Dwarfsoft [GPA] » Work

SEP11 Scan Logs

dwarfsoft — Thu, 03 Mar 2011 01:29:08 +0000

I will start out by simply stating how much I HATE SEP11, and how it handles client scan logs. For some reason there is NO way of getting a client scan log out of the Central Management Console. The whole point of Central Management is being able to … manage CENTRALLY.

Anyway, enough rant. I wrote a batch file to pull the latest (or specified) log file from a list of servers (in a file called Servers.txt). More Source:

@echo off
if not exist "SEP11Logs" mkdir SEP11Logs
 
for /f "tokens=*" %%A IN (Servers.txt) DO (
  IF /I "%~1" EQU "" (
    CALL :GetLatestLog "%%A"
    CALL :CopyLog "%%A" "%%_LogFile%%"
    ) ELSE (
    CALL :CopyLog "%%A" "%~1"
    )
  )
 
GOTO:EOF
 
:GetLatestLog
SET _ServerName=%~1
FOR /F "tokens=* delims=" %%B IN ('dir "\\%_ServerName%\C$\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs\*.log" /b /o:-d') DO (
  SET _LogFile=%%B
  ECHO "Logfile is %%B"
  GOTO:EOF
  )
GOTO:EOF
 
:CopyLog
ECHO Copying "%~2" on "%~1"
COPY /Y "\\%~1\C$\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs\%~2" "SEP11Logs\%~1-%~2"
:EOF

This script goes through the list of servers copying the logs into a folder called SEP11Logs and renaming them to “-” so they come out as something like “SERVER-02262011.log”.

Once I received the logs I was then struck with a problem of not being able to easily determine the date and time of each finding. After a short search I managed to track down a description of the SEP11 log file format. I wrote a quick and [very] dirty script to add a little more detail to the original log.

' See http://www.symantec.com/business/support/index?page=content&id=TECH100099&locale=en_US
On Error Resume Next
Const ForReading = 1
Const ForWriting = 2
 
Dim fso, folder, files, NewsFile,sFolder
 
Set fso = CreateObject("Scripting.FileSystemObject")
sFolder = Wscript.Arguments.Item(0)
If sFolder = "" Then
    Wscript.Echo "No Folder parameter was passed"
    Wscript.Quit
End If
Set folder = fso.GetFolder(sFolder)
Set files = folder.Files
 
For each folderIdx In files
 
  Set LogFile = fso.OpenTextFile(folderIdx.Path, ForReading)
  Set LogFileCsv = fso.CreateTextFile(folderIdx.Path& ".csv", True)
  Do While not LogFile.AtEndOfStream
    line = LogFile.ReadLine
	Splt=Split(line,",")
	hTime = Splt(0)
	hTimeYear  = Right("0000" & (1970 + CLng("&H"&Mid(hTime,1,2))),4)
	hTimeMonth = Right("00" & CLng("&H"&Mid(hTime,3,2))+1,2)
	hTimeDay   = Right("00" & CLng("&H"&Mid(hTime,5,2)), 2)
	hTimeHour  = Right("00" & CLng("&H"&Mid(hTime,7,2)), 2)
	hTimeMin   = Right("00" & CLng("&H"&Mid(hTime,9,2)), 2)
	hTimeSec   = Right("00" & CLng("&H"&Mid(hTime,11,2)), 2)
 
	hDateAndTime = hTimeYear & "-" & hTimeMonth & "-" & hTimeDay & " " & hTimeHour & ":" & hTimeMin & ":" & hTimeSec
	hDate = hTimeYear & "-" & hTimeMonth & "-" & hTimeDay
	hTime = hTimeHour & ":" & hTimeMin & ":" & hTimeSec
 
