'======================================================================================================== '======================================================================================================== ' ### Script: 1IISConfig.vbs ' ### ScriptVersion: 42 ' ### Created: 04/21/04 ' ### Group: AHS ' ### Contact: tim@blackpondfarm.com ' ### Description: Provides server configuration settings and software installations for new ' ### web servers, or re-sets those settings to bring existing servers up to standards. '======================================================================================================== '======================================================================================================== Option Explicit On Error Resume Next 'Set our variables Dim WshShell,Wshnetwork,Wshfile,wshEnv Dim strServer,systemroot,SourceServer Dim stroutputFile Dim Version,strScriptName Dim strMin,objArgs Dim ServerLocation,ServerType,utilsDir,sdrv Dim drive,disk,NewBuild Dim strDirectory,strPerms Dim temp Dim INST,strOS,strSP,strOSv Dim strApp,strName,strVersion Dim strGroup,strUser,UserName Dim strLog,strSize Dim MimeMapObj, MimeMapArray, MimeTypesToAddArray, oExec, i, counter, ext, mtype Dim Reboot Dim TargetString Dim RootDirectory, ServerComment, strPort,strVdir Dim strSixtyFour Dim strDay,strMonth,strYear,strDate Const ADS_PROPERTY_UPDATE = 2 'Set up our environment Set WshShell = WScript.CreateObject("WScript.Shell") Set Wshnetwork = wscript.CreateObject("Wscript.Network") Set Wshfile = wscript.CreateObject("Scripting.FileSystemObject") set wshEnv = wshShell.Environment("PROCESS") 'Turn off zone checking, this permits us to run installs etc. in win2003 wshEnv("SEE_MASK_NOZONECHECKS") = 1 'Get our date to create a timestamped archive file strDay = Day(now) strMonth = Month(now) strYear = Year(now) IF LEN(strDay) = 1 THEN strDay = 0 & strDay IF LEN(strMonth) = 1 THEN strMonth = 0 & strMonth strDate = strDay & strMonth & strYear 'Versions: '1.33 - changed msiexec wait process '1.34 - Added SourceServer parameter to work around missing files in the APF '1.35 - added loop to delete existing version regkeys under finish_up sub '1.36 - added 64-bit detection '1.37 - Changed from APF to the Altiris provisioning system '1.5 - Final update for 2008 server leveling '1.51 - Added Safeco.Dnt.EnvironmentDataHandler '1.60 - Re-did SQL Session State section and are now pointed to SQL 2005 databases 'Set our script version Version = 1.51 strScriptName = Left(wscript.ScriptName, InStr(1, wscript.ScriptName, ".vbs", 1) - 1) If IsNumeric(left(strScriptName,1)) THEN strScriptName = mid(strScriptName,2) 'Check for a "min" switch to skip application installs Set objArgs = WScript.Arguments If objArgs.Count = 1 Then strMin = lcase(objArgs(0)) 'Check to ensure we're using cscript If InStr(1, wscript.fullname, "cscript.exe", 1) = 0 Then If Err.number <> 0 Then Err.Clear 'Set our default to cscript temp = Wshshell.Run("cmd /c ""cscript //h:cscript //nologo //s""", 0, True) 're-run this script, but only once IF strMin <> 1 THEN temp = Wshshell.Run("cmd /c " & wscript.ScriptName & " 1", 1, True) wscript.quit END IF 'Get our build parameters from environment settings strServer = wshNetwork.ComputerName systemroot = Wshshell.ExpandEnvironmentStrings("%SYSTEMROOT%") strUser = Wshshell.ExpandEnvironmentStrings("%USERNAME%") UserName = strUser 'Set our log directory, log file and delete log if it already exists wshFile.createFolder("c:\Altiris") strOutputFile = "c:\altiris\" & strScriptName & ".log" If (Wshfile.fileexists(strOutputFile)) Then Wshfile.copyfile strOutputFile,strOutputFile & "." & strDate,1 If (Wshfile.fileexists(strOutputFile)) Then Wshfile.deletefile(strOutputFile) 'Establish whether this is a new build for use in applying ACL's etc NewBuild = "NO" IF instr(lcase(strUser),"nsd") > 0 THEN NewBuild = "YES" IF strMin = "new" THEN NewBuild = "YES" 'Set Server Location as Backend or Frontend 'Set whether server is production, development, or lab 'First set default parameters ServerLocation = "Backend" ServerType = "PRD" SourceServer = "\\paabdcal01" 'Second set non-defaults Select Case LCase(Left(strServer,3)) Case "pss" IF instr(lcase(strServer),"wdc") > 0 THEN SourceServer = "\\rsswdcst03.rss.rex.company.com" ELSE SourceServer = "\\rssrdcns03.rss.rex.company.com" END IF ServerLocation = "Frontend" Case "dss" SourceServer = "\\rssrdcns03.rss.rex.company.com" ServerLocation = "Frontend" ServerType = "TAC" Case "lsm","shl" SourceServer = "\\rsmlabrl01" ServerType = "Lab" Case "lss","app","sal" SourceServer = "\\RSSLABRS03" ServerLocation = "Frontend" ServerType = "Lab" Case "dsm","dev","red" ServerType = "TAC" Case "red" 'desktop, skip app installs ServerType = "TAC" strMin = "min" Case Else 'includes PSM 'use defaults End Select 'These servers have Intranet connectivity, set them the same as backend servers IF lcase(strServer) = "rssrdcrr06" or lcase(strServer) = "rssrdcrr08" or lcase(strServer) = "rssrdcrr02" THEN SourceServer = "\\paabdcal01" ServerLocation = "Backend" END IF 'Set full path to bits sdrv = SourceServer & "\srcbits" 'Set utilsdir to srcbits\localbin utilsdir = sdrv & "\localbin" 'Detect whether we should just automatically skip the application installs for WebSphere or other one-off servers strVersion = "HKLM\SOFTWARE\Safeco\IISConfig\Min" temp = WshShell.RegRead(strVersion) err.clear Select case TEMP Case 1 'No software installs strMin = "min" Case 2 'client software only (no .NET) strMin = "min" Case 3 '.NET only strMin = "min" Case else 'continue END SELECT 'Run through all the subs and functions to complete our configurations FullMealDeal() 'end of script '======================================================================================================== '======================================================================================================== Sub FullMealDeal() On error resume next Dim INST dim OS,w3wpfile 'Display and log the start time Screenout "Starting " & strScriptName & " version " & Version & " at " & Time & " " & Date & " on server " & strServer & " by " & strUser strUser = "" Screenout "Using source " & sdrv screenout "" 'Write to the event log Dim strCommand strCommand = "Eventcreate /so " & strScriptname & " /l System /t Information /ID 667 /D ""Starting " & strScriptname & "!""" WshShell.Run strcommand 'Display and log the OS Version Get_OS screenout "OS version is " & strOS & " (" & strOSv & ") " & strSP screenout "" 'Display and log the location and type Screenout "Server location is set to " & ServerLocation & " " & ServerType Screenout "" 'Get disk configuration, ensure we have e:\, and apply ACLs Screenout "Getting and setting disk configurations" get_disks Screenout "Disk configurations completed successfully" Screenout "" 'Modify local groups and users Screenout "Modifying security groups and users" Muck_Groups screenout "Completed local security group adjustments" screenout "" 'Set event log parameters Screenout "Checking and resetting Event Log sizes" event_logs "Application",52428800 event_logs "Security",104857600 event_logs "System",52428800 screenout "Completed event log adjustments" screenout "" 'Set up our directory structure Screenout "Creating file and directory structure" Directory_Structure Screenout "File and directory structure changes completed" Screenout "" 'Stop and disable unneccessary services screenout "Configuring services" config_services screenout "Service adjustments completed" Screenout "" 'Install applications for each OS Select Case strOSv Case "2000" 'Install SOAP, MSXML and other applications Screenout "Installing Windows 2000 applications" install_2000 screenout "Win2000 application installs completed" screenout "" Case "2003" Screenout "Installing Windows 2003 applications" install_2003 screenout "Win2003 application installs completed" screenout "" Case "XP" Screenout "Installing Windows 2003 applications" install_2003 screenout "Win2003 application installs completed" screenout "" Case ELSE Screenout "No OS-specific installs for version " & strOSv & "..." screenout "" END SELECT 'Install applications that go on all OS's Screenout "Installing general applications" install_all Screenout "General application installs completed" Screenout "" 'Add and delete virtual directories to match standards screenout "Starting virtual directory and site changes" virtual_directories Screenout "Virtual directory changes complete" Screenout "" 'Add server monitoring site screenout "Adding Server Monitoring site" server_test Screenout "Server monitoring site completed" Screenout "" 'Set extended logging Screenout "Setting extended logging" config_iis("IIS://" & strServer & "/W3SVC") config_iis("IIS://" & strServer & "/W3SVC/1") Screenout "Extended logging completed" Screenout "" 'Remove unused mappings Screenout "Removing unneccessary mappings" mime_maps Screenout "Mappings completed" Screenout "" 'Configure SMTP Service Screenout "Configuring SMTP Service" configure_smtp Screenout "SMTP Completed" Screenout "" 'Configure Indexing Service Screenout "Configuring Indexing Service" Indexing_Service Screenout "Indexing Completed" Screenout "" 'Grant NT Authority\Authenticated Users with Read perms to the metabase, registry, file system Screenout "Granting NT Authority\Authenticated Users with Read access to metabase, registry, file system" Read_Only Screenout "Added developer access to metabase, registry and file system" Screenout "" 'Edit our Registry Settings Screenout "Completing registry changes" Edit_Registry Screenout "Registry changes completed" Screenout "" 'Misc other tasks 'Proxycfg IF ServerLocation = "Backend" AND strOSv = "2000" THEN Screenout "Setting Proxy settings" temp = "Proxycfg –d –p " & " "" " & """ " & """;*.company.com""" screenout " " & temp Temp = WshShell.Run("cmd /c" & temp,2,true) Screenout "Completed proxy changes" Screenout "" END IF 'Set up mtsSecurity Screenout "Setting mtsSecureLib config" mts_security Screenout "Completed mtsSecureLib changes" Screenout "" 'Enterprise Library IF strOSv = "2003" THEN Screenout "Installing Microsoft Enterprise Libary" Temp = sdrv & "\Frame.net3.5\EntLib31\InstallServices.bat" Temp = WshShell.Run("cmd /c " & temp,2,true) wscript.sleep 30 Temp = sdrv & "\Frame.net3.5\EntLib31\EntLibGac.bat" Temp = WshShell.Run("cmd /c " & temp,2,true) Screenout " Completed install of Microsoft Enterprise Library" END IF Screenout "" 'GAC '\\Paabdcfs04\Business\MTS\Installs and Utilities\dntSafecoCommonClasses\1.0.1.0 Screenout "Configuring Resource Credential" Temp = sdrv & "\mts\1.0.0.0\gacutil /i " & sdrv & "\mts\1.0.0.0\Safeco.Dnt.ResourceCredential.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.1.0\gacutil /i " & sdrv & "\mts\1.0.1.0\Safeco.Dnt.ResourceCredential.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.2.0\gacutil /i " & sdrv & "\mts\1.0.2.0\Safeco.Dnt.ResourceCredential.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) IF INSTR(1,lcase(strServer),"cp04") < 1 AND INSTR(1,lcase(strServer),"cp05") < 1 THEN wshFile.CopyFile sdrv & "\mts\1.0.2.0\dllhost.exe.config",systemroot & "\system32\",1 END IF Temp = sdrv & "\mts\1.0.0.0\gacutil /i " & sdrv & "\mts\1.0.0.0\Safeco.Dnt.AssemblySettings.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.1.0\gacutil /i " & sdrv & "\mts\1.0.1.0\Safeco.Dnt.AssemblySettings.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) IF StrOSv = "2003" THEN Temp = systemroot & "\Microsoft.NET\Framework\v1.1.4322\regasm " & sdrv & "\mts\1.0.2.0\dntClassicAspRevertToSelf.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.0.0\gacutil /i " & sdrv & "\mts\1.0.2.0\dntClassicAspRevertToSelf.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) END IF Temp = systemroot & "Microsoft.NET\Framework\v1.1.4322\regasm " & sdrv & "\mts\1.0.2.0\dntResourceCredentialAspWrapper.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.2.0\gacutil /i " & sdrv & "\mts\1.0.2.0\dntResourceCredentialAspWrapper.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) 'Server level detection Temp = sdrv & "\mts\1.0.0.0\gacutil /i " & sdrv & "\mts\1.0.2.0\Safeco.Dnt.EnvironmentDataHandler.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Screenout "Completed Resource Credential configuration" Screenout "" 'Create W3WP.EXE.CFG file IF strOSv = "2003" THEN w3wpfile=systemroot & "\system32\inetsrv\w3wp.exe.cfg" If (Wshfile.fileexists(w3wpfile)) Then Screenout "w3wp.exe.cfg file already exists" ELSE Screenout "Creating w3wp.exe.cfg file" Set Temp = Wshfile.createtextfile(w3wpfile, 1) temp.writeline ("[Options]") temp.writeline ("Unattended=1") temp.writeline ("Retained=1") temp.Close wscript.DisconnectObject temp END IF Screenout "Completed w3wp.exe.cfg configuration" Screenout "" END IF 'verify .NET config Screenout "Checking .NET configurations" verify_net Screenout ".NET changes completed" Screenout "" 'Start IIS if the service was stopped by any preceding process screenout "Restarting IIS if service is stopped" start_services "w3svc","Automatic" Screenout "Completed IIS start" Screenout "" 'Set default gateway IF ServerLocation = "Frontend" AND NewBuild = "YES" THEN Screenout "Setting default gateway" default_gateway Screenout "Completed setting default gateway" Screenout "" END IF 'Finish up finish_up 'Møøse Costumes by SIGGI CHURCHILL End Sub '======================================================================================================== '======================================================================================================== Sub Get_OS() DIM OSObject,INST,Position Dim strBoot On error resume next strSixtyFour = "NO" 'Get our OS version Set OSObject = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer).InstancesOf("Win32_OperatingSystem") For Each INST in OSObject strOS = INST.Caption IF INSTR(strOS,"64") > 0 THEN strSixtyFour = "YES" END IF strSP = INST.CSDVersion IF INSTR(strOS,"2") THEN Position = instr(strOS,"2") strOSv = mid(strOS,position,4) ELSE Position = instr(lcase(strOS),"windows") + 8 strOSv = mid(strOS,position,10) Position = instr(strOSv," ") strOSv = trim(left(strOSv,position)) 'Remove extraneaous T (trademark) from Vista IF strOSv = "VistaT" THEN strOSv = "Vista" 'OK, then just set it the same as 2003 IF strOSv = "Vista" THEN strOSv = "2003" END IF next END SUB '======================================================================================================== '======================================================================================================== Function Get_Disks dim objDisk,INST,freespace Set objDISK = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer).ExecQuery("SELECT * FROM Win32_LogicalDisk WHERE Description = 'Local Fixed Disk'") For Each INST in ObjDISK drive = drive & inst.DeviceID & "\ " next screenout " Logical drive(s) on machine - " & drive IF InStr(1,drive,"E:",1) Then drive = "E:\" Screenout " Applying ACLs to E:\ Drive" IF NewBuild = "YES" THEN temp = utilsDir & "\xcacls E:\ /T /C /P ""NT Authority\Authenticated Users"":R /G Administrators:F System:F /Y" screenout " " & Temp temp = WshShell.Run("cmd /c " & temp,2,true) Screenout " Completed ACL applications" END IF ELSE drive = "C:\" END IF disk = drive Screenout " Using drive " & drive & " for installation" END FUNCTION '======================================================================================================== '======================================================================================================== Sub muck_groups() On Error Resume Next Dim objGroup dim objSAM,newgroup,INST Dim objComputer 'Create ServiceIDs group on any server set objSAM = GetObject("WinNT://" & strServer) Set newGroup = objSAM.Create("Group","serviceIDs") newGroup.setinfo IF Err.Number = 0 THEN Screenout " Creating ServiceIDs group" ELSE Screenout " ServiceIDs already exists" END IF 'Grant authenticated users with permission to log on locally Temp = WshShell.Run("cmd /c" & utilsDir & "\ntrights -u ""NT Authority\Authenticated users"" +r SeInteractiveLogonRight""",2,true) 'If server isn't in a domain, exit Set ObjComputer = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer).InstancesOf("Win32_ComputerSystem") For Each INST in ObjComputer IF inst.Domain = "" THEN Screenout " This computer is not yet in a domain, unable to modify groups" exit sub ELSE Screenout " Server is in " & inst.Domain & " domain" 'Proceed END IF next 'Make default adjustments on all servers Group_adjustments "Administrators","safeco_master/iisadmins" Group_adjustments "Administrators","lm/gds_am_app_svc_adm" Group_adjustments "Administrators","safeco_master/mtsadmin" Group_adjustments "ServiceIDs","Safeco_Master/MtsPackagesIDs" Group_adjustments "ServiceIDs","Safeco_Master/IISInteractive" Group_adjustments "ServiceIDs","Safeco_master/ServiceIDs" IF StrOSv = "2003" THEN Group_adjustments "IIS_WPG","Safeco_master/ServiceIDs" END IF SELECT CASE lcase(left(strServer,3)) Case "dsm","dev" Group_adjustments "Administrators","Safeco_Dev/mact01" Group_adjustments "Administrators","Safeco_Dev/mact02" Group_adjustments "Administrators","Safeco_Dev/mtstmts1" Group_adjustments "ServiceIDs","Safeco_Dev/MtsPackagesIDs" Group_adjustments "ServiceIDs","Safeco_Dev/IISInteractive" IF StrOSv = "2003" THEN Group_adjustments "IIS_WPG","Safeco_dev/ServiceIDs" END IF Case "dss" Group_adjustments "Administrators","Safeco_Dev/mact01" Group_adjustments "Administrators","Safeco_Dev/mact02" Group_adjustments "Administrators","Safesite_Dev/mtstmts1" Group_adjustments "ServiceIDs","SafeSite_Dev/MtsPackagesIDs" Group_adjustments "ServiceIDs","SafeSite_Dev/IISInteractive" IF StrOSv = "2003" THEN Group_adjustments "IIS_WPG","Safeco_dev/ServiceIDs" END IF Case "pss" Group_adjustments "Administrators","safesite/mtspmts1" Group_adjustments "ServiceIDs","SafeSite/MtsPackagesIDs" Group_adjustments "ServiceIDs","SafeSite/IISInteractive" Case "lsm","shl" Group_adjustments "Administrators","lab_master/iisadmins" Group_adjustments "Administrators","lab_master/mtsadmin" Group_adjustments "Administrators","lab_master/mtstmts1" Group_adjustments "ServiceIDs","Lab_Master/MtsPackagesIDs" IF StrOSv = "2003" THEN Group_adjustments "IIS_WPG","lab_master/ServiceIDs" END IF Case "lss","sal" Group_adjustments "Administrators","lab_master/iisadmins" Group_adjustments "Administrators","SafeSite_Lab/ac2kadmin" Group_adjustments "Administrators","SafeSite_Lab/mtstmts1" Group_adjustments "ServiceIDs","SafeSite_Lab/mtspackageids" IF StrOSv = "2003" THEN Group_adjustments "IIS_WPG","lab_master/ServiceIDs" END IF Case ELSE 'includes "PSM" 'Just use the defaults above END SELECT strUser = "" END Sub '======================================================================================================== '======================================================================================================== Sub Group_Adjustments(strGroup,strUser) On error resume next Dim objGroup,INST set objGroup = GetObject("WinNT://" & strServer & "/" & strGroup) For each INST in objGroup.members INST = INST.ADsPath IF lcase(right(INST,len(strUser))) = lcase(strUser) THEN Screenout " " & strUser & " already a member of " & strGroup Exit Sub END IF NEXT objGroup.Add("WinNT://" & strUser) IF err.number = 0 THEN Screenout " " & strUser & " successfully added to " & strGroup ELSE Screenout " " & strUser & " addition to " & strGroup & " failed..." END IF END Sub '======================================================================================================== '======================================================================================================== Sub event_logs(strLog,strSize) On error resume next Dim objLogFile,objWMIService,INST Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\" & strServer & "\root\cimv2") Set objLogFile = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile where LogFileName = '" & strLog & "'") For Each INST in objLogFile IF INST.MaxFileSize <> strSize THEN screenout " " & strLog & " set to " & INST.MaxFileSize & ", clearing log and resetting to " & strSize 'Clear events and then Reset size in Registry really_edit_registry "HKLM\System\CurrentControlSet\Services\Eventlog\" & strLog & "\MaxSize",strSize,"check","REG_DWORD" INST.ClearEventLog() IF Err.Number <> 0 THEN Screenout " Failed to clear " & strLog ELSE screenout " " & strLog & " already set to " & INST.MaxFileSize END IF Next END Sub '======================================================================================================== '======================================================================================================== Sub Directory_Structure on error resume next create_directory drive & "Apps" create_directory drive & "InetPub" create_directory drive & "WebContent" create_directory drive & "System Logfiles" create_directory drive & "Program Files\IBM" create_directory drive & "Program Files\IBM\WebSphere MQ" 'Set perms for webp01 to the iislogs