home *** CD-ROM | disk | FTP | other *** search
/ PC Professionell 2006 May / PCpro_2006_05.ISO / files / free_security / msshared / Shared_Computer_Toolkit_ENU.msi / FileScripts011 < prev    next >
Encoding:
Extensible Markup Language  |  2005-09-02  |  21.9 KB  |  288 lines
  1.  ■<?xml version="1.0" ?>
  3. <package>
  5.     <comment>
  7.         ' *** 
  9.         ' *** ------------------------------------------------------------------------------
  11.         ' *** Filename:        Restrict.wsf
  13.         ' *** ------------------------------------------------------------------------------
  15.         ' *** Description:    Command line interface to the restrictions tool
  17.         ' ***                 This file parses command line parameters an calls functions
  19.         ' ***                 that are defined in clsRestrictions.vbs
  21.         ' *** ------------------------------------------------------------------------------
  23.         ' *** Version:        1.0
  25.         ' *** Notes:        
  27.         ' *** ------------------------------------------------------------------------------
  29.         ' *** Copyright (C) Microsoft Corporation 2005, All Rights Reserved
  31.         ' *** ------------------------------------------------------------------------------
  33.         ' ***
  35.     </comment>
  37.     <job>
  39.         <runtime>
  41.             <description>Restrictions Tool</description>
  43.             <named name="User"        required="false"  many="false"  helpstring="Local User account name to modify." />
  45.             <named name="Create"    required="false"  many="false"  helpstring="Creates an XML file for this user." />
  47.             <named name="Apply"        required="false"  many="false"  helpstring="Applies an XML file for this user." />
  49.             <named name="Accounts"    required="false"  many="false"  helpstring="List user accounts that can be restricted." />
  51.             <named name="XML"        required="false"  many="false"  helpstring="File name of user's XML file." />
  53.             <named name="Lock"        required="false"  many="false"  helpstring="Lock a user's profile." />
  55.             <named name="Unlock"    required="false"  many="false"  helpstring="Unlock a user's profile." />
  59.             <!-- <example>Example: Restrict.wsf /user:TestUser /xml:..\xml\User.Student.xml /apply</example> -->
  61.             <usage>
  63. User Restrictions Tool
  65. Usage: Restrict.wsf [/User:username] [/Create] [/Apply] [/Accounts] [/XML:filename.xml] [/Lock] [/Unlock]
  69. Options :
  73. User    : Local User account name to modify.
  75. Create    : Creates an XML file for this user.
  77. Apply     : Applies an XML file for this user.
  79. Accounts: List user accounts that can be restricted.
  81. XML    : File name of user's XML file.
  83. Lock    : Lock a user's profile.
  85. Unlock    : Unlock a user's profile.
  89. Example : Restrict.wsf /User:TestUser /XML:..\xml\User.Student.xml /Apply
  91. </usage>        
  93.         </runtime>
  95.         
  97.         <resource id="CScriptMessage">Restarting script in command-line mode. Run CmdOn.BAT to set command-line mode as the default mode.</resource>
  99.         <resource id="CScriptTitle">Shared Computer Toolkit: Windows Script Mode Detected</resource>
  101.         <resource id="LockFolderExists">Previously locked profile folder exists. Do you wish to use the same folder for locking this profile?(Y/N)</resource>
  103.         <resource id="FAT32LockProfile">The profile is located on a non NTFS drive. Lock option is not supported for profiles in non NTFS drives.</resource>
  105.         
  107.         <?job error="True" debug="False" ?>
  111.         <script language="VBScript" src="../include/Common.vbs"></script>
  113.         <script language="VBScript" src="../include/libWSF.vbs"></script>
  115.         <script language="VBScript" src="../include/clsLogging.vbs"></script>
  117.         <script language="VBScript" src="../include/clsRestrictions.vbs"></script>
  119.         <script language="VBScript">
  121.         <![CDATA[
  123.             ' ~~~ 
  125.             ' ~~~ Force variables to be declared 
  127.             ' ~~~ 
  129.             Option Explicit
  133.             Call Main("Restrict.hta")
  135.             
