StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
2010年12月21日 星期二
2010年11月23日 星期二
ipmi management
enable ipmitool -> ipmitool lan set 1 access on
ipaddress setup -> ipmitool lan set 1 ipaddr 192.168.0.57
netmask setup -> ipmitool lan set 1 netmask 255.255.255.0
password setup -> ipmitool user set password 2
enable user account -> ipmitool user enable 3
verify password -> ipmitool user test 2 16 password
user channel privilege setup -> ipmitool channel setaccess 1 3 callin=on ipmi=on link=on privilege=4
enable sol payload for user -> ipmitool sol payload enable 1 3
ipmitool -H 192.168.0.68 -I lan -U root -P password sdr
ipmitool -H 192.168.0.68 -I lanplus -U root -P password sol activate
sel list|clear|info
ipaddress setup -> ipmitool lan set 1 ipaddr 192.168.0.57
netmask setup -> ipmitool lan set 1 netmask 255.255.255.0
password setup -> ipmitool user set password 2
enable user account -> ipmitool user enable 3
verify password -> ipmitool user test 2 16 password
user channel privilege setup -> ipmitool channel setaccess 1
enable sol payload for user -> ipmitool sol payload enable 1 3
ipmitool -H 192.168.0.68 -I lan -U root -P password sdr
ipmitool -H 192.168.0.68 -I lanplus -U root -P password sol activate
sel list|clear|info
2010年11月12日 星期五
Custom GPO
CLASS MACHINE
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!Administractive_share_fix_Title
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\System"
#if version >= 4
SUPPORTED !!SUPPORTED_OS
#endif
#if version >= 3
EXPLAIN !!Administractive_share_fix_Help
#endif
VALUENAME "LocalAccountTokenFilterPolicy"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
END CATEGORY
[strings]
category="Customized Policy Settings"
categoryname="Administractive Share Fix"
SUPPORTED_OS="Windows Vista, Windows 7"
Administractive_share_fix_Title="Enable Remote Access for Administractive Share"
Administractive_share_fix_Help="By default, remote administractive share access is not permitted.\nThis is a fix for allowing users who are under administrator group can access administractive share remotely."
ref: http://support.microsoft.com/kb/225087
有空再補一篇客製化工具
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!Administractive_share_fix_Title
KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\System"
#if version >= 4
SUPPORTED !!SUPPORTED_OS
#endif
#if version >= 3
EXPLAIN !!Administractive_share_fix_Help
#endif
VALUENAME "LocalAccountTokenFilterPolicy"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
END CATEGORY
[strings]
category="Customized Policy Settings"
categoryname="Administractive Share Fix"
SUPPORTED_OS="Windows Vista, Windows 7"
Administractive_share_fix_Title="Enable Remote Access for Administractive Share"
Administractive_share_fix_Help="By default, remote administractive share access is not permitted.\nThis is a fix for allowing users who are under administrator group can access administractive share remotely."
ref: http://support.microsoft.com/kb/225087
有空再補一篇客製化工具
2010年11月11日 星期四
access windows 7 administractive folder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
LocalAccountTokenFilterPolicy
REG_DWORD 1
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
LocalAccountTokenFilterPolicy
REG_DWORD 1
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
2010年10月25日 星期一
manuplate bash parameter
1:redefine IFS
2:rewind parameters
alias will not work in a shell script. using function is an alternate solution to redefine the command which you want to run.
ex:
Parent Process
#!/bin/sh
. /path_of_script/Child_Script
echo "This is a test mail"|mail -s "Test Mail" email@domain
Child Process
#!/bin/sh
function mail(){
myInput=""
for input in "$@"
do
input="${input/ /_}"
if [ "${input:0:1}" == "-" ] && [ "${input}" != "" ] ; then
myInput="${myInput}${input} "
else
myInput="${myInput}${input} "
fi
done
myInput="/usr/bin/mutt -F /tmp/demo/SignOffAdmin ${myInput}"
$myInput
}
please note double quote for $@ is a must
refer to http://www.ibm.com/developerworks/library/l-bash-parameters.html
2:rewind parameters
alias will not work in a shell script. using function is an alternate solution to redefine the command which you want to run.
ex:
Parent Process
#!/bin/sh
. /path_of_script/Child_Script
echo "This is a test mail"|mail -s "Test Mail" email@domain
Child Process
#!/bin/sh
function mail(){
myInput=""
for input in "$@"
do
input="${input/ /_}"
if [ "${input:0:1}" == "-" ] && [ "${input}" != "" ] ; then
myInput="${myInput}${input} "
else
myInput="${myInput}${input} "
fi
done
myInput="/usr/bin/mutt -F /tmp/demo/SignOffAdmin ${myInput}"
$myInput
}
please note double quote for $@ is a must
refer to http://www.ibm.com/developerworks/library/l-bash-parameters.html
2010年9月2日 星期四
visual studio 2010 -- add an extender to gridview template
make sure you add
2010年8月27日 星期五
XP remote management access deny
在充足權限下出現的問題
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg
Local service should have read permission for above registry key.
http://support.microsoft.com/default.aspx?scid=kb;en-us;892192
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg
Local service should have read permission for above registry key.
http://support.microsoft.com/default.aspx?scid=kb;en-us;892192
2010年8月23日 星期一
UAC下,利用autohotkey去執行runas
AdminAccount=
AdminPWD=
ConfigFile=D:\GameStarter.ini
MyCode=%1%
SetWorkingDir %A_ScriptDir%
Loop, %0% ; No need for the intermediary variable 'param':
params .= A_Space . """" . %A_Index% . """"
if( A_USERNAME <> AdminAccount ){
RunAs, %AdminAccount%,%AdminPWD%
Run, %A_ScriptFullPath% %params%
ExitApp
}
Loop
{
FileReadLine, line, %ConfigFile%, %A_Index%
if ErrorLevel
break
StringSplit, word_array, line, `,, . ; Omits periods.
if ( word_array0 == 3 ){
Game_Code=%word_array1%
if ( Game_Code == MyCode ){
GameTitle=%word_array2%
CMD=%word_array3%
}
}
}
if ( CMD <> "" ){
MsgBox, 64, 遊戲啟動器, %GameTitle%, 3
if ( not A_IsAdmin ) {
if ( A_IsCompiled ){
BUF=
Loop, parse, CMD, `\
{
if ( BUF <> "" ){
MYWORKINGDIR =%MYWORKINGDIR%%BUF%\
}
BUF=%A_LoopField%
}
DllCall("shell32\ShellExecuteA", uint, 0, str, "RunAs", str,CMD
, str, str , str, MYWORKINGDIR, int, 1)
}else{
DllCall("shell32\ShellExecuteA", uint, 0, str, "RunAs", str, A_AhkPath
, str, """" . A_ScriptFullPath . """" . SubStr(params,2), str, A_WorkingDir, int, 1)
}
ExitApp
}
} else {
MsgBox, 16, 遊戲啟動器錯誤, 該遊戲並未經過認證通過, 3
}
AdminPWD=
ConfigFile=D:\GameStarter.ini
MyCode=%1%
SetWorkingDir %A_ScriptDir%
Loop, %0% ; No need for the intermediary variable 'param':
params .= A_Space . """" . %A_Index% . """"
if( A_USERNAME <> AdminAccount ){
RunAs, %AdminAccount%,%AdminPWD%
Run, %A_ScriptFullPath% %params%
ExitApp
}
Loop
{
FileReadLine, line, %ConfigFile%, %A_Index%
if ErrorLevel
break
StringSplit, word_array, line, `,, . ; Omits periods.
if ( word_array0 == 3 ){
Game_Code=%word_array1%
if ( Game_Code == MyCode ){
GameTitle=%word_array2%
CMD=%word_array3%
}
}
}
if ( CMD <> "" ){
MsgBox, 64, 遊戲啟動器, %GameTitle%, 3
if ( not A_IsAdmin ) {
if ( A_IsCompiled ){
BUF=
Loop, parse, CMD, `\
{
if ( BUF <> "" ){
MYWORKINGDIR =%MYWORKINGDIR%%BUF%\
}
BUF=%A_LoopField%
}
DllCall("shell32\ShellExecuteA", uint, 0, str, "RunAs", str,CMD
, str, str , str, MYWORKINGDIR, int, 1)
}else{
DllCall("shell32\ShellExecuteA", uint, 0, str, "RunAs", str, A_AhkPath
, str, """" . A_ScriptFullPath . """" . SubStr(params,2), str, A_WorkingDir, int, 1)
}
ExitApp
}
} else {
MsgBox, 16, 遊戲啟動器錯誤, 該遊戲並未經過認證通過, 3
}
2010年8月18日 星期三
ADSI Query String Tips
logical and -> &
logical or -> |
logical not -> !
邏輯組合 - 邏輯判斷式會位於兩運算子之最前端
EX: (&(A=X*)(B=Y*))
logical or -> |
logical not -> !
邏輯組合 - 邏輯判斷式會位於兩運算子之最前端
EX: (&(A=X*)(B=Y*))
2010年8月9日 星期一
CA autoenrollment
On Error Resume Next
Dim currentDirectory,Certreq
Certreq = "certreq.exe"
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
''' Don't change belows this line unless you know what you doing
''' =============================================================================
'''CAPICOM_KEY_LOCATION Enumeration
Const CAPICOM_CURRENT_USER_KEY = 0 'The key is a user key.
Const CAPICOM_LOCAL_MACHINE_KEY = 1 'The key is a machine key.