directory acl_directory """" & drive & "System Logfiles""","safeco_master\webp01:F" acl_directory """" & drive & "System Logfiles""","""NT Authority\Authenticated Users:R""" acl_directory """" & drive & "System Logfiles\Logfiles""","safeco_master\webp01:F" acl_directory """" & drive & "System Logfiles\Logfiles""","""NT Authority\Authenticated Users:R""" create_directory drive & "System Logfiles\Logfiles" create_directory drive & "System Logfiles\Logfiles\HTTPErr" 'Set perms for temp and assembly directories acl_directory systemroot & "\TEMP","safeco_master\mtspackagesids:C" acl_directory systemroot & "\TEMP","safeco_master\serviceids:C" acl_directory systemroot & "\assembly","builtin\Users:R" IF ServerType = "TAC" THEN acl_directory systemroot & "\TEMP","safeco_dev\serviceids:C" END IF 'Clear out IISStart.asp IF wshFile.fileexists(drive & "InetPub\WWWRoot\localstart.asp") THEN screenout " Deleting localstart.asp" wshfile.deletefile(drive & "InetPub\WWWRoot\localstart.asp") ELSE screenout " localstart.asp already deleted" END IF IF wshFile.fileexists(drive & "webcontent\iisstart.htm") THEN screenout " Deleting localstart.asp" wshfile.deletefile(drive & "webcontent\iisstart.htm") ELSE screenout " iisstart.htm already deleted" END IF IF wshFile.Folderexists(drive & "InetPub\iissamples") THEN screenout " Deleting iissamples" wshfile.deletefolder(drive & "InetPub\iissamples") ELSE screenout " iissamples already deleted" END IF End Sub '======================================================================================================== '======================================================================================================== Sub create_directory(strDirectory) On error resume next If not wshFile.FolderExists (strDirectory) Then wshFile.createFolder(strDirectory) Screenout " Creating directory " & strDirectory Else Screenout " " & strDirectory & " already exists" End If LogError "" END Sub '======================================================================================================== '======================================================================================================== Sub ACL_Directory(strDirectory,strPerms) On error resume next Screenout " Applying ACL's to " & strDirectory & " for " & strPerms Temp = wshShell.run("cmd /c " & utilsDir & "\xcacls " & strDirectory & " /T /C /E /G " & strPerms & " /Y",2,true) END Sub '======================================================================================================== '======================================================================================================== Sub config_services On Error Resume Next Dim objNetwork,INST IF strMin = "min" THEN exit sub call stop_services("Dfs","Disabled") 'Distributed File System call stop_services("TrkWks","Disabled") 'Distributed Link Tracking Client call stop_services("TrkSrv","Disabled") 'Distributed Link Tracking Server call stop_services("helpsvc","Disabled") 'Help and Support call stop_services("utilman","Disabled") 'Utility Manager call stop_services("audiosrv","Disabled") 'Windows Audio SELECT CASE lcase(strServer) CASE "hoxeft01" CASE "devsv034" CASE ELSE call stop_services("MSFTPSVC","Disabled") 'FTP really_edit_registry "HKLM\System\CurrentControlSet\Services\MSFTPSVC\Performance\Disable Performance Counters", "1","check","REG_DWORD" END SELECT IF ServerType = "PRD" THEN call stop_services("Alerter","Manual") 'Alerter call stop_services("Browser","Manual") 'Browser call stop_services("ClipSrv","Disabled") 'Clipbook call stop_services("fax","Disabled") ' Fax call stop_services("NtFrs","Disabled") ' File Replication call stop_services("SharedAccess","Disabled") 'Internet Connection Sharing call stop_services("Messenger","Manual") 'Messenger call stop_services("wmdmpmsp","Disabled") 'Portable media serial number call stop_services("TapiSrv","Manual") 'Telephony call stop_services("wzcsvc","Disabled") 'Wireless Configuration END IF End Sub '======================================================================================================== '======================================================================================================== Private Sub stop_services(strService,strStartType) On error resume next Dim intStatus,ObjService,INST Set ObjService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer).ExecQuery("SELECT * FROM Win32_Service WHERE Name='" & strService & "'") For Each INST in objService IF INST.State = "Running" THEN screenout " Setting " & INST.DisplayName & " to " & strStartType INST.ChangeStartMode(strStartType) screenout " Stopping " & INST.DisplayName INST.StopService() END IF next END SUB '======================================================================================================== '======================================================================================================== Private Sub start_services(strService,strStartType) On error resume next Dim intStatus,ObjService,INST Set ObjService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer).ExecQuery("SELECT * FROM Win32_Service WHERE Name='" & strService & "'") For Each INST in objService screenout " Setting " & INST.DisplayName & " to " & strStartType INST.ChangeStartMode(strStartType) screenout " Starting " & INST.DisplayName INST.StartService() IF Err.Number <> 0 THEN Screenout " Failed to restart " & INST.DisplayName END IF next END SUB '======================================================================================================== '======================================================================================================== Sub install_2000() On Error Resume Next Dim oldWorkingDirectory IF strMin = "min" THEN Screenout " Min switch detected, skipping Win2000 Application installs" exit sub END IF 'Un-register .Net 1.0 strVersion = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B43357AA-3A6D-4D94-B56E-43C44D09E548}\DisplayVersion" temp = WshShell.RegRead(strVersion) IF temp = "1.0.3705" THEN Screenout " Unregistering .NET 1.0" 'Set the working directory to the .NET 2.0 directory in case it hasn't yet been added to the path oldWorkingDirectory = WshShell.CurrentDirectory WshShell.CurrentDirectory = systemroot & "\Microsoft.NET\Framework\v2.0.50727\" Temp = systemroot & "\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe -u" Temp = WshShell.Run("cmd /c " & temp,0,false) 'Set the working directory back to the default WshShell.CurrentDirectory = oldWorkingDirectory screenout wshShell.CurrentDirectory END IF 'Windows Installer 3.0 strApp = sdrv & "\WindowsInstaller3.0\WindowsInstaller-KB884016-v2-x86.exe /quiet /norestart" strName = "Windows Installer 3.0" IF strOSv = "2000" THEN strVersion = "HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\MSI30-KB884016\InstallerVersion" ELSE strVersion = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016\SystemComponent" END IF call Do_Install(strApp,strName,strVersion) 'MSXML 4.0 SP2 ' strApp = sdrv & "\MSXML4.SP1\msxml.msi /Q" ' strName = "MSXML4 SP1" ' strVersion = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\DisplayVersion" ' call Do_Install(strApp,strName,strVersion) 'SOAP strName = "SOAP Toolkit 3.0" strApp = sdrv & "\soap.toolkit3\soapsdk.msi /q" strVersion = "HKLM\SOFTWARE\Microsoft\MSSOAP\30\Version" call Do_Install(strApp,strName,strVersion) temp = wshShell.run("cmd /c" & sdrv & "\soap.toolkit3\soapsdk.msi /q REMOVE=DocumentationFeature,WSDLGenFeature,DebugUtilFeature,CPPSupportFeature",2,true) '.NET Framework 1.1 call stop_services("acsrepl","Disabled") call stop_services("w3svc","Disabled") call stop_services("IISAdmin","Disabled") strApp = sdrv & "\Frame.net1.1\install.exe /Q" strName = "DotNET Framework 1.1" strVersion = "HKLM\SOFTWARE\Microsoft\.NETFramework\policy\v1.1\4322" call Do_Install(strApp,strName,strVersion) call start_services("IISAdmin","Automatic") call start_services("w3svc","Automatic") call start_services("acsrepl","Automatic") 'MDAC strApp = sdrv & "\Mdac28\mdac_typ /Q:A /C:""dasetup /Q /N""" strName = "MDAC" strVersion = "HKLM\SOFTWARE\Microsoft\DataAccess\FullInstallVer" temp = WshShell.RegRead(strVersion) IF left(Temp,4) <> "2.81" THEN screenout " Installing " & strName & " to upgrade from " & temp temp = WshShell.Run(strApp,2,true) ELSE Screenout " " & strName & " version " & temp & " already installed" END IF 'IIS 5.0 MS06-034 call stop_services("acsrepl","Disabled") call stop_services("w3svc","Disabled") call stop_services("IISAdmin","Disabled") strApp = sdrv & "\Hotfixes\5.0\Windows2000-KB917537-x86-ENU.EXE /Q" strName = "IIS 5.0 MS06-034" strVersion = "HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5\KB917537\Description" call Do_Install(strApp,strName,strVersion) call start_services("IISAdmin","Automatic") call start_services("w3svc","Automatic") call start_services("acsrepl","Automatic") '.NET Framework 2.0 '.NET installs sometimes fail because they can't cleanly stop IIS, so stop and disable IISAdmin call stop_services("w3svc","Disabled") call stop_services("IISAdmin","Disabled") call stop_services("acsrepl","Disabled") IF strSixtyFour = "YES" THEN strApp = sdrv & "\Frame.net2.0\x64\install /q" ELSE strApp = sdrv & "\Frame.net2.0\x86\install /q" END IF strName = "DotNET Framework 2.0" strVersion = "HKLM\SOFTWARE\Microsoft\.NETFramework\policy\v2.0\50727" 'Check for this version, if it isn't installed then install AND run other commands WSHShell.RegRead strVersion IF err.number <> 0 THEN call Do_Install(strApp,strName,strVersion) dim TempInstall TempInstall = "New" ELSE err.clear END IF '.NET 2.0 SP1 strName = "DotNET Framework 2.0 SP1" strVersion = "HKLM\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 2.0\KB928365\Description" call Do_Install(strApp,strName,strVersion) IF strSixtyFour = "YES" THEN strApp = sdrv & "\Frame.net2.0\NetFx20SP1_x64.exe /q /norestart" ELSE strApp = sdrv & "\Frame.net2.0\NetFx20SP1_x86.exe /q /norestart" END IF 'Apply .NET 2.0 ACLs acl_directory """" & systemroot & "\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files""","safeco_master\mtspackagesids:C" acl_directory """" & systemroot & "\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files""","builtin\Users:C" 'Set the working directory to the .NET 2.0 directory in case it hasn't yet been added to the path 'oldWorkingDirectory = WshShell.CurrentDirectory 'WshShell.CurrentDirectory = systemroot & "\Microsoft.NET\Framework\v2.0.50727\" IF NewBuild = "YES" THEN 'Register .Net 2.0, set 2.0 as the