widsnet.com
6Oct/110

Copy security rights between sites

Set the security rights for a person or group on one site manually, then use this script to copy the same rights to other sites.
Must ofcourse be run as a user with proper privilegies.

Const ForAppending = 8

Set colArgsNamed = WScript.Arguments.Named
If colArgsNamed.Exists("User") And colArgsNamed.Exists("SMSFromServer") And colArgsNamed.Exists("SMSToServer") Then
	strUser = colArgsNamed.Item("User")
	strFromSiteServer = colArgsNamed.Item("SMSFromServer")
	strToSiteServer = colArgsNamed.Item("SMSToServer")
Else
	WScript.Echo "Usage: cscript " & WScript.ScriptName & " /User:<UserName>"
	WScript.Echo vbTab & "/SMSFromServer:<FromServer> /SMSToServer:<ToServer>"
	WScript.Echo "Optional: /Copy"
	WScript.Echo ""
	WScript.Echo vbTab & "<User> is the domain\user that need rights on <ToServer>"
	WScript.Echo vbTab & "<FromServer> is the SMS Server to get the rights from"
	WScript.Echo vbTab & "<ToServer> is the SMS Server to set the rights to"
	WScript.Echo vbTab & "/Copy to set the rights. Otherwise only a compare will be done!"
	WScript.Quit
End If

Set oFSO = CreateObject("scripting.filesystemobject")
Set oLogFile = oFSO.OpenTextFile(Replace(WScript.ScriptFullName, "vbs", "log"), ForAppending, True)
logThis "Logfile: " & Replace(WScript.ScriptFullName, "vbs", "log"), True

If colArgsNamed.Exists("Copy") Then
	logThis "Copying permissions for user '" & strUser & "'",True
Else
	logThis "Checking permissions for user '" & strUser & "'",True
End If
logThis "From: " & strFromSiteServer & " To: " & strToSiteServer, True
logThis "", True

Set objFromServerConnection = getSiteConnection(strFromSiteServer)
Set objToServerConnection = getSiteConnection(strToSiteServer) 

Set colFromItems = objFromServerConnection.ExecQuery("SELECT * FROM SMS_UserClassPermissions WHERE UserName='" & Replace(strUser, "\", "\\") & "'")
If colFromItems.Count > 0 Then
	For Each objFromItem in colFromItems
		bolMatch = False
		intToPermissions = 0
		intFromObjectKey = objFromItem.ObjectKey
		intFromPermissions = objFromItem.ClassPermissions
		logThis strFromSiteServer & ": ObjectKey: " & intFromObjectKey & " Permission: " & intFromPermissions, False
		logThis strFromSiteServer & ": " & getStrObjectKey(intFromObjectKey) & ": " & getStrPermission(intFromPermissions), False
		Set colToItems = objToServerConnection.ExecQuery("SELECT * FROM SMS_UserClassPermissions WHERE UserName='" & Replace(strUser, "\", "\\") & "' And ObjectKey='" & intFromObjectKey & "'")
		If colToItems.Count > 0 Then
			For Each objToItem In colToItems
				intToObjectKey = objToItem.ObjectKey
				intToPermissions = objToItem.ClassPermissions
				If intFromPermissions = intToPermissions Then
					logThis "Permissions match for: " & getStrObjectKey(intFromObjectKey), True
					bolMatch = True
				Else
					logThis strToSiteServer & ": ObjectKey: " & intToObjectKey & " Permission: " & intToPermissions, False
					logThis strToSiteServer & ": " & getStrObjectKey(intToObjectKey) & ": " & getStrPermission(intToPermissions), False
				End If
			Next			
		End If
		If Not bolMatch Then
			logThis "Permissions don't match for: " & getStrObjectKey(intFromObjectKey), True
			If intToPermissions  = 0 Then
				logThis "Difference: " & getStrPermission(intFromPermissions), True
			Else
				logThis "Difference: " & getStrPermission(intFromPermissions - (intFromPermissions And IntToPermissions)), True
			End If
			If colArgsNamed.Exists("Copy") Then
				SetPermissions objToServerConnection, strUser, intFromObjectKey, intFromPermissions
			End If
		End if
	Next
End If

Function getSiteConnection(strServer)
	Set objLocator = CreateObject("WbemScripting.SWbemLocator")
	Set objConnection = objLocator.ConnectServer(strServer, "root\sms")
	Set colItems = objConnection.ExecQuery("SELECT * FROM SMS_ProviderLocation")
	For Each objItem in colItems
		strSitecode = objItem.SiteCode
	Next
	
	Set objConnection = objLocator.ConnectServer(strServer, "root\sms\site_" & strSitecode)
	Set getSiteConnection = objConnection
End Function