Const HKEY_CLASSES_ROOT = &H80000000
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
OS = Get_OS(objWMIService)
OS_Type = Get_OS_TYPE(objWMIService)
If ( instr(UCase(OS),UCase("Windows 7")) <> 0 ) and (OS_Type="x64")Then
Script_Engine_Arch = Wscript_Engine
If (Script_Engine_Arch = "x86") or (ElevationCheck = False) Then
Set objShell = CreateObject( "WScript.Shell" )
WINDIR=objShell.ExpandEnvironmentStrings("%windir%")
colScriptBase_Engine = Split(Wscript.FullName,"\")
objScriptEngine = colScriptBase_Engine(UBound(colScriptBase_Engine))
x64ScriptEngine = WINDIR & "\SysWOW64\" & objScriptEngine
Set objelevate = CreateObject("Shell.Application")
objelevate.ShellExecute x64ScriptEngine , Chr(34) & Wscript.ScriptFullName & Chr(34) ,"","runas",1
Else
Main
End If
End If
Sub Main()
UserInfo=Inputbox("Please enter windows AD account for generating CA configuration file!","CA conf generator")
If len(UserInfo) <> 6 Then
Msgbox "Invalid Windows AD ccount",vbCritical+vbOkOnly,"Critical Error"
Wscript.Quit
Else
GetUserInfo UserInfo
End If
SetupConf Config, "[Version]"
SetupConf Config, "Signature=""$Windows NT$"""
SetupConf Config, ""
SetupConf Config, "[NewRequest]"
SetupConf Config, "Subject=""" & UserInfo & """"
SetupConf Config, "ProviderName=""Microsoft Enhanced RSA and AES Cryptographic Provider"""
SetupConf Config, "ProviderType=24"
SetupConf Config, "KeyLength=1024"
SetupConf Config, "Exportable=True"
'SetupConf Config, "Exportable=False"
SetupConf Config, "KeySpec=1"
SetupConf Config, "KeyUsage=0xf0 "
'SetupConf Config, "MachineKeySet=False"
SetupConf Config, "MachineKeySet=True"
SetupConf Config, "SMIME=True"
SetupConf Config, "RequestType=CMC"
SetupConf Config, ""
SetupConf Config, "[EnhancedKeyUsageExtension]"
SetupConf Config, "OID=1.3.6.1.5.5.7.3.2"
SetupConf Config, ""
SetupConf Config, "[RequestAttributes]"
ExportConfigFile Config
SubmitCAREQ
End Sub
Sub GetUserInfo (ByRef rtnString)
On Error Resume Next
Set WshShell = CreateObject("Wscript.Shell")
Set WshSysEnv = WshShell.Environment("PROCESS")
'sUserName=WshSysEnv("USERNAME")
sUserName=rtnString
Set rootDSE = GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
ldapStr = ";(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & sUserName & "));cn,mail,department,physicalDeliveryOfficeName;subtree"
Set rs = conn.Execute(ldapStr)
If rs.RecordCount <> 1 Then
Msgbox "System Error,cannot find user info on AD system",vbCritical + vbYesOnly,"System error"
Wscript.Quit 1
End If
Company = "XXXXXX"
If Trim("Santa Clara") = Trim(rs.Fields("physicalDeliveryOfficeName")) Then
Company = "XXXXXXX"
End If
Select Case UCase(rs.Fields("physicalDeliveryOfficeName"))
Case UCase("TX")
Company = "TX"
State = "TX"
Case UCase("VT")
Company = "VT"
State = "VT"
Case UCase("US")
Company = "US"
State = "CA"
End Select
rtnString = "E=" & rs.Fields("mail") &_
",CN=" & rs.Fields("cn") &_
",OU=" & rs.Fields("department") &_
",O=" & Company &_
",L=" & rs.Fields("physicalDeliveryOfficeName") &_
",S=" & State &_
",C=US"
End Sub
Sub SetupConf (ByRef Configuration, Value)
Configuration = Configuration & Value & vbCrLf
End Sub
Sub ExportConfigFile(Content)
Set objFSO = CreateObject("Scripting.FileSystemObject")
ScriptPath = Left(WScript.ScriptFullName,Len(WScript.ScriptFullName) - Len(WScript.ScriptName))
Config_Name = "MyCA.inf"
Set objTextOutStream = objFSO.CreateTextFile(ScriptPath & Config_Name)
objTextOutStream.Write Content
objTextOutStream.Close
End Sub
Sub SubmitCAREQ()
On Error Resume Next
Set WshShell = CreateObject("Wscript.Shell")
CertSVR = "FQDN_OF_CA_SERVER\CANAME"
WshShell.Exec("%ComSpec% /c certreq -New -f " & chr(34) & currentDirectory & "MyCA.inf" & chr(34) & " " & chr(34) & currentDirectory & "MyCA.req" & chr(34)).StdOut.ReadAll
rtnValue = WshShell.Exec("%ComSpec% /c certreq -Submit -f -config " & CertSVR & " " & chr(34) & currentDirectory & "MyCA.req" &chr(34)).StdOut.ReadAll
RequestId = Split(rtnValue,vbCrLf)
If UBound(RequestId) > 2 Then
DeleteUnusedFiles
Msgbox "CA request has been sent to Server" & vbCrLf &_
"Your Request ID is [" & Trim(Replace(RequestId(1),"RequestId:","")) & "]", vbYesOnly+vbInformation, "NAP-VPN CA apply assistant"
Else
Msgbox "Fail to submit CA request to server" & vbCrLf & "Error info: " & Err.Description,vbYesOnly+vbCritical, "NAP-VPN CA apply assistant"
Wscript.Quit 1
End If
End Sub
Sub DeleteUnusedFiles()
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Config_Name = "MyCA.inf"
REQ_Name = "MyCA.req"
objFSO.DeleteFile currentDirectory & Config_Name
objFSO.DeleteFile currentDirectory & REQ_Name
End Sub
Function Get_OS(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
Get_OS = objItem.Caption
Next
Set colItems = Nothing
End Function
Function Get_OS_TYPE(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
For Each objItem in colItems
If instr( objItem.SystemType,"64") <> 0 Then
Get_OS_TYPE = "x64"
Else
Get_OS_TYPE = "x86"
End If
Next
Set colItems = Nothing
End Function
Function Wscript_Engine()
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SystemDirectory = objFSO.GetSpecialFolder(1)
If Instr(UCase(Wscript.FullName),UCase(SystemDirectory)) <> 0 Then
Wscript_Engine = "x86"
Else
Wscript_Engine = "x64"
End If
End Function
Function ElevationCheck 'test whether user has elevated token
Dim oShell, oExecWhoami, oWhoamiOutput, strWhoamiOutput, boolHasElevatedToken
Set oShell = CreateObject("WScript.Shell")
Set oExecWhoami = oShell.Exec("whoami /groups")
Set oWhoamiOutput = oExecWhoami.StdOut
strWhoamiOutput = oWhoamiOutput.ReadAll
If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then boolHasElevatedToken = True
If boolHasElevatedToken Then
ElevationCheck = True
Else
ElevationCheck = False
End If
End Function
-----------------------------------------------------------------------------------------------------------------------------export
'Option Explicit
'On Error Resume next
'Dim SubjectName
Dim Store, Certificates, Certificate, SavePath, SaveExt, CertNumCounter, PrivateKeyPassword, PK, Uflag, RequestID
Dim objCertStore, objCert, currentDirectory, fso, folder, files, fileIdx, Answer1, Answer2, LatestCertificate
UFlag=false
'''CAPICOM_STORE_LOCATION Enumeration
Const CAPICOM_MEMORY_STORE = 0 'The store is a memory store. Any changes in the contents of the store are not persisted.
Const CAPICOM_LOCAL_MACHINE_STORE = 1 'The store is a local machine store.
Const CAPICOM_CURRENT_USER_STORE = 2 'The store is a current user store.
Const CAPICOM_ACTIVE_DIRECTORY_USER_STORE = 3 'The store is an Active Directory store.
Const CAPICOM_SMART_CARD_USER_STORE = 4 'Stores support smart cardased certificate stores.
'''CAPICOM_CERTIFICATE_FIND_TYPE Enumeration
Const CAPICOM_CERTIFICATE_FIND_SHA1_HASH = 0 'Returns certificates matching a specified SHA1 hash.
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1 'Returns certificates whose subject name exactly or partially matches.
Const CAPICOM_CERTIFICATE_FIND_ISSUER_NAME = 2 'Returns certificates whose issuer name exactly or partially matches.
Const CAPICOM_CERTIFICATE_FIND_ROOT_NAME = 3 'Returns certificates whose root subject name exactly or partially matches.
'''CAPICOM_STORE_OPEN_MODE Enumeration
Const CAPICOM_STORE_OPEN_READ_ONLY = 0 'Open the store in read-only mode.
Const CAPICOM_STORE_OPEN_READ_WRITE = 1 'Open the store in read/write mode.
Const CAPICOM_STORE_OPEN_MAXIMUM_ALLOWED = 2 'Open the store in read/write mode if the user has read/write permissions.
Const CAPICOM_STORE_OPEN_EXISTING_ONLY = 128 'Open existing stores only; do not create a new store. Introduced by CAPICOM 2.0.
Const CAPICOM_STORE_OPEN_INCLUDE_ARCHIVED = 256 'Include archived certificates when using the store. Introduced by CAPICOM 2.0.
'''CAPICOM_CERTIFICATE_SAVE_AS_TYPE Enumeration
Const CAPICOM_CERTIFICATE_SAVE_AS_PFX = 0 'The output file will be formatted as a PFX (PKCS 12) file and any associated private keys.
Const CAPICOM_CERTIFICATE_SAVE_AS_CER = 1 'The output file will be formatted as a CER file with no private keys saved.
'''CAPICOM_CERTIFICATE_INCLUDE_OPTION Enumeration
Const CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT = 0 'Saves all certificates in the chain with the exception of the root entity.
Const CAPICOM_CERTIFICATE_INCLUDE_WHOLE_CHAIN = 1 'Saves the complete certificate chain.
Const CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY = 2 'Saves only the end entity certificate.
'''CAPICOM_KEY_STORAGE_FLAG Enumeration
Const CAPICOM_KEY_STORAGE_DEFAULT = 0 'Default key storage.
Const CAPICOM_KEY_STORAGE_EXPORTABLE = 1 'The key is exportable.
Const CAPICOM_KEY_STORAGE_USER_PROTECTED = 2 'The key is user protected.
'''CAPICOM_KEY_LOCATION Enumeration
Const CAPICOM_CURRENT_USER_KEY = 0 'The key is a user key.
Const CAPICOM_LOCAL_MACHINE_KEY = 1 'The key is a machine key.
Const HKEY_CLASSES_ROOT = &H80000000
Const ConfigStr = "FQDN_OF_CA\CANAME"
Const CertReq = "certreq.exe"
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
OS = Get_OS(objWMIService)
OS_Type = Get_OS_TYPE(objWMIService)
If ( instr(UCase(OS),UCase("Windows 7")) <> 0 ) and (OS_Type="x64")Then
Script_Engine_Arch = Wscript_Engine
If (Script_Engine_Arch = "x86") or (ElevationCheck = False) Then
Set objShell = CreateObject( "WScript.Shell" )
WINDIR=objShell.ExpandEnvironmentStrings("%windir%")
colScriptBase_Engine = Split(Wscript.FullName,"\")
objScriptEngine = colScriptBase_Engine(UBound(colScriptBase_Engine))
x64ScriptEngine = WINDIR & "\SysWOW64\" & objScriptEngine
Set objelevate = CreateObject("Shell.Application")
objelevate.ShellExecute x64ScriptEngine , Chr(34) & Wscript.ScriptFullName & Chr(34) ,"","runas",1
Else
Main
End If
End If
'''\\\\\\\ Sub Functions \\\\\\\\\
'''
Sub Main
RequestID = InputBox("Enter your Certificate RequestID:", "Cert Export & Import for NAP-VPN")
If RequestID="" Then
Wscript.Quit
End If
If isnumeric(RequestID) <> True Then
Msgbox "RequestID must be numeric",vbOkOnly + vbCritical, "rtn Code"
Wscript.Quit 1
End If
'SavePath = "ntcusa"
SaveExt = ".pfx"
PK = "Private"
CertNumCounter = 0
PackageCheck
Retrieve_CER
Install_CER
PrivateKeyPassword = "ntcusa"
'''''RegisterCapicom
ExportCert
'InsertCert
End Sub
Sub PackageCheck()
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(objFSO.GetSpecialFolder(1) & "\" & Certreq) = False Then
objFSO.CopyFile currentDirectory & CertReq , objFSO.GetSpecialFolder(1) & "\"
End If
If err.number <> 0 Then
Msgbox "Fail to install certreq to system!",vbOkOnly + vbCritical, "Certreq error code"
Wscript.Quit 1
End If
Set objFSO = nothing
End Sub
Sub Retrieve_CER
On Error Resume Next
Set WshShell = CreateObject("Wscript.Shell")
rtnValue = WshShell.Exec("%ComSpec% /c certreq -f -config " & ConfigStr & " -retrieve " & RequestID & " " & chr(34) & currentDirectory & PK & ".cer" & chr(34)).StdOut.ReadAll
If instr(rtnValue ,"pending") <> 0 Then
Msgbox "Please call system admin to issue the certificate for you!",vbOkOnly + vbCritical, "Certificate retrieve info"
Wscript.Quit 1
End If
If instr(rtnValue ,"Issued") = 0 Then
Msgbox "Fail to retrieve certificate",vbOkOnly + vbCritical, "Certificate retrieve info"
Wscript.Quit 1
End If
Set WshShell = nothing
End Sub
Sub Install_CER
On Error Resume Next
Set WshShell = CreateObject("Wscript.Shell")
rtnValue = WshShell.Exec("%ComSpec% /c certreq -accept " & chr(34) & currentDirectory & PK & ".cer" & chr(34)).StdOut.ReadAll
DeleteUnusedFiles (currentDirectory & PK & ".cer")
If instr(rtnValue , "Cannot find object or property.") Then
Msgbox "Private key cannot match this certificate." & vbCrLf & "Please resubmit your CA request again.",vbCritical + vbOkOnly,"Certificate import result"
Wscript.Quit 1
End If
Set WshShell = nothing
End Sub
'''\\\\\\\\ This subfunction is for certificate export \\\\\\\\\''
Sub ExportCert
On Error Resume Next
Set Store = CreateObject("CAPICOM.Store")
'''Test Capicom.dll exist of not base on vb error handling
If err.number = 0 Then
'OK, Capicom.dll was registered; do nothing here...
ElseIf err.number = 429 Then
'WScript.Echo "Capicom was registered, but CAPICOM.store object still cannot be created..."
MsgBox("CAPICOM.DLL was registered, but CAPICOM.store object" & VbCrLf & "still cannot be created..." & VbCrLf & "Please contact your local admin")
err.Clear
WScript.Quit 1
Else
'wscript.echo "Unknown error. Error#: " & err.number
MsgBox("Unknown error. Error#: " & err.number & VbCrLf & "Please contact your local admin")
err.clear
WScript.Quit 1 'Terminate script when unknown error occurs...
End If
If isNull(Store) Then
'WScript.Echo "Store object cannot be created; error#: " & err.number
MsgBox("Store object cannot be created. error#: " & err.number & VbCrLf & "Please contact your local admin")
WScript.Quit 1
End If
Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" , CAPICOM_STORE_OPEN_READ_WRITE 'CAPICOM_STORE_OPEN_READ_ONLY
'Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, SubjectName, false)
Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_ISSUER_NAME, "us-NTCSJNT35-CA", false)
If Certificates.Count > 0 Then
For Each Certificate in Certificates
If DateDiff("s",now,Certificate.ValidToDate)<0 Then ' remove expired certificate
Store.remove Certificate
Else
If Certificate.HasPrivateKey Then ' Private Key
If Certificate.PrivateKey.IsExportable Then
If ExtractCertInfo(Certificate) = True Then
Set LatestCertificate = Certificate
UFlag = True
Exit For
End If
Else 'non-exportable key
'Store.remove Certificate
End If
Else 'non-private key
Store.remove Certificate
End If
End If
Next
Else
MsgBox("No applied certificates could be found on your system")
WScript.Quit 1
End If
If UFlag Then
colSubject=Split(LatestCertificate.SubjectName,",")
State = Split(colSubject(5),"=")(1)
AppliedUser=Split(colSubject(1),"=")(1)
LatestCertificate.Save currentDirectory & State & " - " & AppliedUser & SaveExt, PrivateKeyPassword, CAPICOM_CERTIFICATE_SAVE_AS_PFX, CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT
Store.remove LatestCertificate
'Remove Key here
Else
MsgBox("Warnning!! No valid certificate could be found." & VbCrLf & "Please re-enroll with and check the check box 'Mark keys as exportable'.")
End If
Set Certificates = Nothing
Set Store = Nothing
Wscript.Echo "Done"
End Sub
Function ExtractCertInfo(Certificate)
'Wscript.Echo Certificate.SubjectName & vbCrLf & "Valid From : [" & Certificate.ValidFromDate & "] Valid To : [" & Certificate.ValidToDate & "]"
colSubject=Split(Certificate.SubjectName,",")
msg = msg & "Do you want to export this certificate!" & vbCrLf & vbCrLf
msg = msg & "Valid From : [" & Certificate.ValidFromDate & "]" & vbCrLf
msg = msg & "Valid To : [" & Certificate.ValidToDate & "]" & vbCrLf
msg = msg & vbCrLf
msg = msg & Replace(Trim(colSubject(0)),"E=","Email Address : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(1)),"CN=","User Name : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(2)),"OU=","Department : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(3)),"O=","Organization : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(4)),"L=","City : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(5)),"S=","State :") & vbCrLf
msg = msg & Replace(Trim(colSubject(6)),"C=","Country : ") & vbCrLf
rtnValue =Msgbox(msg , vbInformation + vbYesNo, "Certificate Information")
If rtnValue = vbYes Then
ExtractCertInfo = True
Else
ExtractCertInfo = False
End If
End Function
'''\\\\\\\\ This sub function is for certificate import action\\\\\\\\\''
Sub InsertCert
On Error Resume next
set objCertStore = CreateObject ("CAPICOM.Store")
set objCert = CreateObject ("CAPICOM.Certificate")
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
objCertStore.Open CAPICOM_LOCAL_MACHINE_STORE, "My", CAPICOM_STORE_OPEN_READ_WRITE
objCert.Load currentDirectory & PK & SaveExt, PrivateKeyPassword, CAPICOM_KEY_STORAGE_DEFAULT, CAPICOM_LOCAL_MACHINE_KEY
objCertStore.Add objCert
If err.number = 0 Then
DeleteUnusedFiles PK & SaveExt
MSgbox "Complete to install NAPVPN certificate on your Machine",vbOkOnly + vbInformation,"Certificate import result"
Else
MSgbox "Fail to install NAPVPN certificate on your Machine" & vbCrLf & "Please contact your local admin!",vbOkOnly + vbCritical,"Certificate import result"
Wscript.Quit 1
End If
objCertStore.close
If Uflag Then
objCertStore.open CAPICOM_CURRENT_USER_STORE, "MY" , CAPICOM_STORE_OPEN_READ_WRITE 'CAPICOM_STORE_OPEN_READ_ONLY
objCertStore.Remove LatestCertificate
objCertStore.close
End If
Set objCertStore = Nothing
Set objCert = Nothing
Set fso = Nothing
End Sub
Sub DeleteUnusedFiles(FileName)
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.DeleteFile FileName
Set objFSO = nothing
End Sub
Function Get_OS(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
Get_OS = objItem.Caption
Next
Set colItems = Nothing
End Function
Function Get_OS_TYPE(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
For Each objItem in colItems
If instr( objItem.SystemType,"64") <> 0 Then
Get_OS_TYPE = "x64"
Else
Get_OS_TYPE = "x86"
End If
Next
Set colItems = Nothing
End Function
Function Wscript_Engine()
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SystemDirectory = objFSO.GetSpecialFolder(1)
If Instr(UCase(Wscript.FullName),UCase(SystemDirectory)) <> 0 Then
Wscript_Engine = "x86"
Else
Wscript_Engine = "x64"
End If
End Function
Function ElevationCheck 'test whether user has elevated token
Dim oShell, oExecWhoami, oWhoamiOutput, strWhoamiOutput, boolHasElevatedToken
Set oShell = CreateObject("WScript.Shell")
Set oExecWhoami = oShell.Exec("whoami /groups")
Set oWhoamiOutput = oExecWhoami.StdOut
strWhoamiOutput = oWhoamiOutput.ReadAll
If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then boolHasElevatedToken = True
If boolHasElevatedToken Then
ElevationCheck = True
Else
ElevationCheck = False
End If
End Function
------------------------------------------------------------------------------------------------------------------------------env check
On Error Resume Next
Const HKEY_CLASSES_ROOT = &H80000000
Const CAPICOM_LOCAL_MACHINE_STORE = 1 'The store is a local machine store.
Const CAPICOM_STORE_OPEN_READ_WRITE = 1 'Open the store in read/write mode.
