实现逻辑:
CMDB的用户管理模块,对于增,删,改的操作时都会生成一个CSV文件用于存放脚本需要的用户信息。同时CMDB通过POWERSHELL脚本触发定时任务执行此脚本,进行活动目录中的用户管理,和文件服务器的权限管理。从而实现只要CMDB中操作过用户都会同步操作活动目录,例如新增用户,新增文件夹权限,授权某一用户可以使用wifi,停用帐户等操作。
option explicit
on error resume next
'===========================================================
' 曄悢掕媊
'===========================================================
dim objwn, pcname, DNBname, objlp, BDE, regp1, pUPNsfx, regp, UPNsfx
dim objws, num, objdomain, objfs, objsec, strhddrv, stradm, strevery
dim objTS
dim strneu, deneu, objneu
dim strhd
dim hsd, hdacl, ahmk1, ahfl1, ahty1, ahmk2, ahfl2, ahty2
dim HshDes, Hshname, Hshpath
dim strlnkd
dim pssd, psdacl, apsmk1, apsfl1, apsty1, apsmk2, apsfl2, apsty2
dim LnkshDes, Lnkshname, Lnkshpath
dim strjscd, strescd
dim strgscd
dim gfile, gfso, gfp, groupnum
dim groupstr, garray, strgn, strgsan, strgdes, strgdir, strgshdes
dim objegp
dim objgp
dim strgd, gsd, gdacl
dim agmk1, agfl1, agty1, agmk2, agfl2, agty2, agmk31, agfl31, agty31, agmk32, agfl32, agty32
dim strgpd, gpsd, gpdacl, AdelGPN, AdelGPG
dim agpmk1, agpfl1, agpty1, agpmk2, agpfl2, agpty2
dim GshDes, Gshname, Gshpath
dim strglnk, strgsctar
dim dfile, fso, fp, usernum, ChUNnum, ChUact, ChUGrem, ChUGadd
dim userstr, uarray, strUser, strsan, strpass, strEname, strEfname, strfullname, strglmail, strmailsw
dim strJfname, strJname, strdes, strdisabled, strgroup
dim objeusr
dim objUsr
dim struhd, groups, group
dim usd, udacl, aumk1, aufl1, auty1, aumk2, aufl2, auty2
dim strupd, upsd, updacl, AdelPN, AdelPU
dim aupmk1, aupfl1, aupty1, aupmk2, aupfl2, aupty2
dim strujlnk, strujsctar, struelnk, struesctar
dim strjscn, strescn
dim grps, grp, strremg, gn1, strgname1, straddg, gn2, strgname2, gf
'===========================================================
' 掕悢掕媊
'===========================================================
'------------------------
' 傾僇僂儞僩偺桳岠壔
'------------------------
const usa = 66048 '傾僇僂儞僩桳岠
const nsa = 66050 '傾僇僂儞僩柍岠
'--------------------
' 僌儖乕僾偺庬椶
'--------------------
const gdifg = -2147483646 '僌儘乕僶儖僌儖乕僾
const gdifd = -2147483644 '僪儊僀儞儘乕僇儖僌儖乕僾
'------------------------
' 僼傽僀儖傾僋僙僗尃
'------------------------
const ADS_RIGHT_DELETE = &h10000 '删除
const ADS_RIGHT_READ_CONTROL = &h20000 '傾僋僙僗嫋壜偺撉傒庢傝
const ADS_RIGHT_WRITE_DAC = &h40000 '傾僋僙僗嫋壜偺曄峏
const ADS_RIGHT_WRITE_OWNER = &h80000 '強桳尃偺庢摼
const ADS_RIGHT_SYNCHRONIZE = &h100000 '側偟
const ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &h1000000 '側偟
const ADS_RIGHT_GENERIC_READ = &h80000000 '撉傒庢傝
const ADS_RIGHT_GENERIC_WRITE = &h40000000 '僼傽僀儖偺制作/僨乕僞偺彂偒崬傒丄僼僅儖僟偺制作/僨乕僞偺追加丄懏惈丒奼挘懏惈偺彂偒崬傒丄傾僋僙僗嫋壜偺撉傒庢傝
const ADS_RIGHT_GENERIC_EXECUTE = &h20000000 '僼僅儖僟偺僗僉儍儞/僼傽僀儖偺幚峴丄懏惈偺撉傒庢傝丄傾僋僙僗嫋壜偺撉傒庢傝
const ADS_RIGHT_GENERIC_ALL = &h10000000 '僼儖僐儞僩儘乕儖
const ADS_RIGHT_DS_CREATE_CHILD = &h1 '僼僅儖僟偺堦棗/僨乕僞偺撉傒庢傝
const ADS_RIGHT_DS_DELETE_CHILD = &h2 '僼傽僀儖偺制作/僨乕僞偺彂偒崬傒
const ADS_RIGHT_ACTRL_DS_LIST = &h4 '僼僅儖僟偺制作/僨乕僞偺追加
const ADS_RIGHT_DS_SELF = &h8 '奼挘懏惈偺撉傒庢傝
const ADS_RIGHT_DS_READ_PROP = &h10 '奼挘懏惈偺彂偒崬傒
const ADS_RIGHT_DS_WRITE_PROP = &h20 '僼僅儖僟偺僗僉儍儞/僼傽僀儖偺幚峴
const ADS_RIGHT_DS_DELETE_TREE = &h40 '僒僽僼僅儖僟偲僼傽僀儖偺删除
const ADS_RIGHT_DS_LIST_OBJECT = &h80 '懏惈偺撉傒庢傝
const ADS_RIGHT_DS_CONTROL_ACCESS = &h100 '懏惈偺彂偒崬傒
const ADS_ACEFLAG_UNKNOWN = &h1 '偙偺僼僅儖僟偲僼傽僀儖丅巕僆僽僕僃僋僩偵傛偭偰宲彸偝傟偰偄傑偡丅
const ADS_ACEFLAG_INHERIT_ACE = &h2 '偙偺僼僅儖僟偲僒僽僼僅儖僟乮僼僅儖僟撪梕偺堦棗昞帵晅偒乯丄巕僆僽僕僃僋僩偵傛偭偰宲彸偝傟偰偄傑偡丅
