' author: Denis Braun, Raynet GmbH ' date: 14.06.2021 ' description: IIS Configuration for RVSE ' NOTE: In case you will not provide the certificate hash the certificate needs to be set manually for the created https binding !! ' ' 1. Use script to install IIS WITH '-IIS' parameter ' ' 2. Install following required modules manually in case you want to configure IIS with 'rewrite' option 'Application Request Routing ' --> https://www.iis.net/downloads/microsoft/application-request-routing ' ' URL Rewrite ' --> https://www.iis.net/downloads/microsoft/url-rewrite ' ' 3. Use script to configure IIS WITH '-direct' or '-rewrite' parameter OPTION EXPLICIT ' variable Dim rvHttpsServiceName, rvProgramDataPath, rvRewriteDestination Dim warehousePath, webSiteName, protocol, port, certhash ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ' configuration data rvHttpsServiceName = "RayVentoryHttpUploadService" 'default given by RVSE installation rvProgramDataPath = "C:\ProgramData\Raynet\RayVentoryPortal\Results\" 'default given by RVSE installation rvRewriteDestination = "http://localhost:591/{R:1}" 'default rewrite destination warehousePath = "C:\RayVentory" webSiteName = "RayVentory" protocol = "http" '- https | http port = "88" certhash = "" ' (optional) ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Dim objArguments Set objArguments = WScript.Arguments If (objArguments.Count = 0) Then LogMessage "It seems you need help, use -help :) :) :)" Elseif (objArguments.Count = 1 AND objArguments(0) ="-help") OR (objArguments.Count = 1 AND objArguments(0) ="-h") Then LogMessage "Provide one of folloing Arguments" LogMessage "-IIS -> to install IIS" LogMessage "-direct -> to replace the https service" LogMessage "-rewrite -> to rewrite the request from iis to https service" LogMessage "-undo -> to remove IIS web site and connected directories" Elseif objArguments.Count = 1 AND objArguments(0) = "-IIS" Then IIS_Install Elseif objArguments.Count = 1 AND objArguments(0) = "-direct" Then LogMessage "Do direct configuration" DISABLE_RVSE_Service rvHttpsServiceName DIRECTORY_Create warehousePath, rvProgramDataPath IIS_Permissons warehousePath, rvProgramDataPath IIS_Configuration warehousePath, webSiteName, protocol, port, certhash, rvProgramDataPath, "" Elseif objArguments.Count = 1 AND objArguments(0) = "-undo" Then ' undo configuration LogMessage "Undo configuration" IIS_ConfigurationUndo warehousePath, webSiteName Elseif objArguments.Count = 1 AND objArguments(0) = "-rewrite" Then LogMessage "Do rewrite configuration" DIRECTORY_Create warehousePath, rvProgramDataPath IIS_Permissons warehousePath, rvProgramDataPath IIS_Configuration warehousePath, webSiteName, protocol, port, certhash, rvProgramDataPath, rvRewriteDestination Else LogMessage "It seems you need help, use -help :) :) :)" End if ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Function DISABLE_RVSE_Service (ByVal serviceName) ' variable Dim strProcessCMD, strParam strProcessCMD = "" ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ' Step 1 - STOP Service strParam = "cmd.exe /C net stop " & serviceName ExecuteProcess strProcessCMD, strParam ' Step 2 - DISABLE Service strParam = "cmd.exe /C sc config " & serviceName & " start=disabled" ExecuteProcess strProcessCMD, strParam End Function Function IIS_Install () ' variable Dim strProcessCMD, strParam strProcessCMD = "" Dim oFSO Set oFSO = CreateObject("Scripting.FileSystemObject") ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ' Step 1 - IIS Install strParam = "cmd /C Dism.exe /enable-feature /online /FeatureName:IIS-StaticContent /featureName:IIS-WebServerRole /featureName:IIS-WebServer /featureName:IIS-CommonHttpFeatures /featureName:IIS-ApplicationDevelopment /featureName:IIS-CGI /featureName:IIS-Security /FeatureName:IIS-ASPNET /FeatureName:IIS-BasicAuthentication /featureName:IIS-WindowsAuthentication /featureName:IIS-Performance /featureName:IIS-HttpCompressionDynamic /FeatureName:IIS-HttpCompressionStatic /featureName:IIS-Metabase /featureName:IIS-LegacyScripts /featureName:IIS-WMICompatibility /FeatureName:IIS-DefaultDocument /FeatureName:IIS-DirectoryBrowsing /FeatureName:IIS-NetFxExtensibility /FeatureName:IIS-ISAPIExtensions /FeatureName:IIS-ISAPIFilter /FeatureName:IIS-RequestFiltering /FeatureName:IIS-ManagementConsole /featureName:IIS-IIS6ManagementCompatibility /FeatureName:IIS-WMICompatibility /FeatureName:IIS-Metabase /featureName:IIS-WebDAV" ExecuteProcess strProcessCMD, strParam End Function Function DIRECTORY_Create (ByVal warehousePath, ByVal rvProgramDataPath) ' variable Dim fso, path Set fso = CreateObject("Scripting.FileSystemObject") ' Step 1 - Create Directory if (not fso.FolderExists(warehousePath)) then LogMessage "Create Folder: " & warehousePath fso.CreateFolder(warehousePath) end if path = warehousePath & "\Incoming" if (not fso.FolderExists(path)) then LogMessage "Create Folder: " & path fso.CreateFolder(path) end if path = rvProgramDataPath & "RemoteExecution" if (not fso.FolderExists(path)) then LogMessage "Create Folder: " & path fso.CreateFolder(path) end if path = rvProgramDataPath & "rviaconfig" if (not fso.FolderExists(path)) then LogMessage "Create Folder: " & path fso.CreateFolder(path) end if End Function Function IIS_Permissons (ByVal warehousePath, ByVal rvProgramDataPath) ' variable Dim strProcessCMD, strProcessAPPCMD, strParam, targetDirectory, appPool strProcessCMD = "" Dim oFSO Set oFSO = CreateObject("Scripting.FileSystemObject") '::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ' Step 1 - Set Permissons warehousePath ' with default permissons 'Name: Administrators - SID: S-1-5-32-544 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-32-544:(OI)(CI)F /T" ExecuteProcess strProcessCMD, strParam 'Name: Local System - SID: S-1-5-18 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-18:(OI)(CI)F /T" ExecuteProcess strProcessCMD, strParam 'Name: IIS_IUSRS - SID: S-1-5-32-568 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-32-568:(OI)(CI)RX /T" ExecuteProcess strProcessCMD, strParam 'inheritance strParam = "icacls.exe """ & warehousePath & """ /inheritance:r /T" ExecuteProcess strProcessCMD, strParam ' Step 2 - Set Permissons rvProgramDataPath\RemoteExecution warehousePath = rvProgramDataPath & "RemoteExecution" ' with default permissons 'Name: Administrators - SID: S-1-5-32-544 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-32-544:(OI)(CI)F /T" ExecuteProcess strProcessCMD, strParam 'Name: Local System - SID: S-1-5-18 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-18:(OI)(CI)F /T" ExecuteProcess strProcessCMD, strParam 'Name: IIS_IUSRS - SID: S-1-5-32-568 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-32-568:(OI)(CI)RX /T" ExecuteProcess strProcessCMD, strParam ' Step 3 - Set Permissons rvProgramDataPath\rviaconfig warehousePath = rvProgramDataPath & "rviaconfig" ' with default permissons 'Name: Administrators - SID: S-1-5-32-544 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-32-544:(OI)(CI)F /T" ExecuteProcess strProcessCMD, strParam 'Name: Local System - SID: S-1-5-18 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-18:(OI)(CI)F /T" ExecuteProcess strProcessCMD, strParam 'Name: IIS_IUSRS - SID: S-1-5-32-568 strParam = "icacls.exe """ & warehousePath & """ /grant *S-1-5-32-568:(OI)(CI)RX /T" ExecuteProcess strProcessCMD, strParam End Function Function IIS_Configuration (ByVal warehousePath, ByVal webSiteName, ByVal protocol, ByVal port, ByVal certhash, ByVal rvProgramDataPath, ByVal rvRewriteDestination) ' variable Dim strProcessCMD, strProcessAPPCMD, strParam, targetDirectory, path, appPool, requireSsl strProcessCMD = "" strProcessAPPCMD = "%windir%\system32\inetsrv\appcmd.exe" If Right(warehousePath,1) <> "\" Then warehousePath = warehousePath & "\" End If If isSiteExisting(webSiteName) Then LogMessage "ERROR - Website " & webSiteName & " is already existing. Can not setup IIS