Const CertReq = "certreq.exe"
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
OS = Get_OS(objWMIService)
OS_Type = Get_OS_TYPE(objWMIService)
If ( instr(UCase(OS),UCase("Windows 7")) <> 0 ) and (OS_Type="x64")Then
Script_Engine_Arch = Wscript_Engine
If (Script_Engine_Arch = "x86") or (ElevationCheck = False) Then
Set objShell = CreateObject( "WScript.Shell" )
WINDIR=objShell.ExpandEnvironmentStrings("%windir%")
colScriptBase_Engine = Split(Wscript.FullName,"\")
objScriptEngine = colScriptBase_Engine(UBound(colScriptBase_Engine))
x64ScriptEngine = WINDIR & "\SysWOW64\" & objScriptEngine
Set objelevate = CreateObject("Shell.Application")
objelevate.ShellExecute x64ScriptEngine , Chr(34) & Wscript.ScriptFullName & Chr(34) ,"","runas",1
Else
Main
End If
End If
Sub Main
PackageCheck
RegisterCapicom
InstallMainCA
End Sub
Sub InstallMainCA()
On Error Resume Next
set oCertStore = CreateObject ("CAPICOM.Store")
set oCert = CreateObject ("CAPICOM.Certificate")
Certificate = currentDirectory & "certnew.cer"
oCertStore.Open 1, "ROOT", 2
oCert.Load Certificate, , 1, 1
oCertStore.Add oCert
If Err.Number <> 0 Then
Msgbox Err.Description,vbYesonly + vbCritical, "Root Certificate Import Result"
Wscript.Quit 1
Else
Msgbox "Root Certificate has been installed on this computer Successfully.",vbYesonly + vbInformation, "Root Certificate Import Result"
End If
End Sub
Function Get_OS(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
Get_OS = objItem.Caption
Next
Set colItems = Nothing
End Function
Function Get_OS_TYPE(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
For Each objItem in colItems
If instr( objItem.SystemType,"64") <> 0 Then
Get_OS_TYPE = "x64"
Else
Get_OS_TYPE = "x86"
End If
Next
Set colItems = Nothing
End Function
Function Wscript_Engine()
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SystemDirectory = objFSO.GetSpecialFolder(1)
If Instr(UCase(Wscript.FullName),UCase(SystemDirectory)) <> 0 Then
Wscript_Engine = "x86"
Else
Wscript_Engine = "x64"
End If
End Function
Sub PackageCheck()
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(objFSO.GetSpecialFolder(1) & "\" & Certreq) = False Then
objFSO.CopyFile currentDirectory & CertReq , objFSO.GetSpecialFolder(1) & "\"
End If
If err.number <> 0 Then
Msgbox "Fail to install certreq to system!",vbOkOnly + vbCritical, "Certreq error code"
Wscript.Quit 1
End If
Set objFSO = nothing
End Sub
'''\\Copy and register Capicom.dll from system32 directory if it is missing in client system\\
Sub RegisterCapicom
Dim SystemDirectory, FileSystemObj, ShellObj
WScript.Echo "Check local system for capicom registration...."
If CapicomRegged Then
'WScript.Echo "Capicom was registered before the launch of this script!!"
MsgBox("CAPICOM.DLL was registered!!")
Exit Sub
Else
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SystemDirectory = objFSO.GetSpecialFolder(1) 'get system32 folder
If objFSO.FileExists( SystemDirectory & "\capicom.dll" ) = False Then
If objFSO.FileExists ( currentDirectory & "capicom.dll" ) = True Then
objFSO.CopyFile currentDirectory & "capicom.dll", SystemDirectory & "\"
'
Else
MsgBox("CAPICOM.DLL is missing! Please ensure CAPICOM.DLL is in the same directory as this program.")
' FileSystemObj.CopyFile currentDirectory & "capicom.dll", SystemDirectory & "\"
End If
Else
Set ShellObj = Wscript.CreateObject("Wscript.Shell")
ShellObj.Run "cmd.exe /c regsvr32.exe /s " & Chr(34) & SystemDirectory & "\capicom.dll" & Chr(34),0,vbTrue
'WScript.Echo "Capicom.dll v2.1.0.3 is now registered in your" & VbCrLf & "System Directory: " & SystemDirectory & VbCrLf & "Please rerun this script..."
MsgBox("Capicom.dll v2.1.0.3 is now registered!")
Set shellobj = Nothing
End If
set objFSO = Nothing
End If
'Wscript.Quit 0
End Sub
'''\\\Check is Capicom regged or not...
Function CapicomRegged()
Dim strComputer, objReg, strKeyPath, RegKeyExists, strValueName, returnValue
strComputer = "."
strKeyPath = "CLSID\"
strValueName = "{03ACC284-B757-4B8F-9951-86E600D2CD06}"
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
objReg.EnumKey HKEY_CLASSES_ROOT, strKeyPath, returnValue
CapicomRegged = False
If Not IsNull(returnValue) Then
'WScript.Echo "Goto For loop"
For Each s In returnValue
'WScript.Echo s
If lcase(s) = lcase(strValueName) Then
CapicomRegged = True
'WScript.Echo RegKeyExists
Exit Function
End If
Next
End If
End Function
Function ElevationCheck 'test whether user has elevated token
Dim oShell, oExecWhoami, oWhoamiOutput, strWhoamiOutput, boolHasElevatedToken
Set oShell = CreateObject("WScript.Shell")
Set oExecWhoami = oShell.Exec("whoami /groups")
Set oWhoamiOutput = oExecWhoami.StdOut
strWhoamiOutput = oWhoamiOutput.ReadAll
If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then boolHasElevatedToken = True
If boolHasElevatedToken Then
ElevationCheck = True
Else
ElevationCheck = False
End If
End Function
Dim currentDirectory,Certreq
Certreq = "certreq.exe"
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
''' Don't change belows this line unless you know what you doing
''' =============================================================================
'''CAPICOM_KEY_LOCATION Enumeration
Const CAPICOM_CURRENT_USER_KEY = 0 'The key is a user key.
Const CAPICOM_LOCAL_MACHINE_KEY = 1 'The key is a machine key.
Const HKEY_CLASSES_ROOT = &H80000000
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
OS = Get_OS(objWMIService)
OS_Type = Get_OS_TYPE(objWMIService)
If ( instr(UCase(OS),UCase("Windows 7")) <> 0 ) and (OS_Type="x64")Then
Script_Engine_Arch = Wscript_Engine
If (Script_Engine_Arch = "x86") or (ElevationCheck = False) Then
Set objShell = CreateObject( "WScript.Shell" )
WINDIR=objShell.ExpandEnvironmentStrings("%windir%")
colScriptBase_Engine = Split(Wscript.FullName,"\")
objScriptEngine = colScriptBase_Engine(UBound(colScriptBase_Engine))
x64ScriptEngine = WINDIR & "\SysWOW64\" & objScriptEngine
Set objelevate = CreateObject("Shell.Application")
objelevate.ShellExecute x64ScriptEngine , Chr(34) & Wscript.ScriptFullName & Chr(34) ,"","runas",1
Else
Main
End If
End If
Sub Main()
UserInfo=Inputbox("Please enter windows AD account for generating CA configuration file!","CA conf generator")
If len(UserInfo) <> 6 Then
Msgbox "Invalid Windows AD ccount",vbCritical+vbOkOnly,"Critical Error"
Wscript.Quit
Else
GetUserInfo UserInfo
End If
SetupConf Config, "[Version]"
SetupConf Config, "Signature=""$Windows NT$"""
SetupConf Config, ""
SetupConf Config, "[NewRequest]"
SetupConf Config, "Subject=""" & UserInfo & """"
SetupConf Config, "ProviderName=""Microsoft Enhanced RSA and AES Cryptographic Provider"""
SetupConf Config, "ProviderType=24"
SetupConf Config, "KeyLength=1024"
SetupConf Config, "Exportable=True"
'SetupConf Config, "Exportable=False"
SetupConf Config, "KeySpec=1"
SetupConf Config, "KeyUsage=0xf0 "
'SetupConf Config, "MachineKeySet=False"
SetupConf Config, "MachineKeySet=True"
SetupConf Config, "SMIME=True"
SetupConf Config, "RequestType=CMC"
SetupConf Config, ""
SetupConf Config, "[EnhancedKeyUsageExtension]"
SetupConf Config, "OID=1.3.6.1.5.5.7.3.2"
SetupConf Config, ""
SetupConf Config, "[RequestAttributes]"
ExportConfigFile Config
SubmitCAREQ
End Sub
Sub GetUserInfo (ByRef rtnString)
On Error Resume Next
Set WshShell = CreateObject("Wscript.Shell")
Set WshSysEnv = WshShell.Environment("PROCESS")
'sUserName=WshSysEnv("USERNAME")
sUserName=rtnString
Set rootDSE = GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
ldapStr = "
Set rs = conn.Execute(ldapStr)
If rs.RecordCount <> 1 Then
Msgbox "System Error,cannot find user info on AD system",vbCritical + vbYesOnly,"System error"
Wscript.Quit 1
End If
Company = "XXXXXX"
If Trim("Santa Clara") = Trim(rs.Fields("physicalDeliveryOfficeName")) Then
Company = "XXXXXXX"
End If
Select Case UCase(rs.Fields("physicalDeliveryOfficeName"))
Case UCase("TX")
Company = "TX"
State = "TX"
Case UCase("VT")
Company = "VT"
State = "VT"
Case UCase("US")
Company = "US"
State = "CA"
End Select
rtnString = "E=" & rs.Fields("mail") &_
",CN=" & rs.Fields("cn") &_
",OU=" & rs.Fields("department") &_
",O=" & Company &_
",L=" & rs.Fields("physicalDeliveryOfficeName") &_
",S=" & State &_
",C=US"
End Sub
Sub SetupConf (ByRef Configuration, Value)
Configuration = Configuration & Value & vbCrLf
End Sub
Sub ExportConfigFile(Content)
Set objFSO = CreateObject("Scripting.FileSystemObject")
ScriptPath = Left(WScript.ScriptFullName,Len(WScript.ScriptFullName) - Len(WScript.ScriptName))
Config_Name = "MyCA.inf"
Set objTextOutStream = objFSO.CreateTextFile(ScriptPath & Config_Name)
objTextOutStream.Write Content
objTextOutStream.Close
End Sub
Sub SubmitCAREQ()
On Error Resume Next
Set WshShell = CreateObject("Wscript.Shell")
CertSVR = "FQDN_OF_CA_SERVER\CANAME"
WshShell.Exec("%ComSpec% /c certreq -New -f " & chr(34) & currentDirectory & "MyCA.inf" & chr(34) & " " & chr(34) & currentDirectory & "MyCA.req" & chr(34)).StdOut.ReadAll
rtnValue = WshShell.Exec("%ComSpec% /c certreq -Submit -f -config " & CertSVR & " " & chr(34) & currentDirectory & "MyCA.req" &chr(34)).StdOut.ReadAll
RequestId = Split(rtnValue,vbCrLf)
If UBound(RequestId) > 2 Then
DeleteUnusedFiles
Msgbox "CA request has been sent to Server" & vbCrLf &_
"Your Request ID is [" & Trim(Replace(RequestId(1),"RequestId:","")) & "]", vbYesOnly+vbInformation, "NAP-VPN CA apply assistant"
Else
Msgbox "Fail to submit CA request to server" & vbCrLf & "Error info: " & Err.Description,vbYesOnly+vbCritical, "NAP-VPN CA apply assistant"
Wscript.Quit 1
End If
End Sub
Sub DeleteUnusedFiles()
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Config_Name = "MyCA.inf"
REQ_Name = "MyCA.req"
objFSO.DeleteFile currentDirectory & Config_Name
objFSO.DeleteFile currentDirectory & REQ_Name
End Sub
Function Get_OS(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
Get_OS = objItem.Caption
Next
Set colItems = Nothing
End Function
Function Get_OS_TYPE(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
For Each objItem in colItems
If instr( objItem.SystemType,"64") <> 0 Then
Get_OS_TYPE = "x64"
Else
Get_OS_TYPE = "x86"
End If
Next
Set colItems = Nothing
End Function
Function Wscript_Engine()
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SystemDirectory = objFSO.GetSpecialFolder(1)
If Instr(UCase(Wscript.FullName),UCase(SystemDirectory)) <> 0 Then
Wscript_Engine = "x86"
Else
Wscript_Engine = "x64"
End If
End Function
Function ElevationCheck 'test whether user has elevated token
Dim oShell, oExecWhoami, oWhoamiOutput, strWhoamiOutput, boolHasElevatedToken
Set oShell = CreateObject("WScript.Shell")
Set oExecWhoami = oShell.Exec("whoami /groups")
Set oWhoamiOutput = oExecWhoami.StdOut
strWhoamiOutput = oWhoamiOutput.ReadAll
If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then boolHasElevatedToken = True
If boolHasElevatedToken Then
ElevationCheck = True
Else
ElevationCheck = False
End If
End Function
-----------------------------------------------------------------------------------------------------------------------------export
'Option Explicit
'On Error Resume next
'Dim SubjectName
Dim Store, Certificates, Certificate, SavePath, SaveExt, CertNumCounter, PrivateKeyPassword, PK, Uflag, RequestID
Dim objCertStore, objCert, currentDirectory, fso, folder, files, fileIdx, Answer1, Answer2, LatestCertificate
UFlag=false
'''CAPICOM_STORE_LOCATION Enumeration
Const CAPICOM_MEMORY_STORE = 0 'The store is a memory store. Any changes in the contents of the store are not persisted.