default Temp = systemroot & "\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i" Temp = WshShell.Run("cmd /c " & temp,2,true) ELSE 'Register .Net 2.0, do NOT upgrade existing 1.1 sites to 2.0 'Temp = systemroot & "\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -iru" 'Temp = WshShell.Run("cmd /c " & temp,2,true) END IF 'Set the working directory back to the default WshShell.CurrentDirectory = oldWorkingDirectory screenout wshShell.CurrentDirectory 'If we stopped IIS, then reset IISAdmin and w3svc to auto and restart services call start_services("IISAdmin","Automatic") call start_services("w3svc","Automatic") call start_services("acsrepl","Automatic") END Sub '======================================================================================================== '======================================================================================================== Sub install_2003() On Error Resume Next IF strMin = "min" THEN Screenout " Min switch detected, skipping Win2003 Application installs" exit sub END IF '.NET Framework 3.5 - dotnetfx35.exe '.NET installs sometimes fail because they can't cleanly stop IIS, so stop and disable IISAdmin call stop_services("w3svc","Disabled") call stop_services("IISAdmin","Disabled") call stop_services("acsrepl","Disabled") strApp = sdrv & "\Frame.net3.5\dotnetfx35.exe /q /norestart" strName = "DotNET Framework 3.5 SP1" strVersion = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{##C099BD-AC9B-33EB-809C-D332E1B27C40}\DisplayVersion" 'strVersion = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FC099BD-AC9B-33EB-809C-D332E1B27C40}\DisplayVersion" call Do_Install(strApp,strName,strVersion) 'Apply .NET 2.0 ACLs acl_directory """" & systemroot & "\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files""","safeco_master\mtspackagesids:C" acl_directory """" & systemroot & "\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files""","builtin\Users:C" IF NewBuild = "YES" THEN 'Register .Net 2.0, set 2.0 as the default Screenout " Registering .NET 2.0" Temp = systemroot & "\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i" Temp = WshShell.Run("cmd /c " & temp,2,true) ELSE 'Register .Net 2.0, do NOT upgrade existing 1.1 sites to 2.0 Screenout " Registering .NET 2.0" Temp = systemroot & "\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -iru" Temp = WshShell.Run("cmd /c " & temp,2,true) END IF 'If we stopped IIS, then reset IISAdmin and w3svc to auto and restart services call start_services("IISAdmin","Automatic") call start_services("w3svc","Automatic") call start_services("acsrepl","Automatic") END Sub '======================================================================================================== '======================================================================================================== Sub install_all() On error resume next IF strMin = "min" THEN Screenout " Min switch detected, skipping general application installs" exit sub END IF 'Register Microsoft Installer 3.0 temp = WshShell.Run("msiexec /regserver",2,true) 'MSXML patch MS07-042 ' strApp = sdrv & "\MSXML4.SP1\msxml4-KB936181-enu.exe /Q" ' strName = "MSXML4 MS07-042 4.0" ' strVersion = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\DisplayVersion" ' call Do_Install(strApp,strName,strVersion) 'MSXML patch MS07-042 XML 6.0 ' strApp = sdrv & "\MSXML4.SP1\msxml6-KB933579-enu-x86.exe /Q" ' strName = "MSXML6 MS07-042 6.0" ' strVersion = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}\DisplayVersion" ' call Do_Install(strApp,strName,strVersion) 'MQSeries 'Detect whether this is a WAS server, if so then skip MQ dim objWMIService,INST,objProcess,strWAS Set ObjWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer).InstancesOf("Win32_Service") For each INST in ObjWMIService IF INSTR(lcase(INST.Name),"ibmwas" ) > 0 OR INSTR(lcase(INST.Name),"ibm ws" ) > 0 THEN Screenout " Found IBM WebSphere service " & INST.DisplayName & " skipping MQ Series client install..." strWAS = 1 END IF next IF strWAS <> 1 THEN strName = "MQSeries V6.0" IF left(disk,1) = "E" THEN strApp = "msiexec /i """ & sdrv & "\IBM\MQSeries60\Windows\MSI\IBM WebSphere MQ.msi"" /q USEINI=" & sdrv & "\IBM\MQSeries60\Windows\response.ini" ELSE strApp = "msiexec /i """ & sdrv & "\IBM\MQSeries60\Windows\MSI\IBM WebSphere MQ.msi"" /q USEINI=" & sdrv & "\IBM\MQSeries60\Windows\response_c.ini" END IF screenout " Execution string: " & strApp strVersion = "HKLM\SOFTWARE\IBM\MQSeries\CurrentVersion\MQServerVersion" Dim strVersion2,temp2 strVersion2 = "HKLM\SOFTWARE\IBM\MQSeries\CurrentVersion\MQServerRelease" temp = "" temp = wshShell.regRead(strVersion) temp2 = wshShell.regRead(strVersion2) 'IF MQ Series major/minor version is not "6.00" (as in 6.00) then proceed with install IF CINT(temp) <> 6 THEN IF LEN(temp) > 0 THEN screenout " " & strName & " version is " & temp & "." & temp2 strVersion = "" call Do_Install(strApp,strName,strVersion) 'Copy in the appropriate tab file IF ServerLocation = "Frontend" AND ServerType <> "Lab" THEN 'back up existing file 'wshFile.CopyFile drive & "Program Files\IBM\WebSphere MQ\AMQCLCHL.TAB",drive & "Program Files\IBM\WebSphere MQ\AMQCLCHL.TAB" & "." & strDate,1 'err.clear 'copy in new file wshFile.CopyFile sdrv & "\IBM\MQSeries60\tabfile\isn\AMQCLCHL.TAB", drive & "Program Files\IBM\WebSphere MQ\",1 Screenout " Copying new MQ TAB File " & err.description ELSE 'back up existing file 'wshFile.CopyFile drive & "Program Files\IBM\WebSphere MQ\AMQCLCHL.TAB",drive & "Program Files\IBM\WebSphere MQ\AMQCLCHL.TAB" & "." & strDate,1 'err.clear 'Copy in new file wshFile.CopyFile sdrv & "\IBM\MQSeries60\tabfile\standard\AMQCLCHL.TAB", drive & "Program Files\IBM\WebSphere MQ\",1 Screenout " Copying new MQ TAB File " & err.description END IF ELSE screenout " " & strName & " already installed" END IF END IF ' END IF 'DB2 v8.0 Dim strDoInstall DIM objReg,strKeyPath,arrSubKeys,subkey IF ServerLocation = "Frontend" THEN strDoInstall = "False" IF lcase(strServer) = "paabdcii06" then strDoInstall = "False" strApp = sdrv & "\db2\setup /U " & sdrv & "\db2\db2rtcl_" & left(drive,1) & ".rsp /L C:\Altiris\db2.log" strName = "DB2 v8.0 FP 8" strVersion = "HKLM\Software\IBM\DB2\CurrentVersion\Modification" 'Check for existing versions temp = wshShell.regRead(strVersion) IF Err.number = 0 THEN 'we have a db2 installation, check for the db2 enterprise edition const HKEY_LOCAL_MACHINE = &H80000002 Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer & "\root\default:StdRegProv") strKeyPath = "Software\IBM\DB2" objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys For Each subkey in arrSubKeys IF INSTR(lcase(Subkey),"enterprise") > 0 THEN screenout " Found " & SubKey & ", skipping DB2 client install." strDoInstall = "False" END IF NEXT END IF IF strDoInstall <> "False" THEN 'IF DB2 modification is not "8" (as in FixPack 8) then proceed with install IF left(Temp,1) < 8 THEN screenout " " & strName & " version is " & temp strVersion = "" wscript.echo "Waiting to start DB2 install" 'Back up DB2 configuration dim TempCmd create_directory "c:\esttemp" Set TempCmd = Wshfile.createtextfile("c:\esttemp\runit.cmd", 1) TempCmd.writeline (disk) TempCmd.writeline ("cd \Program Files\SQLLIB\BIN") TempCmd.writeline ("db2cmd /c /w /i db2cfexp c:\esttemp\exportfile.txt") TempCmd.writeline ("cd \Program Files\IBM\SQLLIB\BIN") TempCmd.writeline ("db2cmd /c /w /i db2cfexp c:\esttemp\exportfile.txt") TempCmd.Close wscript.DisconnectObject TempCmd temp = "c:\esttemp\runit.cmd" Screenout " Running " & temp & " to back up DB2 config" temp = wshShell.run("cmd /c " & temp,2,true) call Do_Install(strApp,strName,strVersion) 'Restore DB2 configuration create_directory "c:\esttemp" Set TempCmd = Wshfile.createtextfile("c:\esttemp\runit.cmd", 1) TempCmd.writeline (disk) TempCmd.writeline ("cd \Program Files\SQLLIB\BIN") TempCmd.writeline ("db2cmd /c /w /i db2cfimp c:\esttemp\exportfile.txt") TempCmd.writeline ("cd \Program Files\IBM\SQLLIB\BIN") TempCmd.writeline ("db2cmd /c /w /i db2cfimp c:\esttemp\exportfile.txt") TempCmd.Close wscript.DisconnectObject TempCmd temp = "c:\esttemp\runit.cmd" Screenout " Running " & temp & " to restore DB2 config" temp = wshShell.run("cmd /c " & temp,2,true) ELSE screenout " " & strName & " already installed" END IF END IF 'Enterprise Edition '.NET 1.1 SP1 and security fix '.NET installs sometimes fail because they can't cleanly stop IIS, so stop and disable IISAdmin call stop_services("acsrepl","Disabled") call stop_services("w3svc","Disabled") call stop_services("IISAdmin","Disabled") 'Security patches IF strOSv = "2000" THEN 'SP1 strApp = sdrv & "\Frame.net1.1\NDP1.1sp1-KB867460-X86.exe /Q" strName = "DotNET Framework 1.1 SP1" strVersion = "HKLM\SOFTWARE\Microsoft\Updates\.NETFramework\1.1\kb867460\Description" call Do_Install(strApp,strName,strVersion) 'SP1 security patch ms04-007 'strApp = "\\paabdcst03\ai\scripts\NDP1.1sp1-KB928366-X86.exe /Q" strApp = sdrv & "\Frame.net1.1\NDP1.1sp1-KB928366-X86.exe /Q" strName = "DotNET Framework 1.1 SP1 Security Patch" strVersion = "HKLM\SOFTWARE\Microsoft\Updates\.NETFramework\1.1\m928366\Description" call Do_Install(strApp,strName,strVersion) ELSE 'SP1 strApp = sdrv & "\Frame.net1.1\WindowsServer2003-KB867460-x86-ENU.EXE /Q" strName = "DotNET Framework 1.1 ms04-007" strVersion = "HKLM\SOFTWARE\Microsoft\Updates\.NETFramework\1.1\KB867460\Description" call Do_Install(strApp,strName,strVersion) 'SP1 Security Patch ms04-007 strApp = sdrv & "\Frame.net1.1\WindowsServer2003-KB933854-x86-ENU.exe /Q" strName = "DotNET Framework 1.1 ms04-007" strVersion = "HKLM\SOFTWARE\Microsoft\Updates\.NETFramework\1.1\KB933854\Description" call Do_Install(strApp,strName,strVersion) END IF 'Apply .NET 1.1 ACLs for Win2000 servers acl_directory """" & systemroot & "\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files""","safeco_master\mtspackagesids:C" acl_directory """" & systemroot & "\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files""","builtin\Users:C" 'If we stopped IIS, then reset IISAdmin and w3svc to auto and restart services call start_services("IISAdmin","Automatic") call start_services("w3svc","Automatic") call start_services("acsrepl","Automatic") end Sub '======================================================================================================== '======================================================================================================== Sub do_install(strApp,strName,strVersion) On error