  137.             ' ~~~ 
  139.             ' ~~~ Declare variables and constants
  141.             ' ~~~
  143.             Dim oRestriction, oLog, bResult, bOK, sCmdInput
  147.             ' ~~~ ------------------------------------------------------------------------------
  149.             ' ~~~ Logging
  151.             ' ~~~ ------------------------------------------------------------------------------
  153.             ' ~~~ Create logging object
  155.             Set oLog = New Logging
  159.             ' ~~~ Initiate logging
  161.             Call oLog.Open(GetRootFolder & "\log\Restrict.wsf.log")
  163.             Call oLog.Write("Restrict.wsf : Started")
  167.             ' ~~~ Create winrestriction object
  169.             Set oRestriction = New Restriction
  173.             ' ~~~ ------------------------------------------------------------------------------
  175.             ' ~~~ Check script usage
  177.             ' ~~~ ------------------------------------------------------------------------------
  179.             ' ~~~ Simple checks for incorrect usage
  181.             bOK = True
  183.             Select Case WScript.Arguments.Named.Count
  185.                 Case 1
  187.                     If Not(WScript.Arguments.Named.Exists("Accounts")) Then
  189.                         bOK=False
  191.                     End If
  193.                 Case 2
  195.                     If NOT (WScript.Arguments.Named("User") = "") Then
  197.                         IsValidUser(WScript.Arguments.Named("User"))                            
  199.                     End If
  201.             End Select
  205.             ' ~~~ Incorrect usage            
  207.             If Not(bOK) Then
  209.                 Call oLog.Write("Restrict.wsf : Incorrect usage detected")
  211.                  WScript.Arguments.ShowUsage
  213.                  QuitScript()
  215.             End If
  217.             
  219.             ' ~~~ ------------------------------------------------------------------------------
  221.             ' ~~~ Now do restrictions
  223.             ' ~~~ ------------------------------------------------------------------------------
  227.             ' ~~~ Bind to the logging object
  229.             oRestriction.Logging = oLog
  231.             
  235.             ' ~~~ Set the user & source template
  237.             oRestriction.User = WScript.Arguments.Named("User")
  239.             oRestriction.TemplateXML = GetRootFolder & "\xml\" & GetFileName & ".xml"
  241.             Call oLog.Write("Restrict.wsf : XML template set to " & oRestriction.TemplateXML)
  245.             bOK = False
  247.             ' ~~~ Specify the location of the xml file
  249.             If WScript.Arguments.Named.Exists("xml") Then
  251.                 bOK = True
  253.                 oRestriction.UserXML = WScript.Arguments.Named("xml")
  255.                 Call oLog.Write("Restrict.wsf : XML - Filename set to " & oRestriction.UserXML)
  257.             End If
  261.             ' ~~~ Call the Validations subroutine
  263.             Call Validations()
  267.             ' ~~~ Create users XML file
  269.             If WScript.Arguments.Named.Exists("Create") Then
  271.                 bOK = True
  273.                 If oRestriction.CreateXML Then
  275.                     Call oLog.Write("Restrict.wsf : Create - XML file created successfully")
  277.                     WScript.Echo "XML file created successfully"
  279.                 Else
  281.                     Call oLog.Write("Restrict.wsf : Create - Failed to create XML file")
  283.                     WScript.Echo "Failed to create XML file"
  285.                     bOK = False
  287.                 End If
  289.             End If
  293.             ' ~~~ Apply users XML file
  295.             If WScript.Arguments.Named.Exists("Apply") Then
  297.                 IsValidUser(oRestriction.User)                                
  299.                 oRestriction.IsProfileDriveNTFS = oRestriction.IsFileSystemNTFS()
  301.                 bOK = True
  303.                 If oRestriction.ApplyXML Then
  305.                     Call oLog.Write("Restrict.wsf : Apply - XML file applied successfully")
  307.                     WScript.Echo "XML file applied successfully"
  309.                 Else
  311.                     Call oLog.Write("Restrict.wsf : Apply - Failed to apply XML file")
  313.                     WScript.Echo "Failed to apply XML file"
  315.                     bOK = False
  317.                 End If
  319.             End If
  323.             ' ~~~ Lock a users profile
  325.             If WScript.Arguments.Named.Exists("Lock") Then
  327.                 bOK = True
  329.                 If NOT oRestriction.IsFileSystemNTFS Then
  331.                     Wscript.echo getResource("FAT32LockProfile")
  333.                     QuitScript()
  335.                 End If
  337.                 If oRestriction.AccountLocked(oRestriction.User) = False AND oFso.FolderExists(oRestriction.GetProfilePath(oRestriction.User) & ".orig") Then
  339.                     Do 
  341.                         Wscript.stdout.writeline getResource("LockFolderExists")
  343.                         sCmdInput = UCase(Wscript.StdIn.ReadLine) 
  345.                         If sCmdInput = "Y" Then
  347.                             oRestriction.ChangeLockFolder = False
  349.                             Exit Do
  351.                         End If
  353.                         If sCmdInput = "N" Then
  355.                             oRestriction.ChangeLockFolder = True
  357.                             Exit Do
  359.                         End If
  361.                     Loop Until sCmdInput = "Y" OR sCmdInput = "N"
  363.                 End If
  365.                 If oRestriction.LockSharedAccount(oRestriction.User) Then
  367.                     Call oLog.Write("Restrict.wsf : Lock - Profile locked successfully")
  369.                     WScript.Echo "Profile locked successfully"
  371.                 Else
  373.                     Call oLog.Write("Restrict.wsf : Lock - Failed to unlock profile")
  375.                     WScript.Echo "Failed to lock profile"
  377.                     bOK = False
  379.                 End If
  381.             End If
  385.             ' ~~~ Unlock a users profile
  387.             If WScript.Arguments.Named.Exists("Unlock") Then
  389.                 bOK = True
  391.                 If oRestriction.UnlockSharedAccount(oRestriction.User) Then
  393.                     Call oLog.Write("Restrict.wsf : Unlock - Profile locked successfully")
  395.                     WScript.Echo "Profile unlocked successfully"
  397.                 Else
  399.                     Call oLog.Write("Restrict.wsf : Unlock - Failed to unlock profile")
  401.                     WScript.Echo "Failed to unlock profile"
  403.                     bOK = False
  405.                 End If
  407.             End If
  411.             ' ~~~ Display accounts list
  413.             If WScript.Arguments.Named.Exists("Accounts") Then
  415.                 bOK = True
  417.                 WSCript.Echo "Accounts that can have restrictions applied :"
  419.                 WSCript.Echo oRestriction.Accounts(False)
  421.             End If
  425.             If Not(bOK) Then
  427.                 Call oLog.Write("Restrict.wsf : Incorrect usage detected")
  429.                  WScript.Arguments.ShowUsage
  431.                  QuitScript()
  433.             End If
  437.             ' *** 
  439.             ' *** --------------------------------------------------------------------------------
  441.             ' *** Name:            IsValidUser(UserID)
  443.             ' *** --------------------------------------------------------------------------------
  445.             ' *** Purpose:        Checks for the validity of the useraccount
  447.             ' *** --------------------------------------------------------------------------------
  449.             ' *** 
  451.             Sub IsValidUser(UserID)
  453.                 Dim bValid
  455.                 bValid = True
  457.                 If oNetwork.UserName = UserID Then
  459.                     WSCript.Echo "This tool will not modify the currently logged on user."
  461.                     bValid = False
  463.                 ElseIf Right(oRestriction.GetUserSID(UserID),4) = "-500" Then
  465.                     ' ~~~ Administrator account
  467.                     WSCript.Echo "This tool cannot modify the Administrator account."
  469.                     bValid = False
  471.                 ElseIf oRestriction.GetUserSID(UserID) = "" Then
  473.                     WSCript.Echo "This is not a valid user account."
  475.                     bValid = False    
  477.                 ElseIf oRestriction.GetProfilePath(UserID) = "" Then
  479.                     WSCript.Echo " A profile is not created for this user account."
  481.                     bValid = False
  483.                 ElseIf oRestriction.IsUserLoggedOn(UserID) Then
  485.                     WSCript.Echo "The user is currently logged on through fast-user-switching."
  487.                     bValid = False
  489.                 End If
  491.                 If NOT bValid Then
  493.                     WScript.Arguments.ShowUsage
  495.                      QuitScript()
  497.                 End If
  499.             End Sub
  503.             ' *** 
  505.             ' *** --------------------------------------------------------------------------------
  507.             ' *** Name:            Validations()
  509.             ' *** --------------------------------------------------------------------------------
  511.             ' *** Purpose:        Validates the combinations of options in the input arguments
  513.             ' *** --------------------------------------------------------------------------------
  515.             ' *** 
  517.             Sub Validations()
  519.                 If ( WScript.Arguments.Named.Exists("Lock") and WScript.Arguments.Named.Exists("UnLock")) Then
  521.                     Call oLog.Write("Restrict.wsf : Incorrect usage detected")
  523.                      WScript.Arguments.ShowUsage
  525.                      QuitScript()                
  527.                 End If
  529.                 If ( WScript.Arguments.Named.Exists("Create") and WScript.Arguments.Named.Exists("Apply")) Then
  531.                     Call oLog.Write("Restrict.wsf : Incorrect usage detected")
  533.                     WScript.Arguments.ShowUsage
  535.                     QuitScript()                
  537.                 End If
  539.                 
  541.             End Sub
  547.             ' ~~~ ------------------------------------------------------------------------------
  549.             ' ~~~ Tidy up
  551.             ' ~~~ ------------------------------------------------------------------------------
  553.             ' ~~~ Close log
  555.             Call oLog.Close
  559.             ' ~~~ Destroy objects
  561.             Set oRestriction = nothing
  563.             Set oLog = nothing
  565.             UnLoadObjects()
  567.         ]]>
  569.         </script>
  571.     </job>
  573. </package>