	Select Case Splt(1)
	  Case 1
	    hEvent = "GL_EVENT_IS_ALERT"
      Case 2
        hEvent = "GL_EVENT_SCAN_STOP"
      Case 3
        hEvent = "GL_EVENT_SCAN_START"
      Case 4
        hEvent = "GL_EVENT_PATTERN_UPDATE"
      Case 5
        hEvent = "GL_EVENT_INFECTION"
      Case 6
        hEvent = "GL_EVENT_FILE_NOT_OPEN"
      Case 7
        hEvent = "GL_EVENT_LOAD_PATTERN"
      Case 8
        hEvent = "//GL_STD_MESSAGE_INFO NOT USED"
      Case 9
        hEvent = "//GL_STD_MESSAGE_ERROR NOT USED"
      Case 10
        hEvent = "GL_EVENT_CHECKSUM"
      Case 11
        hEvent = "GL_EVENT_TRAP"
      Case 12
        hEvent = "GL_EVENT_CONFIG_CHANGE"
      Case 13
        hEvent = "GL_EVENT_SHUTDOWN"
      Case 14
        hEvent = "GL_EVENT_STARTUP"
      Case 16
        hEvent = "GL_EVENT_PATTERN_DOWNLOAD"
      Case 17
        hEvent = "GL_EVENT_TOO_MANY_VIRUSES"
      Case 18
        hEvent = "GL_EVENT_FWD_TO_QSERVER"
      Case 19
        hEvent = "GL_EVENT_SCANDLVR"
      Case 20
        hEvent = "GL_EVENT_BACKUP"
      Case 21
        hEvent = "GL_EVENT_SCAN_ABORT"
      Case 22
        hEvent = "GL_EVENT_RTS_LOAD_ERROR"
      Case 23
        hEvent = "GL_EVENT_RTS_LOAD"
      Case 24
        hEvent = "GL_EVENT_RTS_UNLOAD"
      Case 25
        hEvent = "GL_EVENT_REMOVE_CLIENT"
      Case 26
        hEvent = "GL_EVENT_SCAN_DELAYED"
      Case 27
        hEvent = "GL_EVENT_SCAN_RESTART"
      Case 28
        hEvent = "GL_EVENT_ADD_SAVROAMCLIENT_TOSERVER"
      Case 29
        hEvent = "GL_EVENT_REMOVE_SAVROAMCLIENT_FROMSERVER"
      Case 30
        hEvent = "GL_EVENT_LICENSE_WARNING"
      Case 31
        hEvent = "GL_EVENT_LICENSE_ERROR"
      Case 32
        hEvent = "GL_EVENT_LICENSE_GRACE"
      Case 33
        hEvent = "GL_EVENT_UNAUTHORIZED_COMM"
      Case 34
        hEvent = "GL_EVENT_LOG_FWD_THRD_ERR"
      Case 35
        hEvent = "GL_EVENT_LICENSE_INSTALLED"
      Case 36
        hEvent = "GL_EVENT_LICENSE_ALLOCATED"
      Case 37
        hEvent = "GL_EVENT_LICENSE_OK"
      Case 38
        hEvent = "GL_EVENT_LICENSE_DEALLOCATED"
      Case 39
        hEvent = "GL_EVENT_BAD_DEFS_ROLLBACK"
      Case 40
        hEvent = "GL_EVENT_BAD_DEFS_UNPROTECTED"
      Case 41
        hEvent = "GL_EVENT_SAV_PROVIDER_PARSING_ERROR"
      Case 42
        hEvent = "GL_EVENT_RTS_ERROR"
      Case 43
        hEvent = "GL_EVENT_COMPLIANCE_FAIL"
      Case 44
        hEvent = "GL_EVENT_COMPLIANCE_SUCCESS"
      Case 45
        hEvent = "GL_EVENT_SECURITY_SYMPROTECT_POLICYVIOLATION"
      Case 46
        hEvent = "GL_EVENT_ANOMALY_START"
      Case 47
        hEvent = "GL_EVENT_DETECTION_ACTION_TAKEN"
      Case 48
        hEvent = "GL_EVENT_REMEDIATION_ACTION_PENDING"
      Case 49
        hEvent = "GL_EVENT_REMEDIATION_ACTION_FAILED"
      Case 50
        hEvent = "GL_EVENT_REMEDIATION_ACTION_SUCCESSFUL"
      Case 51
        hEvent = "GL_EVENT_ANOMALY_FINISH"
      Case 52
        hEvent = "GL_EVENT_COMMS_LOGIN_FAILED"
      Case 53
        hEvent = "GL_EVENT_COMMS_LOGIN_SUCCESS"
      Case 54
        hEvent = "GL_EVENT_COMMS_UNAUTHORIZED_COMM"
      Case 55
        hEvent = "GL_EVENT_CLIENT_INSTALL_AV"
      Case 56
        hEvent = "GL_EVENT_CLIENT_INSTALL_FW"
      Case 57
        hEvent = "GL_EVENT_CLIENT_UNINSTALL"
      Case 58
        hEvent = "GL_EVENT_CLIENT_UNINSTALL_ROLLBACK"
      Case 59
        hEvent = "GL_EVENT_COMMS_SERVER_GROUP_ROOT_CERT_ISSUE"
      Case 60
        hEvent = "GL_EVENT_COMMS_SERVER_CERT_ISSUE"
      Case 61
        hEvent = "GL_EVENT_COMMS_TRUSTED_ROOT_CHANGE"
      Case 62
        hEvent = "GL_EVENT_COMMS_SERVER_CERT_STARTUP_FAILED"
      Case 63
        hEvent = "GL_EVENT_CLIENT_CHECKIN"
      Case 64
        hEvent = "GL_EVENT_CLIENT_NO_CHECKIN"
      Case 65
        hEvent = "GL_EVENT_SCAN_SUSPENDED"
      Case 66
        hEvent = "GL_EVENT_SCAN_RESUMED"
      Case 67
        hEvent = "GL_EVENT_SCAN_DURATION_INSUFFICIENT"
      Case 68
        hEvent = "GL_EVENT_CLIENT_MOVE"
      Case 69
        hEvent = "GL_EVENT_SCAN_FAILED_ENHANCED"
      Case 70
        hEvent = "GL_EVENT_MAX_EVENT_NUMBER"
      Case 71
        hEvent = "GL_EVENT_HEUR_THREAT_NOW_WHITELISTED"
      Case 72
        hEvent = "GL_EVENT_INTERESTING_PROCESS_DETECTED_START"
      Case 73
        hEvent = "GL_EVENT_LOAD_ERROR_COH"
      Case 74
        hEvent = "GL_EVENT_LOAD_ERROR_SYKNAPPS"
      Case 75
        hEvent = "GL_EVENT_INTERESTING_PROCESS_DETECTED_FINISH"
      Case 76
        hEvent = "GL_EVENT_HPP_SCAN_NOT_SUPPORTED_FOR_OS"
      Case 77
        hEvent = "GL_EVENT_HEUR_THREAT_NOW_KNOWN"
	End Select
 
	Select Case Splt(2)
	  Case 1
	    hCategory = "GL_CAT_INFECTION"
	  Case 2
	    hCategory = "GL_CAT_SUMMARY"
	  Case 3
	    hCategory = "GL_CAT_PATTERN"
	  Case 4
	    hCategory = "GL_CAT_SECURITY"
	End Select
 
    hLogger = Splt(3)
	hComputer = Splt(4)
	hUser = Splt(5)
	hVirus = Splt(6)
	hFile = Splt(7)
 
	Select Case Splt(8)
	  Case 1
	    hAction = "Quarantine"
      Case 2
	    hAction = "Rename"
	  Case 3
	    hAction = "Delete"
	  Case 4
	    hAction = "Leave Alone"
	  Case 5
	    hAction = "Clean File"
	  Case 6
	    hAction = "Clean Macros"
	  Case Else
	    hAction = "Unknown Action"
	End Select
 
	Select Case Splt(9)
	  Case 1
	    hAction2 = "Quarantine"
      Case 2
	    hAction2 = "Rename"
	  Case 3
	    hAction2 = "Delete"
	  Case 4
	    hAction2 = "Leave Alone"
	  Case 5
	    hAction2 = "Clean File"
	  Case 6
	    hAction2 = "Clean Macros"
	  Case Else
	    hAction2 = "Unknown Action"
	End Select
 
	Select Case Splt(10)
	  Case 1
	    hAction3 = "Quarantine"
      Case 2
	    hAction3 = "Rename"
	  Case 3
	    hAction3 = "Delete"
	  Case 4
	    hAction3 = "Leave Alone"
	  Case 5
	    hAction3 = "Clean File"
	  Case 6
	    hAction3 = "Clean Macros"
	  Case 7
	    hAction3 = "Saved file as..."
      Case 8
	    hAction3 = "Sent to Intel (AMS)"
      Case 9
	    hAction3 = "Moved to backup location"
      Case 10
        hAction3 = "Renamed backup file"
      Case 11
        hAction3 = "Undo action in Quarantine View"
      Case 12
        hAction3 = "Write protected or lack of permissions - Unable to act on file"
      Case 13
	    hAction3 = "Backed up file"
	  Case Else
	    hAction3 = "Unknown Action"
	End Select
 
	hVirusType = Splt(11)
	hFlags = Splt(12)
	hDescription = Splt(13)
	hScanId = Splt(14)
	hNewExt = Splt(15)
	hGroupId = Splt(16)
	hEventData = Splt(17)
	hQuarantineID = Splt(18)
	hVirusID = Splt(19)
	hQuarantineStatus = Splt(20)
	hAccess = Splt(21)
 
	outline = hDate & "," & hTime & "," & Splt(1) & "," & hEvent & "," & Splt(2) & "," & hCategory & "," & Splt(3) & "," & Splt(4) & "," & Splt(5) & "," & Splt(6) & ","
	outline = outline & Splt(7) & "," & Splt(8) & "," & hAction & "," & Splt(9) & "," & hAction2 & "," & Splt(10) & "," & hAction3
	For i = 11 to UBound(Splt)
	  outline=outline&","&Splt(i)
	Next
 