resume next Dim objWMIService, objProcess, colProcess,strMSIExec,KeepWaiting 'Check to see whether software already exists WSHShell.RegRead strVersion IF err.number <> 0 THEN screenout " " & strName & " not found, installing " & strName err.clear ELSE screenout " " & strName & " already installed" err.clear Exit Sub END IF 'create temp directory If not wshFile.FolderExists("c:\esttemp") Then wshFile.createFolder("c:\esttemp") If Err.Number <> 0 then Screenout " " & err.description End If END IF 'Get processes Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strServer & "\root\cimv2") 'List processes, pause if a previous install is still running. This could happen if 'a previous install exceeded our second (post-install) wait cycle below. We need these 'loops because some installs return immediately to the script (they start another process then 'exit). strMSIExec = 1 temp = 100 do until strMSIExec = 0 KeepWaiting = 0 Set colProcess = objWMIService.ExecQuery("Select * from Win32_Process") For Each objProcess in colProcess IF INSTR(lcase(objProcess.Name),"msiexec" ) > 0 OR INSTR(lcase(objProcess.Name),"mdac_typ" ) > 0 OR INSTR(lcase(objProcess.Name),"install.exe" ) > 0 OR INSTR(lcase(objProcess.Name),"dotnetfx3" ) > 0 THEN wscript.echo " Waiting for " & objProcess.Name & " to complete - " & temp & "..." KeepWaiting = 1 END IF Next temp = temp - 1 IF KeepWaiting = 0 THEN wscript.echo " Starting install of " & strName & " at wait cycle " & temp & "." exit do END IF IF temp = 0 THEN strMSIExec = 0 wscript.sleep 25000 loop 'Install application temp = WshShell.Run("cmd /c " & strApp,2,True) 'List processes, pause if our install is still running strMSIExec = 1 temp = 100 do until strMSIExec = 0 KeepWaiting = 0 Set colProcess = objWMIService.ExecQuery("Select * from Win32_Process") For Each objProcess in colProcess IF INSTR(lcase(objProcess.Name),"msiexec" ) > 0 OR INSTR(lcase(objProcess.Name),"mdac_typ" ) > 0 OR INSTR(lcase(objProcess.Name),"install" ) > 0 OR INSTR(lcase(objProcess.Name),"dotnetfx3" ) > 0 OR INSTR(lcase(objProcess.Name),"ndp1.1sp1" ) > 0 OR INSTR(lcase(objProcess.Name),"ndp20-" ) > 0 OR lcase(objProcess.Name) = "update.exe" OR INSTR(lcase(objProcess.Name),"setupmq" ) > 0 THEN wscript.echo " Waiting for " & strName & " " & objProcess.Name & " to complete - " & temp & "..." KeepWaiting = 1 END IF Next temp = temp - 1 IF KeepWaiting = 0 THEN 'Screenout "Completed install of " & strName & " after " & temp & " wait cycles." exit do END IF IF temp = 0 THEN strMSIExec = 0 wscript.sleep 25000 loop strVersion = "" strName = "" strApp = "" err.clear 'Clear out existing temp directory If wshFile.FolderExists("c:\esttemp") then wshFile.DeleteFile "c:\esttemp\*", True wshFile.DeleteFolder "c:\esttemp", True END IF End Sub '======================================================================================================== '======================================================================================================== Sub virtual_directories() On Error Resume Next Dim webserver,Path 'Delete default virtual directories Delete_VDir "iishelp" Delete_VDir "iisadmin" Delete_VDir "msadc" Delete_VDir "iissamples" Delete_VDir "printers" Delete_VDir "localstart.asp" IF NewBuild = "YES" THEN 'Set default site properties Screenout " Setting Default Web Site properties" Set Path = GetObject("IIS://" & strServer & "/w3svc/1") For each webserver in Path webserver.path = drive & "webcontent" webserver.Setinfo next END IF END Sub '======================================================================================================== '======================================================================================================== Sub Delete_VDir(strVdir) On Error Resume Next Dim objIIS 'Delete unused virtual directories – Set objIIS = GetObject("IIS://" & strServer & "/W3SVC/1/ROOT") objIIS.Delete "IIsWebVirtualDir", strVdir If Err.Number <> 0 Then Screenout " Virtual directory " & objIIS & " " & VDirName & " already deleted" Else Screenout " Deleted virtual directory " & objIIS & " " & VDirName End If End Sub '======================================================================================================== '======================================================================================================== Sub Server_Test() On Error Resume Next Dim Path, WebServer, NewWebServer, NewDir, Bindings, BindingString, NewBindings, Index, SiteObj, bDone Dim IpAddress,HostName Dim NewvDir 'Create the directory structure create_directory drive & "servertest" wshFile.CopyFile sdrv & "\servertest\servertest.asp","e:\servertest\servertest.asp",1 wshFile.CopyFile sdrv & "\servertest\servertest.aspx","e:\servertest\servertest.aspx",1 wshFile.CopyFile sdrv & "\servertest\web.config","e:\servertest\web.config",1 create_directory drive & "servertest\Test_Page" create_directory drive & "servertest\Test_Page\Bin" wshFile.CopyFile sdrv & "\servertest\Test_Page\Default.aspx","e:\servertest\Test_Page\Default.aspx",1 wshFile.CopyFile sdrv & "\servertest\Test_Page\web.config","e:\servertest\Test_Page\web.config",1 wshFile.CopyFile sdrv & "\servertest\Test_Page\Bin\error_generator.dll","e:\servertest\Test_Page\Bin\error_generator.dll",1 RootDirectory = drive & "ServerTest" ServerComment = "Pass" strPort = "8008" IpAddress = "" Hostname = "" screenout " Creating " & ServerComment ' Grab the web service object Err.Clear Set Path = GetObject("IIS://" & strServer & "/w3svc") If Err.Number <> 0 Then Screenout " Unable to open: "&"IIS://" & strServer & "/w3svc" End If BindingString = IpAddress & ":" & strPort & ":" & HostName For Each WebServer in Path If WebServer.Class = "IIsWebServer" Then Bindings = WebServer.ServerBindings If BindingString = Bindings(0) Then Index = webserver.name ServerComment = webserver.ServerComment Screenout " Site " & ServerComment & " already exists." Exit Sub End If End If Next Index = 100 bDone = False ' test successive numbers under w3svc until an unoccupied slot is found While (Not bDone) Err.Clear Set SiteObj = GetObject("IIS://" & strServer & "/w3svc/" & Index) If (Err.Number = 0) Then ' A web server is already defined at this position so increment Index = Index + 1 Else Err.Clear Set NewWebServer = Path.Create("IIsWebServer", Index) NewWebServer.SetInfo If (Err.Number <> 0) Then ' If call to Create failed then try the next number Index = Index + 1 Else Err.Clear ' Verify that the newly created site can be retrieved Set SiteObj = GetObject("IIS://" & strServer & "/w3svc/" & Index) If (Err.Number = 0) Then bDone = True screenout " Web server created. Path is - "&"IIS://" & strServer & "/w3svc/" & Index screenout " Setting Extended Logging parameters" config_iis(SiteObj) Else Index = Index + 1 End If End If End If ' sanity check If (Index > 10000) Then screenout " Seem to be unable to create new web server. Server number is " & Index & "." End If Wend NewBindings = Array(0) NewBindings(0) = BindingString NewWebServer.ServerBindings = NewBindings NewWebServer.ServerComment = ServerComment NewWebServer.SetInfo ' Now create the root directory object. screenout " Setting the home directory to " & RootDirectory Set NewDir = NewWebServer.Create("IIsWebVirtualDir", "ROOT") NewDir.Path = RootDirectory NewDir.AccessRead = true NewDir.AccessScript = true NewDir.AuthAnonymous = 0 NewDir.AuthBasic = 1 NewDir.AuthNTLM = 1 NewDir.DefaultDoc = "servertest.aspx" NewDir.AppFriendlyName = "Default Application" NewDir.AppCreate2 2 NewDir.SetInfo 'Apply ACLs for CA account acl_directory drive & "servertest","""safeco_master\cauwrm:RX""" screenout " Web site " & ServerComment & " created!" END SUB '======================================================================================================== '======================================================================================================== Function config_iis(temp) On Error Resume Next Dim objIIS,objAppPool 'Sets extended logging and parameters Set objIIS = GetObject (temp) objIIS.LogType = 1 objIIS.LogFileDirectory = drive & "System Logfiles\LogFiles" objIIS.LogFilePeriod = 1 objIIS.LogExtFileDate = True objIIS.LogExtFileTime = True objIIS.LogExtFileClientIp = True objIIS.LogExtFileUserName = True objIIS.LogExtFileSiteName = False objIIS.LogExtFileComputername = False objIIS.LogExtFileServerIp = True objIIS.LogExtFileMethod = True objIIS.LogExtFileUriStem = True objIIS.LogExtFileUriQuery = True objIIS.LogExtFileHttpStatus = True objIIS.LogExtFileWin32Status = False objIIS.LogExtFileBytesSent = True objIIS.LogExtFileBytesRecv = True objIIS.LogExtFileTimeTaken = True objIIS.LogExtFileServerPort = False objIIS.LogExtFileUserAgent = True objIIS.LogExtFileCookie = True objIIS.LogExtFileReferer = True objIIS.LogExtFileProtocolVersion = True objIIS.LogFileLocaltimeRollover = True 'Set OS-specific parameters Select Case strOSv CASE "2000" 'No additional parameters CASE ELSE '2003-specific settings objIIS.LogExtFileHttpSubStatus = True objIIS.NTAuthenticationProviders="NTLM" 'Set HTTPERR values for Win2003 really_edit_registry "HKLM\System\CurrentControlSet\Services\HTTP\Parameters\ErrorLoggingDir", drive & "System Logfiles\LogFiles","check","REG_SZ" 'See http://support.microsoft.com/kb/832975 'and http://support.microsoft.com/kb/820729 really_edit_registry "HKLM\System\CurrentControlSet\Services\HTTP\Parameters\ErrorLoggingFields","132117735","check","REG_DWORD" END SELECT objIIS.SetInfo If Err.Number <> 0 Then Screenout " Error Setting log extensions on site " & temp Else Screenout " Log extensions have been set on site " & temp End If 'Set application pool properties Select Case strOSv CASE "2000" 'No additional parameters CASE ELSE '2003-specific settings temp = right(strServer,2) IF IsNumeric(temp) THEN 'proceed ELSE temp = 55 END IF IF Temp > 59 THEN Temp = Temp - 60 temp = "00:" & temp set objAppPool = GetObject("IIS://localhost/W3SVC/AppPools") objAppPool.PeriodicRestartTime="0" objAppPool.PeriodicRestartSchedule = temp objAppPool.SetInfo If Err.Number <> 0 Then Screenout " Error Setting Application Pool config" Else Screenout " Application Pool set to restart at " & temp & "." End If END SELECT End Function '======================================================================================================== '======================================================================================================== Sub mime_maps On error resume next Dim ScriptMapList, IISObj, Map, DataPath, TmpScriptMapList Dim