Skip to main content

How to restore permissions in the web folders - script restore permissions webfolders.vbs (old)



How to restore permissions in the web folders - script
restore permissions webfolders.vbs





'-------------------------------------------------------------
' Domains Folders Permissions Rebuild Script
' ============================================================
' Re-adds the permissions for the IIS anonymous users to the
' domains folders
' ------------------------------------------------------------
' Copyright © 2004 Andrew Taylor
' ------------------------------------------------------------
' Usage: Save this script as a .vbs file and run:
'        cscript.exe "c:\PermissionsRebuild.vbs"
' ------------------------------------------------------------
' Enquiries to andy@4dhosting.com
' I disclaim all responsibility for results of this script
' which is run at your own risk
'-------------------------------------------------------------

'-------------------------------------------------------------
' Configuration variables
'-------------------------------------------------------------

Const strDBServer = "localhost"
Const strDBName = "HelmDb"
Const strDBUser = "sa"
Const strDBPassword = "password"

Const strDomains = "c:\domains\"

Const strLogFile = "c:\PermissionsRebuild.log"

Const strAppPath = "c:\SetACL\SetACL.exe"

'-------------------------------------------------------------
' Do not edit below here
'-------------------------------------------------------------

ERR_NTFS_USER_LOOK_UP_FAILED = 1
ERR_NTFS_CANT_SET_SECURITY_DESCRIPTOR = 2
ERR_CMD_EXECUTION_FAILED = 3

GENERIC_DELETE = &H10000
ADS_RIGHT_READ_CONTROL = &H20000
ADS_RIGHT_WRITE_DAC = &H40000
ADS_RIGHT_WRITE_OWNER = &H80000
ADS_RIGHT_SYNCHRONIZE = &H100000
ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &H1000000
GENERIC_READ = &H80000000
GENERIC_WRITE = &H40000000
GENERIC_EXECUTE = &H20000000
GENERIC_ALL = &H10000000
ADS_RIGHT_DS_CREATE_CHILD = &H1
ADS_RIGHT_DS_DELETE_CHILD = &H2
ADS_RIGHT_ACTRL_DS_LIST = &H4
ADS_RIGHT_DS_SELF = &H8
ADS_RIGHT_DS_READ_PROP = &H10
ADS_RIGHT_DS_WRITE_PROP = &H20
ADS_RIGHT_DS_DELETE_TREE = &H40
ADS_RIGHT_DS_LIST_OBJECT = &H80
ADS_RIGHT_DS_CONTROL_ACCESS = &H100

COMMON_ADD = &H1201B6
COMMON_ADD_READ = &H1201BF
COMMON_READ = &H1200A9
COMMON_CHANGE = &H1301BF
COMMON_FULL_CONTROL = GENERIC_ALL
COMMON_ALL = &H1F01FF

NO_INHERITANCE = &H0
ALL_INHERIT_ACE = &H3

OBJECT_INHERIT_ACE = &H1
CONTAINER_INHERIT_ACE = &H2
NO_PROPAGATE_INHERIT_ACE = &H4
INHERIT_ONLY_ACE = &H8
INHERITED_ACE = &H10
VALID_INHERIT_FLAGS = &H1F

SET_ACCESS = 1
SET_DENY = 0

' setup connection to the database
Set db = CreateObject("ADODB.Connection")
strConn = "Provider=SQLOLEDB;Server=" & strDBServer & ";Database=" & strDBName & ";user ID=" & strDBUser & ";password=" & strDBPassword & ";"
db.Open strConn

' setup log file
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oFile = oFSO.CreateTextFile(strLogFile, true)

Set oFolder = oFSO.GetFolder(strDomains)

' go through each object in IIS
For Each oSubFolder in oFolder.SubFolders

   ' get domain and current anon user details
   strDomain = oSubFolder.Name

   ' log these details
   LogEvent "[+] Web Site: " & strDomain

   strNewUsername = GetAnonUser(strDomain)
   strNewPassword = GetAnonPassword(strDomain)

   ' if both username and password are present
   If strNewUsername <> "" And strNewPassword <> "" Then

      ' log these details
      LogEvent "  [-] Username: " & strNewUsername
      LogEvent "  [-] Password: " & strNewPassword

      ' if the anon user does not exist, create it
      If Not DoesUserExist(strNewUsername) Then
         LogEvent "  [-] Creating user"
         CreateUser strNewUsername, strNewPassword
      Else
         LogEvent "  [-] Resetting user password"
         SetPassword strNewUsername, strNewPassword
      End If

      LogEvent "  [-] Setting anonymous user details"
     
      strResult = SetFolderPermissions(SET_ACCESS, strServerName, strNewUsername, oSubFolder.Path, COMMON_CHANGE, ALL_INHERIT_ACE)
  
      If strResult <> "" Then

         ' log error
         LogEvent "  [!] Error updating permissions"

