http://www.ISAserver.org ------------------------------------------------------- Right... I was just asking if delegation would be carved out to process rights rather than a preset "role." I'm a bit ignorant of the capabilities here because only 2 people in our entire organization can even touch the ISA boxes, and I'm one of them, so I've not delved into delegation before.. But, are you saying that to add/edit destination sets one has to be an ISA Enterprise or ISA Array admin? There is no way to delegate "Edit Destination Set" to a regular user (like one can in AD), right? t On 4/25/06 6:18 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > To clarify - this is the "ISA Enterprise" or "ISA Array" admin. > The limit to delegation is "auditor" - someone who can read, but not write. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of Thor (Hammer of God) > Sent: Tuesday, April 25, 2006 16:47 > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Enterprise scripting question > > http://www.ISAserver.org > ------------------------------------------------------- > > Ewe. Didn't know you had to run the Full Monty just to add destination sites. > Will we be seeing delegation of process in future releases? Or are > scripts/automation processes destined to be run with stored creds somewhere? > > t > > > On 4/25/06 4:28 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: > >> http://www.ISAserver.org >> ------------------------------------------------------- >> >> Whatever account you use, it should be either an Enterprise or Array >> admin, depending on what context you're operating in. I wouldn't want >> to run the web app in a user context unless you unequivocally trust your own >> coding skills. >> If you answered "yes, I do..", then remind me to never hire you... :-p >> >> ------------------------------------------------------- >> Jim Harrison >> MCP(NT4, W2K), A+, Network+, PCG >> http://isaserver.org/Jim_Harrison/ >> http://isatools.org >> Read the help / books / articles! >> ------------------------------------------------------- >> >> >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of >> God) >> Sent: Tuesday, April 25, 2006 15:11 >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Enterprise scripting question >> >> http://www.ISAserver.org >> ------------------------------------------------------- >> >> You could also run the web app underneath the creds of a user that has >> permissions to do that, though I couldn't find anywhere exactly what >> rights had to be given to the account. You obviously wouldn't want to >> do that under an account that had escalated privileges (only was >> specifically granted the rights for that process.) >> >> t >> >> >> On 4/25/06 2:20 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all: >> >>> http://www.ISAserver.org >>> ------------------------------------------------------- >>> >>> You have to pass the credentials in the >>> connectotoconfigurationstorageserver >>> method when you run in an ASP page because the ASP process operates >>> under the network services account, which has no rights in CSS. >>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/isas >>> d k/isa/fp c_connecttoconfigurationstorageserver.asp >>> Spells it out in gory detail. >>> >>> ..of course, this means you have to stash those credentials somewhere >>> ASP can find them, BUT NOT IN PLAIN TEXT anywhere. >>> >>> ------------------------------------------------------- >>> Jim Harrison >>> MCP(NT4, W2K), A+, Network+, PCG >>> http://isaserver.org/Jim_Harrison/ >>> http://isatools.org >>> Read the help / books / articles! >>> ------------------------------------------------------- >>> >>> >>> -----Original Message----- >>> From: isalist-bounce@xxxxxxxxxxxxx >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Periyasamy, Raj >>> Sent: Tuesday, April 25, 2006 14:11 >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] Enterprise scripting question >>> >>> http://www.ISAserver.org >>> ------------------------------------------------------- >>> >>> Hi all, >>> I am trying to create a web based interface, just for adding domains >>> to a Domain Name Set. The script itself runs fine if I run it from >>> the command prompt. However, when I try to embed the code in an ASP >>> page, the script fails while trying to do >>> ConnectToConfigurationStorageServer. >>> >>> The following is the extract of the code from the ASP page: >>> >>> Set root = CreateObject("FPC.Root") >>> root.ConnectToConfigurationStorageServer cssComputer >>> Set oIsaArray = root.Arrays.Item("INFINEUM") >>> Set oDomainNameSet = >>> oIsaArray.RuleElements.DomainNameSets.Item(sDomainNameSetName) >>> oDomainNameSet.Add(sDomainToAdd) >>> If Err.Number = -2147024713 Then >>> response.write "Error: Domain " + sDomainToAdd + " is already >>> unblocked." >>> Else >>> oDomainNameSet.Save >>> response.write "Success: Domain " + sDomainToAdd + " is now unblocked." >>> End If >>> root.disConnectFromConfigurationStorageServer >>> >>> >>> The following is the error message I get when accessing the URL, >>> >>> Error Type: >>> FPC.Root.1 (0x80070002) >>> The system cannot find the file specified. >>> /prx_urlexcept.asp, line 38 >>> >>> >>> >>> Line 38 happens to be "oFPC.ConnectToConfigurationStorageServer >>> cssComputer" >>> >>> Would appreciate any inputs. >>> >>> Thanks. >>> >>> >>> Regards, >>> Raj Periyasamy >>> MCSE(Messaging), CCNA >>> >>> ------------------------------------------------------ >>> List Archives: //www.freelists.org/archives/isalist/ >>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>> ISA Server Articles and Tutorials: >>> http://www.isaserver.org/articles_tutorials/ >>> ISA Server Blogs: http://blogs.isaserver.org/ >>> ------------------------------------------------------ >>> Visit TechGenix.com for more information about our other sites: >>> http://www.techgenix.com >>> ------------------------------------------------------ >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>> Report abuse to listadmin@xxxxxxxxxxxxx >>> >>> >>> All mail to and from this domain is GFI-scanned. >>> >>> ------------------------------------------------------ >>> List Archives: //www.freelists.org/archives/isalist/ >>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>> ISA Server Articles and Tutorials: >>> http://www.isaserver.org/articles_tutorials/ >>> ISA Server Blogs: http://blogs.isaserver.org/ >>> ------------------------------------------------------ >>> Visit TechGenix.com for more information about our other sites: >>> http://www.techgenix.com >>> ------------------------------------------------------ >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>> Report abuse to listadmin@xxxxxxxxxxxxx >>> >>> >>> >> >> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: >> http://www.isaserver.org/articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> All mail to and from this domain is GFI-scanned. >> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: >> http://www.isaserver.org/articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx