I've come across the following setting and trying to figure out what an AceFlag value of 18 means, context is below:
dn = "LDAP://" & replace(rs.Fields("distinguishedName").Value,"/","\/")
set objuser = getobject(dn)
Set oSecurityDescriptor = objuser.Get("msExchMailboxSecurityDescriptor")
Set dacl = oSecurityDescriptor.DiscretionaryAcl
Set ace = CreateObject("AccessControlEntry")
For Each ace In dacl
if ace.AceFlags <> 18 then
end if
Anyone got any ideas?
It means that the ACE an inherited container ACE (0x10 + 0x02). See here.
Related
So, I am creating a vbscript that will read an MSI and MST file. The idea is that if the user that will run the script is testing an MSI with an MST file involved, the script should create a "report" of the new properties that this MST have.
I am able to get the properties from a regular MSI, the problem is when I am trying to get into the MST section. While doing research I found out about the _TransformView Table and this should help me to obtain this information but I think I am not sure I know how to handle that table.
Const msiTransformErrorViewTransform = 256
Const msiOpenDB = 2
Dim FS, TS, WI, DB, View, Rec
Set WI = CreateObject("WindowsInstaller.Installer")
Set DB = WI.OpenDatabase(msiPath,msiOpenDB)
DB.ApplyTransform mstPath, msiTransformErrorViewTransform
If Err.number Then
Exit Function
End If
For i = 0 To 24 'Number of properties on the arrPropertyList
Set View = DB.OpenView("Select `Value` From Property WHERE `Property` = " & "'" & arrPropertyList(i) & "'")
View.Execute
Set Rec = View.Fetch
If Not Rec Is Nothing Then
objLog.WriteLine arrPropertyList(i) & " = " & Rec.StringData(1)
End If
Next
That code will display the msi properties that I have added on the arrPropertyList. The thing is that I am looking for the MST properties and I am only getting the MSI ones. I know that I should change the Query to access the _TransformView Table when calling the DB.OpenView but not sure how can I get to this information! Any knowledge you can share would be welcome.
It works slightly differently to what you think. Run the following to see what I mean (maybe force the VBS to run with Cscript.exe from a command prompt if you're expecting a lot of output):
'create 2 constants - one for when we want to just query the MSI (read) and one for when we want to make changes (write)
Const msiOpenDatabaseModeReadOnly = 0
Const msiOpenDatabaseModeTransact = 1
Const msiTransformErrorViewTransform = 256
'create WindowsInstaller.Installer object
Dim oInstaller : Set oInstaller = CreateObject("WindowsInstaller.Installer")
'open the MSI (the first argument supplied to the vbscript)
Dim oDatabase : Set oDatabase = oInstaller.OpenDatabase("C:\Temp\Temp.msi",msiOpenDatabaseModeReadOnly)
oDatabase.ApplyTransform "C:\Temp\Temp.mst", msiTransformErrorViewTransform
'create a view of the registry we want to see
Dim sql : sql = "SELECT * FROM `_TransformView`"
Dim regView : Set regView = oDatabase.OpenView(sql)
'execute the query
regView.Execute
'fetch the first row of data (if there is one!)
Dim regRecord : Set regRecord = regView.Fetch
'whilst we've returned a row and therefore regRecord is not Nothing
While Not regRecord Is Nothing
'print out the registry key
wscript.echo "Table: " & regRecord.StringData(1)
wscript.echo "Column: " & regRecord.StringData(2)
wscript.echo "Row: " & regRecord.StringData(3)
wscript.echo "Data: " & regRecord.StringData(4)
wscript.echo "Current: " & regRecord.StringData(5)
wscript.echo "***"
'go and fetch the next row of data
Set regRecord = regView.Fetch
Wend
regView.Close
Set regView = Nothing
Set regRecord = Nothing
Set oDatabase = Nothing
Set oInstaller = Nothing
So if you only wanted to see changes in the Property table, you would change the SQL query to:
Dim sql : sql = "SELECT * FROM `_TransformView` WHERE `Table` = 'Property'"
As well as storing the column names of the changed entries, the 'Column' column in the '_TransformView' table also stores whether the value was inserted, removed etc by using the values:
INSERT, DELETE, CREATE, or DROP.
You can find lots of VBScript Windows Installer tutorials for reference - don't forget to set your objects to Nothing otherwise you'll leave handles open. And of course use the link you provided for further reference.
WiLstXfm.vbs: Are you familiar with the MSI SDK sample: wilstxfm.vbs (View a Transform)? It can be used to view transform files. Usage is as follows:
cscript.exe WiLstXfm.vbs MySetup.msi MySetup.mst
Mock-up output:
Property Value [INSTALLLEVEL] {100}->{102}
File DELETE [Help.chm]
I think all you need is in there? Maybe give it a quick look. There is a whole bunch of such MSI API Samples - for all kinds of MSI purposes.