Configuration for distribution server lite." IIS_Configuration = 3 Exit Function End If '### Website creation ' Create and populate web site directory:- Dim oFSO Set oFSO = CreateObject("Scripting.FileSystemObject") ' Create a new folder targetDirectory = "C:\inetpub\wwwroot_" & webSiteName LogMessage "Create Folder: " & targetDirectory oFSO.CreateFolder(targetDirectory) ' Set permissons 'Name: IIS_IUSRS - SID: S-1-5-32-568 strParam = "icacls.exe """ & targetDirectory & """ /grant *S-1-5-32-568:(OI)(CI)RX /T" ExecuteProcess strProcessCMD, strParam ' for following actions required targetDirectory = targetDirectory & "\" path = "C:\inetpub\wwwroot\iisstart.htm" If (oFSO.FileExists(path)) Then oFSO.CopyFile path, targetDirectory End If ' IIS 7.5 path= "C:\inetpub\wwwroot\welcome.png" If (oFSO.FileExists(path)) Then oFSO.CopyFile path, targetDirectory End If ' IIS 8.5 path = "C:\inetpub\wwwroot\iis-85.png" If (oFSO.FileExists(path)) Then oFSO.CopyFile path, targetDirectory End If ' Create website with application pool & enable WebDAV:- appPool = webSiteName & "AppPool" ' Creates and configures the %appPool% application pool with specific account & 32bit support: strParam = "add APPPOOL /name:""" & appPool & """ -enable32BitAppOnWin64:true -managedRuntimeVersion:v4.0 -managedPipelineMode:Integrated /commit:apphost" ExecuteProcess strProcessAPPCMD, strParam ' Creates the custom website web site with port and ID99: If protocol = "http" Then strParam = "add SITE /name:""" & webSiteName & """ /id:99 /bindings:http/*:"& port &": /physicalPath:"& targetDirectory &"" ExecuteProcess strProcessAPPCMD, strParam ElseIf protocol = "https" Then strParam = "add SITE /name:""" & webSiteName & """ /id:99 /bindings:https/*:"& port &": /physicalPath:"& targetDirectory &"" ExecuteProcess strProcessAPPCMD, strParam If isBlank(certhash) <> True Then strParam = "netsh http add sslcert ipport=0.0.0.0:"& port &" certstorename=my certhash=" & certhash & " appid={4dc3e182-e14b-4a21-b011-59fc669b0914}" ' NOTE: appid is a random GUID -> using netsh http show sslcert you will see the assignment ExecuteProcess strProcessCMD, strParam End If End If ' Associates the application pool to the web sites application: strParam = "set app /app.name:""" & webSiteName & "/"" /applicationPool:""" & appPool & """" ExecuteProcess strProcessAPPCMD, strParam requireSsl = "false" If protocol = "https" Then requireSsl = "true" End If ' Enable WebDAV against the web site: strParam = "set config """ & webSiteName & "/"" /section:system.webServer/webdav/authoring /enabled:true /requireSsl:" & requireSsl & " /commit:apphost" ExecuteProcess strProcessAPPCMD, strParam ' Enable double escaping characters against the web site: strParam = "set config """ & webSiteName & "/"" /section:system.webServer/security/requestFiltering /allowDoubleEscaping:true /fileExtensions.applyToWebDAV:true /hiddensegments.applyToWebDAV:true /verbs.applyToWebDAV:true" ExecuteProcess strProcessAPPCMD, strParam ' Enable page compression against the web site: strParam = "set config """ & webSiteName & "/"" -section:system.webServer/urlCompression /doStaticCompression:True /doDynamicCompression:True /dynamicCompressionBeforeCache:True" ExecuteProcess strProcessAPPCMD, strParam ' unlocking strParam = "unlock config """ & webSiteName & """ -section:system.webServer/handlers /commit:apphost" ExecuteProcess strProcessAPPCMD, strParam strParam = "unlock config """ & webSiteName & """ -section:system.webServer/directoryBrowse /commit:apphost" ExecuteProcess strProcessAPPCMD, strParam strParam = "unlock config """ & webSiteName & """ -section:system.webServer/security/authentication/basicAuthentication /commit:apphost" ExecuteProcess strProcessAPPCMD, strParam strParam = "unlock config """ & webSiteName & """ -section:system.webServer/security/authentication/anonymousAuthentication /commit:apphost" ExecuteProcess strProcessAPPCMD, strParam strParam = "unlock config """ & webSiteName & """ -section:system.webServer/security/authentication/windowsAuthentication /commit:apphost" ExecuteProcess strProcessAPPCMD, strParam '## virutal directory creation Dim adminManager, authoringRulesSection, authoringRulesCollection, staticContentSection, staticContentCollection, addElement, mimeMapElement, rviaconfigName, RayVentoryRLName, rewriteRulesSection, basicAuthenticationElement, anonymousAuthenticationElement, windowsAuthentication rviaconfigName = "rviaconfig" RayVentoryRLName = webSiteName & "RL" Set adminManager = createObject("Microsoft.ApplicationHost.WritableAdminManager") adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST" ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: '## Rewrite Rule Configuration on Web Site If rvRewriteDestination <> "" Then 'Enable Proxy Dim proxy Set proxy = adminManager.GetAdminSection("system.webServer/proxy", "MACHINE/WEBROOT/APPHOST") proxy.Properties.Item("enabled").Value = True adminManager.CommitChanges() 'Create Rewrite Rule Dim rewriteRulesSectionCollaction, ruleElement, ruleElementCollaction, matchElement, actionElement, rewriteRulesCondition, rewriteRulesConditionCollcation, condition LogMessage "Enable rewrite - " & RayVentoryRLName Set rewriteRulesSection = adminManager.GetAdminSection("system.webServer/rewrite/rules", "MACHINE/WEBROOT/APPHOST/" & websiteName) Set rewriteRulesSectionCollaction = rewriteRulesSection.Collection Set ruleElement = rewriteRulesSectionCollaction.CreateNewElement("rule") ruleElement.Properties.Item("name").Value = "RewriteToHTTPsService" ruleElement.Properties.Item("stopProcessing").Value = True rewriteRulesSectionCollaction.AddElement(ruleElement) Set matchElement = ruleElement.ChildElements.Item("match") matchElement.Properties.Item("url").Value = "(.*)" Set actionElement = ruleElement.ChildElements.Item("action") actionElement.Properties.Item("url").Value = rvRewriteDestination actionElement.Properties.Item("type").Value = "Rewrite" actionElement.Properties.Item("logRewrittenUrl").Value = False Set rewriteRulesCondition = ruleElement.ChildElements.Item("conditions") rewriteRulesCondition.Properties.Item("logicalGrouping").Value = "MatchAny" Set rewriteRulesConditionCollcation = rewriteRulesCondition.Collection Set condition = rewriteRulesConditionCollcation.CreateNewElement("add") condition.Properties.Item("input").Value = "{CACHE_URL}" condition.Properties.Item("pattern").Value = "^(https?)://" rewriteRulesConditionCollcation.AddElement(condition) adminManager.CommitChanges() ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Else ' creation of rviaconfig strParam = "add vdir /app.name:""" & webSiteName & "/"" /path:/" & rviaconfigName & " /physicalPath:" & rvProgramDataPath & "rviaconfig" ExecuteProcess strProcessAPPCMD, strParam ' creation of RL strParam = "add vdir /app.name:""" & webSiteName & "/"" /path:/" & RayVentoryRLName & " /physicalPath:" & warehousePath & "Incoming" ExecuteProcess strProcessAPPCMD, strParam ' creation of RL/Inventories strParam = "add vdir /app.name:""" & webSiteName & "/"" /path:/" & RayVentoryRLName & "/Inventories /physicalPath:" & rvProgramDataPath & "RemoteExecution" ExecuteProcess strProcessAPPCMD, strParam ' add authoring rule in WebDav - rviaconfig LogMessage "Add authoring rule in WebDav - " & rviaconfigName Set authoringRulesSection = adminManager.GetAdminSection("system.webServer/webdav/authoringRules", "MACHINE/WEBROOT/APPHOST/" & websiteName & "/" & rviaconfigName) authoringRulesSection.Properties.Item("allowNonMimeMapFiles").Value = True Set authoringRulesCollection = authoringRulesSection.Collection Set addElement = authoringRulesCollection.CreateNewElement("add") addElement.Properties.Item("users").Value = "*" addElement.Properties.Item("path").Value = "*" addElement.Properties.Item("access").Value = "Read, Write" authoringRulesCollection.AddElement(addElement) LogMessage "Add mimeMap fileExtension .cfg with application/octet-stream - " & rviaconfigName Set