[isalist] Re: Enterprise scripting question

• From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 25 Apr 2006 18:45:02 -0700

http://www.ISAserver.org
-------------------------------------------------------
  
Right... I was just asking if delegation would be carved out to process
rights rather than a preset "role."  I'm a bit ignorant of the capabilities
here because only 2 people in our entire organization can even touch the ISA
boxes, and I'm one of them, so I've not delved into delegation before.. But,
are you saying that to add/edit destination sets one has to be an ISA
Enterprise or ISA Array admin?  There is no way to delegate "Edit
Destination Set" to a regular user (like one can in AD), right?

t


On 4/25/06 6:18 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:

> http://www.ISAserver.org
> -------------------------------------------------------
> 
> To clarify - this is the "ISA Enterprise" or "ISA Array" admin.
> The limit to delegation is "auditor" - someone who can read, but not write.
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Thor (Hammer of God)
> Sent: Tuesday, April 25, 2006 16:47
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Enterprise scripting question
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> Ewe.  Didn't know you had to run the Full Monty just to add destination sites.
> Will we be seeing delegation of process in future releases?  Or are
> scripts/automation processes destined to be run with stored creds somewhere?
> 
> t
> 
> 
> On 4/25/06 4:28 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>> 
>> Whatever account you use, it should be either an Enterprise or Array
>> admin, depending on what context you're operating in.  I wouldn't want
>> to run the web app in a user context unless you unequivocally trust your own
>> coding skills.
>> If you answered "yes, I do..", then remind me to never hire you... :-p
>> 
>> -------------------------------------------------------
>>    Jim Harrison
>>    MCP(NT4, W2K), A+, Network+, PCG
>>    http://isaserver.org/Jim_Harrison/
>>    http://isatools.org
>>    Read the help / books / articles!
>> -------------------------------------------------------
>>  
>> 
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of
>> God)
>> Sent: Tuesday, April 25, 2006 15:11
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Enterprise scripting question
>> 
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>   
>> You could also run the web app underneath the creds of a user that has
>> permissions to do that, though I couldn't find anywhere exactly what
>> rights had to be given to the account.  You obviously wouldn't want to
>> do that under an account that had escalated privileges (only was
>> specifically granted the rights for that process.)
>> 
>> t
>> 
>> 
>> On 4/25/06 2:20 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
>> 
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>> 
>>> You have to pass the credentials in the
>>> connectotoconfigurationstorageserver
>>> method when you run in an ASP page because the ASP process operates
>>> under the network services account, which has no rights in CSS.
>>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/isas
>>> d k/isa/fp c_connecttoconfigurationstorageserver.asp
>>> Spells it out in gory detail.
>>> 
>>> ..of course, this means you have to stash those credentials somewhere
>>> ASP can find them, BUT NOT IN PLAIN TEXT anywhere.
>>> 
>>> -------------------------------------------------------
>>>    Jim Harrison
>>>    MCP(NT4, W2K), A+, Network+, PCG
>>>    http://isaserver.org/Jim_Harrison/
>>>    http://isatools.org
>>>    Read the help / books / articles!
>>> -------------------------------------------------------
>>>  
>>> 
>>> -----Original Message-----
>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Periyasamy, Raj
>>> Sent: Tuesday, April 25, 2006 14:11
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] Enterprise scripting question
>>> 
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>   
>>> Hi all,
>>> I am trying to create a web based interface, just for adding domains
>>> to a Domain Name Set. The script itself runs fine if I run it from
>>> the command prompt. However, when I try to embed the code in an ASP
>>> page, the script fails while trying to do
>>> ConnectToConfigurationStorageServer.
>>> 
>>> The following is the extract of the code from the ASP page:
>>> 
>>> Set root = CreateObject("FPC.Root")
>>>     root.ConnectToConfigurationStorageServer cssComputer
>>>     Set oIsaArray = root.Arrays.Item("INFINEUM")
>>>     Set oDomainNameSet =
>>> oIsaArray.RuleElements.DomainNameSets.Item(sDomainNameSetName)
>>>     oDomainNameSet.Add(sDomainToAdd)
>>>     If Err.Number = -2147024713 Then
>>>         response.write "Error: Domain " + sDomainToAdd + " is already
>>> unblocked."
>>>     Else
>>>         oDomainNameSet.Save
>>> response.write "Success: Domain " + sDomainToAdd + " is now unblocked."
>>>     End If
>>>     root.disConnectFromConfigurationStorageServer
>>> 
>>> 
>>> The following is the error message I get when accessing the URL,
>>> 
>>> Error Type:
>>> FPC.Root.1 (0x80070002)
>>> The system cannot find the file specified.
>>> /prx_urlexcept.asp, line 38
>>> 
>>> 
>>> 
>>> Line 38 happens to be "oFPC.ConnectToConfigurationStorageServer
>>> cssComputer"
>>> 
>>> Would appreciate any inputs.
>>> 
>>> Thanks.
>>> 
>>> 
>>> Regards,
>>> Raj Periyasamy
>>> MCSE(Messaging), CCNA
>>> 
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>> 
>>> 
>>> All mail to and from this domain is GFI-scanned.
>>> 
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>> 
>>> 
>>> 
>> 
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
>> 
>> All mail to and from this domain is GFI-scanned.
>> 
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>> 
>> 
>> 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

• References:
  • [isalist] Re: Enterprise scripting question
    • From: Jim Harrison

Other related posts:

• » [isalist] Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question
• » [isalist] Re: Enterprise scripting question

1. Home
2. isalist
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---