Github.com / Windows SDK: These VBScripts are installed with the Windows SDK, so you can find them on your local disk if you have Visual Studio installed, but you can also find them on Github.com:
Github: WiLstXfm.vbs - Microsoft repository on github.com.
Disk: On your local disk, search under Program Files (x86) if you have Visual Studio installed. Current Example: %ProgramFiles(x86)%\Windows Kits\10\bin\10.0.17763.0\x86.
I'm trying to write a script in VBS to show the file properties dialog/sheet for multiple items. Those items will be all of the items in a parent folder (e.g. all items in W:\).
Essentially, I'm trying to get the properties dialog to show the number of files in a drive. Right-clicking on the drive and selecting Properties does not show the number of files. You would instead need to go into the first level of the drive, select all folders/files, and then right-click and select Properties.
I have customised some code (below) I've found on the internet to bring up the file properties dialog/sheet for either a specific folder, or a drive. I have no idea what I could further change to get the properties dialog for all files and folder of a specified drive. Perhaps getting all folders/files of the drive into an array and then working with that?
Please note I'm looking for the actual properties dialog, and not just a simple return of the total number of files (I know how to do this).
Any help would be appreciated! Thanks :)
Code:
dim objShell, objFSO, folParent, sParent, filTarget, sFileName, sOutput, fivVerbs, iVerb, vVerb, fvbVerb, testItemsParent, TestMappedDestination
set objFSO = CreateObject("Scripting.FileSystemObject")
set objShell = CreateObject("Shell.Application")
const mappedDestination = "c:\"
vVerb = "P&roperties"
sParent = objFSO.GetParentFolderName(mappedDestination)
sFileName = objFSO.GetFileName(mappedDestination)
If Len(mappedDestination) = 3 then
nsTarget = &H11
TestMappedDestination = "(" & UCase(Left(mappedDestination,2)) & ")"
Else
nsTarget = sParent
TestMappedDestination = UCase(sFileName)
End If
set folParent = objShell.Namespace(nsTarget)
For each filTarget in folParent.Items
If Len(mappedDestination) = 3 then
testItemsParent = UCase(Right(filTarget,4))
Else
testItemsParent = UCase(filTarget)
End if
If testItemsParent = TestMappedDestination then
Set fivVerbs = filTarget.Verbs
For iVerb = 0 to fivVerbs.Count - 1
If fivVerbs.Item(iVerb).Name = vVerb then
Set fvbVerb = fivVerbs.Item(iVerb)
fvbVerb.DoIt()
filTarget.InvokeVerbEx fvbVerb.Name, ""
Msgbox "Placeholder msgbox to keep properties dialog/sheet from disappearing on script completion"
Exit for
End if
Next
Exit for
End if
Next
Does anyone know of a quick and easy way to verify what website I'm currently on?
I have made some script that logs me into a website, but if the user is already logged on, it will create an error.
If anyone knows a good way to tell if they are already logged in, please let me know!
The script is as follows:
Username = InputBox("Please input username")
Password = InputBox("Please input password")
Set objShell = WScript.CreateObject("WScript.Shell")
Dim IE
Set IE = GetObject("new:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E}")
IE.Visible = 1
IE.navigate "http://wsmmart.itg.ti.com/"
Do
WScript.Sleep 250
Loop While IE.ReadyState < 4 And IE.Busy
IE.Document.All.Item("fld2").Value = Username
IE.Document.All.Item("fld5").Value = Password
'IE.Document.All.Item("Submit").Click
The following code will loop through all open IE windows and look to see if any one of them has the term "wsmmart.itg.ti." in the url. If it finds a match it will control that window and proceed to insert your username, pw, etc. If it doesn't find a match then you could run your code to open a new window
Set objShell = CreateObject("Shell.Application")
IE_count = objShell.Windows.Count
For x = 0 To (IE_count - 1)
On Error Resume Next ' sometimes more web pages are counted than are open
my_url = objShell.Windows(x).Document.Location
If my_url Like "*" & "wsmmart.itg.ti." & "*" Then 'find an existing wsmmart web page
Set ie = objShell.Windows(x)
Exit For
Else
if x=(IE_count - 1) then
' do your stuff to open a new window
end if
End If
Next
on error goto 0
now try to insert your username, pw, etc. , put it in an if statement. if you get an error back, then you're already logged in
Goal: Add a local user account share-level Read/Write permissions to an existing file share.
I'm hitting a roadblock in developing this. Apparently Microsoft wants you to add your user's ACE to the DACL and then back into the security descriptor of the share. (1). (No, NET SHARE /ADD is not available for existing shares, I was surprised.)
In theory that should be simple enough, but my main fear is doing it wrong and losing the existing share permissions (lots of network users, specific groups). This solution needs to scale to a few thousand shares. I'm developing the solution to output data about the existing DACL in case I need to back out. I should write code to interpret that log and be prepared to add them back en-masse should anything go wrong.
At the moment I'm using VBscript-- I feel PowerShell might be a bit stronger of an approach but VBscript/WMI is a known quantity.
Research:
(1) http://blogs.msdn.com/b/helloworld/archive/2008/07/22/editing-share-permission.aspx
Copy the existing ACEs to an array:
rc = shareSec.GetSecurityDescriptor(sd)
ReDim acl(UBound(sd.DACL)+1) '+1 for the new ACL we're going to add
For i = 0 To UBound(sd.DACL)
Set acl(i) = sd.DACL(i)
Next
Add the new ACE to that array:
Set acl(UBound(acl)) = NewACE(NewTrustee(username, domain), 2032127)
The functions NewTrustee() and NewACE() encapsulate the instructions for creating the trustee and the ACE. The number is the access mask for Full Control.
Create a new security descriptor and assign it to the share:
Set sd = wmi.Get("Win32_SecurityDescriptor").SpawnInstance_
sd.ControlFlags = flags
sd.DACL = acl
rc = shareSec.SetSecurityDescriptor(sd)
Check this page for a lot more detail information about security descriptors, trustees, ACLs and ACEs.
Full script:
Const FullControl = 2032127
' modify these variables according to your requirements:
computer = "."
share = "..."
username = "..."
domain = CreateObject("WScript.Network").UserDomain
Set wmi = GetObject("winmgmts:{impersonationLevel=impersonate}!//" _
& computer & "/root/cimv2")
Set shareSec = GetObject("winmgmts:Win32_LogicalShareSecuritySetting.Name='" _
& share & "'")
Function NewTrustee(name, domain)
Dim trustee, account
Set trustee = wmi.Get("Win32_Trustee").SpawnInstance_
trustee.Name = name
trustee.Domain = domain
Set account = wmi.Get("Win32_UserAccount.Domain='" & domain & "',Name='" _
& name & "'")
trustee.Properties_.Item("SID") = wmi.Get("Win32_SID.SID='" & account.SID _
& "'").BinaryRepresentation
Set NewTrustee = trustee
End Function
Function NewACE(trustee, permissions)
Dim ace : Set ace = wmi.Get("Win32_Ace").SpawnInstance_
ace.Properties_.Item("AccessMask") = permissions
ace.Properties_.Item("AceFlags") = 3
ace.Properties_.Item("AceType") = 0
ace.Properties_.Item("Trustee") = trustee
Set NewACE = ace
End Function
' copy existing ACEs
rc = shareSec.GetSecurityDescriptor(sd)
flags = sd.ControlFlags
ReDim acl(UBound(sd.DACL)+1) '+1 for the new ACL we're going to add
For i = 0 To UBound(sd.DACL)
Set acl(i) = sd.DACL(i)
Next
Set sd = Nothing
' add new ACE
Set acl(UBound(acl)) = NewACE(NewTrustee(username, domain), FullControl)
' prepare new security descriptor
Set sd = wmi.Get("Win32_SecurityDescriptor").SpawnInstance_
sd.ControlFlags = flags
sd.DACL = acl
' assign new security descriptor
rc = shareSec.SetSecurityDescriptor(sd)
I have moved a web site from Win2003 x32 to Win2008R2 x64. It works fine on the old server. The web site uses active directory to authenticate. I get this error on 2008: -2147023584 : A specified logon session does not exist. It may already have been terminated. I have tried switching to classic mode, etc. with no change. It does execute VBScript code (otherwise I wouldn't get the error).
Here is the code:
Function AuthenticateUser(UserName, Password)
On Error Resume Next
Dim oADsNamespace, oADsObject
Dim strADsNamespace, strADsPath
strADsPath = "WinNT://ibcschools.edu"
strADsNamespace = left(strADsPath, instr(strADsPath, ":"))
Set oADsObject = GetObject(strADsPath)
Set oADsNamespace = GetObject(strADsNamespace)
Set oADsObject = oADsNamespace.OpenDSObject(strADsPath, UserName, Password, 0)
Response.Write(Err.Number & " : " & Err.Description & "<br />")
If Err.Number = 0 Then
Set oADsNamespace = Nothing
Set oADsObject = Nothing
Set strADsNamespace = Nothing
Set strADsPath = Nothing
AuthenticateUser = True
Else
Set oADsNamespace = Nothing
Set oADsObject = Nothing
Set strADsNamespace = Nothing
Set strADsPath = Nothing
AuthenticateUser = False
End If
End Function
Any help would be appreciated. Thanks.
Your problem seems to be related to using WinNT provider with OpenDSObject.
Things you could try:
Replace WinNT with LDAP provider.
Try running your standalone VBS file
under IIS/ApplicationPool user privileges.
Okay, so I got it working. Before it worked without the domain name, but now requires it. I think it has something to do with the app pool logging in on the old server versus this one. I am going to work on it a little more. I don't want to change all the sites.