[isalist] Re: Enterprise scripting question
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 25 Apr 2006 19:43:21 -0700
http://www.ISAserver.org
-------------------------------------------------------
The "yet" is what I was waiting for ;)
t
On 4/25/06 7:38 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Right - it's not that granular (yet?).
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of Thor (Hammer of God)
> Sent: Tuesday, April 25, 2006 18:45
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Enterprise scripting question
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Right... I was just asking if delegation would be carved out to process rights
> rather than a preset "role." I'm a bit ignorant of the capabilities here
> because only 2 people in our entire organization can even touch the ISA boxes,
> and I'm one of them, so I've not delved into delegation before.. But, are you
> saying that to add/edit destination sets one has to be an ISA Enterprise or
> ISA Array admin? There is no way to delegate "Edit Destination Set" to a
> regular user (like one can in AD), right?
>
> t
>
>
> On 4/25/06 6:18 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> To clarify - this is the "ISA Enterprise" or "ISA Array" admin.
>> The limit to delegation is "auditor" - someone who can read, but not write.
>>
>> -------------------------------------------------------
>> Jim Harrison
>> MCP(NT4, W2K), A+, Network+, PCG
>> http://isaserver.org/Jim_Harrison/
>> http://isatools.org
>> Read the help / books / articles!
>> -------------------------------------------------------
>>
>>
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of
>> God)
>> Sent: Tuesday, April 25, 2006 16:47
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Enterprise scripting question
>>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> Ewe. Didn't know you had to run the Full Monty just to add destination
>> sites.
>> Will we be seeing delegation of process in future releases? Or are
>> scripts/automation processes destined to be run with stored creds somewhere?
>>
>> t
>>
>>
>> On 4/25/06 4:28 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
>>
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>
>>> Whatever account you use, it should be either an Enterprise or Array
>>> admin, depending on what context you're operating in. I wouldn't
>>> want to run the web app in a user context unless you unequivocally
>>> trust your own coding skills.
>>> If you answered "yes, I do..", then remind me to never hire you...
>>> :-p
>>>
>>> -------------------------------------------------------
>>> Jim Harrison
>>> MCP(NT4, W2K), A+, Network+, PCG
>>> http://isaserver.org/Jim_Harrison/
>>> http://isatools.org
>>> Read the help / books / articles!
>>> -------------------------------------------------------
>>>
>>>
>>> -----Original Message-----
>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of
>>> God)
>>> Sent: Tuesday, April 25, 2006 15:11
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] Re: Enterprise scripting question
>>>
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>
>>> You could also run the web app underneath the creds of a user that
>>> has permissions to do that, though I couldn't find anywhere exactly
>>> what rights had to be given to the account. You obviously wouldn't
>>> want to do that under an account that had escalated privileges (only
>>> was specifically granted the rights for that process.)
>>>
>>> t
>>>
>>>
>>> On 4/25/06 2:20 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
>>>
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>>
>>>> You have to pass the credentials in the
>>>> connectotoconfigurationstorageserver
>>>> method when you run in an ASP page because the ASP process operates
>>>> under the network services account, which has no rights in CSS.
>>>> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/isa
>>>> s d k/isa/fp c_connecttoconfigurationstorageserver.asp
>>>> Spells it out in gory detail.
>>>>
>>>> ..of course, this means you have to stash those credentials
>>>> somewhere ASP can find them, BUT NOT IN PLAIN TEXT anywhere.
>>>>
>>>> -------------------------------------------------------
>>>> Jim Harrison
>>>> MCP(NT4, W2K), A+, Network+, PCG
>>>> http://isaserver.org/Jim_Harrison/
>>>> http://isatools.org
>>>> Read the help / books / articles!
>>>> -------------------------------------------------------
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: isalist-bounce@xxxxxxxxxxxxx
>>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Periyasamy, Raj
>>>> Sent: Tuesday, April 25, 2006 14:11
>>>> To: isalist@xxxxxxxxxxxxx
>>>> Subject: [isalist] Enterprise scripting question
>>>>
>>>> http://www.ISAserver.org
>>>> -------------------------------------------------------
>>>>
>>>> Hi all,
>>>> I am trying to create a web based interface, just for adding domains
>>>> to a Domain Name Set. The script itself runs fine if I run it from
>>>> the command prompt. However, when I try to embed the code in an ASP
>>>> page, the script fails while trying to do
>>>> ConnectToConfigurationStorageServer.
>>>>
>>>> The following is the extract of the code from the ASP page:
>>>>
>>>> Set root = CreateObject("FPC.Root")
>>>> root.ConnectToConfigurationStorageServer cssComputer
>>>> Set oIsaArray = root.Arrays.Item("INFINEUM")
>>>> Set oDomainNameSet =
>>>> oIsaArray.RuleElements.DomainNameSets.Item(sDomainNameSetName)
>>>> oDomainNameSet.Add(sDomainToAdd)
>>>> If Err.Number = -2147024713 Then
>>>> response.write "Error: Domain " + sDomainToAdd + " is
>>>> already unblocked."
>>>> Else
>>>> oDomainNameSet.Save
>>>> response.write "Success: Domain " + sDomainToAdd + " is now unblocked."
>>>> End If
>>>> root.disConnectFromConfigurationStorageServer
>>>>
>>>>
>>>> The following is the error message I get when accessing the URL,
>>>>
>>>> Error Type:
>>>> FPC.Root.1 (0x80070002)
>>>> The system cannot find the file specified.
>>>> /prx_urlexcept.asp, line 38
>>>>
>>>>
>>>>
>>>> Line 38 happens to be "oFPC.ConnectToConfigurationStorageServer
>>>> cssComputer"
>>>>
>>>> Would appreciate any inputs.
>>>>
>>>> Thanks.
>>>>
>>>>
>>>> Regards,
>>>> Raj Periyasamy
>>>> MCSE(Messaging), CCNA
>>>>
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>>
>>>>
>>>> All mail to and from this domain is GFI-scanned.
>>>>
>>>> ------------------------------------------------------
>>>> List Archives: //www.freelists.org/archives/isalist/
>>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>>> ISA Server Articles and Tutorials:
>>>> http://www.isaserver.org/articles_tutorials/
>>>> ISA Server Blogs: http://blogs.isaserver.org/
>>>> ------------------------------------------------------
>>>> Visit TechGenix.com for more information about our other sites:
>>>> http://www.techgenix.com
>>>> ------------------------------------------------------
>>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>>
>>>>
>>>>
>>>
>>>
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>
>>>
>>> All mail to and from this domain is GFI-scanned.
>>>
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>
>>>
>>>
>>
>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>> All mail to and from this domain is GFI-scanned.
>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