	LogFileCsv.WriteLine(outline)
  Loop
  LogFileCsv.Close
  LogFile.Close
 
Next

I know, not exactly brimming with comments. I leave this code here, as is. Worked for me… Just take note, that in these logs there are a lot of files that get picked up that have 3 actions listed as “Leave Alone” but (if opened in Excel) under column X it lists a File Remediation and a Delete action. The log file format is abysmal and the above linked description of the format does not accurately explain the remediation information… I have as yet been unable to determine which field of the description the remediation is supposed to be in.

So, Run the Batch File to copy the logs into the SEP11Logs folder. Run the VBScript with the path to SEP11Logs and it will create a copy of the log files with a .csv extension that has a bit more information.

Enjoy.

Cheers, Chris.

SYSTEM Account Permissions

dwarfsoft — Tue, 25 May 2010 01:08:45 +0000

Recently I have been working on some rather complicated projects preparing our SOE to move from Novell eDirectory to an Active Directory environment. One of the packages I built was required to run periodically and so I set up a Scheduled Task to accomplish this. Rather than introduce a security risk by creating a new Administrator Account I just created the scheduled task to run as the local SYSTEM account. It turns out that the SYSTEM account does not have as much access as I required, especially when managing user registry hives.

After quite some time looking in to how to achieve my goal I came up with a rather simple, yet ultimately hacky, solution. Give the SYSTEM Account Administrative Privileges.

It turns out that the SYSTEM Account, despite not having Administrator level permissions, does have permission to modify group memberships. As such I came up with two functions to manage these permissions for itself:

'*****************************************************************
' Elevates the System Account to a Member of the Administrators Group
Function ElevateSystem
  strSystemUser = "WinNT://NT AUTHORITY/SYSTEM"
  Set objGroup = GetObject("WinNT://./Administrators,group")
  If Not objGroup.isMember(strSystemUser) Then
    objGroup.Add (strSystemUser)
  End If
End Function
 
'*****************************************************************
' Removes the System Account from the Administrators Group
Function RelegateSystem
  strSystemUser = "WinNT://NT AUTHORITY/SYSTEM"
  Set objGroup = GetObject("WinNT://./Administrators,group")
  If objGroup.isMember(strSystemUser) Then
    objGroup.Remove (strSystemUser)
  End If
End Function

I just run ElevateSystem at the start of the script and then RelegateSystem at the end of the script and I have no issue with permissions anymore.

Elegant, yet hacky. Hope somebody found this useful, because it sure beats creating (and then managing) a new Administrator User on thousands of Workstations.

N.B. I should also point out that if you are installing a script onto Workstations that you will be using this kind of workaround on, make sure you set the permissions on it. The last thing you need is somebody hijacking your script to do whatever they want with Administrative Privileges.

Cheers, Chris.

Last Login Time

dwarfsoft — Thu, 22 Apr 2010 01:54:33 +0000

I have recently been having a look into determining the Last Login Time of a user for a BGInfo implementation. Firstly I had a look at the getCurrentUserLastLoginTime script suggested for use with BGInfo. The limitation of this script, however, is that it will reset the login time to the last time the Windows login box was Authenticated against, which also includes the time that the workstation was unlocked.

In order to maintain current BGInfo information the implementation is running periodically, so this is unnacceptable. Therefore I had to work to resolve the issue manually. As I have had a fair bit of experience with Windows Profiles recently (see the last blog post) I was familiar with the ProfileLoadTimeHigh and ProfileLoadTimeLow registry keys in the ProfileList. So I set out to determine how to actually use these to determine the login time. I first wrote some code to get the User SID based on the users “%userdomain%” and “%username%”:

DIM oNet, strComputerName, strUserName, strUserDomain
SET oNet = CreateObject("WScript.Network")
strComputerName = oNet.Computername
strUserName = oNet.UserName
strUserDomain = oNet.UserDomain
SET oNet = nothing
 
Set WMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
 
SubKey = ""
 
Set wmiCol = WMI.ExecQuery ("SELECT Domain, Name, SID FROM Win32_Account where Name="""&strUserName&""" And Domain="""&strUserDomain&"""")
For each wmiItem in wmiCol
  SubKey = wmiItem.SID
  Exit For
Next

So I set Subkey to be the String SID of the user, which I could then use to read the ProfileLoadTimeHigh and ProfileLoadTimeLow keys for the correct profile. I used the basic script from MyITForum, however this failed to take into account the timezone on the local machine. Therefore the first thing I needed to do was get the users timezone.

tz = 0
For Each os In GetObject("winmgmts:").InstancesOf ("Win32_OperatingSystem")
  tz = os.CurrentTimeZone
  Exit For  
Next

Then I integrated the Timezone offset (in minutes) into the original ProfileLoadTime script.

Const HKEY_LOCAL_MACHINE = &H80000002
 
strReturn = ""
 
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv"  )
strKeyPath = "SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\ProfileList\" & SubKey 
 
strValueName = "ProfileLoadTimeHigh"
Return = objReg.GetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,lngHighValue)
strValueName = "ProfileLoadTimeLow"
Return = objReg.GetDWORDValue(HKEY_LOCAL_MACHINE,strKeyPath,strValueName,lngLowValue)
If typename(lngHighValue) <> "Null" then
  NanoSecs = (lngHighValue * 2 ^ 32 + lngLowValue)
  '' /* Returns time in Workstation Timezone */
  DT = #1/1/1601# + (NanoSecs / 600000000 / 1440) + (tz / 1440)
  strReturn = CDate(DT)
End if

Finally the output is printed as per a standard BGInfo script

On Error Resume Next
	call WScript.Echo(strReturn)	'for cmd line
	call Echo(strReturn)	'for BGInfo
on error goto 0

This works for Power Users as well, which the original script did not (due to permissions issues). Hope this helped you in some way

Cheers, Chris.

Shared User Profiles – Staging Scripts

dwarfsoft — Mon, 15 Mar 2010 05:19:40 +0000

As promised, here are the scripts required for the Pre-staging of Domain User Profiles on the local machine. The first thing we need to do is Enumerate all the Local User Accounts.

