'=============
'Initialize MOM Scripting Variables
'=============
Dim oAPI
Set oAPI = CreateObject("Mom.ScriptAPI")
If Err <> 0 Then
Wscript.Quit -1
End If
'=============
'Helper methods
'=============
' Method: CreateEvent
' Description: Logs Event
' Parameters: source, eventId, eventtype(error/warning/info/success), errormsg
'=============
Sub CreateEvent(lngEventID, lngEventType, strMsg)
Call oAPI.LogScriptEvent(EVENT_SOURCE, lngEventID, lngEventType, strMsg)
End Sub
'=============
' Method: HResultToString
' Description: Returns hresult value in string format 0x00000000(0)
' Parameters: hresult
'=============
Function HResultToString(hresult)
HResultToString = "0x" & Hex(hresult) & "(" & hresult & ")"
End Function
'=============
' Method: RegRead
' Description: Returns registry location value
' Parameters: strKey
'=============
Function RegRead(strKey)
On Error Resume Next
RegRead = "..."
Dim objShell
Set objShell = CreateObject("WScript.Shell")
RegRead = objShell.RegRead(strKey)
Set objShell = Nothing
End Function
ConvertDateTime = FormatDateTime(objDate) & " " & FormatDateTime(objTime)
End Function
'=============
' Method: IsWMIRunning
' Description: Returns true/false
' Parameters: -
'=============
Function IsWMIRunning()
Dim objWMI
On Error Resume Next
Set objWMI = GetObject("winmgmts:root\cimv2")
If Err Then
IsWMIRunning = False
CreateEvent _
9013, _
EVENT_TYPE_ERROR, _
"The 'Windows Management Instrumentation' service (WinMgmt.exe) was not running when MOM tried to run a script that is dependent on this service. Check if the start up mode of this service is not set to 'disabled'."
Else
IsWMIRunning = True
End If
End Function
'=============
' Method: WMIExecQuery
' Description: Returns an object of type SWbemObjectSet
' Parameters:
' sNamespace - A WMI Namespace (ex. winmgmts:\\COMPUTERNAME\ROOT\cimv2).
' sQuery - A SQL Query (ex. SELECT * FROM Win32_OperatingSystem)
' iAlert - To echo/raise error
'=============
Function WMIExecQuery(sNamespace, sQuery, iAlert)
Dim oWMI, oQuery
Dim nErrNumber, sErrDescription
Dim nInstanceCount
On Error Resume Next
Set oWMI = GetObject(sNamespace)
On Error Goto 0
If IsEmpty(oWMI) And iAlert <> 0 Then
WScript.Echo "Unable to open WMI Namespace " & sNamespace
Err.Raise 9100, "Unable to open WMI Namespace " & sNamespace, "Check to see if the WMI service is enabled and running, and ensure this WMI namespace."
End If
On Error Resume Next
Set oQuery = oWMI.ExecQuery(sQuery)
nErrNumber = Err.Number
sErrDescription = Err.Description
On Error Goto 0
If (IsEmpty(oQuery) Or nErrNumber <> 0) And iAlert <> 0 Then
WScript.Echo "The Query '" & sQuery & "' returned an invalid result set. Error:" & nErrNumber & ", " & sErrDescription & "."
Err.Raise 9100, "The Query '" & sQuery & "' returned an invalid result set.", "Please check to see if this is a valid WMI Query. Error:" & nErrNumber & ", " & sErrDescription & "."
End If
'Determine if we queried a valid WMI class - Count will return 0 or empty
On Error Resume Next
nInstanceCount = oQuery.Count
nErrNumber = Err.Number
sErrDescription = Err.Description
On Error Goto 0
If nErrNumber <> 0 And iAlert <> 0 Then
WScript.Echo "The Query '" & sQuery & "' did not return any valid instances. Error:" & nErrNumber & ", " & sErrDescription & "."
Err.Raise 9100, "The Query '" & sQuery & "' did not return any valid instances.", "Please check to see if this is a valid WMI Query. Error:" & nErrNumber & ", " & sErrDescription & "."