NewScriptMapList, DataPathList, objIIS,j,FixHTR Set objIIS = GetObject("IIS://" & strServer) DataPathList = objIIS.GetDataPaths ("ScriptMaps",1) For Each DataPath in DataPathList Redim NewScriptMapList(0) Set IISObj = GetObject(DataPath) ScriptMapList = IISObj.ScriptMaps j=0 Redim TmpScriptMapList(j) For Each Map in ScriptMapList If StrComp(Left(Map, 4), ".htr", 1) <> 0 Then Redim Preserve TmpScriptMapList(j) TmpScriptMapList(j) = Map j = j + 1 Else FixHTR="YES" Screenout " Found .HTR mapping defined at " & DataPath End If Next 'Map Redim Preserve TmpScriptMapList(j-1) IF FixHTR = "YES" THEN Screenout " Removing .HTR mapping" IISObj.ScriptMaps = TmpScriptMapList IISObj.SetInfo Set IISObj = Nothing END IF Next IF strOSv = "2003" THEN ' Set the MIME types to be added MimeTypesToAddArray = Array(".flv", "flv-application/octet-stream") ' Get the mimemap object Set MimeMapObj = GetObject("IIS://" & strServer & "/MimeMap") dim allMimeMaps,mimeMap allMimeMaps = mimeMapObj.GetEx("MimeMap") ' Display the mappings in the table. For Each mimeMap In allMimeMaps IF mimeMap.Extension = ".flv" THEN Screenout " .flv mimemap already set" exit sub end if Next ' Call AddMimeType for every pair of extension/MIME type For counter = 0 to UBound(MimeTypesToAddArray) Step 2 AddMimeType MimeTypesToAddArray(counter), MimeTypesToAddArray(counter+1) Next Set oExec = Nothing Screenout " .flv mimemap added" END IF END Sub '======================================================================================================== '======================================================================================================== Sub AddMimeType (Ext, MType) On error resume next ' Get the mappings from the MimeMap property. MimeMapArray = MimeMapObj.GetEx("MimeMap") ' Add a new mapping. i = UBound(MimeMapArray) + 1 Redim Preserve MimeMapArray(i) Set MimeMapArray(i) = CreateObject("MimeMap") MimeMapArray(i).Extension = Ext MimeMapArray(i).MimeType = MType MimeMapObj.PutEx ADS_PROPERTY_UPDATE, "MimeMap", MimeMapArray MimeMapObj.SetInfo END Sub '======================================================================================================== '======================================================================================================== Sub configure_smtp On error resume next Dim objSMTP dim objTask,INST 'Set default SMTP properties Screenout " Setting Default SMTP properties" Set objSMTP = GetObject("IIS://" & strServer & "/SMTPSVC/1") objSMTP.LogType = 1 'Enable logging objSMTP.LogFileDirectory = drive & "System Logfiles\LogFiles" objSMTP.RelayForAuth = 1 objSMTP.SendNDRTo = "postmaster@safeco.com" IF ServerType = "TAC" THEN objSMTP.Smarthost = "drfrdcex02.drf.dev.company.com" ELSE objSMTP.Smarthost = "exchange.vip.company.com" END IF objSMTP.DropDirectory = drive & "inetpub\mailroot\Drop" objSMTP.BadMailDirectory = drive & "inetpub\mailroot\Badmail" objSMTP.PickupDirectory = drive & "inetpub\mailroot\Pickup" objSMTP.QueueDirectory = drive & "inetpub\mailroot\Queue" objSMTP.MaxMessageSize = 9470000 objSMTP.Setinfo 'see http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/en-us/ref_mb_aambref.asp create_directory drive & "InetPub\mailroot" create_directory drive & "InetPub\mailroot\Drop" create_directory drive & "InetPub\mailroot\Badmail" create_directory drive & "InetPub\mailroot\Pickup" create_directory drive & "InetPub\mailroot\Queue" 'Apply ACL's to pickup directory acl_directory drive & "InetPub\mailroot\Pickup","""NT Authority\Authenticated Users:C""" 'Stop SMTP on any non-production server IF ServerType <> "PRD" THEN call stop_services("SMTPSVC","Disabled") IF NewBuild = "YES" THEN call stop_services("SMTPSVC","Disabled") 'Grant localhost relay perms, borrowed from MSDN code sample Dim NewIP,IIsSmtpSvrObj Dim i Dim MyRelayIpList Dim RelayIpList Dim RelayIPAdd ' Obtain SMTP Server object Set IIsSmtpSvrObj = GetObject("IIS://" & strServer & "/SMTPSVC/1") ' IP entry for White List NewIP = "127.0.0.1,255.255.255.0" '---------------------------------------------------------- ' Configure RelayIpList access right of SMTP Servers '---------------------------------------------------------- ' Load current IP Security settings Set MyRelayIpList = IIsSmtpSvrObj.RelayIpList ' Add NewIP to White List, if not allready set MyRelayIpList.GrantByDefault = False RelayIpList = MyRelayIpList.IPGrant RelayIPAdd = "YES" Redim Preserve RelayIpList (Ubound(RelayIpList)+1) ' Check for existens of NewIP in White List, because doubled entries causes an error For i = 0 to UBound(RelayIpList) Screenout " Found Relay IP " & RelayIpList(i) If RelayIpList(i) = Replace(NewIP,",",", ") Then RelayIPAdd = "NO" Screenout " IP Restriction already set for " & RelayIpList(i) End If Next If RelayIPAdd = "YES" Then RelayIpList(Ubound(RelayIpList)) = NewIP ' Add extended IP list and pass over MyRelayIpList.IPGrant = RelayIpList IIsSmtpSvrObj.Put "RelayIpList", MyRelayIpList End If ' Now set the complete change at the server at once IIsSmtpSvrObj.setInfo() END Sub '======================================================================================================== '======================================================================================================== Sub Indexing_Service On error resume next Dim objAdminIS,objCatalog,objScope,errResult IF wshFile.FolderExists(disk & "webcontent\safeco") THEN Set objAdminIS = CreateObject("Microsoft.ISAdm") Set objCatalog = objAdminIS.GetCatalogByName("Web") Set objScope = objCatalog.AddScope(disk & "webcontent\safeco\Warn", True) objScope.Alias = "," objScope.Path = disk & "webcontent\safeco\warn" IF Err.number = 0 THEN Screenout " Removed \warn from search" ELSE screenout " Error " & err.number & " removing \warn from search" END IF Set objScope = objCatalog.AddScope(disk & "webcontent\safeco\block", True) objScope.Alias = "," objScope.Path = disk & "webcontent\safeco\block" IF Err.number = 0 THEN Screenout " Removed \block from search" ELSE screenout " Error " & err.number & " removing \block from search" END IF Set objCatalog = objAdminIS.GetCatalogByName("Web Catalog") Set objScope = objCatalog.AddScope(disk & "webcontent\safeco\Warn", True) objScope.Alias = "," objScope.Path = disk & "webcontent\safeco\warn" IF Err.number = 0 THEN Screenout " Removed \warn from search" ELSE screenout " Error " & err.number & " removing \warn from search" END IF Set objScope = objCatalog.AddScope(disk & "webcontent\safeco\block", True) objScope.Alias = "," objScope.Path = disk & "webcontent\safeco\block" IF Err.number = 0 THEN Screenout " Removed \block from search" ELSE screenout " Error " & err.number & " removing \block from search" END IF END IF 'Remove System catalog objAdminIS.Stop() errResult = objAdminIS.RemoveCatalog("System", True) IF Err.number = 0 THEN Screenout " Removed System catalog" ELSEIF Err.number = 424 THEN Screenout " System catalog already removed" ELSE screenout " Error " & err.number & " removing System catalog" END IF objAdminIS.Start() END Sub '======================================================================================================== '======================================================================================================== Sub Read_Only On error resume next Dim objIIS,objAcl,objDACL,objAce,Ace,temp,RegKey,Position 'Set up developer access to the registry, file system, performance counters, and metabase strUser = "NT Authority\Authenticated Users" strGroup = strUser IF strOSv = "2003" THEN Screenout " Granting access to Application and System Event Logs" temp = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CustomSD") IF INSTR(Temp,"(A;;0x3;;;AU)") THEN Screenout " Permissions already set on Application Event Log" ELSE temp = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CustomSD") 'If we've previously set READ perms, delete them IF INSTR(Temp,"(A;;0x1;;;AU)") THEN Position = instr(Temp,"(A;;0x1;;;AU)") temp = left(temp,position-1) END IF RegKey = temp & "(A;;0x3;;;AU)" WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\CustomSD",RegKey,"REG_SZ" IF Err.Number = 0 THEN Screenout " Completed permissions on Application Event Log" ELSE Screenout " Error " & Err.Number & " setting permissions on Application Event Log" END IF END IF temp = WshShell.RegRead("HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\CustomSD") IF INSTR(Temp,"(A;;0x1;;;AU)") THEN Screenout " Permissions already set on System Event Log" ELSE RegKey = temp & "(A;;0x1;;;AU)" WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\CustomSD",RegKey,"REG_SZ" IF Err.Number = 0 THEN Screenout " Completed permissions on System Event Log" ELSE Screenout " Error " & Err.Number & " setting permissions" END IF END IF END IF Screenout " Sharing out " & drive & " drive as ee$ and admin$ as winnt$" temp = utilsDir & "\rmtshare \\" & strServer & "\ee$=e:\ /GRANT ""NT Authority\Authenticated Users"":Read" temp = wshshell.run("cmd /c" & temp,2,true) temp = utilsDir & "\rmtshare \\" & strServer & "\ee$=e: /GRANT ""NT Authority\Authenticated Users"":Read" temp = wshshell.run("cmd /c" & temp,2,true) temp = utilsDir & "\rmtshare \\" & strServer & "\winnt$=" & systemroot & " /GRANT ""NT Authority\Authenticated Users"":Read" temp = wshshell.run("cmd /c" & temp,2,true) temp = wshshell.run("cmd /c" & utilsDir & "\rmtshare \\" & strServer & "\iislogs=""" & drive & "system logfiles"" /GRANT safeco_master\webp01:F /grant safeco_master\iisadmins:F",2,true) 'Screenout " Sharing out systemroot, webcontent, logfiles and apps directories" 'temp = wshshell.run("cmd /c" & utilsDir & "\rmtshare \\" & strServer & "\webcontent=" & drive & "webcontent /GRANT ""NT Authority\Authenticated Users"":Read",2,true) 'temp = wshshell.run("cmd /c" & utilsDir & "\rmtshare \\" & strServer & "\""system logfiles""=""" & drive & "system logfiles"" /GRANT ""NT Authority\Authenticated Users"":Read",2,true) 'temp = wshshell.run("cmd /c" & utilsDir & "\rmtshare \\" & strServer & "\apps=" & drive & "apps /GRANT ""NT Authority\Authenticated Users"":Read",2,true) 'temp = wshshell.run("cmd /c" & utilsDir & "\rmtshare \\" & strServer & "\winnt$=" & systemroot & " /GRANT ""NT Authority\Authenticated Users"":Read",2,true) 'Grant permissions for perfmon monitoring Screenout " Granting read access to Perfmon counters" temp = wshShell.run("cmd /c " & utilsDir & "\regsecadd -l -a ""software\microsoft\windows nt\currentversion\perflib"" ""NT Authority\Authenticated Users""",2,true) temp = wshShell.run("cmd /c " & utilsDir & "\regsecadd -l -a ""system\currentcontrolset\control\securepipeservers\winreg"" ""NT Authority\Authenticated Users""",2,true) 'Grant read access to metabase set objIIS = GetObject("IIS://" & strServer & "/w3svc") set objAcl = objIIS.AdminAcl if Err.Number <> 0 then Screenout " Error " & err.number & " accessing AdminACL " exit sub end if set objDACL = objAcl.DiscretionaryACL 'Check if permissions are already set for each objACE in objDACL if lcase(objACE.Trustee) = lcase(strUser) then Screenout " " & strUser & " permissions already exist on metabase" exit sub end if Next ' The user wasn't in the DACL, add them now Set Ace = CreateObject("AccessControlEntry") Ace.Trustee = strUser Ace.AccessMask = &H1 objDACL.AddAce(Ace) objAcl.DiscretionaryACL = objDACL objIIS.AdminAcl = objAcl if Err.Number <> 0 then Screenout " error setting acl: " + Err.Number + ", " + Err.Description end if objIIS.SetInfo if Err.Number <> 0 then Screenout " error setting info: " + Err.Number + ", " + Err.Description ELSE Screenout " ACE for " & strUser & " added." end if End Sub '======================================================================================================== '======================================================================================================== Sub Edit_Registry() On Error Resume Next Dim strKey,strKeyName,strAction,strWord 'NOTE!! This is different than 1baseiis.vbs 'statthreadpool 'really_edit_registry "HKLM\SOFTWARE\Microsoft\COM3\STAThreadPool\",0,"check","REG_SZ" IF strOSv = "2000" THEN really_edit_registry "HKLM\SOFTWARE\Microsoft\COM3\STAThreadPool\EmulateMTSBehavior", "1","check","REG_DWORD" 'MSMQ Workgroup Mode really_edit_registry "HKLM\SOFTWARE\Microsoft\MSMQ\Parameters\Setup\AlwaysWithoutDS", "1","check","REG_DWORD" 'IE start page really_edit_registry "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page","http://" & strServer & ":8008/servertest.aspx","check","REG_SZ" really_edit_registry "HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Main\Start Page","http://" & strServer & ":8008/servertest.aspx","check","REG_SZ" 'Command console really_edit_registry "HKEY_USERS\Console\QuickEdit","0x1","check","REG_DWORD" really_edit_registry "HKEY_USERS\Console\QuickEdit","0x1","check","REG_DWORD" 'CMD Prompt Auto Complete really_edit_registry "HKLM\SOFTWARE\Microsoft\Command Processor\CompletionChar", "0x9","check","REG_DWORD" really_edit_registry "HKLM\SOFTWARE\Microsoft\Command Processor\PathCompletionChar", "0x9","check","REG_DWORD" 'Vista, enable remote management of IIS IF left(lcase(strOSv),5) = "vista" THEN really_edit_registry "HKLM\SOFTWARE\Microsoft\WebManagement\Server\EnableRemoteManagement", "1","check","REG_DWORD" 'SPECIAL CASES 'SOAP - any value above 4 is acceptable IF strOSv = "2000" THEN IF NewBuild = "YES" THEN 'set value to 25 WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\MSSOAP\30\SOAPISAP\NumThreads", 25,"REG_DWORD" Screenout " Set Software\Microsoft\MSSOAP\30\SOAPISAP\NumThreads:25 for SOAP threading" ELSE 'existing server, check value and set to 25 if it isn't already 5 or greater temp = WshShell.RegRead("HKLM\SOFTWARE\Microsoft\MSSOAP\30\SOAPISAP\NumThreads") IF Temp < 5 THEN WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\MSSOAP\30\SOAPISAP\NumThreads", 25,"REG_DWORD" Screenout " Set Software\Microsoft\MSSOAP\30\SOAPISAP\NumThreads:25 for SOAP threading" Else Screenout " Software\Microsoft\MSSOAP\30\SOAPISAP\NumThreads already set to " & temp End if END IF END IF 'Force RPC traffic over fixed ports for management IF ServerLocation = "Frontend" THEN really_edit_registry "HKLM\SOFTWARE\Microsoft\RPC\Internet\PortsInternetAvailable","Y","check","REG_SZ" really_edit_registry "HKLM\SOFTWARE\Microsoft\RPC\Internet\UseInternetPorts","Y","check","REG_SZ" 'The regwrite method does not support MULTI_SZ, so use reg.exe 'temp = utilsDir & "\reg add HKLM\SOFTWARE\Microsoft\Rpc\Internet /v Ports /t REG_MULTI_SZ /d 4970-4990 /f" 'temp = wshShell.run("cmd /c " & utilsDir & "\regsecadd -l -a ""system\currentcontrolset\control\securepipeservers\winreg"" ""NT Authority\Authenticated Users""",2,true) temp = wshShell.run("cmd /c " & utilsDir & "\reg add HKLM\SOFTWARE\Microsoft\Rpc\Internet /v Ports /t REG_MULTI_SZ /d 4970-4990 /f",2,true) screenout " RPC Port result: " & utilsdir & " " & err.number END IF End Sub '======================================================================================================== '======================================================================================================== sub really_edit_registry(strKey,strKeyName,strAction,strWord) On error resume next SELECT CASE lcase(strAction) Case "delete" WSHShell.RegRead strKey IF err.number <> 0 THEN screenout " " & strKeyName & " key " & strKey & " already deleted" ELSE screenout " Deleting " & strKeyName & " key " & strKey WSHShell.RegDelete strKey END IF Case "check" temp = WshShell.RegRead(strKey) IF Temp <> strKeyName THEN WshShell.RegWrite strKey,strKeyName,strWord Screenout " Set " & strKey & " to " & strKeyName Else Screenout " " & strKey & " already set to " & temp End if Case ELSE Screenout " Invalid registry action" END SELECT END SUB '======================================================================================================== '======================================================================================================== Sub mts_security On error resume next 'mtsSecureLib, from Walt North Screenout "Setting mtsSecureLib config" temp = sdrv & "\mts\mtsSecurityLib\PrepareProxy.exe /nodia" screenout " " & temp Temp = WshShell.Run("cmd /c" & temp,2,true) 'dntSecurityLibInstall 'Check if it exists. If so, then remove and install the new version Screenout " Checking mtsSecurityLib..." temp = "" temp = wshShell.regRead("HKLM\SOFTWARE\Classes\mtsSecurityLib.ProxyID\") IF err.number = 0 THEN 'we have mtsSecurity, proceed with the upgrade Screenout " Err " & err.number Screenout "." & temp Screenout " Updating mtsSecurityLib" temp = wshShell.regRead("HKLM\SOFTWARE\Classes\CLSID\{02497DDD-7590-11D2-811B-0001FAD46224}\InprocServer32\@") Screenout " Err " & err.number Screenout "." & temp 'UNREGISTER OLD VERSION Temp = systemroot & "\SYSTEM32\regsvr32.exe /u /s E:\Apps\mtsUtilityLibraryPackage\COM\mtsSecurityLib.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = systemroot & "\SYSTEM32\regsvr32.exe /u /s E:\Apps\mtsUtilityLibraryPackage\mtsSecurityLib.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = systemroot & "\Microsoft.NET\Framework\v2.0.50727\regasm " & sdrv & "\mts\1.0.2.0\Safeco.Dnt.MtsSecurityLib.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.2.0\gacutil /i " & sdrv & "\mts\1.0.2.0\Safeco.Dnt.Interop.mtsSecurityLib.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.2.0\gacutil /i " & sdrv & "\mts\1.0.2.0\Safeco.Dnt.MtsSecurityLib.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) temp = "" Screenout " Updating mtsSecurityLibScript" temp = wshShell.regRead("HKLM\SOFTWARE\Classes\CLSID\{B07A5BE2-D08B-11D4-AE84-000000000000}\InprocServer32\@") Screenout temp 'UNREGISTER OLD VERSION Temp = systemroot & "\SYSTEM32\regsvr32.exe /u /s E:\Apps\mtsUtilityLibraryPackage\COM\mtsSecurityLibScript.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = systemroot & "\SYSTEM32\regsvr32.exe /u /s E:\Apps\mtsUtilityLibraryPackage\mtsSecurityLibScript.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = systemroot & "\Microsoft.NET\Framework\v2.0.50727\regasm " & sdrv & "\mts\1.0.2.0\Safeco.Dnt.MtsSecurityLibScript.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.0.0\gacutil /i " & sdrv & "\mts\1.0.2.0\Safeco.Dnt.Interop.mtsSecurityLibScript.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) Temp = sdrv & "\mts\1.0.0.0\gacutil /i " & sdrv & "\mts\1.0.2.0\Safeco.Dnt.MtsSecurityLibScript.dll" Screenout " " & temp Temp = WshShell.Run("cmd /c " & temp,2,true) END IF really_edit_registry "HKLM\System\CurrentControlSet\Services\Eventlog\Application\dntResourceCredentialTrace\EventMessageFile",systemroot & "\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll","Check","REG_SZ" Screenout " Err " & err.number temp="" err.clear End Sub '======================================================================================================== '======================================================================================================== Sub verify_net On Error Resume Next Dim ConfigFileName,ConfigFileSource 'Copy in the standard .NET config files on all servers except CAM COM servers IF INSTR(1,lcase(strServer),"cp04") < 1 AND INSTR(1,lcase(strServer),"cp05") < 1 AND instr(1,lcase(strServer),"ssrdcos0") < 1 THEN '.Net 1.1 files ConfigfileName = systemroot & "\Microsoft.NET\Framework\v1.1.4322\CONFIG\machine.config" ConfigFileSource = sdrv & "\Frame.net1.1\" & servertype & "\machine.config" wshFile.CopyFile ConfigFileName,ConfigfileName & "." & strDate,1 wshFile.CopyFile ConfigFileSource,ConfigfileName,1 '.Net 2.0 files ConfigfileName = systemroot & "\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config" ConfigFileSource = sdrv & "\Frame.net2.0\" & strOSV & "\" & servertype & "\machine.config" wshFile.CopyFile ConfigFileName,ConfigfileName & "." & strDate,1 If (Wshfile.fileexists(ConfigFileSource)) Then wshFile.CopyFile ConfigFileSource,ConfigfileName,1 ELSE Screenout " UNABLE TO FIND .NET file " & ConfigFileSource END IF ConfigfileName = systemroot & "\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config" ConfigFileSource = sdrv & "\Frame.net2.0\" & strOSV & "\" & servertype & "\web.config" wshFile.CopyFile ConfigFileName,ConfigfileName & "." & strDate,1 If (Wshfile.fileexists(ConfigFileSource)) Then wshFile.CopyFile ConfigFileSource,ConfigfileName,1 ELSE Screenout " UNABLE TO FIND .NET file " & ConfigFileSource END IF END IF 'Set up .NET 2.0 Session State IF ServerType = "PRD" THEN IF ServerLocation = "Frontend" THEN temp = wshShell.run("cmd /c" & sdrv & "\SessionState\aspnet_setreg ""-k:SOFTWARE\SAFECO\sqlConn_2_0"" ""-c:data source=nwi-aspstate02-prd-anon.sql.apps.company.com,13428;Database=ASPState_2_0;uid=NWIP02;password=bPax28V$;""") ELSE temp = wshShell.run("cmd /c" & sdrv & "\SessionState\aspnet_setreg ""-k:SOFTWARE\SAFECO\sqlConn_2_0"" ""-c:data source=nwi-aspstate01-prd.sql.apps.company.com,49153;Database=ASPState_2_0;uid=NWIP02;password=bPax28V$;""") END IF ELSE IF ServerLocation = "Frontend" THEN temp = wshShell.run("cmd /c" & sdrv & "\SessionState\aspnet_setreg ""-k:SOFTWARE\SAFECO\sqlConn_2_0"" ""-c:data source=nwi-aspstate01-dev-anon.sql.apps.company.com,13427;Database=ASPState_2_0;uid=NWIT02;password=dt#U77Lx;""") ELSE temp = wshShell.run("cmd /c" & sdrv & "\SessionState\aspnet_setreg ""-k:SOFTWARE\SAFECO\sqlConn_2_0"" ""-c:data source=nwi-aspstate01-dev.sql.apps.company.com,49153;Database=ASPState_2_0;uid=NWIT02;password=dt#U77Lx;""") END IF END IF temp = wshShell.run("cmd /c" & utilsDir & "\regsecadd -l -a ""SOFTWARE\Safeco\SQLConn_2_0\ASPNET_SETREG"" ""NT Authority\Authenticated Users""",2,true) End Sub '======================================================================================================== '======================================================================================================== Sub verify_net_old On Error Resume Next dim xml Dim ConfigFileName ConfigfileName = systemroot & "\Microsoft.NET\Framework\v1.1.4322\CONFIG\machine.config" set xml = new Xml_Class xml.Load(configFileName) xml.SetAttribute "/configuration/system.web/pages", "enableViewStateMac", "true" xml.SetAttribute "/configuration/system.web/pages", "validateRequest", "false" xml.SetAttribute "/configuration/system.web/machineKey", "validationKey", "CD3F402AB8979BC89C2900BF67753A7404BC1BF3" xml.SetAttribute "/configuration/system.web/machineKey", "decryptionKey", "0050E6C8EF8547ED" xml.SetAttribute "/configuration/system.web/machineKey", "validation", "SHA1" xml.Save End Sub '======================================================================================================== '======================================================================================================== ' XML class Class XML_Class Private m_xmlDoc Private m_XmlFileName Private m_XmlRootNode Private Sub Class_Initialize ' Setup Initialize event. set m_xmlDoc = CreateObject("MSXML2.DOMDocument") End Sub Public Sub Load(xmlFileName) m_XmlFileName = xmlFileName if m_xmldoc.load(xmlFileName) then else err.Raise baseErrorNumber, "XML_Class", "Could not load file: " & xmlFileName end if set m_XmlRootNode = m_xmldoc.documentElement exit sub end sub Public Sub SetAttribute(nodeKey, attributeKey, value) on error resume next dim xmlNode dim xmlAttribute set xmlNode = m_xmlRootNode.SelectSingleNode(nodeKey) xmlAttribute = xmlNode.getAttribute(attributeKey) IF xmlAttribute = value THEN screenout " " & nodeKey & " " & attributeKey & " already set to " & xmlAttribute exit sub ELSE screenout " Changing " & nodeKey & " " & attributeKey & " from " & xmlAttribute & " to " & value END IF xmlNode.setAttribute attributeKey, value if err.number <> 0 then Screenout "Unable to find node attribute: " & attributeKey _ & " in node " & nodeKey _ & " in xml file " & m_XmlFileName on error goto 0 err.Raise errObjectNumber, errObjectSource, errObjectDescription ELSE end if end sub Public Sub Save SaveAs "" exit sub end sub Public Sub SaveAs(xmlFileName) if xmlFileName = "" then xmlFileName = m_XmlFileName on error resume next m_xmldoc.Save(xmlFileName) if err.number <> 0 then Screenout "Could not save file " & xmlFileName on error goto 0 err.Raise errObjectNumber, errObjectSource, errObjectDescription end if exit sub end sub End Class '======================================================================================================== '======================================================================================================== Sub Default_Gateway On error resume next dim objNetwork,gateway,Adapter,Index,Metric 'On newly-built frontend servers, set the correct default gateway IF NewBuild = "YES" THEN Set ObjNetwork = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strServer).INSTancesOf("Win32_NetworkAdapterConfiguration") IF err = 0 THEN Select case ServerType Case "PRD" For each INST in ObjNetwork IF INST.IPAddress <> "" THEN IF left(8,INST.Description) = "External" THEN Index = INST.Index IF INSTR(lcase(strServer),"wdc") > 0 THEN gateway = Array("172.30.128.1") ELSE gateway = Array("172.30.16.1") END IF metric = Array("2") Set Adapter = getobject("winmgmts:Win32_NetworkAdapterConfiguration=" & Index) IF strOS = "2000" THEN temp = Adapter.setGateways(gateway, metric) ELSE temp = Adapter.setGateways(gateway) END IF IF temp = 0 THEN Screenout " Set default gateway to " & gateway ELSE Screenout " Unable to set Default Gateway" END IF ELSEIF left(8,INST.Description) = "Internal" THEN Index = INST.Index gateway = Array("") metric = Array("1") Set Adapter = getobject("winmgmts:Win32_NetworkAdapterConfiguration=" & Index) IF strOS = "2000" THEN temp = Adapter.setGateways(gateway, metric) ELSE temp = Adapter.setGateways(gateway) END IF IF temp = 0 THEN Screenout " Removed default gateway from Internal NIC" ELSE Screenout " Unable to remove Default Gateway on Internal NIC" END IF END IF END IF next Case "Lab" For each INST in ObjNetwork IF INST.IPAddress <> "" THEN IF left(8,INST.Description) = "External" THEN Index = INST.Index gateway = Array("172.31.4.3") metric = Array("2") Set Adapter = getobject("winmgmts:Win32_NetworkAdapterConfiguration=" & Index) IF strOS = "2000" THEN temp = Adapter.setGateways(gateway, metric) ELSE temp = Adapter.setGateways(gateway) END IF IF temp = 0 THEN Screenout " Set default gateway to " & gateway ELSE Screenout " Unable to set Default Gateway" END IF ELSEIF left(8,INST.Description) = "Internal" THEN Index = INST.Index gateway = Array("") Set Adapter = getobject("winmgmts:Win32_NetworkAdapterConfiguration=" & Index) temp = Adapter.setGateways(gateway) END IF END IF next Case "TAC" For each INST in ObjNetwork IF INST.IPAddress <> "" THEN IF left(8,INST.Description) = "External" THEN Index = INST.Index gateway = Array("172.30.4.1") metric = Array("2") Set Adapter = getobject("winmgmts:Win32_NetworkAdapterConfiguration=" & Index) IF strOS = "2000" THEN temp = Adapter.setGateways(gateway, metric) ELSE temp = Adapter.setGateways(gateway) END IF IF temp = 0 THEN Screenout " Set default gateway to " & gateway ELSE Screenout " Unable to set Default Gateway" END IF ELSEIF left(8,INST.Description) = "Internal" THEN Index = INST.Index gateway = Array("") Set Adapter = getobject("winmgmts:Win32_NetworkAdapterConfiguration=" & Index) temp = Adapter.setGateways(gateway) END IF END IF next Case ELSE Screenout " Unable to identify ServerType, skipping Default Gateway config" END SELECT ELSE Screenout " Unable to access Network Properties" END IF END IF End SUB '======================================================================================================== '======================================================================================================== Sub finish_up On error resume next Dim OS,objWMIService,strMSIExec,temp,KeepWaiting,ColProcess,objProcess 'List processes, pause if any install is still running 'Get processes Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strServer & "\root\cimv2") strMSIExec = 1 temp = 100 do until strMSIExec = 0 KeepWaiting = 0 Set colProcess = objWMIService.ExecQuery("Select * from Win32_Process") For Each objProcess in colProcess IF INSTR(lcase(objProcess.Name),"msiexec" ) > 0 OR INSTR(lcase(objProcess.Name),"mdac_typ" ) > 0 OR INSTR(lcase(objProcess.Name),"install" ) > 0 OR INSTR(lcase(objProcess.Name),"dotnetfx3" ) > 0 OR INSTR(lcase(objProcess.Name),"ndp1.1sp1" ) > 0 OR INSTR(lcase(objProcess.Name),"ndp20-" ) > 0 OR INSTR(lcase(objProcess.Name),"update.exe" ) > 0 OR INSTR(lcase(objProcess.Name),"setupmq" ) > 0 THEN wscript.echo " Waiting for " & strName & " " & objProcess.Name & " to complete - " & temp & "..." KeepWaiting = 1 END IF Next temp = temp - 1 IF KeepWaiting = 0 THEN 'Screenout "Completed install of " & strName & " after " & temp & " wait cycles." exit do END IF IF temp = 0 THEN strMSIExec = 0 wscript.sleep 25000 loop strName = "" err.clear 'Delete previous iisconfig version RegKeys temp = 1.0 do until temp > 10.00 temp = temp + .01 WSHShell.RegDelete "HKLM\Software\Microsoft\Updates\" & strScriptName & "\" & temp & "\AHS\" WSHShell.RegDelete "HKLM\Software\Microsoft\Updates\" & strScriptName & "\" & temp & "\" loop 'Add script version RegKeys wshshell.regwrite "HKLM\Software\Microsoft\Updates\" & strScriptName & "\" & Version & "\AHS\InstalledDate", Time & " " & Date, "REG_SZ" wshshell.regwrite "HKLM\Software\Microsoft\Updates\" & strScriptName & "\" & Version & "\AHS\InstalledBy", UserName, "REG_SZ" wshshell.regwrite "HKLM\Software\Microsoft\Updates\" & strScriptName & "\" & Version & "\AHS\Description", strScriptName & " version " & Version, "REG_SZ" wshshell.regwrite "HKLM\Software\Microsoft\Updates\" & strScriptName & "\" & Version & "\AHS\Type", "Update", "REG_SZ" 'Log completion time Screenout "Ending at " & Time & " " & Date Screenout "" 'Write to the event log Dim strCommand strCommand = "Eventcreate /so " & strScriptname & " /l System /t Information /ID 667 /D ""Completed " & strScriptname & "!""" WshShell.Run strcommand 'Prompt for reboot IF NewBuild = "NO" THEN temp = msgbox("Server needs reboot - reboot now?",1) IF Temp = 1 THEN Screenout "Rebooting..." Set OS = GetObject("winmgmts:{(Shutdown)}//./root/cimv2").ExecQuery("select * from Win32_OperatingSystem where Primary=true") for each INST in OS INST.Reboot() next ELSE Screenout "No reboot selected at end" END IF END IF 'So long, and thanks for all the fish END SUB '======================================================================================================== '======================================================================================================== Function screenout(text) Dim wsherrorlogfile On Error Resume Next If (Wshfile.fileexists(strOutputFile)) Then 'If our output file exists, open it, write our data, and close Set wsherrorlogfile = Wshfile.OpenTextFile(strOutputFile, 8) wsherrorlogfile.writeline (text) wscript.echo(text) wsherrorlogfile.Close wscript.DisconnectObject wsherrorlogfile Set wsherrorlogfile = Nothing If Err.number <> 0 Then Err.Clear Else 'File doesn't yet exist, create our output file and write our first line of text Set wsherrorlogfile = Wshfile.createtextfile(strOutputFile, 1) wsherrorlogfile.writeline (text) wscript.echo(text) wsherrorlogfile.Close wscript.DisconnectObject wsherrorlogfile Set wsherrorlogfile = Nothing If Err.number <> 0 Then Err.Clear End If End Function '======================================================================================================== '========================================================================================================