Const CAPICOM_LOCAL_MACHINE_STORE = 1 'The store is a local machine store.
Const CAPICOM_CURRENT_USER_STORE = 2 'The store is a current user store.
Const CAPICOM_ACTIVE_DIRECTORY_USER_STORE = 3 'The store is an Active Directory store.
Const CAPICOM_SMART_CARD_USER_STORE = 4 'Stores support smart cardased certificate stores.
'''CAPICOM_CERTIFICATE_FIND_TYPE Enumeration
Const CAPICOM_CERTIFICATE_FIND_SHA1_HASH = 0 'Returns certificates matching a specified SHA1 hash.
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1 'Returns certificates whose subject name exactly or partially matches.
Const CAPICOM_CERTIFICATE_FIND_ISSUER_NAME = 2 'Returns certificates whose issuer name exactly or partially matches.
Const CAPICOM_CERTIFICATE_FIND_ROOT_NAME = 3 'Returns certificates whose root subject name exactly or partially matches.
'''CAPICOM_STORE_OPEN_MODE Enumeration
Const CAPICOM_STORE_OPEN_READ_ONLY = 0 'Open the store in read-only mode.
Const CAPICOM_STORE_OPEN_READ_WRITE = 1 'Open the store in read/write mode.
Const CAPICOM_STORE_OPEN_MAXIMUM_ALLOWED = 2 'Open the store in read/write mode if the user has read/write permissions.
Const CAPICOM_STORE_OPEN_EXISTING_ONLY = 128 'Open existing stores only; do not create a new store. Introduced by CAPICOM 2.0.
Const CAPICOM_STORE_OPEN_INCLUDE_ARCHIVED = 256 'Include archived certificates when using the store. Introduced by CAPICOM 2.0.
'''CAPICOM_CERTIFICATE_SAVE_AS_TYPE Enumeration
Const CAPICOM_CERTIFICATE_SAVE_AS_PFX = 0 'The output file will be formatted as a PFX (PKCS 12) file and any associated private keys.
Const CAPICOM_CERTIFICATE_SAVE_AS_CER = 1 'The output file will be formatted as a CER file with no private keys saved.
'''CAPICOM_CERTIFICATE_INCLUDE_OPTION Enumeration
Const CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT = 0 'Saves all certificates in the chain with the exception of the root entity.
Const CAPICOM_CERTIFICATE_INCLUDE_WHOLE_CHAIN = 1 'Saves the complete certificate chain.
Const CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY = 2 'Saves only the end entity certificate.
'''CAPICOM_KEY_STORAGE_FLAG Enumeration
Const CAPICOM_KEY_STORAGE_DEFAULT = 0 'Default key storage.
Const CAPICOM_KEY_STORAGE_EXPORTABLE = 1 'The key is exportable.
Const CAPICOM_KEY_STORAGE_USER_PROTECTED = 2 'The key is user protected.
'''CAPICOM_KEY_LOCATION Enumeration
Const CAPICOM_CURRENT_USER_KEY = 0 'The key is a user key.
Const CAPICOM_LOCAL_MACHINE_KEY = 1 'The key is a machine key.
Const HKEY_CLASSES_ROOT = &H80000000
Const ConfigStr = "FQDN_OF_CA\CANAME"
Const CertReq = "certreq.exe"
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
OS = Get_OS(objWMIService)
OS_Type = Get_OS_TYPE(objWMIService)
If ( instr(UCase(OS),UCase("Windows 7")) <> 0 ) and (OS_Type="x64")Then
Script_Engine_Arch = Wscript_Engine
If (Script_Engine_Arch = "x86") or (ElevationCheck = False) Then
Set objShell = CreateObject( "WScript.Shell" )
WINDIR=objShell.ExpandEnvironmentStrings("%windir%")
colScriptBase_Engine = Split(Wscript.FullName,"\")
objScriptEngine = colScriptBase_Engine(UBound(colScriptBase_Engine))
x64ScriptEngine = WINDIR & "\SysWOW64\" & objScriptEngine
Set objelevate = CreateObject("Shell.Application")
objelevate.ShellExecute x64ScriptEngine , Chr(34) & Wscript.ScriptFullName & Chr(34) ,"","runas",1
Else
Main
End If
End If
'''\\\\\\\ Sub Functions \\\\\\\\\
'''
Sub Main
RequestID = InputBox("Enter your Certificate RequestID:", "Cert Export & Import for NAP-VPN")
If RequestID="" Then
Wscript.Quit
End If
If isnumeric(RequestID) <> True Then
Msgbox "RequestID must be numeric",vbOkOnly + vbCritical, "rtn Code"
Wscript.Quit 1
End If
'SavePath = "ntcusa"
SaveExt = ".pfx"
PK = "Private"
CertNumCounter = 0
PackageCheck
Retrieve_CER
Install_CER
PrivateKeyPassword = "ntcusa"
'''''RegisterCapicom
ExportCert
'InsertCert
End Sub
Sub PackageCheck()
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(objFSO.GetSpecialFolder(1) & "\" & Certreq) = False Then
objFSO.CopyFile currentDirectory & CertReq , objFSO.GetSpecialFolder(1) & "\"
End If
If err.number <> 0 Then
Msgbox "Fail to install certreq to system!",vbOkOnly + vbCritical, "Certreq error code"
Wscript.Quit 1
End If
Set objFSO = nothing
End Sub
Sub Retrieve_CER
On Error Resume Next
Set WshShell = CreateObject("Wscript.Shell")
rtnValue = WshShell.Exec("%ComSpec% /c certreq -f -config " & ConfigStr & " -retrieve " & RequestID & " " & chr(34) & currentDirectory & PK & ".cer" & chr(34)).StdOut.ReadAll
If instr(rtnValue ,"pending") <> 0 Then
Msgbox "Please call system admin to issue the certificate for you!",vbOkOnly + vbCritical, "Certificate retrieve info"
Wscript.Quit 1
End If
If instr(rtnValue ,"Issued") = 0 Then
Msgbox "Fail to retrieve certificate",vbOkOnly + vbCritical, "Certificate retrieve info"
Wscript.Quit 1
End If
Set WshShell = nothing
End Sub
Sub Install_CER
On Error Resume Next
Set WshShell = CreateObject("Wscript.Shell")
rtnValue = WshShell.Exec("%ComSpec% /c certreq -accept " & chr(34) & currentDirectory & PK & ".cer" & chr(34)).StdOut.ReadAll
DeleteUnusedFiles (currentDirectory & PK & ".cer")
If instr(rtnValue , "Cannot find object or property.") Then
Msgbox "Private key cannot match this certificate." & vbCrLf & "Please resubmit your CA request again.",vbCritical + vbOkOnly,"Certificate import result"
Wscript.Quit 1
End If
Set WshShell = nothing
End Sub
'''\\\\\\\\ This subfunction is for certificate export \\\\\\\\\''
Sub ExportCert
On Error Resume Next
Set Store = CreateObject("CAPICOM.Store")
'''Test Capicom.dll exist of not base on vb error handling
If err.number = 0 Then
'OK, Capicom.dll was registered; do nothing here...
ElseIf err.number = 429 Then
'WScript.Echo "Capicom was registered, but CAPICOM.store object still cannot be created..."
MsgBox("CAPICOM.DLL was registered, but CAPICOM.store object" & VbCrLf & "still cannot be created..." & VbCrLf & "Please contact your local admin")
err.Clear
WScript.Quit 1
Else
'wscript.echo "Unknown error. Error#: " & err.number
MsgBox("Unknown error. Error#: " & err.number & VbCrLf & "Please contact your local admin")
err.clear
WScript.Quit 1 'Terminate script when unknown error occurs...