End If
Set WMIExecQuery = oQuery
Set oQuery = Nothing
Set oWMI = Nothing
End Function
'=============
' Method: IsRunningAsSystem
' Description: Returns true/false
' Parameters: -
' Comments: If IsRunningAsSystem is False the caller should check if there is any error (If Err Then ...).
'=============
Function IsRunningAsSystem
Dim WshNetwork
Dim WMISystemAcct
IsRunningAsSystem = False
Set WshNetwork = CreateObject("WScript.Network")
' Use the well-known SID of the system account ("S-1-5-18") to get the correspondent object
Set WMISystemAcct = GetObject("WinMgmts:root/cimv2:Win32_SID='S-1-5-18'")
' WshNetwork.UserName gives the account running the current thread
' WMISystemAcct.AccountName gets the localized name of the system account
' No worries with string case in the comparsion below since, if the account is
' system, the name is extracted from the same location for both objects
If WshNetwork.UserName = WMISystemAcct.AccountName Then
IsRunningAsSystem = True
End If
End Function
'=============
'=============
'Exchange specific Helper methods
'=============
'=============
'=============
' Method: GetNamingContext
' Description: Returns propertyValue from rootDSE object
' Parameters: strPropertyName
'=============
Function GetNamingContext(strPropertyName)
GetNamingContext = ""
Dim IADsRootDSE
Set IADsRootDSE = GetObject("LDAP://rootDSE")
GetNamingContext = IADsRootDSE.Get(strPropertyName)
Set IADsRootDSE = Nothing
End Function
'=============
' Method: GetRootGC
' Description: Returns RootGC
' Parameters: -
'=============
Function GetRootGC()
Dim oGCCollection, oGC
Set oGCCollection = GetObject("GC:")
For each oGC in oGCCollection
Set GetRootGC = oGC
Next
End Function
'=============
' Method: GetCNValue
' Description: -
' Parameters: iOcurr, strData
'=============
Function GetCNValue(iOcurr, strData)
GetCNValue = GetTokValue(iOcurr, "CN=", ",", strData)
End Function
'=============
' Method: GetTokValue
' Description: -
' Parameters: iOcurr, strStartTok, strEndTok, strData
'=============
Function GetTokValue(iOcurr, strStartTok, strEndTok, strData)
Dim iIni, iEnd, iTokLen
iTokLen = Len(strStartTok)
iIni = 1
While iOcurr > 0 ' Skip to the desired occurence
iIni = InStr(iIni, strData, strStartTok, vbTextCompare) + iTokLen
iOcurr = iOcurr - 1
WEnd
iEnd = InStr(iIni, strData, strEndTok, vbTextCompare)
GetTokValue = Mid(strData, iIni, (iEnd - iIni))
End Function
'=============
' Format Constants
'=============
Dim REC_DELIM, INFO_DELIM, IDENT
REC_DELIM = vbCr
INFO_DELIM = vbCr & vbCr
IDENT = " "
'=============
' Method: OutputInfo
' Description: -
' Parameters: strValues, strProps, iPropsFrom, iLevel, blnHierarchical
' Remarks: Very similar to OutDiskInfo sub in Disk_Space_Problem.vbs
'=============
Function OutputInfo(strValues, strProps, iPropsFrom, iLevel, blnHierarchical)
Dim arrValues, arrProps, strLvl
Dim i
If strValues = "" Then Exit Function
On Error Resume Next
OutputInfo = ""
arrValues = Split(strValues, ";")
arrProps = Split(strProps, ",")
While iLevel > 0
strLvl = strLvl & IDENT
iLevel = iLevel - 1
WEnd
For i = iPropsFrom To UBound(arrProps)
OutputInfo = OutputInfo & strLvl & arrProps(i) & ": " & arrValues(i) & REC_DELIM
If i = iPropsFrom and blnHierarchical Then strLvl = strLvl & IDENT
Next
On Error GoTo 0
End Function
'Copyright (c) Microsoft Corporation. All rights reserved.
'*******************************************************************************
' $ScriptName: "Verify Message Tracking Log shares are locked down" $
'
' Purpose - This script verifies that Everyone does not have access to the MessageTacking logs on an Exchange server.
'
' Parameters - "myParam" = this parameter is for...
'
' Events -
'SOURCE ID DESCRIPTION
'Exchange MOM 8103 Message Tracking Logs have "Everyone" listed as OK to access.