const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &h4 '偙偺僼僅儖僟偺傒丅巕僆僽僕僃僋僩偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACEFLAG_INHERIT_ONLY_ACE = &h8 '揔梡愭柍偟
const ADS_ACEFLAG_INHERITED_ACE = &h10 '偙偺僼僅儖僟偺傒丅傾僋僙僗嫋壜偼恊偐傜宲彸丅巕偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACEFLAG_VALID_INHERIT_FLAGS = &h1f '僒僽僼僅儖僟偲僼傽僀儖偺傒丅傾僋僙僗嫋壜偼恊偐傜宲彸丅巕偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACEFLAG_SUCCESSFUL_ACCESS = &h40 '偙偺僼僅儖僟偺傒丅巕偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACEFLAG_FAILED_ACCESS = &h80 '偙偺僼僅儖僟偺傒丅巕偵傛偭偰宲彸偝傟偰偄傑偣傫丅
const ADS_ACETYPE_ACCESS_ALLOWED = &h0 '傾僋僙僗嫋壜
const ADS_ACETYPE_ACCESS_DENIED = &h1 '傾僋僙僗嫅斲
'------------------------
' 儐乕僓记录僗僀僢僠
'------------------------
const asw = 1 '记录
const dsw = 0 '删除
'===========================================================
' PC柤丄僪儊僀儞偺NetBIOS柤丄僪儊僀儞僒僼傿僢僋僗偺掕媊
'===========================================================
'pcname = "RpcSVR01" 'PC柤
'DNBname = "SH_SERVERS"
'UPNsfx = "@sh.hq.ct99.cn"
'BDE = "DC=sh,DC=hq,DC=ct99,DC=cn"
Set objwn = WScript.CreateObject("WScript.Network")
pcname = objwn.ComputerName 'PC柤
DNBname = objwn.UserDomain '僪儊僀儞NetBIOS柤
Set objlp = GetObject("LDAP://" & DNBname)
BDE = Mid(objlp.ADsPath, 7+Len(DNBname)+2) 'LDAP僪儊僀儞
Set regp1 = New RegExp
regp1.Pattern = "dc="
regp1.Global = True
regp1.IgnoreCase = True
pUPNsfx = "@" & regp1.Replace(BDE, "")
Set regp = New RegExp
regp.Pattern = ","
regp.Global = True
regp.IgnoreCase = True
UPNsfx = regp.Replace(pUPNsfx, ".") '儐乕僓僾儕儞僔僷儖僱乕儉僒僼傿僢僋僗
'------------------
' 记录愭偺妋擣
'------------------
Set objws = WScript.CreateObject("WScript.Shell")
num = objws.popup("确认以下信息" & vbCRLF _
& "PC : " & pcname & vbCRLF _
& "Domain : " & DNBname & vbCRLF _
& "Suffix : " & UPNsfx,0,"确认",4)
'--------------
' OK偺応崌
'--------------
if num = 6 then
WScript.echo "开始自动登录用户"
Set objdomain = GetObject("LDAP://" & DNBname & "/CN=users," & BDE)
Set objfs = Wscript.CreateObject("Scripting.FileSystemObject")
Set objsec = CreateObject("AdsSecurity")
strhddrv = "J:\"
stradm = "administrators"
strneu = "NetworkEndUsers"
strevery = "Everyone"
'===========================================================
' 儘僌僼傽僀儖僆乕僾儞
'===========================================================
Set objTS = objfs.OpenTextFile("register.log", 8, True)
objTS.WriteLine "执行时间 : " & Now
objTS.WriteBlankLines (1)
'===========================================================
' NetworkEndUsers偺记录乮枹记录偺応崌乯
'===========================================================
Set deneu = GetObject("LDAP://" & DNBname & "/CN=" & strneu & ",CN=users," & BDE)
if err then
WScript.echo strneu & "登录"
Set objneu = objdomain.Create("Group","CN=" & strneu)
objneu.Put "samAccountName", strneu
objneu.Put "grouptype", gdifd
objneu.Put "Description", "网络进入许可"
objneu.SetInfo
Set objneu = nothing
err.clear
objTS.WriteLine "记录 : NetworkEndUsers"
objTS.WriteBlankLines (1)
end if
Set deneu = nothing
'===========================================================
' J:\Home制作乮J:\Home偑側偄応崌乯
'===========================================================
strhd = strhddrv & "Home"
if objfs.FolderExists(strhd)=0 then
WScript.echo strhd & "建立目录"
objfs.CreateFolder strhd
'--------------------
' 傾僋僙僗尃愝掕
'--------------------
Set hsd = objsec.GetSecurityDescriptor("FILE://" & strhd)
Set hdacl = hsd.DiscretionaryAcl
'----- administrators:full (all) -----
