where some of this came from. However, I found the information there to be less than completely helpful, and, moreover, it didn’t solve the issue completely (not to mention the code needed help – option explicit, unused declared variables, scoping issues, etc). What to do? Improve, of course.
Step 1. Copy this code into a vbs script of your choosing (this is for x64 VMs – if you want it for x86 VMs just edit the registry read/write lines to take out wow6432node)
On Error Resume Next Set oShell = WScript.CreateObject("WScript.Shell") Set oFS = CreateObject("Scripting.FileSystemObject") sCacheDrive = "d:\" sFolder = sCacheDrive & "\Trend" sFile = "Trend.txt" sLogPath = sFolder & "\Trend_log.txt" If oFS.FileExists(sLogPath) Then oFS.DeleteFile(sLogPath) oFS.CreateTextFile(sLogPath) If oFS.DriveExists(sCacheDrive) Then If oFS.FolderExists(sFolder) Then If oFS.FileExists(sFolder & "\" & sFile) Then Read_GUID LogFile (sFile & " file found. Exiting script.") Wscript.Quit Else Set oFile = oFS.CreateTextFile(sFolder & "\" & sFile) LogFile (sFile & " file not found. Running Check_Trend procedure.") Check_Trend LogFile ("Check_Trend procedure complete - exiting script.") Wscript.Quit End if Else LogFile (sFolder & " not found. Creating folder and file.") oFS.CreateFolder(sFolder) oFS.CreateTextFile(sFolder & "\" & sFile) LogFile ("Running Check_Trend Procedure after creating folder and file.") Check_Trend Wscript.Quit End If Else LogFile(sCacheDrive &" drive could not be found. Quitting the script.") Wscript.Quit End if Sub Check_trend sFile2 = "ImgSetup.exe" sSource = "C:\Trend\Trend\" sDestination = "C:\Trend\" LogFile ("Adding Run command for imgsetup.exe.") oShell.RegWrite "HKLM\SOFTWARE\Wow6432node\Microsoft\Windows\CurrentVersion\Run\Trend OfficeScan ImageSetup", chr(34) & sDestination & sFile2 & chr(34) & " -HideWindow", "REG_SZ" If Not oFS.FileExists(sDestination & sFile2) Then LogFile (sDestination & sFile2 & " not found.") LogFile ("Copying " & sFile2 & " from " & sSource) oFS.CopyFile sSource & sFile2, sDestination End If LogFile ("Running Trend Sysprep.") oShell.Run chr(34) & sDestination & sFile2 & chr(34), 0 , True sRegGUID = oShell.RegRead ("HKLM\SOFTWARE\Wow6432node\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID") LogFile ("GUID =" & sRegGUID) oFile.Close LogFile("Writing " & sRegGUID & " to the " & sFolder & "\Trend.txt file.") Set oFile = oFS.OpenTextFile(sFolder & "\" & sFile, 2) oFile.WriteLine sRegGUID oFile.Close LogFile ("Starting the Trend Realtime scan service.") oShell.Run "net start ntrtscan", 0, TRUE LogFile ("Script Finished.") End Sub Sub Read_GUID Set oFile = oFS.OpenTextFile(sFolder & "\" & sFile, 1) LogFile ("Running Read_GUID procedure.") Do While oFile.AtEndOfStream = False sLine = oFile.Readline LogFile ("Writing GUID " & sLine & " to the registry.") oShell.RegWrite "HKLM\SOFTWARE\Wow6432node\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID", sLine, "REG_SZ" Loop oFile.Close LogFile ("Starting tmlisten.") LogFile ("Starting ntrtscan.") oShell.Run "net start tmlisten", 0, TRUE oShell.Run "net start ntrtscan", 0, TRUE LogFile ("Script Finished.") End Sub Sub LogFile(Message) Set lFile = oFS.OpenTextFile(sLogPath, 8, True) lFile.WriteLine Now & " - " & Message End Sub
Modify line 4 in the VBS above to reflect your cache drive letter. Sorry the formatting got wrecked, blame it on the WP editor. PLEASE TEST this before just stuffing it into production! I am not responsible for your copy/paste/fail maneuvers if you don’t at least have a basic handle on VBS and can’t identify a code fragment that belongs on the previous line (nor am I responsible for any other reason, use at your own peril, etc etc — but I digress)…
Step 2. Copy this code into a cmd file and name it whatever you choose.
REG Delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trend OfficeScan ImageSetup" /f REG Delete "HKLM\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID" /f del c:\Trend\imgsetup.exe del c:\Trend\TmEngDrv.dll del c:\Trend\TmPfwApi.dll del c:\Trend\TmProxy.dll
Step 3. Go into your VM in private mode. Create the folder C:\Trend, and then create the folder C:\Trend\Trend. Then, from your OCSE server, copy the file imgsetup.exe into the C:\Trend\Trend folder.
Step 4. Install the Trend OfficeScan client (This solution tested with 10.5, BTW). After it’s installed, unload it. Then set all three of the OSCE services to MANUAL startup.
The VBS script above? Add it to either the local policy of the image or to a GPO as a startup script. The CMD above? Yup, you guessed it, shutdown script.
Then, seal up your VM and shut it down. Viola! No more phantom registrations and offline VMs and all sorts of other weirdness in your OCSE reporting console. Also, I would highly recommend that you create an auto-add domain (by IP, because your provisioned VMs are in a dedicated network, RIGHT?), and apply the correct AV exceptions to that domain. Don’t know how to do that? Google got you here, it’ll get you there. 😉