Sub SetPermissions(objConnection, strUser, intObjectKey, intPermissions)
	logThis "Changing permissions", True
    Set objPermissions = objConnection.Get("SMS_UserClassPermissions").SpawnInstance_()
    If Err.Number <> 0 Then
        logThis "Couldn't get class permissions object", True
        Exit Sub
    End If
    
    objPermissions.UserName = strUser
    objPermissions.ObjectKey = intObjectKey
    objPermissions.ClassPermissions = intPermissions
    
    objPermissions.Put_
    If Err.Number <> 0 Then
        logThis "Couldn't set class permissions!", True
        Err.Clear
    End If
End Sub
 
Function getStrPermission(intPermission)
	If intPermission And 1 Then strPermission = "READ"
	If intPermission And 2 Then strPermission = strPermission & ", MODIFY"
	If intPermission And 4 Then strPermission = strPermission & ", DELETE"
	If intPermission And 8 Then strPermission = strPermission & ", DISTRIBUTE"
	If intPermission And 16 Then strPermission = strPermission & ", Not used"
	If intPermission And 32 Then strPermission = strPermission & ", REMOTE_CONTROL"
	If intPermission And 64 Then strPermission = strPermission & ", ADVERTISE"
	If intPermission And 128 Then strPermission = strPermission & ", MODIFY_RESOURCE"
	If intPermission And 256 Then strPermission = strPermission & ", ADMINISTER"
	If intPermission And 512 Then strPermission = strPermission & ", DELETE_RESOURCE"
	If intPermission And 1024 Then strPermission = strPermission & ", CREATE"
	If intPermission And 2048 Then strPermission = strPermission & ", VIEW_COLL_FILE"
	If intPermission And 4096 Then strPermission = strPermission & ", READ_RESOURCE"
	If intPermission And 8192 Then strPermission = strPermission & ", DELEGATE"
	If intPermission And 16384 Then strPermission = strPermission & ", METER"
	If intPermission And 32768 Then strPermission = strPermission & ", MANAGESQLCOMMAND"
	If intPermission And 65536 Then strPermission = strPermission & ", MANAGESTATUSFILTER"
	If intPermission And 131072 Then strPermission = strPermission & ", MANAGEFOLDER"
	If intPermission And 262144 Then strPermission = strPermission & ", NETWORKACCESS"
	If intPermission And 524288 Then strPermission = strPermission & ", IMPORTMACHINE"
	If intPermission And 1048576 Then strPermission = strPermission & ", CREATETSMEDIA"
	If intPermission And 2097152 Then strPermission = strPermission & ", MODIFYCOLLECTIONSETTING"
	If intPermission And 4194304 Then strPermission = strPermission & ", MANAGEOSDCERTIFICATE"
	If intPermission And 8388608 Then strPermission = strPermission & ", RECOVERUSERSTATE"
	getStrPermission = strPermission
End Function

Function getStrObjectKey(intObjectKey)
	Select Case intObjectKey
		Case 1: strObjectKey = "SMS_Collection" 
		Case 2: strObjectKey = "SMS_Package" 
		Case 3: strObjectKey = "SMS_Advertisement" 
		Case 4: strObjectKey = "SMS_StatusMessage" 
		Case 5: strObjectKey = "Not used"
		Case 6: strObjectKey = "SMS_Site" 
		Case 7: strObjectKey = "SMS_Query" 
		Case 8: strObjectKey = "SMS_Report" 
		Case 9: strObjectKey = "SMS_MeteredProductRule" 
		Case 10: strObjectKey = "SMS_ApplicableUpdatesSummaryEx" 
		Case 11: strObjectKey = "SMS_ConfigurationItem" 
		Case 14: strObjectKey = "SMS_OperatingSystemInstallPackage" 
		Case 15: strObjectKey = "SMS_Template" 
		Case 16: strObjectKey = "SMS_UpdatesAssignment" 
		Case 17: strObjectKey = "SMS_StateMigration" 
		Case 18: strObjectKey = "SMS_ImagePackage" 
		Case 19: strObjectKey = "SMS_BootImagePackage" 
		Case 20: strObjectKey = "SMS_TaskSequencePackage" 
		Case 21: strObjectKey = "SMS_DeviceSettingPackage" 
		Case 22: strObjectKey = "SMS_DeviceSettingItem"
		Case 23: strObjectKey = "SMS_DriverPackage" 
		Case 24: strObjectKey = "SMS_SoftwareUpdatesPackage" 
		Case 25: strObjectKey = "SMS_Driver"
		Case Else: strObjectKey = intObjectKey
	End Select
	getStrObjectKey = strObjectKey
End Function

Sub logThis(strText, bolOutputToScreen)
	oLogFile.WriteLine(strText)
	If bolOutputToScreen Then WScript.Echo strText
End Sub
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.