ahmk1 = ADS_RIGHT_GENERIC_ALL
ahfl1 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
ahty1 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(hsd, stradm, ahmk1, ahfl1, ahty1)
'----- NetworkEndUsers:read only (all) -----
ahmk2 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
ahfl2 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
ahty2 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(hsd, strneu, ahmk2, ahfl2, ahty2)
'----- Everyone偺傾僋僙僗尃傪删除 -----
call DelEAce(hsd, strevery)
hsd.DiscretionaryAcl = hdacl
objsec.SetSecurityDescriptor hsd
Set hsd = nothing
Set hdacl = nothing
'--------------
' 嫟桳愝掕
'--------------
HshDes = "个人目录文件夹"
Hshname = "Home"
Hshpath = strhd
call ShareFolder(HshDes, Hshname, Hshpath)
objTS.WriteLine "制作访问共享设定 : " & strhd
objTS.WriteBlankLines (1)
end if
'=============================================================================
' strinkd僔儑乕僩僇僢僩奿擺僨傿儗僋僩儕制作乮J:\Links偑側偄応崌乯
'=============================================================================
strlnkd = strhddrv & "Links"
if objfs.FolderExists(strlnkd)=0 then
WScript.echo strlnkd & "建立快捷方式"
objfs.CreateFolder strlnkd
'--------------------------------------------------------------
' strinkd僔儑乕僩僇僢僩奿擺僨傿儗僋僩儕傾僋僙僗尃愝掕
'--------------------------------------------------------------
Set pssd = objsec.GetSecurityDescriptor("FILE://" & strlnkd)
Set psdacl = pssd.DiscretionaryAcl
'----- administrators:full (all) -----
apsmk1 = ADS_RIGHT_GENERIC_ALL
apsfl1 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
apsty1 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(pssd, stradm, apsmk1, apsfl1, apsty1)
'----- NetworkEndUsers:read only (all) -----
apsmk2 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
apsfl2 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
apsty2 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(pssd, strneu, apsmk2, apsfl2, apsty2)
'----- Everyone偺傾僋僙僗尃傪删除 -----
call DelEAce(pssd, strevery)
pssd.DiscretionaryAcl = psdacl
objsec.SetSecurityDescriptor pssd
Set pssd = nothing
Set psdacl = nothing
'--------------
' 嫟桳愝掕
'--------------
LnkshDes = "LnkshDes"
Lnkshname = "Links"
Lnkshpath = strlnkd
call ShareFolder(LnkshDes, Lnkshname, Lnkshpath)
objTS.WriteLine "制作访问共享设定 : " & strlnkd
objTS.WriteBlankLines (1)
'--------------------------------------------------------
' 擔塸strinkd僔儑乕僩僇僢僩奿擺僨傿儗僋僩儕制作
'--------------------------------------------------------
strjscd = strlnkd & "\" & "strinkd"
objfs.CreateFolder strjscd
objTS.WriteLine "制作 : " & strjscd
strescd = strlnkd & "\" & "Link2Home(ASCII)"
objfs.CreateFolder strescd
objTS.WriteLine "制作 : " & strescd
'--------------------------------------------------------
' 僌儖乕僾僼僅儖僟僔儑乕僩僇僢僩奿擺僨傿儗僋僩儕制作
'--------------------------------------------------------
strgscd = strlnkd & "\" & "strgscd"
objfs.CreateFolder strgscd
objTS.WriteLine "制作 : " & strgscd
objTS.WriteBlankLines (1)
end if
'===========================================================
' 僌儖乕僾偺记录
'===========================================================
WScript.echo "开始登录组"
'------------------------
' 僨乕僞儀乕僗偺巜掕
'------------------------
gfile = "grouplist.csv"
Set gfso = CreateObject("Scripting.FileSystemObject")
Set gfp = gfso.OpenTextFile(gfile,1)
gfp.skipline
groupnum = 0
'----------
' 记录
'----------
do while not gfp.AtEndofStream
call GetGroupInfo
if groupstr <> "" then
call GSetAstToNull
Set objegp = GetObject("LDAP://" & DNBname & "/CN=" & strgn & ",CN=users," & BDE)
'---------------------------------------------------------
' 记录乮僼傽僀儖偐傜撉傒崬傫偩僌儖乕僾偑枹记录偺応崌乯
'---------------------------------------------------------
if err then
Set objgp = objdomain.Create("Group","CN=" & strgn)
objgp.Put "samAccountName",strgsan
objgp.Put "grouptype",gdifg
objgp.Put "Description", strgdes
objgp.SetInfo
groupnum = groupnum + 1
objTS.WriteLine "记录 : " & strgn
Set objgp = nothing
'------------------------------
' 僌儖乕僾僨傿儗僋僩儕制作
'------------------------------
if strgdir <> "" then
strgd = strhddrv & strgdir
objfs.CreateFolder strgd
'------------------------------------------
' 僌儖乕僾僨傿儗僋僩儕偺傾僋僙僗尃愝掕
'------------------------------------------
Set gsd = objsec.GetSecurityDescriptor("FILE://" & strgd)
Set gdacl = gsd.DiscretionaryAcl
'----- administrators:full (all) -----
agmk1 = ADS_RIGHT_GENERIC_ALL
agfl1 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
agty1 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(gsd, stradm, agmk1, agfl1, agty1)
'----- NetworkEndUsers:read only (all) -----
agmk2 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
agfl2 = ADS_ACEFLAG_UNKNOWN or ADS_ACEFLAG_INHERIT_ACE
agty2 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(gsd, strneu, agmk2, agfl2, agty2)
'----- each group:read, write and execute (folder only) -----
agmk31 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_GENERIC_WRITE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
agfl31 = ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE
agty31 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(gsd, strgn, agmk31, agfl31, agty31)
'----- each group:full (subfolder & file) -----
agmk32 = ADS_RIGHT_GENERIC_ALL
agfl32 = ADS_ACEFLAG_INHERIT_ACE or ADS_ACEFLAG_INHERIT_ONLY_ACE or 1
agty32 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(gsd, strgn, agmk32, agfl32, agty32)
'----- Everyone偺傾僋僙僗尃傪删除 -----
call DelEAce(gsd, strevery)
gsd.DiscretionaryAcl = gdacl
objsec.SetSecurityDescriptor gsd
'-------------------------------------
' 僌儖乕僾private僨傿儗僋僩儕制作
'-------------------------------------
strgpd = strgd & "\" & "private"
objfs.CreateFolder strgpd
'-------------------------------------------------
' 僌儖乕僾private僨傿儗僋僩儕偺傾僋僙僗尃愝掕
'-------------------------------------------------
Set gpsd = objsec.GetSecurityDescriptor("FILE://" & strgpd)
Set gpdacl = gpsd.DiscretionaryAcl
'----- NetworkEndUsers偺傾僋僙僗尃傪删除 -----
AdelGPN = DNBname & "\" & strneu
call DelEAce(gpsd, AdelGPN)
'----- 奺僌儖乕僾偺傾僋僙僗尃傪删除 -----
AdelGPG = DNBname & "\" & strgn
call DelEAce(gpsd, AdelGPG)
'----- each group:read, write and execute (folder only) -----
agpmk1 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_GENERIC_WRITE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
agpfl1 = ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE
agpty1 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(gpsd, strgn, agpmk1, agpfl1, agpty1)
'----- each group:full (subfolder & file) -----
agpmk2 = ADS_RIGHT_GENERIC_ALL
agpfl2 = ADS_ACEFLAG_INHERIT_ACE or ADS_ACEFLAG_INHERIT_ONLY_ACE or 1
agpty2 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(gpsd, strgn, agpmk2, agpfl2, agpty2)
gpsd.DiscretionaryAcl = gpdacl
objsec.SetSecurityDescriptor gpsd
Set gsd = nothing
Set gdacl = nothing