      Else

         ' log completion
         LogEvent "  [=] Details updated"

      End If

   Else

      LogEvent "  [=] Non-Helm site"

   End If

Next


' clear objects
Set oFolder = Nothing
Set rsDomains = Nothing

' close database
db.Close
Set db = Nothing

' get computer name
Function GetComputer()

   Set objNet = WScript.CreateObject("WScript.Network")
   GetComputer = objNet.ComputerName
   Set objNet = Nothing

End Function

' create new user with correct parameters
Sub CreateUser(strUserName, strPassword)

   strGroupName = "HELMWEBUSERS"

   On Error Resume Next

   Set oDomain = GetObject("WinNT://" & GetComputer())
   Set oUser = oDomain.Create("user", strUserName)
   oUser.SetPassword strPassword
   oUser.FullName = strUserName
   oUser.SetInfo

   strFlags = oUser.Get("UserFlags")

   oUser.Put "UserFlags", strFlags OR &H00040
   oUser.Put "UserFlags", strFlags OR &H10000

   oUser.SetInfo

   Set oGroup = oDomain.GetObject("Group", strGroupName)
   oGroup.Add "WinNT://" & GetComputer() & "/" & strUserName
   Set oGroup=Nothing

   If Err.Number = 0 Then
      CreateUser = True
   Else
      CreateUser = False
   End If

   Set oUser = Nothing
   Set oDomain = Nothing

   Err.Clear

End Sub

' determine if the user already exists
Function DoesUserExist(strUserName)

   On Error Resume Next

   Set oUser = GetObject("WinNT://" & GetComputer() & "/" & strUserName)

   If Err.Number = 0 Then
      DoesUserExist = True
   Else
      DoesUserExist = False
   End If

   Err.Clear

End Function

' resets the user's password
Function SetPassword(strUserName, strPassword)

   Set oUser = GetObject("WinNT://" & GetComputer() & "/" & strUserName)
   oUser.SetPassword strPassword
   oUser.SetInfo

   If Err.Number = 0 Then
      SetPassword = True
   Else
      SetPassword = False
   End If

   Err.Clear

End Function

' log events to screen and file
Sub LogEvent(strLog)

   oFile.WriteLine strLog
   WScript.Echo strLog

End Sub

' gets the domains anon username
Function GetAnonUser(strDomain)

   intDomainId = GetDomainId(strDomain)

   Set rsUsername = CreateObject("ADODB.Recordset")
   strSQL = "SELECT HostDomainProperty.PropertyValue FROM HostDomainProperty INNER JOIN HostDomain ON HostDomain.DomainId = HostDomainProperty.DomainId WHERE HostDomainProperty.PropertyName = 'AnonUser' AND HostDomain.DomainId=" & intDomainId & ";"
   rsUsername.Open strSQL, db

   If Not rsUsername.EOF Then
      GetAnonUser = rsUsername("PropertyValue")
   Else
      GetAnonUser = ""
   End If

   rsUsername.Close
   Set rsUsername = Nothing

End Function

' gets the domains anon password
Function GetAnonPassword(strDomain)

   intDomainId = GetDomainId(strDomain)

   Set rsPassword = CreateObject("ADODB.Recordset")
   strSQL = "SELECT HostDomainProperty.PropertyValue FROM HostDomainProperty INNER JOIN HostDomain ON HostDomain.DomainId = HostDomainProperty.DomainId WHERE HostDomainProperty.PropertyName = 'AnonPassword' AND HostDomain.DomainId=" & intDomainId & ";"
   rsPassword.Open strSQL, db

   If Not rsPassword.EOF Then
      GetAnonPassword = rsPassword("PropertyValue")
   Else
      GetAnonPassword = ""
   End If

   rsPassword.Close
   Set rsPassword = Nothing

End Function

' gets the domain ID from the name
Function GetDomainId(strDomain)

   Set rsDomain = CreateObject("ADODB.Recordset")
   strSQL = "SELECT * FROM HostDomain WHERE DomainName='" & strDomain & "';"
   'LogEvent strSQL
   rsDomain.Open strSQL, db

   If Not rsDomain.EOF Then
      intDomainId = CLng(rsDomain("DomainId"))
   Else

      intPtr = InStr(strDomain, ".")

