No Clean Feed - Stop Internet Censorship in Australia
Skip to content

Creating Custom MetaFrame Admins with VBscript: Part 2

Creating the Administrator
Now that we can read the privileges from an existing administrator object we can determine which privileges to write to a new administrator. In this post I have listed a script that you can use to create the custom administrator account.

This script uses arrays of values for the privileges (I’ve used the value rather than their names to reduce the size of the script. See the SDK documentation if you would rather refer to the privileges by their names). The arrays listed in the code will set every single privilege so you will need to edit them when setting your own administrator accounts.

The script can be broken down into this process:

  1. Set the privilege arrays.
  2. Return the list of Application and Server folders.
  3. Bind to the Presentation Server farm.
  4. Create the administrator account.
  5. Bind to the new administrator account and set the first set of privileges.
  6. Bind to the Server folders and assign privileges to the new administrator account.
  7. Bind to the Applications folders and assign privileges to the new administrator account.

The script uses a function to add privileges to the Application or Server folders. Pass the folder name, the folder type (MetaFrameAppFolder or MetaFrameSrvFolder), the account domain and account name and the privilege set as an array and the function does the rest.

During testing I have noticed that the privileges are not set on the last Application folder in the list - if you take a look at the code you can see that I am setting the privileges on that folder a second time. If anyone else is seeing this behaviour please let me know.

Click To View The Script

<package>
  <job id="CustomPermissions" prompt="no">
    <?job error="false" debug="false" ?>
    <comment>
    </comment>
    <runtime>
      <description>
      </description>
    </runtime>
    <reference object="MetaFrameCOM.MetaFrameFarm"/>
    <script language="VBScript">
 
sDomainName = "AD"
sAdminAccountName = "Domain Admins"
 
'An array containing all privileges that can be Set
aPrivsNonFolders = Array(8,9,10,11,12,14,15,16,22,24,25,41,42,47,48,50,51,53,54,61,62,67,69,70,72,73,74,75,79,80,81,82)
aPrivsSrvFolders = Array(27,28,29,30,31,32,33,35,36,37,38,56,57,59,60,66,77,78,83)
aPrivsAppFolders = Array(2,3,27,28,29,30,31,32,64,65,76,84)
 
'Return lists of application and server folders
aApplicationFolders = ReturnMFFolders(MetaFrameAppFolder)
aServerFolders = ReturnMFFolders(MetaFrameSrvFolder)
 
'Create the farm object and initialise
Set oFarm = CreateObject("MetaFrameCOM.MetaFrameFarm")
oFarm.Initialize(MetaFrameWinFarmObject)
 
'Create the administrator object and save
Set oMFAdministrator = oFarm.AddAdmin
oMFAdministrator.Enable = 1
oMFAdministrator.AAType = MFAccountAuthorityADS
oMFAdministrator.AAName = sDomainName
oMFAdministrator.AccountType = MFAccountGlobalGroup
oMFAdministrator.AccountName = sAdminAccountName
oMFAdministrator.AdminType = MFAdminPermissionCustom
oMFAdministrator.SaveData
 
'Add permissions to all object except the applications and servers folders
Set oMFAdministrator =  CreateObject("MetaFrameCOM.MetaFrameAdministrator")
oMFAdministrator.Initialize MFAccountAuthorityNTDomain, sDomainName, MFAccountDomainUser, sAdminAccountName
For i = 0 To UBound(aPrivsNonFolders)
  If oMFAdministrator.Privileges.InList(aPrivsNonFolders(i)) = False Then
    oMFAdministrator.AddPrivilege(aPrivsNonFolders(i))
  End If
Next
oMFAdministrator.SaveData
 
'Add permissions to the server folders
For n = 0 To UBound(aServerFolders)
   AddFolderPerms aServerFolders(n), MetaFrameSrvFolder, sDomainName, sAdminAccountName, aPrivsSrvFolders
Next
 