End If
If isNull(Store) Then
'WScript.Echo "Store object cannot be created; error#: " & err.number
MsgBox("Store object cannot be created. error#: " & err.number & VbCrLf & "Please contact your local admin")
WScript.Quit 1
End If
Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" , CAPICOM_STORE_OPEN_READ_WRITE 'CAPICOM_STORE_OPEN_READ_ONLY
'Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, SubjectName, false)
Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_ISSUER_NAME, "us-NTCSJNT35-CA", false)
If Certificates.Count > 0 Then
For Each Certificate in Certificates
If DateDiff("s",now,Certificate.ValidToDate)<0 Then ' remove expired certificate
Store.remove Certificate
Else
If Certificate.HasPrivateKey Then ' Private Key
If Certificate.PrivateKey.IsExportable Then
If ExtractCertInfo(Certificate) = True Then
Set LatestCertificate = Certificate
UFlag = True
Exit For
End If
Else 'non-exportable key
'Store.remove Certificate
End If
Else 'non-private key
Store.remove Certificate
End If
End If
Next
Else
MsgBox("No applied certificates could be found on your system")
WScript.Quit 1
End If
If UFlag Then
colSubject=Split(LatestCertificate.SubjectName,",")
State = Split(colSubject(5),"=")(1)
AppliedUser=Split(colSubject(1),"=")(1)
LatestCertificate.Save currentDirectory & State & " - " & AppliedUser & SaveExt, PrivateKeyPassword, CAPICOM_CERTIFICATE_SAVE_AS_PFX, CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT
Store.remove LatestCertificate
'Remove Key here
Else
MsgBox("Warnning!! No valid certificate could be found." & VbCrLf & "Please re-enroll with and check the check box 'Mark keys as exportable'.")
End If
Set Certificates = Nothing
Set Store = Nothing
Wscript.Echo "Done"
End Sub
Function ExtractCertInfo(Certificate)
'Wscript.Echo Certificate.SubjectName & vbCrLf & "Valid From : [" & Certificate.ValidFromDate & "] Valid To : [" & Certificate.ValidToDate & "]"
colSubject=Split(Certificate.SubjectName,",")
msg = msg & "Do you want to export this certificate!" & vbCrLf & vbCrLf
msg = msg & "Valid From : [" & Certificate.ValidFromDate & "]" & vbCrLf
msg = msg & "Valid To : [" & Certificate.ValidToDate & "]" & vbCrLf
msg = msg & vbCrLf
msg = msg & Replace(Trim(colSubject(0)),"E=","Email Address : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(1)),"CN=","User Name : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(2)),"OU=","Department : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(3)),"O=","Organization : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(4)),"L=","City : ") & vbCrLf
msg = msg & Replace(Trim(colSubject(5)),"S=","State :") & vbCrLf
msg = msg & Replace(Trim(colSubject(6)),"C=","Country : ") & vbCrLf
rtnValue =Msgbox(msg , vbInformation + vbYesNo, "Certificate Information")
If rtnValue = vbYes Then
ExtractCertInfo = True
Else
ExtractCertInfo = False
End If
End Function
'''\\\\\\\\ This sub function is for certificate import action\\\\\\\\\''
Sub InsertCert
On Error Resume next
set objCertStore = CreateObject ("CAPICOM.Store")
set objCert = CreateObject ("CAPICOM.Certificate")
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
objCertStore.Open CAPICOM_LOCAL_MACHINE_STORE, "My", CAPICOM_STORE_OPEN_READ_WRITE
objCert.Load currentDirectory & PK & SaveExt, PrivateKeyPassword, CAPICOM_KEY_STORAGE_DEFAULT, CAPICOM_LOCAL_MACHINE_KEY
objCertStore.Add objCert
If err.number = 0 Then
DeleteUnusedFiles PK & SaveExt
MSgbox "Complete to install NAPVPN certificate on your Machine",vbOkOnly + vbInformation,"Certificate import result"
Else
MSgbox "Fail to install NAPVPN certificate on your Machine" & vbCrLf & "Please contact your local admin!",vbOkOnly + vbCritical,"Certificate import result"
Wscript.Quit 1
End If
objCertStore.close
If Uflag Then
objCertStore.open CAPICOM_CURRENT_USER_STORE, "MY" , CAPICOM_STORE_OPEN_READ_WRITE 'CAPICOM_STORE_OPEN_READ_ONLY
objCertStore.Remove LatestCertificate
objCertStore.close
End If
Set objCertStore = Nothing
Set objCert = Nothing
Set fso = Nothing
End Sub
Sub DeleteUnusedFiles(FileName)
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.DeleteFile FileName
Set objFSO = nothing
End Sub
Function Get_OS(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
Get_OS = objItem.Caption
Next
Set colItems = Nothing
End Function
Function Get_OS_TYPE(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
For Each objItem in colItems
If instr( objItem.SystemType,"64") <> 0 Then
Get_OS_TYPE = "x64"
Else
Get_OS_TYPE = "x86"
End If
Next
Set colItems = Nothing
End Function
Function Wscript_Engine()
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SystemDirectory = objFSO.GetSpecialFolder(1)
If Instr(UCase(Wscript.FullName),UCase(SystemDirectory)) <> 0 Then
Wscript_Engine = "x86"
Else
Wscript_Engine = "x64"
End If
End Function
Function ElevationCheck 'test whether user has elevated token
Dim oShell, oExecWhoami, oWhoamiOutput, strWhoamiOutput, boolHasElevatedToken
Set oShell = CreateObject("WScript.Shell")
Set oExecWhoami = oShell.Exec("whoami /groups")
Set oWhoamiOutput = oExecWhoami.StdOut
strWhoamiOutput = oWhoamiOutput.ReadAll
If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then boolHasElevatedToken = True
If boolHasElevatedToken Then
ElevationCheck = True
Else
ElevationCheck = False
End If
End Function
------------------------------------------------------------------------------------------------------------------------------env check
On Error Resume Next
Const HKEY_CLASSES_ROOT = &H80000000
Const CAPICOM_LOCAL_MACHINE_STORE = 1 'The store is a local machine store.
Const CAPICOM_STORE_OPEN_READ_WRITE = 1 'Open the store in read/write mode.
Const CertReq = "certreq.exe"
currentDirectory = left(WScript.ScriptFullName,(Len(WScript.ScriptFullName))-(len(WScript.ScriptName)))
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
OS = Get_OS(objWMIService)
OS_Type = Get_OS_TYPE(objWMIService)
If ( instr(UCase(OS),UCase("Windows 7")) <> 0 ) and (OS_Type="x64")Then
Script_Engine_Arch = Wscript_Engine
If (Script_Engine_Arch = "x86") or (ElevationCheck = False) Then
Set objShell = CreateObject( "WScript.Shell" )
WINDIR=objShell.ExpandEnvironmentStrings("%windir%")
colScriptBase_Engine = Split(Wscript.FullName,"\")
objScriptEngine = colScriptBase_Engine(UBound(colScriptBase_Engine))
x64ScriptEngine = WINDIR & "\SysWOW64\" & objScriptEngine
Set objelevate = CreateObject("Shell.Application")
objelevate.ShellExecute x64ScriptEngine , Chr(34) & Wscript.ScriptFullName & Chr(34) ,"","runas",1
Else
Main
End If
End If
Sub Main
PackageCheck
RegisterCapicom
InstallMainCA
End Sub
Sub InstallMainCA()
On Error Resume Next
set oCertStore = CreateObject ("CAPICOM.Store")
set oCert = CreateObject ("CAPICOM.Certificate")
Certificate = currentDirectory & "certnew.cer"
oCertStore.Open 1, "ROOT", 2
oCert.Load Certificate, , 1, 1
oCertStore.Add oCert
If Err.Number <> 0 Then
Msgbox Err.Description,vbYesonly + vbCritical, "Root Certificate Import Result"
Wscript.Quit 1
Else
Msgbox "Root Certificate has been installed on this computer Successfully.",vbYesonly + vbInformation, "Root Certificate Import Result"
End If
End Sub
Function Get_OS(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
Get_OS = objItem.Caption
Next
Set colItems = Nothing
End Function
Function Get_OS_TYPE(ByRef objWMIService)
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
For Each objItem in colItems
If instr( objItem.SystemType,"64") <> 0 Then
Get_OS_TYPE = "x64"
Else
Get_OS_TYPE = "x86"
End If
Next
Set colItems = Nothing
End Function
Function Wscript_Engine()
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SystemDirectory = objFSO.GetSpecialFolder(1)
If Instr(UCase(Wscript.FullName),UCase(SystemDirectory)) <> 0 Then
Wscript_Engine = "x86"
Else
Wscript_Engine = "x64"
End If
End Function
Sub PackageCheck()
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(objFSO.GetSpecialFolder(1) & "\" & Certreq) = False Then
objFSO.CopyFile currentDirectory & CertReq , objFSO.GetSpecialFolder(1) & "\"
End If
If err.number <> 0 Then
Msgbox "Fail to install certreq to system!",vbOkOnly + vbCritical, "Certreq error code"
Wscript.Quit 1
End If
Set objFSO = nothing
End Sub
'''\\Copy and register Capicom.dll from system32 directory if it is missing in client system\\
Sub RegisterCapicom
Dim SystemDirectory, FileSystemObj, ShellObj
WScript.Echo "Check local system for capicom registration...."
If CapicomRegged Then
'WScript.Echo "Capicom was registered before the launch of this script!!"
MsgBox("CAPICOM.DLL was registered!!")
Exit Sub
Else
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SystemDirectory = objFSO.GetSpecialFolder(1) 'get system32 folder
If objFSO.FileExists( SystemDirectory & "\capicom.dll" ) = False Then
If objFSO.FileExists ( currentDirectory & "capicom.dll" ) = True Then
objFSO.CopyFile currentDirectory & "capicom.dll", SystemDirectory & "\"
'
Else
MsgBox("CAPICOM.DLL is missing! Please ensure CAPICOM.DLL is in the same directory as this program.")
' FileSystemObj.CopyFile currentDirectory & "capicom.dll", SystemDirectory & "\"
End If
Else
Set ShellObj = Wscript.CreateObject("Wscript.Shell")
ShellObj.Run "cmd.exe /c regsvr32.exe /s " & Chr(34) & SystemDirectory & "\capicom.dll" & Chr(34),0,vbTrue
'WScript.Echo "Capicom.dll v2.1.0.3 is now registered in your" & VbCrLf & "System Directory: " & SystemDirectory & VbCrLf & "Please rerun this script..."
MsgBox("Capicom.dll v2.1.0.3 is now registered!")
Set shellobj = Nothing
End If
set objFSO = Nothing
End If
'Wscript.Quit 0
End Sub
'''\\\Check is Capicom regged or not...
Function CapicomRegged()
Dim strComputer, objReg, strKeyPath, RegKeyExists, strValueName, returnValue
strComputer = "."
strKeyPath = "CLSID\"
strValueName = "{03ACC284-B757-4B8F-9951-86E600D2CD06}"
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
objReg.EnumKey HKEY_CLASSES_ROOT, strKeyPath, returnValue
CapicomRegged = False
If Not IsNull(returnValue) Then
'WScript.Echo "Goto For loop"
For Each s In returnValue
'WScript.Echo s
If lcase(s) = lcase(strValueName) Then
CapicomRegged = True
'WScript.Echo RegKeyExists
Exit Function
End If
Next
End If
End Function
Function ElevationCheck 'test whether user has elevated token
Dim oShell, oExecWhoami, oWhoamiOutput, strWhoamiOutput, boolHasElevatedToken
Set oShell = CreateObject("WScript.Shell")
Set oExecWhoami = oShell.Exec("whoami /groups")
Set oWhoamiOutput = oExecWhoami.StdOut
strWhoamiOutput = oWhoamiOutput.ReadAll
If InStr(1, strWhoamiOutput, "S-1-16-12288", vbTextCompare) Then boolHasElevatedToken = True
If boolHasElevatedToken Then
ElevationCheck = True
Else
ElevationCheck = False
End If
End Function
2010年7月31日 星期六
monitor your server on cacti through customized script
1: write your own script
return single value: ie: 5.2
return multiple value: ie: arg1:5.0 arg2:5.1
2: cacti -> console -> data input methods
3: cacti -> console -> data templates
4: cacti -> console -> graph templates
5: cacti -> data sources.
last update:|date_time|
<hostname> <ip>
5: cacti -> data sources.
last update:|date_time|
<hostname> <ip>
2010年7月20日 星期二
outlook PST file size check
避免user PST過大,提出警告外,並且偵測outlook啟用狀態,強制進行關閉
Const HKEY_CLASS_ROOT = &H80000000
Const OutlookAPPath = "Outlook.Application\CurVer"
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
oReg.GetStringValue HKEY_CLASS_ROOT ,OutlookAPPath ,"",OutlookApplication
If OutlookApplication="" Then
Wscript.Quit
End If
Set objOutlook = CreateObject(OutlookApplication)
Set objNS = objOutlook.GetNamespace("MAPI")
Set defaultFolder = objNS.GetDefaultFolder(5)
DefaultPST = GetPSTPath(defaultFolder.StoreID)
Set objfs = CreateObject("Scripting.FileSystemObject")
For Each objFolder In objNS.Folders
PSTFILE = GetPSTPath(objFolder.StoreID)
If not Trim(PSTFILE) = "" Then
Set objMail = objfs.GetFile(GetPSTPath(objFolder.StoreID))
Set objMail = objfs.GetFile(PSTFILE)
Wscript.Echo objFolder.Name & " " & PSTFILE & " = " & FormatSize(objMail.Size)
Set objMail = Nothing
End If
Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colShare = objWMIService.ExecNotificationQuery("Select * From __InstanceCreationEvent Within 60 Where TargetInstance ISA 'Win32_Process' And TargetInstance.Name='cmd.exe'")
Do While True
Set objShare = colShare.NextEvent
Wscript.echo objShare.TargetInstance.Name
objShare.TargetInstance.Terminate
Wscript.Sleep 60
Loop
Function GetPSTPath(input)
For i = 1 To Len(input) Step 2
strSubString = Mid(input,i,2)
If Not strSubString = "00" Then
strPath = strPath & ChrW("&H" & strSubString)
End If
Next
Select Case True
Case InStr(strPath,":\") > 0
GetPSTPath = Mid(strPath,InStr(strPath,":\")-1)
Case InStr(strPath,"\\") > 0
GetPSTPath = Mid(strPath,InStr(strPath,"\\"))
End Select
End Function
Function FormatSize(Size)
Unit = "KB"
If Size/1024 < 1024 Then
Size = Size/1024
Unit = " KB"
Elseif Size/1024/1024 < 1024 Then
Size = Size/1024/1024
Unit = " MB"
Elseif Size/1024/1024/1024 < 1024 Then
Size = Size/1024/1024/1024
Unit = " GB"
End If
If InStr(Size,".") > 0 Then
Size = Left(Size,Instr(Size,".")+2)
End If
FormatSize = Left(Size,20) & Unit
End Function
Const HKEY_CLASS_ROOT = &H80000000
Const OutlookAPPath = "Outlook.Application\CurVer"
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
oReg.GetStringValue HKEY_CLASS_ROOT ,OutlookAPPath ,"",OutlookApplication
If OutlookApplication="" Then
Wscript.Quit
End If
Set objOutlook = CreateObject(OutlookApplication)
Set objNS = objOutlook.GetNamespace("MAPI")
Set defaultFolder = objNS.GetDefaultFolder(5)
DefaultPST = GetPSTPath(defaultFolder.StoreID)
Set objfs = CreateObject("Scripting.FileSystemObject")
For Each objFolder In objNS.Folders
PSTFILE = GetPSTPath(objFolder.StoreID)
If not Trim(PSTFILE) = "" Then
Set objMail = objfs.GetFile(GetPSTPath(objFolder.StoreID))
Set objMail = objfs.GetFile(PSTFILE)
Wscript.Echo objFolder.Name & " " & PSTFILE & " = " & FormatSize(objMail.Size)
Set objMail = Nothing
End If
Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colShare = objWMIService.ExecNotificationQuery("Select * From __InstanceCreationEvent Within 60 Where TargetInstance ISA 'Win32_Process' And TargetInstance.Name='cmd.exe'")
Do While True
Set objShare = colShare.NextEvent
Wscript.echo objShare.TargetInstance.Name
objShare.TargetInstance.Terminate
Wscript.Sleep 60
Loop
Function GetPSTPath(input)
For i = 1 To Len(input) Step 2
strSubString = Mid(input,i,2)
If Not strSubString = "00" Then
strPath = strPath & ChrW("&H" & strSubString)
End If
Next
Select Case True
Case InStr(strPath,":\") > 0
GetPSTPath = Mid(strPath,InStr(strPath,":\")-1)
Case InStr(strPath,"\\") > 0
GetPSTPath = Mid(strPath,InStr(strPath,"\\"))
End Select
End Function
Function FormatSize(Size)
Unit = "KB"
If Size/1024 < 1024 Then
Size = Size/1024
Unit = " KB"
Elseif Size/1024/1024 < 1024 Then
Size = Size/1024/1024
Unit = " MB"
Elseif Size/1024/1024/1024 < 1024 Then
Size = Size/1024/1024/1024
Unit = " GB"
End If
If InStr(Size,".") > 0 Then
Size = Left(Size,Instr(Size,".")+2)
End If
FormatSize = Left(Size,20) & Unit
End Function
2010年6月28日 星期一
asterisk study
how to perform a webcall system
example 1:
Channel: SIP/SIP_CHANNEL
Extension: Extension_NO
how to perform a auto-dial
example 1:
Channel: Local/ANY_NUMBER@Application
Extension: Extension_NO
Context: SIP_CONTEXT
example 1:
Channel: SIP/SIP_CHANNEL
Extension: Extension_NO
how to perform a auto-dial
example 1:
Channel: Local/ANY_NUMBER@Application
Extension: Extension_NO
Context: SIP_CONTEXT
2010年6月14日 星期一
Stale NFS file handle
when client is not able to talk to NFS server, you will see the message.
Please follow below procedure to manually remove the Staled handler and mounted point.
fuser -k -m /share/share_point
umount -f -l /share/share_point
fuser -k -m -9 /share/share_point
exit NFS root mount
restart auto service.
Please follow below procedure to manually remove the Staled handler and mounted point.
fuser -k -m /share/share_point
umount -f -l /share/share_point
fuser -k -m -9 /share/share_point
exit NFS root mount
restart auto service.
2010年6月1日 星期二
user level vsftp configuration
Global Configuration: /etc/vsftpd/vsftpd.conf
User Configuration defined inside: /etc/vsftpd/vsftpd.conf -> user_config_dir
When user logon to vsftpd service, it will source the global configuration first. After that, system will check variable user_config_dir setup to source user's own configuration.
User customized configuration file should reside inside/
Content should be same as the gloabl configuration.
Please refer to "man vsftpd.conf"
User Configuration defined inside: /etc/vsftpd/vsftpd.conf -> user_config_dir
When user logon to vsftpd service, it will source the global configuration first. After that, system will check variable user_config_dir setup to source user's own configuration.
User customized configuration file should reside inside
Content should be same as the gloabl configuration.
Please refer to "man vsftpd.conf"
2010年5月19日 星期三
lsasrv spnego error
MS outlook is not able to retrieve email from exchange server and then lsasrv error will be populated to eventlog in system category.
outlook default 會使用Negotitate Authentication進行驗證,此時會依序使用Kerberos/NTLM進行連線
若持續失敗,將無法與exchange溝通
http://support.microsoft.com/kb/244474
了解一下Kerberos與NTLM吧^^"
http://technet.microsoft.com/en-us/library/bb742516.aspx
http://msdn.microsoft.com/en-us/library/aa378747(v=VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa378749(VS.85).aspx
outlook default 會使用Negotitate Authentication進行驗證,此時會依序使用Kerberos/NTLM進行連線
若持續失敗,將無法與exchange溝通
http://support.microsoft.com/kb/244474
了解一下Kerberos與NTLM吧^^"
http://technet.microsoft.com/en-us/library/bb742516.aspx
http://msdn.microsoft.com/en-us/library/aa378747(v=VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa378749(VS.85).aspx
2010年5月13日 星期四
esata removal tool
#!/bin/sh
if [ $# -ne 1 ];then
echo "USAGE: esata_removal hdd"
exit;
else
if [ `echo $1 | awk '{ if($1~/^sd/) {print length($0)} else {print "0"}}'` -ne 3 ];then
echo "USAGE: esata_removal sdX"
else
if [ `cat /proc/partitions |grep $1|wc -l` -eq 0 ];then
echo -e "Invalid Drive: Unable to find target drive on system."
fi
if [ `mount|awk '($1~"^/dev/'""$1""'" && $3=="/boot"){print $0}'|wc -l` -eq 1 ];then
echo "System Drive is not allowed to be removed."
exit;
fi
fi
fi
function check_mount(){
IFS=$'\n'
mount_map=`mount|awk '($1~"^/dev/'""$1""'"){print $0}'`
OUT=0
for i in $mount_map; do
echo $i|awk '{print $3" need to be unmounted from system before performing esata hot swap"}'
OUT=1
done
if [ $OUT -eq 1 ];then
exit
fi
}
function bus_id_lookup(){
bus_id=`dmesg |grep $1|grep scsi|tail -n 1|awk '{print $6 $8 $10 $12}'|sed 's/,/ /g'|sed 's/scsi//g'`
}
check_mount $1
bus_id_lookup $1
echo 1 > /sys/block/$1/device/delete
echo "scsi remove-single-device $bus_id" > /proc/scsi/scsi
echo Disk $1 can be removed from bus $bus_id
if [ $# -ne 1 ];then
echo "USAGE: esata_removal hdd"
exit;
else
if [ `echo $1 | awk '{ if($1~/^sd/) {print length($0)} else {print "0"}}'` -ne 3 ];then
echo "USAGE: esata_removal sdX"
else
if [ `cat /proc/partitions |grep $1|wc -l` -eq 0 ];then
echo -e "Invalid Drive: Unable to find target drive on system."