Function StageAllUsers(DomainFQDN, strDomain)
   ' Enumerate all users that are Local and not built in accounts.
   strComputer = "."
   Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
   'Enumerate users where the User Domain is the Local Machine
   Set colItems = objWMIService.ExecQuery _
                  ("Select * from Win32_UserAccount " & _
                   "Where Domain = '" & GetComputerName & "' " & _
                   "And Disabled = FALSE And Name <> 'Administrator'")
   ' Stage each user
   For Each objItem In colItems
      ' Ensure the account actually has a profile (otherwise we can ignore it)
      If GetLocalUserProfile(objItem.Name) <> "" Then
         ret = StageUser(objItem.Name, DomainFQDN, strDomain)
      End If
   Next
End Function

The functions called here are GetComputerName, which returns the name of the local machine, and the other important ones are GetLocalUserProfile and Stage User. The first we can check is GetLocalUserProfile.

'Gets the Profile Path for the User passed in UserName.
' This requires the profile to exist on the local machine
' Returns an empty string on error
Function GetLocalUserProfile(UserName)
   On Error Resume Next
   GetLocalUserProfile = ""
   SDDL = GetLocalUserSDDL(UserName)
   If SDDL = "" Then
      Exit Function
   End If
   Set objShell = CreateObject("WScript.Shell")
   GetLocalUserProfile = objShell.ExpandEnvironmentStrings( _
                            objShell.RegRead( _
                               "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\" & _
                               SDDL & _
                               "\ProfileImagePath"))
  On Error Goto 0
End Function

The registry path (including the SDDL, covered next) returns the profile path for the user. This relies on a function called GetLocalUserSDDL which goes as follows:

Function GetLocalUserSDDL(UserName)
   strComputer = "."
   Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
   'Enumerate users where the User Domain is the Local Machine
   'and the username matches the Supplied Name
   Set colItems = objWMIService.ExecQuery _
                     ("Select * from Win32_UserAccount  " & _
                      "Where Domain = '" & GetComputerName & "' " & _
                      "And Name = '" & UserName & "'")
   GetLocalUserSDDL = ""
   For Each objItem In colItems
      'Get the first returned SID/SDDL then exit
      GetLocalUserSDDL = objItem.SID
      Exit Function
   Next
End Function

This reads the SDDL (eg S-1-5-21-791012361-4073638415-1907800938-1006 or otherwise known as the String SID) for the User on the local machine. The next major function is Stage User:

Function StageUser(UserName, DomainFQDN, strDomain)
   Set objShell = CreateObject("WScript.Shell")
   ' Not Assuming "C:\Documents and Settings\" & UserName:
   '   Get SDDL of user via WMI interrogation of UserAccount
   '   Get Profile Location of user (from HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\" & SDDL & "ProfileImagePath"
   strProfile = GetLocalUserProfile(UserName)
 
   ' Set ACLs on ProfileLocation
   ret = objShell.Run("subinacl /subdirectories """ & strProfile & """ /grant=""" & UserName & "@" & DomainFQDN & """=F",0,True)
 
   ' Set ACLs on D:\UserData\%username%
   ret = objShell.Run("subinacl /subdirectories ""D:\UserData\" & UserName & """ /grant=""" & UserName & "@" & DomainFQDN & """=F",0,True)
 
   ' Reg load ProfileLocation\NTUSER.DAT into HKU\%username%
   ret = objShell.Run("reg load ""HKU\" & UserName & """ """ & strProfile & "\NTUSER.DAT""" ,0,True)
   ' Reg load ProfileLocation\Local Settings\Application Data\Microsoft\Windows\UsrClass.DAT into HKU\%username%_Classes
   ret = objShell.Run("reg load ""HKU\" & UserName & "_Classes"" """ & strProfile & "\Local Settings\Application Data\Microsoft\Windows\UsrClass.DAT""" ,0,True)
 
   'Try both of the following. One should fail, the other should pass.
   ' Set ACLs on HKU\%username%
   ret = objShell.Run("subinacl /subkeyreg ""HKEY_USERS\" & UserName & """ /grant=""" & UserName & "@" & DomainFQDN & """=F",0,True)
   ' If User is already logged in then the registry will be open at HKU\SDDL
   ret = objShell.Run("subinacl /subkeyreg ""HKEY_USERS\" & GetLocalUserSDDL(UserName) & """ /grant=""" & UserName & "@" & DomainFQDN & """=F",0,True)
 
   'Try both of the following. One should fail, the other should pass.
   ' Set ACLs on HKU\%username%
   ret = objShell.Run("subinacl /subkeyreg ""HKEY_USERS\" & UserName & "_Classes"" /grant=""" & UserName & "@" & DomainFQDN & """=F",0,True)
   ' If User is already logged in then the registry will be open at HKU\SDDL
   ret = objShell.Run("subinacl /subkeyreg ""HKEY_USERS\" & GetLocalUserSDDL(UserName) & "_Classes"" /grant=""" & UserName & "@" & DomainFQDN & """=F",0,True)
 
   ' Reg unload HKU\%username%
   ret = objShell.Run("reg unload ""HKU\" & UserName & """",0,True)
   ' Reg unload HKU\%username%_Classes
   ret = objShell.Run("reg unload ""HKU\" & UserName & "_Classes""",0,True)
 
   ' Get Domain User SID from ProfileLocation ACL
   arrSID = GetDomainUserSidFromFolderACL(strProfile, UserName, strDomain)
 
   If UBound(arrSID) > 0 Then
      ' Convert Domain User SID to SDDL
      WScript.Echo "Getting Sid for " & UserName
      SDDL = ArraySidToStrSid(arrSID)
 
      ' Stage Domain User Profile into Registry under HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\%DomainUserSDDL%
      ret = CreateAndLinkProfile(SDDL, arrSID, strProfile)
   Else
      'Account didn't exist in the domain or ACL failed to set on Folder
   End If
End Function

For the most part this function behaves by running external commands to mount registry hives, and set ACLs on folders and registry, all up until we call GetDomainUserSidFromFolderACL. This is where we retrieve the SID of the Domain User that we are pre-staging via the ACL we set earlier on the Local User Profile folder. This subverts the need to query Active Directory for the SID through other means.

