Re: Idea for ISA Blocking Scripts on isatools.org

Yeah, that is one of the down falls of the process the command line is not
liked :(
CommandLine Data type: string Access type: Read-only
Command line used to start a specific process, if applicable. This property
is new for Windows XP

What really happens is that from the command line the program to watch
actaully becomes
"cscript.exe"  But, when we run our scripts we usually type "cscript
somescript.vbs"
I think that the process could be still usable if we pass in a parameter
like this,
"cscript somescript.vbs "cscript.exe"  and then change the gProgram variable
to
"cscript.exe".  Or as I'm researching, how to create a custom *.mof file
that
can utilize that parameter and update the wmi stuff for 2000.

Joseph
----- Original Message ----- 
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, May 16, 2004 3:13 PM
Subject: [isalist] Re: Idea for ISA Blocking Scripts on isatools.org


http://www.ISAserver.org

DAMNDAMNDAMN!!!

The "CommandLine" property isn't valid for Windows 2000!!!

@$#%$njhq4-0595#$%T!@#4j1 bqr-t134!34tv qrt536!!!

(sorry, ladies...)

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Sun, 16 May 2004 14:39:00 -0700
 Jim Harrison <jim@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org

Hi Joe,

Thanks for the kick-in-the-head; not only does the W32_Process have that
information, it's brain-dead easy to validate:

Option Explicit

On Error Resume Next

Dim Wmi
Dim RegEx
Dim processes
Dim process
Dim Count: Count = 0

Set Wmi = GetObject( "winmgmts:root\cimv2" )
Set RegEx = New RegExp
RegEx.global = True
RegEx.IgnoreCase = True
RegEx.Pattern = WScript.ScriptName

Set processes = Wmi.ExecQuery( "select CommandLine, Name from Win32_Process
where ( Name='wscript.exe' or Name='cscript.exe' )" )
For Each process In processes
WScript.Echo "WScript.ScriptName = " & WScript.ScriptName
WScript.Echo "process.CommandLine = " & process.CommandLine
If RegEx.Test( process.CommandLine ) AND Count > 0 Then
WScript.Echo "Too many of me running!"
WScript.Quit
Else
Count = Count + 1
End If
Next

While 1 = 1
WScript.Sleep 5000
Wend

Test it by :
1. start two separate console sessions
2. in session one, start the script
3. in session 2, start the script

.session 2 should give out the message "There are too many of me running!"


  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Sun, 16 May 2004 12:57:14 -0700
 "cismic" <cismic@xxxxxxx> wrote:
http://www.ISAserver.org

Hi there,
I disagree.  You can do effect monitoring of running instances of
wscript.exe.
So, if you add something like this to the start of your scripts then you can
effectively monitor and close out running the  script again. However,
it dosen't work so well if you have tons of wscript.echo commands running
during the processing
and while you answer those start the script again when the last wscript.echo
was hit.

Option Explicit

Stop
On error Resume Next

Dim gstrUser,gstrDomain, gwshShell, gstrUserName, gLocal, gLocalService,
gobjProcessList, gProcess, lRetValue,  gProgram

Set oArgs =WScript.Arguments
set gLocal = createObject("WbemScripting.SWbemLocator")
Set gwshShell = CreateObject("Wscript.Shell")

gProgram = "wscript.exe" 'needs to be lower case the system "proc.name"
sends it this way.

ggstrUserName = gwshShell.ExpandEnvironmentStrings("%Username%")
gLocal.security_.impersonationLevel = 3 'impersonate

set gLocalService = gLocal.connectServer(".","root\cimv2")
set gobjProcessList = gLocalService.ExecQuery("Select * from Win32_Process")

for each gProcess in gobjProcessList
 lRetValue = gProcess.GetOwner(gstrUser,gstrDomain)

 If gProcess.name = gProgram then
      MsgBox gProgram & " Is already running you cannot open another
instance ",vbexclamation,"Warning"
      WScript.quit
 End If

NEXT

Thank you,

Joseph



----- Original Message ----- 
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, May 16, 2004 8:19 AM
Subject: [isalist] Re: Idea for ISA Blocking Scripts on isatools.org


http://www.ISAserver.org

I thought about something like that, but it creates a potential "race"
condition where the file might not yet be created when a later script runs.
This could actually cause both scripts to fail, leaving you even more
confused...
Plus, depending on how the scripts fail, the file may not get cleaned up and
the system becomes more cluttered.

VB Scripting has some really bad error handling, but I use it because it's
easier for most folks to read...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Mon, 17 May 2004 02:40:22 +1200
 "Surago Jones" <surago@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org

Ah Sweet. :)

One possibility to detect if the script it already running, would be to
create a temporary file at the beginning of the script, then remove it at
the end of the script, and use a check to see if it exists before continuing
within the script. :)  (not sure if that is possible, but an idea at least.
:) )

heh, Tho i guess i should just be a little more careful with my keypresses.
:)

Cheers

Surago Jones

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, 14 May 2004 04:03
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Idea for ISA Blocking Scripts on isatools.org



http://www.ISAserver.org

Actually, you do have a valid bug, just not the one you think...

You get popup-after-popup when you run them because:
1. the default scripting engine in Windows is WScript (popups for every
message)
2. not everyone knows (how) to change the default scripting engine to
CScript (console output).

Unfortunately, there's no way for a script to know if there is more than one
instance of itself (HTA does, though).
Fortunately, the fix is to make the script(s) aware of the scripting engine
that ran them and adjust accordingly.

That's a completely brain-dead change (ISAInfo does it already) that you can
look for by this weekend.
Thanks for the bug report!

in the meantime, open a cmd window and type:
    cscript //h:cscript

now all scripts will run as console apps, not windows.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
  http://www.microsoft.com/isaserver
  http://isaserver.org/Jim_Harrison
  http://isatools.org

 Read the help, books and articles!
----- Original Message -----
From: "Surago Jones" <surago@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, May 13, 2004 06:59
Subject: [isalist] Idea for ISA Blocking Scripts on isatools.org


http://www.ISAserver.org

Hi All,

I can't remember whom it was that developed the virus blocking scripts on
ISATools.org, however i have a suggestion.

Would it be possible to have the script stop it from running again if it has
already been started.  As i was running the MyDoom
script which creates quite a few Protocol Rules, unfortunately i got a tad
carried away with hitting the enter key to all the
prompts that appear, and somehow managed to get it to run several copies of
the script at the same time. :)  (Yep i'm a dumbass)

Anyways, just thought this idea would improve the script if the author can
be bothered. :)

Cheers

Surago Jones


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
surago@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')





------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: