@echo off goto BEGIN #------------------------------------------------------------------------------ # This is a MS Windows Domain security assessment script # The script collects information into XML result file # Analysis of information is performed through the server part of the script # # Run on a domain member server/controller with Domain Admin privileges # # Copyright (C) 2008-2009 by Eugene Taylashev under GNU GPL v3 (www.gnu.org) # This is a FREE software, and it comes WITHOUT any warranty. # # Script homepage: http://www.lbsecurity.org # #------------------------------------------------------------------------------ :BEGIN rem --- Set script internal vars setlocal rem #-- Script version set SCR_VER=1.0 set VBS_FILE=assess_dom4.vbs set VBS_EXE=%SystemRoot%\system32\cscript.exe goto MAIN #=========================== Main section ===================================== :MAIN rem -- check that VB Script could be executed if not exist %VBS_EXE% goto USAGE rem -- Create the temp VB file call :create_VBS %VBS_FILE% rem -- Run the VB assessment file %VBS_EXE% /nologo %VBS_FILE% rem -- Delete the temp VB file if exist %VBS_FILE% del /Q/F %VBS_FILE% rem -- Done goto END #=================================================== # Create the VBS file to assess the domain # Input: %1 - filename to save #=================================================== :create_VBS echo '---------------------------------------------------------------------------- >%1 echo ' This script collects audit information from a Windows NT4 Domain and stores >>%1 echo ' it in a XML file, ready for further analysis >>%1 echo ' >>%1 echo ' Copyright (C) 2008-2009 by Eugene Taylashev under GNU GPL v3 >>%1 echo ' >>%1 echo ' Run on a domain member server/controller with Domain Admin privileges >>%1 echo '----------------------------------------------------------------------------- >>%1 echo Option EXPLICIT >>%1 echo. >>%1 echo '---------------------------- Global Vars and Constants ----------------------- >>%1 echo Public Const gSnapShotHeader = "" >>%1 echo. >>%1 echo. >>%1 echo Dim gDebug : gDebug = false '--- Debug flag=true/false >>%1 echo Public Const SCRIPT_VERSON="1.0" >>%1 echo. >>%1 echo '-- open file manupulation >>%1 echo Public Const FILE_OPEN_WRITE = 2, FILE_OPEN_UNICODE = -1 >>%1 echo. >>%1 echo. >>%1 echo '-- ADS_USER_FLAG >>%1 echo Const ADS_UF_SCRIPT = ^&H0001 >>%1 echo Const ADS_UF_ACCOUNTDISABLE = ^&H0002 >>%1 echo Const ADS_UF_HOMEDIR_REQUIRED = ^&H0008 >>%1 echo Const ADS_UF_LOCKOUT = ^&H0010 >>%1 echo Const ADS_UF_PASSWD_NOTREQD = ^&H0020 >>%1 echo Const ADS_UF_PASSWD_CANT_CHANGE = ^&H0040 >>%1 echo Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = ^&H0080 >>%1 echo Const ADS_UF_DONT_EXPIRE_PASSWD = ^&H10000 >>%1 echo Const ADS_UF_SMARTCARD_REQUIRED = ^&H40000 >>%1 echo Const ADS_UF_PASSWORD_EXPIRED = ^&H800000 >>%1 echo. >>%1 echo. >>%1 echo '------- Other constants >>%1 echo Public Const MIN_IN_DAY = 1440 >>%1 echo Public Const SEC_IN_MIN = 60 >>%1 echo. >>%1 echo. >>%1 echo Dim oFS, sFileXML, oFileXML, iIndent, aAttr >>%1 echo Dim sTarget, dObtained >>%1 echo. >>%1 echo Dim aMonth >>%1 echo aMonth = Array( "", "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", _ >>%1 echo "Sep", "Oct", "Nov", "Dec" ) >>%1 echo. >>%1 echo '============================== Main Section ================================== >>%1 echo On Error Resume Next >>%1 