staticContentSection = adminManager.GetAdminSection("system.webServer/staticContent", "MACHINE/WEBROOT/APPHOST/" & websiteName & "/" & rviaconfigName) Set staticContentCollection = staticContentSection.Collection Set mimeMapElement = staticContentCollection.CreateNewElement("mimeMap") mimeMapElement.Properties.Item("fileExtension").Value = ".cfg" mimeMapElement.Properties.Item("mimeType").Value = "application/octet-stream" staticContentCollection.AddElement(mimeMapElement) adminManager.CommitChanges() ' add authoring rule in WebDav - RL LogMessage "Add authoring rule in WebDav - " & RayVentoryRLName Set adminManager = createObject("Microsoft.ApplicationHost.WritableAdminManager") adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST" Set authoringRulesSection = adminManager.GetAdminSection("system.webServer/webdav/authoringRules", "MACHINE/WEBROOT/APPHOST/" & websiteName & "/" & RayVentoryRLName) authoringRulesSection.Properties.Item("allowNonMimeMapFiles").Value = True Set authoringRulesCollection = authoringRulesSection.Collection Set addElement = authoringRulesCollection.CreateNewElement("add") addElement.Properties.Item("users").Value = "*" addElement.Properties.Item("path").Value = "*" addElement.Properties.Item("access").Value = "Read, Write" authoringRulesCollection.AddElement(addElement) adminManager.CommitChanges() LogMessage "Enable BasicAuthentication only - " & RayVentoryRLName Set basicAuthenticationElement = adminManager.GetAdminSection("system.webServer/security/authentication/basicAuthentication", "MACHINE/WEBROOT/APPHOST/" & websiteName & "/" & RayVentoryRLName) basicAuthenticationElement.Properties.Item("enabled").Value = True Set anonymousAuthenticationElement = adminManager.GetAdminSection("system.webServer/security/authentication/anonymousAuthentication", "MACHINE/WEBROOT/APPHOST/" & websiteName & "/" & RayVentoryRLName) anonymousAuthenticationElement.Properties.Item("enabled").Value = False Set windowsAuthentication = adminManager.GetAdminSection("system.webServer/security/authentication/windowsAuthentication", "MACHINE/WEBROOT/APPHOST/" & websiteName & "/" & RayVentoryRLName) windowsAuthentication.Properties.Item("enabled").Value = False End If End Function Function IIS_ConfigurationUndo (ByVal warehousePath, ByVal webSiteName) ' variable Dim strProcessCMD, strProcessAPPCMD, strParam, targetDirectory, appPool strProcessCMD = "" strProcessAPPCMD = "%windir%\system32\inetsrv\appcmd.exe" Dim oFSO Set oFSO = CreateObject("Scripting.FileSystemObject") ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: If isSiteExisting(webSiteName) = False Then LogMessage "Website " & webSiteName & " does not exist. Nothing to do!" Exit Function End If ' Step 1 - Remove web site strParam = "delete SITE """ & webSiteName & """" ExecuteProcess strProcessAPPCMD, strParam ' Step 2 - Remove application pool appPool = webSiteName & "AppPool" ' Delete appPool strParam = "delete APPPOOL """ & appPool & """" ExecuteProcess strProcessAPPCMD, strParam ' Step 3 - Cleanup Folder targetDirectory = "C:\inetpub\wwwroot_" & webSiteName LogMessage "Delete Folder: " & targetDirectory oFSO.DeleteFolder targetDirectory If Right(warehousePath,1) = "\" Then warehousePath = Left(warehousePath, Len(warehousePath) - 1) End If LogMessage "Delete Folder: " & warehousePath oFSO.DeleteFolder warehousePath End Function ':::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Function ExecuteProcess (p_Process, p_Param) Dim rc Dim strCommand Dim objShell Dim objEnv ' Executing Set objShell = CreateObject("WScript.Shell") Set objEnv = objShell.Environment("PROCESS") If isBlank(p_Process) Then strCommand = p_Param Else strCommand = """" & p_Process & """" & " " & p_Param End If objEnv("SEE_MASK_NOZONECHECKS") = 1 LogMessage "Executing: " & strCommand rc = objShell.Run(strCommand, 0, True) LogMessage "Finish with exit code: " & rc ExecuteProcess = rc objEnv.Remove("SEE_MASK_NOZONECHECKS") Set rc = Nothing Set objShell = Nothing