Set gpsd = nothing
Set gpdacl = nothing
'--------------
' 嫟桳愝掕
'--------------
GshDes = strgshdes
Gshname = strgdir
Gshpath = strgd
call ShareFolder(GshDes, Gshname, Gshpath)
'------------------------------------------------
' 僌儖乕僾僨傿儗僋僩儕傊偺僔儑乕僩僇僢僩制作
'------------------------------------------------
strglnk = strlnkd & "\" & "strgscd" & "\" & strgdes
strgsctar = strgd
call CreateSC(strglnk, strgsctar)
end if
err.clear
end if
Set objegp = nothing
end if
loop
WScript.echo "组登录完成"
objTS.WriteLine "记录姰椆僌儖乕僾悢 : " & groupnum
objTS.WriteBlankLines (1)
'===========================================================
' 儐乕僓乕偺记录
'===========================================================
WScript.echo "开始登录用户"
'------------------------
' 僨乕僞儀乕僗偺巜掕
'------------------------
dfile = "userlist.csv"
Set fso = CreateObject("Scripting.FileSystemObject")
Set fp = fso.OpenTextFile(dfile,1)
fp.skipline
usernum = 0
ChUNnum = 0
ChUact = 0
ChUGrem = 0
ChUGadd = 0
'----------
' 记录
'----------
do while not fp.AtEndofStream
call GetUserInfo
if userstr <> "" then
call SetAstToNull
Set objeusr = GetObject("LDAP://" & DNBname & "/CN=" & strUser & ",CN=users," & BDE)
'-------------------------------------------------------
' 记录乮僼傽僀儖偐傜撉傒崬傫偩儐乕僓偑枹记录偺応崌乯
'-------------------------------------------------------
if err then
Set objUsr = objdomain.Create("User", "CN=" & strUser)
usernum = usernum + 1
objTS.WriteLine "记录 : " & strUser
'----------------------------------------
' 儐乕僓乕柤丄僷僗儚乕僪丄愢柧偺记录
'----------------------------------------
objUsr.Put "samAccountName", strsan
objUsr.Put "userPrincipalName", strUser & UPNsfx
objUsr.SetInfo
if strEname <> "" then
objUsr.Put "sn", strEfname
objUsr.Put "givenName", strEname
objUsr.Put "displayName", strfullname
objUsr.Put "scriptPath", "logon.bat"
end if
if strJname <> "" then
objUsr.Put "Description", strdes
end if
if strmailsw = "Y" then
objUsr.Put "mail", strglmail
end if
objUsr.SetInfo
objUsr.SetPassword strpass
objUsr.SetInfo
'--------------------------------------------------
' 僷僗儚乕僪偺桳岠婜尷丄傾僇僂儞僩偺桳岠傪记录
'--------------------------------------------------
if strdisabled = 0 then
objUsr.Put "userAccountControl", nsa
else
objUsr.Put "userAccountControl", usa
end if
objUsr.SetInfo
'------------------------------
' 儂乕儉僨傿儗僋僩儕偺记录
'------------------------------
struhd = strhd & "\" & strUser
objUsr.Put "HomeDirectory", struhd
objUsr.SetInfo
'--------------------------------------
' 儐乕僓乕傪巜掕偟偨僌儖乕僾傊记录
'--------------------------------------
if strgroup <> "" then
groups = split(strgroup, ";", -1)
for each group in groups
call AddOrRemU(group, objUsr, asw)
next
end if
'----------------------------
' 屄恖梡僨傿儗僋僩儕制作
'----------------------------
objfs.CreateFolder struhd
'--------------------------------------
' 屄恖僨傿儗僋僩儕偺傾僋僙僗尃愝掕
'--------------------------------------
Set usd = objsec.GetSecurityDescriptor("FILE://" & struhd)
Set udacl = usd.DiscretionaryAcl
'----- each user:read, write and execute (folder only) -----
aumk1 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_GENERIC_WRITE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
aufl1 = ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE
auty1 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(usd, strUser, aumk1, aufl1, auty1)
'----- each user:full (subfolder & file) -----
aumk2 = ADS_RIGHT_GENERIC_ALL
aufl2 = ADS_ACEFLAG_INHERIT_ACE or ADS_ACEFLAG_INHERIT_ONLY_ACE or 1
auty2 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(usd, strUser, aumk2, aufl2, auty2)
usd.DiscretionaryAcl = udacl
objsec.SetSecurityDescriptor usd
Set usd = nothing
Set udacl = nothing
'-----------------------------------
' 屄恖private僨傿儗僋僩儕偺制作
'-----------------------------------
strupd = struhd & "\" & "private"
objfs.CreateFolder strupd
'---------------------------------------------
' 屄恖private僨傿儗僋僩儕偺傾僋僙僗尃愝掕
'---------------------------------------------
Set upsd = objsec.GetSecurityDescriptor("FILE://" & strupd)
Set updacl = upsd.DiscretionaryAcl
'----- NetworkEndUsers偺傾僋僙僗尃傪删除 -----
AdelPN = DNBname & "\" & strneu
call DelEAce(upsd, AdelPN)
'----- 奺屄恖偺傾僋僙僗尃傪删除 -----
AdelPU = DNBname & "\" & strUser
call DelEAce(upsd, AdelPU)
'----- each user:read, write and execute (folder only) -----
aupmk1 = ADS_RIGHT_GENERIC_EXECUTE or ADS_RIGHT_GENERIC_WRITE or ADS_RIGHT_DS_CREATE_CHILD or ADS_RIGHT_DS_SELF
aupfl1 = ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE
aupty1 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(upsd, strUser, aupmk1, aupfl1, aupty1)
'----- each user:full (subfolder & file) -----
aupmk2 = ADS_RIGHT_GENERIC_ALL
aupfl2 = ADS_ACEFLAG_INHERIT_ACE or ADS_ACEFLAG_INHERIT_ONLY_ACE or 1
aupty2 = ADS_ACETYPE_ACCESS_ALLOWED
call AddEAce(upsd, strUser, aupmk2, aupfl2, aupty2)
upsd.DiscretionaryAcl = updacl
objsec.SetSecurityDescriptor upsd
Set upsd = nothing
Set updacl = nothing
if strEname <> "" then
'----------------------------------------------
' 屄恖梡僨傿儗僋僩儕傊偺僔儑乕僩僇僢僩制作
'----------------------------------------------
strujlnk = strlnkd & "\" & "strinkd" & "\" & strJfname & strJname
strujsctar = struhd
call CreateSC(strujlnk, strujsctar)
struelnk = strlnkd & "\" & "Link2Home(ASCII)" & "\" & strEfname & "(" & strEname & ")"
struesctar = struhd
call CreateSC(struelnk, struesctar)
end if
Set objUsr = nothing
err.clear
else
'-----------------------------------------------------------------
' 记录嵪傒儐乕僓偺僨乕僞曄峏乮僨乕僞儀乕僗偵曄峏偑偁偭偨応崌乯
'-----------------------------------------------------------------
'----------------
' 柤慜偺曄峏
'----------------
if objeusr.displayName <> strfullname then
'------------------
' 昞帵柤偺曄峏
'------------------
objeusr.Put "sn", strEfname
objeusr.Put "displayName", strfullname
objeusr.Put "Description", strdes
objeusr.SetInfo
'----------------------------
' 僔儑乕僩僇僢僩柤偺曄峏
'----------------------------
strjscd = strlnkd & "\" & "strinkd"
strjscn = strJfname & strJname & ".lnk"
call ChSCname(strjscd, strjscn)
strescd = strlnkd & "\" & "Link2Home(ASCII)"
strescn = strEfname & "(" & strEname & ")" & ".lnk"
call ChSCname(strescd, strescn)
objTS.WriteLine "昞帵柤偺峏怴 : " & strUser
ChUNnum = ChUNnum + 1
end if
if strmailsw = "Y" then
objeusr.Put "mail", strglmail
objeusr.SetInfo
else
objeusr.Put "mail", " "
objeusr.SetInfo
end if
'----------------------
' 傾僇僂儞僩偺桳岠
'----------------------
if objeusr.userAccountControl = usa then
if strdisabled = 0 then
objeusr.Put "userAccountControl", nsa
objeusr.SetInfo
objTS.WriteLine "妶惈偺曄峏 : " & strUser & " 乮柍岠壔乯"
ChUact = ChUact + 1
end if
else
if strdisabled = 1 then
objeusr.Put "userAccountControl", usa
objeusr.SetInfo
objTS.WriteLine "妶惈偺曄峏 : " & strUser & " 乮桳岠壔乯"
ChUact = ChUact + 1
end if
end if
'------------------------
' 強懏僌儖乕僾偺曄峏
'------------------------
Set grps = objeusr.Groups