Function GetDomainUserSidFromFolderACL(strFolder, strUserName, strUserDomain)
   Dim arrSID(0)
   GetDomainUserSidFromFolderACL = arrSID
 
   Set objFSO = CreateObject("Scripting.FileSystemObject")
   If Not objFSO.FolderExists(strFolder) Then
      Set objFSO = Nothing
      Exit Function
   End If
 
   ' Ensure that strFolder is of the form C:\\Documents and Settings\\UserName
    strFolderName = Replace(strFolder, "\\","\")
    strFolderName = Replace(strFolderName, "\","\\")
 
   Set wmiFileSecSetting = GetObject( _
      "winmgmts:Win32_LogicalFileSecuritySetting.path='" & strFolderName & "'")
 
   RetVal = wmiFileSecSetting. _
       GetSecurityDescriptor(wmiSecurityDescriptor)
   If Err <> 0 Then
       Exit Function
   End If
 
   ' Retrieve the DACL array of Win32_ACE objects.
   DACL = wmiSecurityDescriptor.DACL
 
   For each wmiAce in DACL
   ' Get Win32_Trustee object from ACE 
      Set Trustee = wmiAce.Trustee
      If (StrComp(Trustee.Name, strUserName, vbTextCompare) = 0) And _
         (StrComp(Trustee.Domain, strUserDomain, vbTextCompare) = 0) Then
         GetDomainUserSidFromFolderACL = Trustee.SID
         Exit Function
      End If
   Next
End Function

Although this subverts the need to Query Active Directory, this does also mean that we receive the SID in a format that is unexpected. Normally, via querying Active Directory we would have received a SID in an Octet String format. Querying the SID from WMI returned it in SDDL or String SID format. The format that we receive the SID from the ACL is in an Array of Integers. In order to Pre-stage an account we need the SDDL/String SID, and the only way to get this in VBScript is to manually convert it using some functions developed by Richard Mueller and Wilfred Wong in this newsgroup posting.

Instead of using only the code listed, we need to alter it for dealing with the SID array we received back from the ACL.

Function ArraySidToStrSid(arrSid)
   ' Function to convert OctetString (byte array) to Decimal string (SDDL) Sid.
   Dim strHex, strDec
 
   strHex = ArraySidToHexStr(arrSid)
   strDec = HexStrToDecStr(strHex)
   ArraySidToStrSid = strDec
End Function
 
Function ArraySidToHexStr(arrSid)
   ArraySidToHexStr = ""
   For Each x In arrSid
      ArraySidToHexStr = ArraySidToHexStr & _
         Right("0" & Hex(x), 2)
   Next
End Function

The HexStrToDecStr function is the same as it was from the Richard Mueller posting listed above.

Finally we just need to run through the actual staging of the account:

Function CreateAndLinkProfile(strNewSDDL, strNewSID, strProfilePath)
   WScript.Echo "Creating Profile for " & strNewSDDL & ": " & strProfilePath
   'Write Sid to registry
   ret = WriteRegBinaryToRegistry(HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & strNewSDDL,"Sid",strNewSID)
   ret = WriteRegStringToRegistry(HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & strNewSDDL,"ProfileImagePath",strProfilePath)
   ret = WriteRegStringToRegistry(HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & strNewSDDL,"CentralProfile","")
   ret = WriteRegDwordToRegistry(HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & strNewSDDL,"Flags",1)
   ret = WriteRegDwordToRegistry(HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\" & strNewSDDL,"State",0)
End Function

At this point if the Domain User logs in they get redirected to the existing local users profile. Then if rollback is initiated they log on with the Local User account with the same profile. This is seamless to end users, both forward and backward.

On a side note the functions for writing to the registry are through WMI due to needing to write Binary values to the Registry

Function WriteRegBinaryToRegistry(Hive, strKeyPath, strValueName, ArrValues)
   strComputer = "."
   Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
               strComputer & "\root\default:StdRegProv")
   oReg.CreateKey Hive,strKeyPath
 
   oReg.SetBinaryValue Hive, strKeyPath, strValueName,ArrValues
End Function
 
Function WriteRegDwordToRegistry(Hive, strKeyPath, strValueName, Value)
   strComputer = "."
   Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
               strComputer & "\root\default:StdRegProv")
   oReg.CreateKey Hive,strKeyPath
 
   oReg.SetDwordValue Hive, strKeyPath, strValueName,Value
End Function
 
Function WriteRegStringToRegistry(Hive, strKeyPath, strValueName, Value)
   strComputer = "."
   Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
               strComputer & "\root\default:StdRegProv")
   oReg.CreateKey Hive,strKeyPath
 
   oReg.SetStringValue Hive, strKeyPath, strValueName,Value
End Function

Cheers, Chris.

Edit: DomainAccountProfileStaging.vbs has been uploaded as a complete file.

Shared User Profiles – Alternative to Migration

dwarfsoft — Fri, 12 Mar 2010 10:01:16 +0000

Well, I have been very slack in that I haven’t updated with my Group Policy investigations or the eDirectory VBScript classes I was working on, but what I have been involved in recently is working on Migrating Workstations from Novell eDirectory to Active Directory.

In this process I have come across an array of options in migrating accounts from a Local User account to Domain User account and transferring the profiles across to keep the user “look and feel” that they are accustomed to.

One problem: In this scenario it makes for a very manual rollback strategy, no matter how much scripting and automation is involved in the migration process. This boils down to Novells implementation of “Dynamic Local User” which effectively creates a Local User Account that is not really bound to a User Account in eDirectory for Authentication or mapping purposes (which you can see if you look at the account SIDs).

So, how can you Migrate a local profile to a Domain User account while still maintaining a seamless rollback option (without using Roaming Profiles… This is out of the question)? The solution I have worked on is what I am terming “pre-staging” or “seeding” the Domain User Profile.

Enumerate all Local Enabled Users (except for “Administrator”)
Get the SID for that User (and the SDDL/String SID)
Read the Profile Path for that User from Registry
Set an ACL on that folder for \ (we have the UserName being replicated between eDirectory and Active Directory
Mount the existing users NTUser.dat into HKU\
Set ACL on HKU\ and all subkeys for \
Set ACL on HKU\ and all subkeys for \ (just in case the user is actually logged in)
Dismount HKU\
Mount the User Class hive (UsrClass.dat) into HKU\_Classes
Set ACL on HKU\_Classes and all subkeys for \
Set ACL on HKU\_Classes and all subkeys for \ (just in case the user is actually logged in)
Dismount HKU\_Classes
Read the ACL on the Profile Folder (set Earlier) for \ to get the Domain User SID
Convert the Domain User SID to an SDDL/String SID
Pre-stage/Seed the Domain User Profile by creating a new Registry key in HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Write in a few choice keys, the two most important being ProfileImagePath (String) and Sid (Binary). (The others I seeded were the DWords State and Flags, which were set to 0, and CentralProfile, which was an empty string).