      If intPtr > 0 Then
         strDomain = Mid(strDomain, intPtr + 1)
         intDomainId = GetDomainId(strDomain)
      Else
         intDomainId = 0
      End If

   End If

   rsDomain.Close
   Set rsDomain = Nothing

   GetDomainId = intDomainId

End Function

Function SetFolderPermissions(strAccessType, strTrusteeDomain, strTrusteeUsername, strFileName, strFileMask, strFileInheritance)
  
    On Error Resume Next
  
    Dim strCMD
    Dim cmdErrorCode
  
    If Right(strFileName, 1) = "\" Then strFileName = Left(strFileName, Len(strFileName) - 1)
  
    strCMD = """" & strAppPath & """ -on """ & strFileName & """ -ot file -actn ace -ace """
  
    strCMD = strCMD & "n:" & strTrusteeDomain & "\" & strTrusteeUsername
  
    Select Case strFileMask
        Case COMMON_ADD, COMMON_ADD_READ
            strCMD = strCMD & ";p:add_file"
        Case COMMON_READ, GENERIC_READ
            strCMD = strCMD & ";p:read"
        Case COMMON_CHANGE
            strCMD = strCMD & ";p:change"
        Case COMMON_FULL_CONTROL, COMMON_ALL, GENERIC_ALL
            strCMD = strCMD & ";p:full"
        Case GENERIC_DELETE
            strCMD = strCMD & ";p:delete"
        Case ADS_RIGHT_READ_CONTROL
            strCMD = strCMD & ";p:read_dacl"
        Case ADS_RIGHT_WRITE_DAC
            strCMD = strCMD & ";p:write_dacl"
        Case ADS_RIGHT_WRITE_OWNER
            strCMD = strCMD & ";p:write_owner"
        Case GENERIC_WRITE
            strCMD = strCMD & ";p:write"
        Case GENERIC_EXECUTE
            strCMD = strCMD & ";p:read_ex"
        Case Else
            strCMD = strCMD & ";p:change"
    End Select
  
    Select Case strFileInheritance
        Case NO_INHERITANCE
            strCMD = strCMD & ";i:np"
        Case ALL_INHERIT_ACE
            strCMD = strCMD
        Case OBJECT_INHERIT_ACE
            strCMD = strCMD & ";i:so"
        Case CONTAINER_INHERIT_ACE
            strCMD = strCMD & ";i:sc"
        Case NO_PROPAGATE_INHERIT_ACE
            strCMD = strCMD & ";i:np"
        Case INHERIT_ONLY_ACE
            strCMD = strCMD & ";i:io"
        Case INHERITED_ACE
            strCMD = strCMD & ";i:io"
    End Select
  
    Select Case strAccessType
        Case SET_ACCESS
            strCMD = strCMD & ";m:set"
        Case SET_DENY
            strCMD = strCMD & ";m:deny"
    End Select
  
    strCMD = strCMD & ";w:dacl"" -silent"

    cmdErrorCode = ExecCmd(strCMD)

    If cmdErrorCode <> 0 Then Err.Raise ERR_NTFS_USER_LOOK_UP_FAILED
    If Len(cmdOutput) > 0 Then Err.Raise ERR_NTFS_CANT_SET_SECURITY_DESCRIPTOR

   If Err.Number <> 0 Then

      Select Case Err.Number
         Case ERR_NTFS_USER_LOOK_UP_FAILED
            SetFolderPermissions = "Could not set permissions for " & strTrusteeUsername
         Case ERR_NTFS_CANT_SET_SECURITY_DESCRIPTOR
            SetFolderPermissions = "Could not set permissions on " & strFileName
      End Select

      Err.Clear

   End If

End Function

Function ExecCmd(strCMD)

   On Error Resume Next

   Set objWshShell = WScript.CreateObject("WScript.Shell")
   Set objFSO = CreateObject("Scripting.FileSystemObject")

   strTempFile = objFSO.GetTempName
   strPath = objFSO.GetSpecialFolder(TemporaryFolder)
   strTempFile = strPath & "\" & strTempFile

   ExecCmd = objWshShell.Run(strCMD, 0, True)
  
   cmdOutput = objFSO.OpenTextFile(strTempFile).ReadAll
   objFSO.DeleteFile strTempFile

   Err.Clear

End Function

Comments

Post a Comment

Popular posts from this blog

2022 - Remove (the too many) Ads from Memu launcher

Simple method Download from pureapk "MEmu Launcher2" ex: MEmu Launcher2_v6.0.9_apkpure.com Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar) Longer method Install "Export Apk" Export the memu launcher2  Install purify https://github.com/echo-devim/purify/raw/master/Purify.apk use purify with the exported memu launcher 2 Install "System app remover" (root) remove from system apps the "memu launcher 2" import the "purified" MEmu Launcher2 apk with the Memu utility ("apk" on the right toolbar)      
Post a Comment
Read more

Database Collation when installing Opencart 3.x, 4.x

  To avoid several problems the database collation for opencart should be as follows: - for Opencart 4.0.1.1 and above it should be " utf8mb4_general_ci " - for Opencart 1.5.51 (Opencart  2.x, Opencart 3.x ) up to Opencart 4.0.1.0 the collation should be " utf8_general_ci " - for Opencart 1.4.1 up to Opencart 1.5.4.1 the collation should be " utf8_bin " - for Opencart <1.1.1 up to Opencart 1.4.0 the collation should be " utf8_unicode_ci " If you are using the latest version of mysql always use " utf8mb4_general_ci ". Never use UTF8mb3*
Post a Comment
Read more