'Exchange MOM 8104 WMI error from Win32_Share.
'Exchange MOM 8105 WMI error from Win32_LogicalShareSecuritySetting.
'
' $File: Verify_Message_Tracking_Share_Protected.vbs $
'*************************************************************************
EVENT_SOURCE = "Verify Message Tracking Log shares are locked down"
'Events IDs for this script
Const MESSAGE_TRACKING_LOGS_EVERYONE_PERMS_ID = 8103
Const MESSAGE_TRACKING_LOGS_EVERYONE_PERMS_MSG = "The 'Everyone' group has permissions on the Exchange Message Tracking log share (SERVERNAME.log directory). It is recomended that you lock down this directory for security purposes. The 'EVERYONE' group should not be given any access to this share including Full Control, Change or Read. Please remove 'EVERYONE' and add only users that are required to access this share, i.e. your exchange system administrators."
'CDO Creating Exchange Server error
Const WMI_ERROR_FROM_WIN32_SHARE_EVENT_ID = 8104
Const WMI_ERROR_FROM_WIN32_SHARE_MSG = "WMI failed to GetObject('winmgmts://Server_Name/root/cimv2').execquery('select * from Win32_Share')"
'CDO Creating Exchange Server error
Const WMI_ERROR_FROM_WIN32_LOGICALSHARESECURITYSETTING_EVENT_ID = 8105
Const WMI_ERROR_FROM_WIN32_LOGICALSHARESECURITYSETTING_MSG = "WMI failed to GetObject('winmgmts://Server_Name/root/cimv2').execquery('select * from Win32_LogicalShareSecuritySetting')"
Dim TargetNetbiosComputer
if WScript.Arguments.Count = 1 then
TargetNetbiosComputer = WScript.Arguments(0)
else
WScript.quit()
end if
CheckSERVERNAMELOGShare TargetNetbiosComputer
'=================================================================================
' Get the Message tracking log data for each Exchange computer
'=================================================================================
Sub CheckSERVERNAMELOGShare (strExchangeServerName)
Dim strServer, shareExists, boolFireEvent, SDExists
Dim oShares, share, strShareName, retval, descriptor, x, strAccountName
Set oShares = WMIExecQuery("winmgmts://" & strServer & "/root/cimv2", "select * from Win32_Share", 0)
If (Err) Then
CreateEvent WMI_ERROR_FROM_WIN32_SHARE_EVENT_ID, EVENT_TYPE_INFORMATION, WMI_ERROR_FROM_WIN32_SHARE_MSG
Else
For Each share in oShares
share = UCase(share.name)
If share = strServer & ".LOG" Then
shareExists = True
Exit For
End If
Next
Set oShares = Nothing
Set share = Nothing
If shareExists = True Then
Set oShares = WMIExecQuery( _
"winmgmts://" & strServer & "/root/cimv2", _
"select * from Win32_LogicalShareSecuritySetting", _
0)
If (Err) Then
CreateEvent _
WMI_ERROR_FROM_WIN32_LOGICALSHARESECURITYSETTING_EVENT_ID, _
EVENT_TYPE_INFORMATION, _
WMI_ERROR_FROM_WIN32_LOGICALSHARESECURITYSETTING_MSG
Else
For Each share in oShares
strShareName = UCase(share.name)
If strShareName = strServer & ".LOG" Then
SDExists = True
retval = share.GetSecurityDescriptor(descriptor)
For x = 0 to UBound(descriptor.DACL)
strAccountName = (descriptor.DACL(x).Trustee.Name)
strAccountName = UCase(strAccountName)
If strAccountName = "EVERYONE" Then boolFireEvent = True
Next
End If
Next
If SDExists = False Then
boolFireEvent = True
End If
End If
End If
If boolFireEvent = True Then
CreateEvent MESSAGE_TRACKING_LOGS_EVERYONE_PERMS_ID, EVENT_TYPE_WARNING, MESSAGE_TRACKING_LOGS_EVERYONE_PERMS_MSG
else
CreateEvent 10000, EVENT_TYPE_SUCCESS, "Everyone does not have access to the MessageTacking logs on an Exchange server"
end if
End If
End Sub