Once the eDirectory user is no longer a member of a DLU enabled User Profile Package, they will be forced to log on through the Active Directory Domain (yes, we are still logging on through the Novell Client). The Profile used for the Domain User will be the same as that used by the Local user. The added benefit is that our rollback strategy becomes “Add user to a DLU enabled User Policy Package” and gets them to log back into their original profile. To safely secure a situation where there is a catastrophic failure of the profile (loss) a backup of the profile can also be done at the seeding stage (just check %userdomain% for equality with %computername% to see if they are logging on with a Local account or a Domain Account).

This has had only minor testing at this stage, but as no paths have changed and there appears to be no problem with the Domain User using the existing Profile I believe this is a reasonably comprehensive solution. This, I must stress, is not a recommended way to deal with migrating users, but it is a tricky little feature that can be abused as I have just demonstrated.

Code (or VBScript) will follow soon

Cheers, Chris.

GroupWise Audit and Batch/Cmd Escaping

dwarfsoft — Mon, 27 Jul 2009 04:52:37 +0000

I was required recently to audit passwords on all the Novell GroupWise accounts in the cluster. This was not too much of a problem using existing solutions, except that all the existing solutions limited searches to either Users, or to objects with the “NGW: Object ID” attribute.

The Solutions I found include Check GroupWise Users for Password – Batch and Check GroupWise Users for Password – Exe, both of which made use of GWSend. Being an avid scripting aficionado myself I opted for the first, so I could make changes.

First step was to export all User Objects with NGW: Object ID into an Excel sheet using DSReport. Then export all GroupWise External Entities with NGW: Object ID to a different Excel Sheet. Finally I needed to export all GroupWise Resources, which do not have an NGW: Object ID, but their CN is effectively the NGW: Object ID for which we can log in and try to send emails. Upon completing this I compiled a single list of Allusers.csv which had the NGW: ObjectID/CN in the first column, and the DN for the Object Name and Location within the tree. This makes it far easier to track down the location of generic accounts (Something that none of the scripts account for).

So, my first run through the script ended in Fail. Apparently the above solutions are expecting Email Addresses without Spaces. So after fixing that up I run it again, and again hit a Fail. Apparently the above solutions fail to account for special characters (/ in this instance). So, I fix this up as well… My script runs, I get a report, then I realise that I have more results than original users. Apparently the above script also assumes that there is only 1 line in the result.txt file. So I modified the script to only print out a result once all lines of the result.txt file had been parsed, using a SET to determine if the “Error:” had been encountered or not (Error indicating that a Password is on the account, no Error indicating that there is No password).

So, now I run through and notice that the audit fails to log the full line of text, even though it is capable of actually running the audit against that account. Fortunately none of the accounts without passwords were affected by this, but I decided to fix this for future runs. To break down the issues I needed to fix into a list here is the summary:

We have spaces in our Email Account Names
We have /’s in our Email Account Names
We have &’s in our Email Account Names
We are trying to create a HTML file with the above special characters (specifically &)
& doesn’t tend to work too nicely in batch files when using an open Echo (tries to run everything after the & as a program
I wanted to be able to track back to objects (DN’s) as opposed to just the GroupWise Account Name

Spaces were easy to fix… When running the command against an account simply put the “account in quotes”. The next step is to handle the Email and DN objects as Strings within Quotes as well, but we don’t want to output the quotes, which means we need to handle them properly. Examine the following issue:

SET String=A String With Special Chars&Slashes/ In \ it^ OK
ECHO %String%

This will return “‘Slashes’ is not recognized as an internal or external command, operable program or batch file.” Also, if we try and escape each of the characters we run into issues too.

SET String=A String With Special Chars&Slashes/ In \ it^ OK
SET String=%String:^=^^%
SET String=%String:\=^\%
SET String=%String:/=^/%
SET String=%String:&=^&%
ECHO %String%

The Output ends up as “A String With Special Chars”. So, in order to fix this we need to handle the string within Quotes, and only output it at the end:

SET String="A String With Special Chars&Slashes/ In \ it^ OK"
SET String=%String:^=^^%
SET String=%String:\=^\%
SET String=%String:/=^/%
SET String=%String:&=^&%
ECHO %String:~1,-1%

Finally, our output is “A String With Special Chars&Slashes/ In \ it^ OK”, without the quotes. So the first part works now for my output to the Logs (although my logs are CSV so I tend to leave the quotes on just in case there is a lurking comma, but this does provide a pretty Output to the Console). Now we need to convert these for HTML output.

SET String=%String:^&=^&%
SET String=%String:<=^<%
SET String=%String:>=^>%
ECHO %String:~1,-1%

Just provides that little added extra safety net for an echo directly into a HTML log. I am annoyed that I didn’t manage to figure this out earlier as I had some scripts I went directly to VBScript for to avoid the & errors I was getting. I had no idea that it was my subsequent SET x=%x:a=b%, SET x=%x:c=d% calls on an unquoted string.

The one caveat I have found to this is fixing quote marks within a string. I have yet to find a way to strip them effectively without breaking the string/batch file in the process. The closest I have come will work in most situations, but requires a placeholder you have to be sure will never exist within your string:

SET String=Thi\s" is ^a &t"es/t
SET String="%String:"=&quot;%"
Set String=%String:^=^^%
SET String=%String:&=^&%
SET String=%String:/=^/%
SET String=%String:\=^\%
SET String=%String:"=^"%
ECHO %String:~1,-1%

One other note I’d like to add is that of Padding numbers. This is a fairly well known feature of WinBatch, but I found it useful for getting well aligned output for which record I was currently up to:

Set _Num=0
...
SET /A %_Num%=%_Num%+1
SET DispNum=     %_Num%
Echo %DispNum:~-4%

This pads the leading digits with spaces and specifies that I want a 4 character long string returned for the end of the string. (so ” 1″ in the first instance but in my case up to ” 900″ or “9091″).

Hope this adds a little food for thought.

Cheers, Chris.

Back Behind the Keyboard

dwarfsoft — Mon, 20 Jul 2009 04:31:21 +0000

It has again been some time since my last update. I have been quite busy getting used to balancing my new life with my daughter now nearly 3 months old. Fatherhood has obviously taken a lot of my time that I previously used for development, and learning.

The past few months have also seen my University Graduation 3 days after my Daughters Birth, Family Visits, Job Applications, Job Interviews, and finally Permanency in my Servers Position.

Aside from that I have been working with some friends on converting the old TA Server to the C# .Net/Python version (PyTA). I have also been busy in mapping out my development goals and objectives for the coming months and years.