fi
if [ `mount|awk '($1~"^/dev/'""$1""'" && $3=="/boot"){print $0}'|wc -l` -eq 1 ];then
echo "System Drive is not allowed to be removed."
exit;
fi
fi
fi
function check_mount(){
IFS=$'\n'
mount_map=`mount|awk '($1~"^/dev/'""$1""'"){print $0}'`
OUT=0
for i in $mount_map; do
echo $i|awk '{print $3" need to be unmounted from system before performing esata hot swap"}'
OUT=1
done
if [ $OUT -eq 1 ];then
exit
fi
}
function bus_id_lookup(){
bus_id=`dmesg |grep $1|grep scsi|tail -n 1|awk '{print $6 $8 $10 $12}'|sed 's/,/ /g'|sed 's/scsi//g'`
}
check_mount $1
bus_id_lookup $1
echo 1 > /sys/block/$1/device/delete
echo "scsi remove-single-device $bus_id" > /proc/scsi/scsi
echo Disk $1 can be removed from bus $bus_id
2010年5月12日 星期三
Linux flow control
1:create the root qdisc and assign the default class
# $TC qdisc add dev eth0 root handle 1: htb default $D_CLASS
2:create the class you want to have
# $TC class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
# $TC class add dev eth0 parent 1: classid 1:1000 htb rate 1000mbit
child class of 1:1000 -- 20mbit of 1000mbit
# $TC class add dev eth0 parent 1:1000 classid 1:20 htb rate 20mbit
3:speed control parameter in class creation -- rate for guarantee bandwidth and ceil for maximum bandwidth
4:define your rule.
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"
by IP
$U32 match ip dst xxx.xxx.xxx.xxx/32 flowid $CLASS
by port
$U32 match ip sport port_number 0xffff flowid $CLASS
Nested rule
$U32 match ip dport port_number 0xffff match ip dst xxx.xxx.xxx.xxx/32 flowid $CLASS
tc class|qdisc|filer add|change|replace dev $IF args
tc -s class|qdisc|filter ls dev eth0
tc filter del dev eth0 parent CLASS:CLASS prio 10 handle HANDLE::HANDLE u32
refer to http://blog.edseek.com/~jasonb/articles/traffic_shaping/classflows.html#iptu32
refer to http://www.gentoo-wiki.info/QoS
# $TC qdisc add dev eth0 root handle 1: htb default $D_CLASS
2:create the class you want to have
# $TC class add dev eth0 parent 1: classid 1:1 htb rate 10mbit
# $TC class add dev eth0 parent 1: classid 1:1000 htb rate 1000mbit
child class of 1:1000 -- 20mbit of 1000mbit
# $TC class add dev eth0 parent 1:1000 classid 1:20 htb rate 20mbit
3:speed control parameter in class creation -- rate for guarantee bandwidth and ceil for maximum bandwidth
4:define your rule.
U32="$TC filter add dev $IF protocol ip parent 1:0 prio 1 u32"
by IP
$U32 match ip dst xxx.xxx.xxx.xxx/32 flowid $CLASS
by port
$U32 match ip sport port_number 0xffff flowid $CLASS
Nested rule
$U32 match ip dport port_number 0xffff match ip dst xxx.xxx.xxx.xxx/32 flowid $CLASS
tc class|qdisc|filer add|change|replace dev $IF args
tc -s class|qdisc|filter ls dev eth0
tc filter del dev eth0 parent CLASS:CLASS prio 10 handle HANDLE::HANDLE u32
refer to http://blog.edseek.com/~jasonb/articles/traffic_shaping/classflows.html#iptu32
refer to http://www.gentoo-wiki.info/QoS
2010年5月5日 星期三
how to make a portable RRDTOOL
Download all required packages first:
RRDtool: http://oss.oetiker.ch/rrdtool/pub/?M=D
Dependent library http://oss.oetiker.ch/rrdtool/pub/libs/
1: install pixman ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
2: setup environment variable PKG_CONFIG_PATH export PKG_CONFIG_PATH=libdir/pkgconfig/
3: install libpng ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
4: install freetype ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
5: install fontconfig ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
6: Install pkg-config rpm2cpio pkgconfig-0.20-1.fc4.1.i386.rpm |cpio –idmv
update environment variable PATH export PATH=PATH_OF_pkg-config:$PATH
7: install cairo ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
8: install glib ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
9: install pango ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
10: install intltool ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
11: install rrdtool ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR --bindir=DIR && make && make install
12: install spine --> issue# aclocal && libtoolize --force && autoconf && autoheader && automake && ./configure –prefix=PREFIX
13: dispath rrdtool to system revise /etc/ld.so.conf and run ldconfig
14: or set environment variable LD_LIBRARY_PATH=PATH_OF_UR_LIB
RRDtool: http://oss.oetiker.ch/rrdtool/pub/?M=D
Dependent library http://oss.oetiker.ch/rrdtool/pub/libs/
1: install pixman ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
2: setup environment variable PKG_CONFIG_PATH export PKG_CONFIG_PATH=libdir/pkgconfig/
3: install libpng ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
4: install freetype ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
5: install fontconfig ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
6: Install pkg-config rpm2cpio pkgconfig-0.20-1.fc4.1.i386.rpm |cpio –idmv
update environment variable PATH export PATH=PATH_OF_pkg-config:$PATH
7: install cairo ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
8: install glib ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
9: install pango ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
10: install intltool ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR && make && make install
11: install rrdtool ./configure --prefix=PREFIX --libdir=DIR --includedir=DIR --bindir=DIR && make && make install
12: install spine --> issue# aclocal && libtoolize --force && autoconf && autoheader && automake && ./configure –prefix=PREFIX
13: dispath rrdtool to system revise /etc/ld.so.conf and run ldconfig
14: or set environment variable LD_LIBRARY_PATH=PATH_OF_UR_LIB
2010年3月30日 星期二
NIS System trick
1: define the NIS domain name
issue # nisdomainname kido.idv.tw
2-1: initial NIS database
issue # /usr/lib[platform]/yp/ypinit -m
2-2: NIS database synchronization. Please note, when any new auto map is generated, and push feature is enabled on NIS master, you have to manually resync NIS database again.
issue # /usr/lib[platform]/yp/ypinit -s master
3: add nis server name and ip mapping to hosts file
4: join NIS domain
issue # authconfig
5: check init service
[NIS master server] ypserv, yppasswdd, ypxfrd
[NIS slave server] ypserv
[NIS client] NISDOMAIN need to be defined inside the /etc/sysconfig/network file
6: change the default database tree [defined inside /var/yp/Makefile]
please note, when user account database is moved to non-default folder you may need to redefine parameters inside /etc/sysconfig/yppasswdd file
issue # nisdomainname kido.idv.tw
2-1: initial NIS database
issue # /usr/lib[platform]/yp/ypinit -m
2-2: NIS database synchronization. Please note, when any new auto map is generated, and push feature is enabled on NIS master, you have to manually resync NIS database again.
issue # /usr/lib[platform]/yp/ypinit -s master
3: add nis server name and ip mapping to hosts file
4: join NIS domain
issue # authconfig
5: check init service
[NIS master server] ypserv, yppasswdd, ypxfrd
[NIS slave server] ypserv
[NIS client] NISDOMAIN need to be defined inside the /etc/sysconfig/network file
6: change the default database tree [defined inside /var/yp/Makefile]
please note, when user account database is moved to non-default folder you may need to redefine parameters inside /etc/sysconfig/yppasswdd file
2010年3月11日 星期四
fail to start adobe professional with users permission
When opening adobe professional with users permission, system complains about "An error has been detected with a required application library and the product can not continue. Please reinstall the application".
Root cause: VOL is required unless you need to grant administrator permission to users who you want to enable them to run adobe profession on RDP session.
Way to fix the issue.
1: logon with Administrator account
2: export registry underneath HKCU\software\adobe
http://forums.citrix.com/thread.jspa?threadID=60695
Root cause: VOL is required unless you need to grant administrator permission to users who you want to enable them to run adobe profession on RDP session.
Way to fix the issue.
1: logon with Administrator account
2: export registry underneath HKCU\software\adobe
http://forums.citrix.com/thread.jspa?threadID=60695
2010年1月6日 星期三
script to manage certificate
capicom.dll is required for managing certificate through script
set oCertStore = CreateObject ("CAPICOM.Store")
set oCert = CreateObject ("CAPICOM.Certificate")
'Param 1 is the Store to use (1 = local computer, 2 = current user)
'Param 2 is the location to use in the store "MY" "ROOT"
'Param 3 is the Read/Write mode. 0 = R, 1 = W, 2 = RW
oCertStore.Open 1, "ROOT", 2
oCert.Load "certnew.cer", , 1, 1
'rem Then, you just need to add the cert to the store
oCertStore.Add oCert
來源: 忘了
set oCertStore = CreateObject ("CAPICOM.Store")
set oCert = CreateObject ("CAPICOM.Certificate")
'Param 1 is the Store to use (1 = local computer, 2 = current user)
'Param 2 is the location to use in the store "MY" "ROOT"
'Param 3 is the Read/Write mode. 0 = R, 1 = W, 2 = RW
oCertStore.Open 1, "ROOT", 2
oCert.Load "certnew.cer", , 1, 1
'rem Then, you just need to add the cert to the store
oCertStore.Add oCert
來源: 忘了
how to change language for non-unicode program from registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage
ACP 1252 for English ( United States )
MACCP 10000 for English ( United States )
OEMCP 437 for English ( United States )
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language
Default 0409 for English ( United States )
Also you can export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\
from test computer to anothers after changing settings for non-unicode and
restart computer
來源: http://www.technewsgroups.net/group/microsoft.public.windowsxp.customize/topic41297.aspx
ACP 1252 for English ( United States )
MACCP 10000 for English ( United States )
OEMCP 437 for English ( United States )
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language
Default 0409 for English ( United States )
Also you can export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\
from test computer to anothers after changing settings for non-unicode and
restart computer
來源: http://www.technewsgroups.net/group/microsoft.public.windowsxp.customize/topic41297.aspx
訂閱:
文章 (Atom)