groups = split(strgroup, ";", -1)
'----------------------------
' 媽強懏僌儖乕僾偐傜删除
'----------------------------
strremg = ""
for each grp in grps
gn1=0
strgname1 = Mid(grp.name, 4)
for each group in groups
if StrComp(strgname1, group, 1) = 0 then
gn1=gn1+1
end if
next
if gn1=0 then
call AddOrRemU(strgname1, objeusr, dsw)
if strremg = "" then
strremg = strgname1
else
strremg = strremg & "," & strgname1
end if
end if
next
if strremg <> "" then
objTS.WriteLine "強懏僌儖乕僾偺曄峏乮删除乯: " & strUser & "乮" & strremg & "偐傜乯"
ChUGrem = ChUGrem + 1
end if
'--------------------------
' 怴強懏僌儖乕僾偵追加
'--------------------------
straddg = ""
for each group in groups
gn2=0
for each grp in grps
strgname2 = Mid(grp.name, 4)
if StrComp(group, strgname2, 1) = 0 then
gn2=gn2+1
end if
next
if gn2=0 then
call AddOrRemU(group, objeusr, asw)
if gf=1 then
if straddg = "" then
straddg = group
else
straddg = straddg & "," & group
end if
end if
end if
next
if straddg <> "" then
objTS.WriteLine "強懏僌儖乕僾偺曄峏乮追加乯: " & strUser & "乮" & straddg & "傊乯"
ChUGadd = ChUGadd + 1
end if
Set grps = nothing
end if
Set objeusr = nothing
end if
loop
WScript.echo "用户登录完成"
objTS.WriteLine "记录姰椆儐乕僓悢 : " & usernum
objTS.WriteLine "记录撪梕曄峏儐乕僓悢"
objTS.WriteLine " 柤慜偺曄峏 : " & ChUNnum
objTS.WriteLine " 妶惈偺曄峏 : " & ChUact
if ChUGrem >= ChUGadd then
objTS.WriteLine " 強懏僌儖乕僾偺曄峏 : " & ChUGrem
else
objTS.WriteLine " 強懏僌儖乕僾偺曄峏 : " & ChUGadd
end if
objTS.WriteBlankLines (1)
'===========================================================
' 僼傽僀儖僋儘乕僘
'===========================================================
objTS.WriteLine "--------------------------------------------------"
objTS.WriteBlankLines (1)
objTS.close
gfp.close
fp.close
'===========================================================
' 僆僽僕僃僋僩偺夝曻
'===========================================================
Set objsec = nothing
Set objfs = nothing
Set objdomain = nothing
Set gfso = nothing
Set gfp = nothing
Set fso = nothing
Set fp = nothing
Set objTS = nothing
Set objwn = nothing
Set objlp = nothing
Set regp1 = nothing
Set regp = nothing
'===========================================================
' 廔椆儊僢僙乕僕
'===========================================================
WScript.echo "登录完成"
'--------------
' NO偺応崌
'--------------
else
WScript.echo "取消登录"
end if
Set objws = nothing
'仧仦仧-------------------------------------------
' 僒僽儖乕僠儞
'-------------------------------------------仧仦仧
'===========================================================
' 僌儖乕僾僼傽僀儖撪偺忣曬傪奺曄悢偵戙擖
'===========================================================
Sub GetGroupInfo
groupstr = gfp.ReadLine
if groupstr <> "" then
garray = split(groupstr,",",-1)
strgn = garray(0)
strgsan = garray(0)
strgdes = garray(1)
strgdir = garray(2)
strgshdes = garray(3)
end if
End Sub
'===========================================================
' 僌儖乕僾僼傽僀儖撪偺"*"傪""偵曄姺
'===========================================================
Sub GSetAstToNull
If strgn = "*" Then strgn =""
If strgsan = "*" Then strgsan =""
If strgdes = "*" Then strgdes =""
If strgdir = "*" Then strgdir =""
If strgshdes = "*" Then strgshdes =""
End Sub
'===========================================================
' 儐乕僓僼傽僀儖撪偺忣曬傪奺曄悢偵戙擖
'===========================================================
Sub GetUserInfo
userstr = fp.ReadLine
if userstr <> "" then
uarray = split(userstr,",",-1)