'Add permissions to the applications folder.
For n = 0 To UBound(aApplicationFolders)
   AddFolderPerms aApplicationFolders(n), MetaFrameAppFolder, sDomainName, sAdminAccountName, aPrivsAppFolders
Next
'The last folder in the list needs to be done a second time for the privileges to "take", a bug?
n = UBound(aApplicationFolders)
AddFolderPerms aApplicationFolders(n), MetaFrameAppFolder, sDomainName, sAdminAccountName, aPrivsAppFolders
 
' Add permissions to the specified folder for the specified administrator
Sub AddFolderPerms(sFolderName, iFolderType, sAAName, sAccountName, aAdminPrivs)
  Set oMFAdministrator =  CreateObject("MetaFrameCOM.MetaFrameAdministrator")
  oMFAdministrator.Initialize MFAccountAuthorityNTDomain, sAAName, MFAccountGlobalGroup, sAccountName
  Set oFolder = CreateObject("MetaFrameCOM.MetaFrameFolder")
  oFolder.Initialize iFolderType, sFolderName
  Set Privs = oFolder.Privs3ByID32(oMFAdministrator.AdminID.IDH32,oMFAdministrator.AdminID.IDL32)
  For i = 0 To UBound(aAdminPrivs)
    If Privs.InList(aAdminPrivs(i)) = False Then
      Privs.Add(aAdminPrivs(i))
    End If
  Next
  Privs.Save
  Set oMFAdministrator = Nothing
  Set oFolder = Nothing
  Set Privs = Nothing
End Sub
 
'#region Return Application or Server folders Array
' Returns an array with the folders of the selected type
Function ReturnMFFolders(iFolderType)
  Set oFarm = CreateObject("MetaFrameCOM.MetaFrameFarm")
  oFarm.Initialize(MetaFrameWinFarmObject)
  Dim aFolderList()
  Dim iFolder
  GetSubFolders iFolderType, oFarm, aFolderList, iFolder
  ReturnMFFolders = aFolderList
End Function
 
' Lists all of the Application Or Server folders And subfolders
' Used by ReturnMFFolders
Sub GetSubFolders(iFolderType, oFarm, aFolderList, iFolder)
  iFolder = 0
  Set RootFolder = oFarm.GetRootFolder(iFolderType)
  AddToFolderList RootFolder.FolderDN, aFolderList, iFolder
  For Each Folder in RootFolder.SubFolders
    AddToFolderList Folder.FolderDN, aFolderList, iFolder
    RecurseSubFolders Folder.FolderDN, iFolderType, aFolderList, iFolder
  Next
End Sub
 
' Used to recurse sub-folders of a given folder.
' Used by GetSubFolders and called recursively
Sub RecurseSubFolders(sFolderDN, iFolderType, aFolderList, iFolder)
  Set oFolders = CreateObject("MetaFrameCOM.MetaFrameFolder")
  oFolders.Initialize iFolderType, sFolderDN
  If oFolders.SubFolders.Count > 0 Then
    For Each SubFolder In oFolders.SubFolders
      AddToFolderList SubFolder.FolderDN, aFolderList, iFolder
      RecurseSubFolders SubFolder.FolderDN, iFolderType, aFolderList, iFolder
    Next
  End If
End Sub
 
' Adds a supplied String To the aFolderList Array
' Used by GetSubFolders and RecurseSubFolders
Sub AddToFolderList(sFolderName, aFolderList, iFolder)
    ReDim Preserve aFolderList(iFolder)
    aFolderList(iFolder) = sFolderName
    iFolder = iFolder + 1
End Sub
' #endregion
 
    </script>
  </job>
</package>

Comments closed Trackback URI RSS 2.0 feed for these comments This entry (permalink) was posted on Tuesday, August 21, 2007, at 9:10 am by Aaron Parker. Filed in Scripting and tagged .

One Trackback/Pingback

  1. stealthpuppy » Blog Archive » Creating Custom MetaFrame Admins with VBscript: Part 1 on 30-Aug-07 at 10:21 am

    [...] to part 2 here Presentation Server» Popularity: 7% [?]Share [...]