|
The following automation script simplifies the procedure by performing these steps automatically:
- Backing up the current FortiClient configuration.
- Importing the modified configuration that contains updated SPDO values.
- Exporting and verifying that the changes were successfully applied.
Requirements:
- Administrative access to the workstation.
- FCConfig.exe tool located in 'C:\Program Files\Fortinet\FortiClient'.
- A working FortiClient configuration (Restore.conf) that includes the modified SPDO entries.
- Backup directory created (e.g: C:\Users\<username>\Documents\Test).
Before running the script:
- Ensure that a copy of the FortiClient configuration (Restore.conf) with the desired SPDO settings is saved in the chosen directory (e.g., Documents\Test).
- Always back up the current configuration first before executing the automation.
The batch script below automates the SPDO editing process by exporting, importing, and verifying FortiClient configurations. It ensures that backups are kept, imports the updated SPDO configuration, and validates the result by generating a verification file.
Automation Script:
@echo off
echo ==============================================
echo FortiClient Config Backup, Restore, and Verify
echo ==============================================
:: Paths and filenames
set "FCConfig=C:\Program Files\Fortinet\FortiClient\FCConfig.exe"
set "ConfigPath=C:\Users\rtanagras\Documents\Test"
set "BackupFile=Backup.conf"
set "RestoreFile=Restore.conf"
set "VerifyFile=New.conf"
set "Password=test@123"
:: Ensure ConfigPath exists
if not exist "%ConfigPath%" (
echo [INFO] Creating configuration directory "%ConfigPath%"...
mkdir "%ConfigPath%"
if errorlevel 1 (
echo [ERROR] Failed to create directory "%ConfigPath%".
pause
exit /b 1
)
)
:: Check if FCConfig.exe exists
if not exist "%FCConfig%" (
echo [ERROR] FCConfig.exe not found at "%FCConfig%"
pause
exit /b 1
)
:: Check if Restore file exists
if not exist "%ConfigPath%\%RestoreFile%" (
echo [ERROR] Restore file not found: "%ConfigPath%\%RestoreFile%"
pause
exit /b 1
)
pushd "%ConfigPath%"
:: Backup current config
echo [INFO] Backing up current FortiClient config to "%BackupFile%"...
"%FCConfig%" -m all -o export -f "%BackupFile%" -i 1 -p "%Password%"
if errorlevel 1 (
echo [FAILED] Backup failed.
popd
pause
exit /b 1
)
:: Import the restore config
echo [INFO] Importing configuration from "%RestoreFile%"...
"%FCConfig%" -m all -f "%RestoreFile%" -o import -i 1 -p "%Password%"
if errorlevel 1 (
echo [FAILED] Restore failed.
popd
pause
exit /b 1
)
:: Wait a moment to ensure config import completes fully
timeout /t 3 /nobreak >nul
:: Export immediately after import to verify
echo [INFO] Exporting configuration after restore to "%VerifyFile%"...
"%FCConfig%" -m all -o export -f "%VerifyFile%" -i 1 -p "%Password%"
if errorlevel 1 (
echo [FAILED] Export after restore failed.
popd
pause
exit /b 1
)
popd
:: Optional: Restart FortiClient services
echo [INFO] Restarting FortiClient services...
net stop FortiClientService /y >nul 2>&1
net start FortiClientService >nul 2>&1
echo [DONE] Backup, restore, and verification steps completed.
echo.
echo Check the file "%ConfigPath%\%VerifyFile%" to verify if SPDO values changed.
pause
ENDLOCAL
| Steps |
Description |
| Backup |
Exports the current configuration for validation. |
| Restore |
Imports the configuration file containing updated SPDO values. |
| Verification |
Export the configuration again to confirm the SPDO changes took effect. |
| Restart (optional) |
Restarts FortiClient service to ensure new settings are applied. |
Note:
- The script is designed for administrators performing repetitive SPDO updates across multiple endpoints.
- Ensure the password (test@123) matches the FortiClient configuration encryption password in the environment.
- The automation eliminates the need for manual XML editing or FortiClient GUI navigation.
- It is recommended to test on a non-production machine before deployment.
|
