Re: Change permission remotely
- From: "James Whitlow" <jwhitlow@xxxxxxxxxx>
- Date: Tue, 19 Jul 2005 07:03:56 -0500
Sam,
I have one more question for you first. You stated in your original
message: "I would like to change security permission for everyone from 'no
access' to 'read only' on each temp folder." Are you referring to something
like "c:\temp" or are you referring to the temp directory for each user
account on the machine (ie "C:\Documents and Settings\username\Local
Settings\Temp")?
As an FYI, I think I have everything but the actual function to change the
permissions built. At this point, the script does not actually change
anything, but it will enumerate and walk the IP range of each CIDR you
specify, separated by commas. Put the CIDR of one of your subnets into the
script one line #17 and give it a run and see if it successfully identifies
your computers without throwing any errors. In the IE window it produces, it
should display:
ComputerName [10.1.1.5]: Action will be performed!!!
....for each machine that it fires the function for. Once the function is
complete, it should do what you want. Make sure it outputs this line for
machines it should affect and not for machine it shouldn't affect.
Please note that you must run this script under credentials that have
local administrators rights on the computers you wish to affect.
Below is what I have so far. The file is in Windows Script format, so give
it a *.wsf extension.
<?xml version="1.0" ?>
<job>
<object id="MSIE" progid="InternetExplorer.Application"/>
<object id="WSH" progid="WScript.Shell"/>
<script language="VBScript">
Option Explicit
<![CDATA[
' ### Dimension variables for objects ###
Dim WMI
' ### Dimension variables for data ###
Dim a, arrIP, BP, CIDR, i, IP, NA, NetBIOS, OSVer
Dim ProductType, Remaining, Rtn, Status, x, y
Const HKLM = &H80000002
CIDR = "10.1.1.0/24"
Remaining = 0
For Each a in Split(CIDR, ",")
Remaining = Remaining + 2 ^ (32 - Split(a, "/")(1)) - 2
Next
CreateIE()
For Each a in Split(CIDR, ",")
NA = Split(a, "/")(0)
BP = Split(a, "/")(1)
arrIP = Split(NA, ".")
For x = 1 to (2 ^ (32 - BP)) - 2
arrIP(3) = arrIP(3) + 1
For i = 3 to 1 Step -1
arrIP(i - 1) = arrIP(i - 1) + Abs(arrIP(i) > 255)
arrIP(i) = arrIP(i) * Abs(arrIP(i) < 256)
Next
NetBIOS = "" : OSVer = "" : ProductType = "" : Status = ""
IP = Join(arrIP, ".")
Remaining = Remaining - 1
If TypeName(MSIE) = "IWebBrowser2" Then MSIE.Document.Title = "Scanning
" & IP _
& " (" & Remaining & " remaining)"
Rtn = Abs(WSH.Run("ping -n 1 -w 500 " & IP, 0, True) = 0)
If Rtn Then
Set WMI = Nothing
On Error Resume Next
Set WMI = GetObject("winmgmts:\\" & IP & "\root\default:StdRegProv")
If Err.Number = -2147217405 Then
Status = IP & ": Access to registry denied!"
ElseIf Err.Number Then
Status = IP & ": " & Err.Description
End If
i = "SYSTEM\CurrentControlSet\Control\ProductOptions"
WMI.GetStringValue HKLM, i, "ProductType", ProductType
i = "Software\Microsoft\Windows NT\CurrentVersion"
WMI.GetStringValue HKLM, i, "CurrentVersion", OSVer
i = "SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName"
WMI.GetStringValue HKLM, i, "ComputerName", NetBIOS
If (Len(ProductType) = 0 Or Len(NetBIOS) = 0) And Len(Status) = 0 Then
Status = IP & ": " & Err.Description
End If
On Error Goto 0
ProductType = LCase(ProductType)
Select Case True
Case CBool(Len(Status))
Case ProductType = "winnt" And OSVer = "5.1"
Status = ChangeACL(IP)
Case ProductType = "winnt"
Status = NetBIOS & " [" & IP & "]: Not a Windows XP workstation!"