Set objEnv = Nothing End Function 'functions 'returns True if Empty or NULL or Zero Function isBlank(p_Value) If IsEmpty(p_Value) or IsNull(p_Value) Then isBlank = True ElseIf VarType(p_Value) = vbString Then If p_Value = "" Then isBlank = True End If ElseIf IsObject(p_Value) Then If p_Value Is Nothing Then isBlank = True End If ElseIf IsNumeric(p_Value) Then If p_Value = 0 Then 'wscript.echo " Zero p_Value found" isBlank = True End If Else isBlank = False End If End Function ' checks whether the given web site is existing in IIS Function isSiteExisting(p_webSiteName) DIM CRLF, TAB DIM objWebService, IIsObjectPath TAB = CHR( 9 ) CRLF = CHR( 13 ) & CHR( 10 ) isSiteExisting = False If isBlank(p_webSiteName) Then isSiteExisting = False Else IIsObjectPath = "IIS://localhost/W3SVC" Set objWebService = GetObject(IIsObjectPath) Dim objWebServer, strBindings For Each objWebServer IN objWebService If objWebserver.Class = "IIsWebServer" Then 'LogEvent "Site ID = " & objWebserver.Name & CRLF & _ '"Comment = " & objWebServer.ServerComment If objWebserver.ServerComment = p_webSiteName Then LogMessage "Matching found: " & p_webSiteName isSiteExisting = True Exit Function End If End If Next End If End Function Function DeleteLocalGroup(strLGroupName) DIM strComputer, colAccounts LogMessage "DeleteLocalGroup: " & strLGroupName strComputer = GetComputerName() Set colAccounts = GetObject("WinNT://" & strComputer & "") colAccounts.Delete "group", strLGroupName End Function Function GetComputerName() DIM WSHNetwork, strComputerName Set WSHNetwork = CreateObject("WScript.Network") strComputerName = wshNetwork.ComputerName GetComputerName = strComputerName End Function Sub LogMessage(msg) Wscript.Echo msg End Sub Function isUserExisting (strLUserName) DIM strComputer, ousers, User LogMessage "isUserExisting: " & strLUserName strComputer = GetComputerName() set ousers = getobject("WinNT://" & strComputer) ousers.Filter = Array("user") For Each User In ousers If lcase(User.Name) = lcase(strLUserName) Then LogMessage "User found" isUserExisting=True Exit Function End If Next LogMessage "User not found" isUserExisting=False End Function Function isGroupExisting (strLGroupName) DIM strComputer, ogroups, ogroup LogMessage "isGroupExisting: " & strLGroupName strComputer = GetComputerName() set ogroups = getobject("WinNT://" & strComputer) ogroups.Filter = Array("group") For Each ogroup In ogroups If lcase(ogroup.Name) = lcase(strLGroupName) Then LogMessage "Group found" isGroupExisting=True Exit Function End If Next LogMessage "Group not found" isGroupExisting=False End Function Function CreateLocalGroup(strLGroupName) DIM strComputer, colAccounts, objUser LogMessage "CreateLocalGroup: " & strLGroupName strComputer = GetComputerName() Set colAccounts = GetObject("WinNT://" & strComputer & "") Set objUser = colAccounts.Create("group", strLGroupName) objUser.SetInfo End Function Function CreateLocalUser(strLUserName, strLUserPW) CONST ADS_UF_DONT_EXPIRE_PASSWD = &h10000 DIM strComputer, colAccounts, objUser LogMessage "CreateLocalUser: " & strLUserName strComputer = GetComputerName() Set colAccounts = GetObject("WinNT://" & strComputer & "") Set objUser = colAccounts.Create("user", strLUserName) 'Set password objUser.SetPassword strLUserPW 'Set the "Password never expires" 'intFlags = objUser.GET("UserFlags") 'intFlags = intFlags OR ADS_UF_DONT_EXPIRE_PASSWD 'objUser.Put "userFlags", intFlags objUser.SetInfo End Function Function AddUserToGroup(strLUserName, strLGroupName) DIM strComputer, objUser, objGroup LogMessage "AddUserToGroup: -User " & strLUserName & " -Group " & strLGroupName strComputer = GetComputerName() Set objUser = GetObject("WinNT://" & strComputer & "/" & strLUserName & ",user") Set objGroup = GetObject("WinNT://" & strComputer & "/" & strLGroupName & ",group") If (objGroup.IsMember(objUser.ADsPath) = False) Then objGroup.Add(objUser.ADsPath) End If End Function Sub LogMessage(msg) Wscript.Echo msg End Sub