RE:RE:RE: scripts to disable rules and clientAddrSet members
- From: Daniel <daniel@xxxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Sat, 06 Aug 2005 19:15:56 -0300
Tkank you very much, Jim!
About ISA schedules:
I know and apply it. But in my case, for example:
1)I have some deny rules that apply in workhours with some permanent
exceptions (Is a permanent rule, rigth!).
Casually I need that some user (ex: bob) should be in exceptions of such
rules, ONLY TODAY, to make a especific task (for example: today it can
download .zip and .exe files in workhours).
So will put bob in exceptions clientAddrSet and schedule a windows task
schedule, using your script example, to delete bob from exception
clientaddr at the end of the current working day, ex. at 6:30PM. So
tomorrow I don't need remeber to delete bob from exceptions.
2)In other cases I need allow some user to access some protocol only per
one day or for some hours today. I will apply a scripts to disable the
protoRule in the same way, at the end of the day.
Still that ISA had shedules with begin/end date, my first case will still
better resolved with scripts.
Thanks again!
- ----- Original Message -----
- From: Jim Harrison
- To: [ISAserver.org
Discussion List]
- Sent: Saturday, August 06, 2005 6:06 PM
- Subject: [isalist] RE: scripts to disable rules and clientAddrSet
members
- http://www.ISAserver.org
- You say you want to run these as a scheduled task - are
you aware of ISA schedules that can be applied to any rule?
-
- Always start with this:
- Dim oISA
- Set oISA = CreateObject( "FPC.Root" )
-
- Example to toggle a S&C rule:
- -- snip --
- Dim S_C_Rule
- Set Set S_C_Rule =
oISA.Arrays.GetContainingArray.ArrayPolicy.SiteAndContentRules(
"NameOfRule" )
- S_C_Rule.Enabled = Not( S_C_Rule.Enabled )
- S_C_Rule.Save
- -- snip --
-
- Example to add a CAS element:
- -- snip --
- Dim CAS
- Set CAS =
oISA.Arrays.GetContainingArray.ArrayPolicy.PolicyElements.ClientAddressSets(
?NameOfSet? )
- CAS.Add 1.2.3.4 1.2.3.4
- CAS.Save
- -- snip --
-
- Example to delete a CAS element:
- -- snip --
- Dim CAS
- Set CAS =
oISA.Arrays.GetContainingArray.ArrayPolicy.PolicyElements.ClientAddressSets(
?NameOfSet? )
- CAS.Remove 1.2.3.4
- CAS.Save
- -- snip --
-
- Remember ? these are bare-bones examples.
- You?ll want to add appropriate logging, error handling, etc.
- ISATools.org has lots of examples for you to read through.
-
- -----Original Message-----
- From: Daniel
[mailto:daniel@xxxxxxxxxxxxxxxx]
- Sent: Saturday, August 06, 2005 12:15 PM
- To: [ISAserver.org Discussion List]
- Subject: [isalist] RE: scripts to disable rules and clientAddrSet
members
-
- http://www.ISAserver.org
- Hi Jim!
-
- I'm not a VB script programmer, today I make only some .bat routines,
but windows .bat scripts are very limited. I was a programmer in the past
(10 years ago), if you a very simple sample, is good for me! I know that
change on the fly rules or chains is not easy, still more if you not a
programer.
-
- I need 2 scripts, one for disable a site&content rule and other
to delete some client addrset members. I use such rules to allow
temporary access but forget some times to disable it.
-
- thanks,
-
- ----- Original Message -----
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx
<mhtml:mid://00000006/mailto:Jim@xxxxxxxxxxxx> >
- To: "[ISAserver.org Discussion List]"
<isalist@xxxxxxxxxxxxx
<mhtml:mid://00000006/mailto:isalist@xxxxxxxxxxxxx> >
- Sent: Saturday, August 06, 2005 2:48 PM
- Subject: [isalist] RE: scripts to disable rules and clientAddrSet
members
-
- >
http://www.ISAserver.org
<mhtml:mid://00000006/http://www.ISAserver.org>
- >
- > Again - do you want scripts or help writing them?
- > It's actually simpler to move users into/ out of user groups that apply
- > to static rules than it is to change ISA rules on the fly.
- >
- > -----Original Message-----
- > From: Daniel [mailto:daniel@xxxxxxxxxxxxxxxx]
- > Sent: Saturday, August 06, 2005 10:17 AM
- > To: [ISAserver.org Discussion List]
- > Subject: [isalist] scripts to disable rules and clientAddrSet members
- >
- > http://www.ISAserver.org <mhtml:mid://00000006/http://www.ISAserver.org>
- >
- > I have some rules, that allow more privilegied access and I put users
- > into
- > it for temporary time, for example (1 day), cause they need make
- > temporary
- > taks like searches on proibit sites, download proibit files in work
- > hours, etc.
- >
- > So I need scripts to run by windows task scheduler for:
- > 1) disable on or more rules
- > 2) delete or add members to client address sets
- >
- > Anyone could help me!
- >
- > Thanks,
- > Daniel
- >
- ------------------------------------------------------
- List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
- ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
- ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
- ------------------------------------------------------
- Visit TechGenix.com for more information about our other sites:
- http://www.techgenix.com
- ------------------------------------------------------
- You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx
- To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
- Report abuse to listadmin@xxxxxxxxxxxxx
- ------------------------------------------------------
- List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
- ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
- ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
- ------------------------------------------------------
- Visit TechGenix.com for more information about our other sites:
- http://www.techgenix.com
- ------------------------------------------------------
- You are currently subscribed to this ISAserver.org Discussion List as: daniel@xxxxxxxxxxxxxxxx
- To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
- Report abuse to listadmin@xxxxxxxxxxxxx
- All mail to and from this domain is GFI-scanned.