Case ProductType = "servernt" Or ProductType = "lanmannt"
Status = NetBIOS & " [" & IP & "]: This is a server. Skipped!"
Case Else
Status = IP & ": Unknown Error. Skipped!"
End Select
Else
Status = IP & ": Did not respond to ping."
End If
WriteHTML Status
If TypeName(MSIE) = "Object" Then WScript.Quit
Next
Next
IETitle "Done!"
Function ChangeACL(IPAddress)
ChangeACL = NetBIOS & " [" & IPAddress & "]: Action will be
performed!!!"
End Function
' ### Create an Internet Explorer window to provide feedback to the user
###
Sub CreateIE()
Dim height, width
height = 300
width = 640
With MSIE
.FullScreen=False
.Navigate "about:blank"
While .ReadyState <> 4 : WScript.Sleep 100 : Wend
.ToolBar = False
.StatusBar = False
.Resizable = False
With .document.ParentWindow
.resizeto width, height
.moveto (.screen.width-width)/2,(.screen.height-height)/2
End With
.document.title = "TSM / TSS Push"
.document.write "<HTML><HEAD><TITLE id=Title>Scanning IP
Addresses</TITLE></HEAD>"
.document.write "<BODY style='font-family:Courier New;font-size:13px;"
.document.writeln "padding:2px; margin: 0px'>"
.document.writeln "<SPAN id=bottom></SPAN>"
.document.writeln "</BODY></HTML>"
.document.Body.Scroll = "yes"
.visible = "true"
WSH.AppActivate MSIE.document.title
End With
End Sub
Sub WriteHTML(HTML)
If TypeName(MSIE) = "Object" Then WScript.Quit
MSIE.document.all.Bottom.insertAdjacentHTML "beforeBegin", HTML & "<br>"
MSIE.document.all.Bottom.scrollIntoView
End Sub
]]>
</script>
</job>
"Sam Chan" <schan17@xxxxxxxxxx> wrote in message
news:dmFCe.1544$Ow4.695228@xxxxxxxxxxxxxxxxxxxxx
> 1. They are in different subnet
> 2. They are XP professional and W2K severs. Only XP professional needs to
> change permission on temp folder.
>
> Thanks in advance
>
> "James Whitlow" <jwhitlow@xxxxxxxxxx> wrote in message
> news:ezz6EnmiFHA.2852@xxxxxxxxxxxxxxxxxxxxxxx
> > "Sam Chan" <schan17@xxxxxxxxxx> wrote in message
> > news:cY_Be.2456$Y54.65@xxxxxxxxxxxxxxxxxxxxx
> >> Hi,
> >> I would like to change security permission for everyone from "no
access"
> > to
> >> "read only" on each temp folder. I have about 200 computers to reset.
Is
> > it
> >> a way to do it by VBscript?
> >
> > I have a few questions:
> >
> > ** Are all of the computers inside the same subnet (or can a single CIDR
> > encompass them)
> > ** If yes to the above, are all of the computers within the range to be
> > updated or just some of them?
> > ** Should server(s) be excluded from the script?
> > ** Are all of the computers to be updated NT based (NT, 2K, XP) or are
> > there
> > some 9X machines?
> >
> > When I need to do something to all of the computers in an office, I
> > generally walk the subnet by IP address. I use a small routine to create
a
> > dictionary object of IP addresses from a given CIDR. I then loop through
> > the
> > IP addresses in the dictionary, checking to see if the IP address pings.
> > If
> > it does, I then check for whatever criteria I want (is it a workstation
or
> > server, does 'somefile.txt' exist, etc).
> >
> > Answer the questions above and I will see if I can post an example that
> > you could easily customize for your needs. Feel free to include any
> > additional information you think relevant.
> >
> >
>
>
.
- References:
- Change permission remotely
- From: Sam Chan
- Re: Change permission remotely
- From: James Whitlow
- Re: Change permission remotely
- From: Sam Chan
- Change permission remotely
- Prev by Date: Re: Error Handling
- Next by Date: Re: Error Handling
- Previous by thread: Re: Change permission remotely
- Next by thread: Difference Between Two Pages
- Index(es):
Relevant Pages
|