strUser = uarray(2)
strsan = uarray(2)
strpass = uarray(3)
strEname = uarray(4)
strEfname = uarray(5)
strfullname = strEname & " " & strEfname
strJfname = uarray(6)
strJname = uarray(7)
strdes = strJfname & strJname
strdisabled = uarray(8)
strmailsw = uarray(9)
strglmail = lcase(strUser) & "@epermarket.com"
strgroup = uarray(10)
end if
End Sub
'===========================================================
' 儐乕僓僼傽僀儖撪偺"*"傪""偵曄姺
'===========================================================
Sub SetAstToNull
If strEname = "*" Then strEname =""
If strEfname = "*" Then strEfname =""
If strJfname = "*" Then strJfname =""
If strJname = "*" Then strJname =""
if strgroup = "*" Then strgroup = ""
End Sub
'===========================================================
' 儐乕僓傪僌儖乕僾偵追加 or 僌儖乕僾偐傜删除
'===========================================================
Sub AddOrRemU(sgroup, objsusr, AOR)
on error resume next
dim objgroup
Set objgroup = GetObject("LDAP://" & DNBname & "/CN=" & sgroup & ",CN=users," & BDE)
if err then '僌儖乕僾偑柍偄応崌
wscript.echo sgroup & "没有登录"
gf=0
err.clear
else
if AOR = 1 then '追加
objgroup.Add objsusr.ADsPath
gf=1
else '删除
objgroup.Remove objsusr.ADsPath
end if
end if
set objgroup = nothing
End Sub
'===========================================================
' 僨傿儗僋僩儕偺傾僋僙僗尃愝掕
'===========================================================
Sub AddEAce(asd, acnt, acsmk, acsfl, acsty)
dim aace, adacl
Set adacl = asd.DiscretionaryAcl
Set aace = CreateObject("AccessControlEntry")
aace.trustee = acnt '傾僋僙僗尃傪愝掕偡傞傾僇僂儞僩
aace.accessmask = acsmk '傾僋僙僗尃
aace.aceflags = acsfl '傾僋僙僗尃揔梡愭
aace.acetype = acsty '傾僋僙僗尃僞僀僾
adacl.addace aace
asd.DiscretionaryAcl = adacl
End Sub
'===========================================================
' 僨傿儗僋僩儕偺傾僋僙僗尃删除
'===========================================================
Sub DelEAce(ssd, sAdel)
dim dacl, ace
Set dacl = ssd.DiscretionaryAcl
for each ace in dacl
if(ace.trustee = sAdel) then
dacl.RemoveAce ace
end if
next
ssd.DiscretionaryAcl = dacl
End Sub
'===========================================================
' 嫟桳愝掕
'===========================================================
Sub ShareFolder(strshdes, strshname, strshpath)
dim objls, objsh
Set objls = GetObject("WinNT://" & pcname & "/LanmanServer")
Set objsh = objls.Create("FileShare", strshname)
objsh.Path = strshpath '嫟桳愭
objsh.MaxUserCount = -1 '傾僋僙僗儐乕僓悢
objsh.Description = strshdes '嫟桳愢柧
objsh.SetInfo
Set objsh = nothing
Set objls = nothing
End Sub
'===========================================================
' 僔儑乕僩僇僢僩制作
'===========================================================
Sub CreateSC(strlnk, strsctar)
dim objcsc
Set objcsc = objws.CreateShortcut(strlnk & ".lnk")
objcsc.TargetPath = strsctar '僞乕僎僢僩僷僗
objcsc.save
Set objcsc = nothing
End Sub
'===========================================================
' 僔儑乕僩僇僢僩柤曄峏
'===========================================================
Sub ChSCname(strsdpath, strscname)
dim objsf, colsc, strsc, objscf, objsc
Set objsf = objfs.GetFolder(strsdpath)
Set colsc = objsf.Files
for each strsc in colsc
Set objscf = objfs.GetFile(strsc)
Set objsc = objws.CreateShortcut(strsc)
if objsc.TargetPath = strhd & "\" & strUser then
objscf.name = strscname
end if
next
Set objsf = nothing
Set colsc = nothing
Set objscf = nothing
Set objsc = nothing
End Sub
WEB架构
安全监控体系
集群架构