David Allens Getting Things Done

In order to better manage my time and my priorities I have been implementing and reviewing David Allen’s “Getting Things Done”, and have been operating my own install of GTD-PHP. I have been using this to manage all aspects of my life, from professional to personal projects. This has allowed me a lot greater control of my personal and professional life and allowed me to manage my time far more effectively than ever before. Currently in this system I am managing 100 Active Projects, 44 Someday/Maybe Projects, and within those I have currently 147 Actions within those. I am still in the process of determining Next actions for some of these projects, but at least having visibility of all these things I need to do has given me greater control of managing the most important of these. Most of the projects without next actions are someday/maybe projects, and the others that are not could be put in someday/maybe until such time as I have time to process their next actions. I definitely encourage anybody to try this method of organisation, time management, prioritisation because it has helped me to lower my stress and be able to switch off from work when I get home. Just note that it does tend to increase the likelihood of adding more projects to your list than you started out doing .

Aside from this I have been attempting to build an Application Audit script at work that will pull the NAL objects from our system through LDAP. I have started coding this type of script now as a class which is in a .vbs file and then for implementing its use I have started using .wsf files to include and execute the required code. This adds to the usability of my existing code and makes my code far more acccessible for reuse in other applications. I had already started writing these types of classes before for my Ini File Handler, but previously I had been including the VBScript files internally using a manual Include function:

Function Include(vbsFile)
   Set fso = CreateObject("Scripting.FileSystemObject")
   If fso.FileExists(vbsFile) Then
      Set f = fso.OpenTextFile(vbsFile)
      s = f.ReadAll()
      f.Close
      ExecuteGlobal s
   End If
End Function

The .wsf include method is so much cleaner:

 language="VBScript" src="Applications.vbs"/>

When I have managed to get my projects and actions further under control I will have to provide updates. I have some plans for the XNA in a Day series which I started with breakout, but that is some way off. I am also planning on overhauling some of my previous projects and actually actioning them.

Cheers, Chris.

Preoccupied

dwarfsoft — Sat, 11 Apr 2009 13:52:23 +0000

I have been a little preoccupied of late, and this is due to some of the most hectic things requiring my attention, and therefore interrupting my development attempts.

First, I have been travelling a fair bit for my wife, as we are getting many scans and specialist appointments. The pregnancy has not been going as well as it could have been, but at least things are looking positive now. Understandably the requirement to have enough “stuff” set up for baby, who should be here very soon, has taken much of my time.

Secondly, the job in which I am currently sitting has been advertised for Permanency. This of course requires my time for writing the application. Hopefully the fact that I sit in the position currently will put me in a good position, especially considering in the current economic climate that there might be the newly skilled unemployed seeking to get into my role.

Those are the two major time sinks that I have at the moment, although there are a few other smaller sinks. Bare with me while I push to get back on track with development .

Cheers, Chris.

Ini File Handler for VBScript

dwarfsoft — Thu, 26 Feb 2009 23:16:02 +0000

I was recently working on an issue to do with managing .ini files in VBScript. I know what you are all going to say now: Why would you use an INI file when the registry is available for use?! Well, there is one instance that you may wish to use another form of configuration or information passing. In this instance we have an initiation of the Ghost Store method for the System Volume. To achieve a store on the system volume we require the PC to be rebooted and it then boots up into a BartPE environment to run the Ghost Store, and perform a few custom tasks. Therefore, the System Volumes Registry is not present (or requires mounting then reading, which has proven somewhat unreliable for me in the past).

So, the reason it came to developing the Ini file handler class is due to the need to provide some more controlled smarts into the store/restore system. Clusters, such as the one I work within, can be more proactive in their maintenance, and therefore require more advanced features than the corporate stock-standard release is likely to contain. As such the area in which I work is constantly involved in working towards a very automated maintenance process. My skills, lying within scripting, programming, and automation in particular, come in handy in this regard. I regularly disassemble the corporate releases to ensure that they will not break when released out into the wild of our corporate machines.

The store/restore process was one that I had previously tackled and modified due to the limitations of the corporate model. Unfortunately this modification was temporary, as the updated software that was released from corporate changed the model under which the store/restore process was to operate, and caused the modifications we had made locally to break.

The easiest way of reading Ini files in Windows is to use the Word.Application Object (as gathered quickly for demonstration from here):

Set objWord = CreateObject("Word.application")
WinDir = objWord.System.PrivateProfileString(FileName , Section , Key)

This, however, does not work in BartPE. Instead, I have developed a class that can be added into a VBScript and used very easily. It utilizes Dictionaries to keep the settings organised. This means that if it reads two settings in the same section with the same name, the value will reflect the last one (the one closest to the end of the file).

The full source of the IniFile handler are as follows:

Class IniFile
   Private mIniFile
   '
   '----------------------- Sub Load -------------------------------
   Public Sub Load(Filename)
      LoadIni FileName,False
   End Sub
   '-------------------- End of Sub Load ---------------------------
 
   Public Sub LoadIni(Filename,JustDefaults)
     Dim objFSO, objDictionary, objSubDictionary, file, ini, arr, line, splitline, tmpsplit  
     Set objFSO = CreateObject("Scripting.FileSystemObject")
 
     Set objDictionary = mIniFile
     Set objDictionary = CreateObject("Scripting.Dictionary")
     Set objSubDictionary = Nothing
     Set mIniFile = objDictionary
     If JustDefaults Then
        Read = False
     Else
        Read = True
     End If
 
     If objFSO.FileExists(Filename) Then
        Set file = objFSO.OpenTextFile(Filename)
        ini = file.ReadAll()
        file.Close 
 
        arr = Split(ini,vbCrLf)
        For Each line in arr
           If line = "##STARTDEFAULT" Then
              Read = True
           End If
           If Read Then
              If Left(Trim(Line),1) = "[" And Right(Trim(Line),1) = "]" Then
                 line = replace(replace(line,"[",""),"]","")
                 If Not IsEmpty(objDictionary.Item(line)) Then
                    Set objSubDictionary = objDictionary.Item(line)
                 Else
 
                    Set objSubDictionary = CreateObject("Scripting.Dictionary")
                    'objDictionary.Add line, objSubDictionary
                    set objDictionary.Item(line) = objSubDictionary
                 End If
              Else
                 If TypeName(objSubDictionary) = "Nothing" or IsEmpty(objSubDictionary) Then
                    Set objSubDictionary = CreateObject("Scripting.Dictionary")
                    objDictionary.Add "[]",objSubDictionary
                    Set objDictionary.Item("[]") = objSubDictionary
                 End If
                 If Left(Trim(line),1) = "#" Then
                    objSubDictionary.Item( "[" & objSubDictionary.Count & "]") = Trim(line)
                 Else
                    splitline = split(Trim(line),"=")
 
                    If TypeName(splitline) <> "Nothing" Then
                       If UBound(splitline) = 1 Then
                          tmpsplit = split(splitline(1), "#")
                          ' Resolve a = error
                          If UBound(tmpsplit) >= 0 Then
                             objSubDictionary.Item(Trim(splitline(0))) = Trim(tmpsplit(0)) 
                          Else
                             objSubDictionary.Item(Trim(splitline(0))) = ""
                          End If
                       Else
                         'Error
                       End If
                    End If
                 End If
              End If
              If line = "##ENDDEFAULT" And JustDefaults Then
            MsgBox "End Default"
                 Read = False
                 Exit Sub
              End If
           End If
        Next
     Else 
       Exit Sub
     End If
   End Sub
   '------------------- End of Sub LoadIni -------------------------
 
   '----------------------- Function GetValue -------------------------------
   Public Function GetValue(Section, Value)
      Set objDictionary = mIniFile
      If IsSection(Section) Then
         Set objSubDictionary = objDictionary.Item(Section)
         If IsEmpty(objSubDictionary.Item(Value)) Then
            objSubDictionary.Remove(Value)
         Else
            GetValue = objSubDictionary.Item(Value)
         End If
      End If
   End Function
   '-------------------- End of Function GetValue ---------------------------
 
   '----------------------- Function IsSection ------------------------------
   Public Function IsSection(Section)
      Set objDictionary = mIniFile
      If IsEmpty(objDictionary.Item(Section)) Then
         objDictionary.Remove(Section)
         IsSection = False
      Else
        IsSection = True
      End If
   End Function
   '-------------------- End of Function IsSection --------------------------
 
   '----------------------- Function IsSection ------------------------------
   Public Function Save(FileName)
      Set objDictionary = mIniFile
      Set objFSO = CreateObject("Scripting.FileSystemObject")
      Set Outfile = objFSO.CreateTextFile(FileName)
      If TypeName(objDictionary) <> "Nothing" Then
         If Not IsEmpty(objDictionary.Keys) Then
            For Each Key in objDictionary.Keys
               If Key = "[]" Then
               ElseIf Key = "" Then
               Else
                  Outfile.WriteLine("[" & Key & "]")
               End If
               Set objSubDictionary = Nothing
               If Not IsEmpty(objDictionary.Item(Key)) Then
                  Set objSubDictionary = objDictionary.Item(Key)
               End If
               If TypeName(objSubDictionary) <> "Nothing" Then
                  If Not IsEmpty(objSubDictionary.Keys) Then
                     For Each subKey in objSubDictionary.Keys
                        If Left(subKey,1) = "[" Then
                           OutFile.WriteLine(objSubDictionary.Item(subKey))
                        Else
                           OutFile.WriteLine(subKey & "=" & objSubDictionary.Item(subKey))
                        End If
                     Next
                  End If
               End If
               OutFile.WriteLine
            Next
         End If
      End If
   End Function
   '-------------------- End of Function IsSection --------------------------
 
   '--------------------- Function AddNextNumeric ---------------------------
   Public Function AddNextNumeric(Section,Value)
      Set objDictionary = mIniFile
      If IsEmpty(objDictionary.Item(Section)) Then
         Set objSubDictionary = CreateObject("Scripting.Dictionary")
         Set objDictionary.Item(Section) = objSubDictionary
         objSubDictionary.Item("1") = Value
         AddNextNumeric = 1
      Else
        Set objSubDictionary = objDictionary.Item(Section)
        Number = 1
        Do While IsEmpty(objSubDictionary.Item("" & Number)) 
          Number = Number + 1
        Loop
        objSubDictionary.Item("" & Number) = Value
        AddNextNumeric = Number
      End If
   End Function
   '------------------ End of Function AddNextNumeric -----------------------
 
   '--------------------------- CONSTRUCTOR ---------------------------------
   Private Sub Class_Initialize
      ' Calss Constructor
      ' Initialization goes here
      Set mIniFile = Nothing
' MsgBox TypeName(mIniFile)
   End Sub
   '------------------------- END CONSTRUCTOR -------------------------------
 
   '---------------------------- DESTRUCTOR ---------------------------------
   Private Sub Class_Terminate
      ' Calss Destructor
      ' Cleanup goes here
' MsgBox TypeName(mIniFile)
      Set mIniFile = Nothing
   End Sub
   '-------------------------- END DESTRUCTOR -------------------------------
End Class

Usage of the class for reading Ini files is as follows:

set ifile = New IniFile
ifile.Load("filename.ini")
Variable = ifile.GetValue("Section","Variable")

There are obviously functions in the class that allow for writing out the Ini File and modifying the values. Feel free to play with the code, but please remember to link back to here. I do love my popularity, so any of you who want to link here, please do so.

Cheers, Chris.

Becoming a Published Author

dwarfsoft — Wed, 25 Feb 2009 05:49:13 +0000

Beginning Game Programming: A GameDev.Net Collection

Well, as some of you may know, I was involved in writing a series of articles that started back in 2001 and continued until 2004 on some simple programming concepts using C++. An Introduction to Pointers, Structures and Linked Lists has now made a home for itself inside the new GameDev.Net book; Beginning Game Programming: A GameDev.Net Collection. This book is a collection of edited articles that have been posted to GameDev.Net over a period of years.

This has brought me some inspiration to actually progressing towards some other Authoring ideas. Whether I can get the time to actually develop some of them is questionable, but considering I have a lot of experience working with scripting inside both Active Directory/Exchange shops, to Novell/Groupwise shops, some of the ideas and tools I have had to develop within these environments could lead to some interesting uses. There are many scripting sites out there but I find that to get information on this type of scripting in one location is nigh on impossible. So, there is one idea.

Another idea would be headed back towards the Game Development realms. Again, there are many books and sites that contain a lot of information on how to go about entering into these kinds of pursuits. My main problem with the information is tying it all together, as well as considering the planning implications from starting a Game Development project, until you have completed it. For those who know me well I am an avid procrastinator when it comes to my Game Development pursuits, so this is the least likely idea to succeed. It is, however, an idea I would like to start pursuing.

On a side note, there are a few unpublished articles from the “Introduction to…” series that start to get into some more Advanced ground. I will attempt, first, to complete these so that I can get my head clear of what I need to do to move forward.

I should also say: please buy the book. The proceeds of which, however, do not go to me. So feel free to follow this link to purchase the book through my Amazon Affiliates account. That way I can get a bit more scratch to start working on some of these other projects.

Cheers, Chris.