echo. >>%1 echo '-- Get Environment vars >>%1 echo Dim oShell, oEnv, sHost, sDom, sUser >>%1 echo Set oShell = CreateObject("Wscript.Shell") >>%1 echo Set oEnv = oShell.Environment("Process") >>%1 echo sHost = oEnv("COMPUTERNAME") '-- Get Host name >>%1 echo sDom = oEnv("USERDOMAIN") '-- Get Logon domain >>%1 echo sUser = oEnv("USERNAME") '-- Get user name >>%1 echo. >>%1 echo '-- verify that the assessment host is part of the Win domain >>%1 echo If IsError("") or sHost=sDom Then >>%1 echo printError( "Not a domain memeber/controller. Aborting...") >>%1 echo die >>%1 echo End If >>%1 echo. >>%1 echo Set oEnv = Nothing >>%1 echo Set oShell = Nothing >>%1 echo. >>%1 echo '-- Init target vars >>%1 echo sTarget = sDom >>%1 echo dObtained = Now >>%1 echo. >>%1 echo Print "Domain to assess: " ^& sTarget >>%1 echo. >>%1 echo '-- create an object for XML tag attributes >>%1 echo If IsEmpty( aAttr ) Then >>%1 echo Set aAttr = CreateObject("Scripting.Dictionary") >>%1 echo End If >>%1 echo. >>%1 echo Dim aPropUser >>%1 echo Set aPropUser = CreateObject("Scripting.Dictionary") >>%1 echo. >>%1 echo '-- create the filesystem object >>%1 echo If IsEmpty( oFS ) Then >>%1 echo Set oFS = CreateObject("Scripting.FileSystemObject") '- FileSystem object >>%1 echo End If >>%1 echo. >>%1 echo. >>%1 echo '-- create the XML file >>%1 echo sFileXML = sTarget + ".assess_dom_"+formatDigDate(dObtained)+".xml" >>%1 echo printDebug( "sFileXML=" + sFileXML ) >>%1 echo Set oFileXML = oFS.OpenTextFile(sFileXML, FILE_OPEN_WRITE, True, FILE_OPEN_UNICODE ) >>%1 echo If IsError("could not create the file "+sFileXML) Then >>%1 echo die >>%1 echo End If >>%1 echo. >>%1 echo Print "Result file: " ^& sFileXML >>%1 echo. >>%1 echo '-- write the XML header into the assessment file >>%1 echo outLine( "" ) >>%1 echo outLine( gSnapShotHeader ) : IncrIndent >>%1 echo outTag "credential", sDom+"\"+sUser >>%1 echo outTag "assessment_time", formatDateDDMMMYYYY( dObtained ) >>%1 echo outTag "assessment_host", sHost >>%1 echo outTag "target", sTarget >>%1 echo. >>%1 echo assess_Win_domain '-- output domain info >>%1 echo. >>%1 echo. >>%1 echo '-- end the XML tag >>%1 echo outLine( "" ) : DecrIndent >>%1 echo. >>%1 echo '-- close everything >>%1 echo oFileXML.Close >>%1 echo Set oFileXML = Nothing >>%1 echo Set oFS = Nothing >>%1 echo Set aAttr = Nothing >>%1 echo Set aPropUser = Nothing >>%1 echo '------------------------------- End of Main Section -------------------------- >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Assess a Windows NT domain and output results into XML file >>%1 echo '* Input: none >>%1 echo '* Output: none >>%1 echo '* Glob Vars: sTarget >>%1 echo '============================================================================= >>%1 echo Sub assess_Win_domain() >>%1 echo Dim sFuncName : sFuncName="assess_Win_domain" >>%1 echo. >>%1 echo On Error Resume Next >>%1 echo printDebug( "+++++ " ^& sFuncName ) >>%1 echo. >>%1 echo addAttr "id", sTarget >>%1 echo openXMLtag "domain_winnt" >>%1 echo. >>%1 echo '-- output schema, currently only limited classes such as domain, user, group, computer >>%1 echo Print "Enumerating schema" >>%1 echo enum_schemaWinNT >>%1 echo. >>%1 echo '-- extract all AD objects, also could be connection to the Global Catalog i.i. GC:// >>%1 echo Print "Enumerating domain objects (may take a while)" >>%1 echo enum_WinNT_objects "WinNT://" ^& sTarget >>%1 echo. >>%1 echo '-- get domain security policy >>%1 echo Print "Obtaining domain security policy" >>%1 echo get_WinNT_security_policy "WinNT://" ^& sTarget >>%1 echo. >>%1 echo '-- close everything >>%1 echo closeXMLtag "domain_winnt" >>%1 echo. >>%1 echo printDebug( "----- " ^& sFuncName ) >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Glob Vars: >>%1 echo '============================================================================= >>%1 echo Sub enum_WinNT_objects( ByVal sADSPath ) >>%1 echo Dim sFuncName : sFuncName="enum_WinNT_objects" >>%1 echo. >>%1 echo On Error Resume Next >>%1 echo printDebug( "+++++ " ^& sFuncName ) >>%1 echo. >>%1 echo openXMLtag "objects" >>%1 echo. >>%1 echo Dim colObjects, oObj >>%1 echo Set colObjects = GetObject(sADSPath) >>%1 echo. >>%1 echo If not IsObject( colObjects ) Then >>%1 echo outComment "Error: No records for the domain " ^& sADSPath >>%1 echo closeXMLtag "objects" >>%1 echo Set colObjects = Nothing >>%1 echo printDebug( "----- " ^& sFuncName ) >>%1 echo Exit Sub >>%1 echo End If >>%1 echo. >>%1 echo ' colObjects.Filter = Array("Group") >>%1 echo. >>%1 echo For Each oObj In colObjects >>%1 echo addAttr "id", Replace( oObj.ADsPath, "WinNT://","") >>%1 echo addAttr "class", oObj.Class >>%1 echo openXMLtag "object" >>%1 echo Select Case oObj.Class >>%1 echo Case "User" >>%1 echo get_WinNT_User oObj.ADsPath >>%1 echo Case "Group" >>%1 echo get_WinNT_group oObj.ADsPath >>%1 echo Case "Computer" >>%1 echo get_WinNT_computer oObj.ADsPath >>%1 echo Case Else >>%1 echo get_WinNT_object oObj.ADsPath >>%1 echo End Select >>%1 echo. >>%1 echo closeXMLtag "object" >>%1 echo Next >>%1 echo. >>%1 echo closeXMLtag "objects" >>%1 echo Set colObjects = Nothing >>%1 echo. >>%1 echo. >>%1 echo printDebug( "----- " ^& sFuncName ) >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* >>%1 echo '============================================================================= >>%1 echo Sub get_WinNT_object( ByVal ADsPath ) >>%1 echo On Error Resume Next >>%1 echo. >>%1 echo Dim oObject, oClass, sProp >>%1 echo Set oObject = GetObject(ADsPath) >>%1 echo Set oClass = GetObject(oObject.Schema) >>%1 echo. >>%1 echo oObject.GetInfo >>%1 echo For Each sProp in oClass.MandatoryProperties >>%1 echo outParam sProp, oObject.Get(sProp) >>%1 echo Next >>%1 echo. >>%1 echo For Each sProp in oClass.OptionalProperties >>%1 echo outParam sProp, oObject.Get(sProp) >>%1 echo Next >>%1 echo. >>%1 echo Set oClass = Nothing >>%1 echo Set oObject = Nothing >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Obtain details about an WinNT User object. Output as XML >>%1 echo '============================================================================= >>%1 echo Sub get_WinNT_User( ByRef ADsPath ) >>%1 echo. >>%1 echo On Error Resume Next >>%1 echo Dim oUser, flag, sTmp >>%1 echo Set oUser = GetObject(ADsPath) >>%1 echo outParam "class", oUser.Class >>%1 echo outParam "name", oUser.name >>%1 echo outParam "FullName", oUser.FullName >>%1 echo outParam "Description", oUser.Description >>%1 echo If IsNull( oUser.AccountExpirationDate ) Then >>%1 echo outParam "AccountExpirationDate", 0 >>%1 echo Else >>%1 echo outParam "AccountExpirationDate", oUser.AccountExpirationDate >>%1 echo End If >>%1 echo outParam "AutoUnlockInterval", oUser.AutoUnlockInterval >>%1 echo outParam "BadPasswordAttempts", oUser.BadPasswordAttempts >>%1 echo outParam "HomeDirDrive", oUser.HomeDirDrive >>%1 echo outParam "HomeDirectory", oUser.HomeDirectory >>%1 echo flag = oUser.UserFlags >>%1 echo outParam "UserFlags", flag >>%1 echo outParam "isRunLogonScript", formatYesNo( flag AND ADS_UF_SCRIPT ) >>%1 echo outParam "isAccountDisabled", formatYesNo( flag AND ADS_UF_ACCOUNTDISABLE ) >>%1 echo outParam "isHomeDirRequired", formatYesNo( flag AND ADS_UF_HOMEDIR_REQUIRED ) >>%1 echo outParam "isPasswordRequired", formatYesNo( flag AND ADS_UF_PASSWD_NOTREQD ) >>%1 echo outParam "canUserChangePassword", formatYesNo( not( flag AND ADS_UF_PASSWD_NOTREQD) ) >>%1 echo outParam "isPasswordEncrypted", formatYesNo( flag AND ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED ) >>%1 echo outParam "isPasswordExpires", formatYesNo( not( flag AND ADS_UF_DONT_EXPIRE_PASSWD) ) >>%1 echo outParam "isSmartcardRequired", formatYesNo( flag AND ADS_UF_SMARTCARD_REQUIRED ) >>%1 echo outParam "isPasswordExpired", formatYesNo( flag AND ADS_UF_PASSWORD_EXPIRED ) >>%1 echo outParam "LockoutObservationInterval", oUser.LockoutObservationInterval >>%1 echo outParam "LoginHours", oUser.LoginHours >>%1 echo outParam "LastLogin", oUser.LastLogin >>%1 echo outParam "LastLogoff", oUser.LastLogoff >>%1 echo outParam "LoginScript", oUser.LoginScript >>%1 echo outParam "LoginWorkstations", oUser.LoginWorkstations >>%1 echo outParam "MinPasswordAge", oUser.MinPasswordAge >>%1 echo outParam "MinPasswordLength", oUser.MinPasswordLength >>%1 echo outParam "MaxBadPasswordsAllowed", oUser.MaxBadPasswordsAllowed >>%1 echo outParam "MaxLogins", oUser.MaxLogins >>%1 echo outParam "MaxPasswordAge", oUser.MaxPasswordAge >>%1 echo outParam "MaxStorage", oUser.MaxStorage >>%1 echo outParam "objectSid", fnGet_HexString( oUser.objectSid ) >>%1 echo. >>%1 echo ' outParam "Parameters", oUser.Parameters >>%1 echo outParam "PasswordAge", oUser.PasswordAge >>%1 echo outParam "PasswordExpirationDate", oUser.PasswordExpirationDate >>%1 echo outParam "PasswordExpired", oUser.PasswordExpired >>%1 echo outParam "PasswordHistoryLength", oUser.PasswordHistoryLength >>%1 echo outParam "PrimaryGroupID", oUser.PrimaryGroupID >>%1 echo outParam "Profile", oUser.Profile >>%1 echo. >>%1 echo Set oUser = Nothing >>%1 echo End Sub >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Sub get_WinNT_group( ByVal ADsPath ) >>%1 echo On Error Resume Next >>%1 echo. >>%1 echo Dim oGroup, oMember, sTmp >>%1 echo Set oGroup = GetObject(ADsPath) >>%1 echo outParam "class", oGroup.Class >>%1 echo outParam "name", oGroup.name >>%1 echo outParam "Description", oGroup.Description >>%1 echo outParam "groupType", oGroup.groupType >>%1 echo outParam "objectSid", fnGet_HexString( oGroup.objectSid ) >>%1 echo. >>%1 echo. >>%1 echo '-- get members >>%1 echo openXMLtag "members" >>%1 echo. >>%1 echo For Each oMember in oGroup.Members >>%1 echo sTmp = oMember.ADsPath >>%1 echo outParam "member", Right( sTmp, Len(sTmp)-8 ) >>%1 echo Next >>%1 echo closeXMLtag "members" >>%1 echo. >>%1 echo Set oGroup = Nothing >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Sub get_WinNT_computer( ByVal ADsPath ) >>%1 echo ' On Error Resume Next >>%1 echo. >>%1 echo ' Dim oComp, sTmp >>%1 echo ' Set oComp = GetObject(ADsPath) >>%1 echo ' outParam "class", oComp.Class >>%1 echo ' outParam "name", oComp.name >>%1 echo ' outParam "Owner", oComp.Owner >>%1 echo ' outParam "Division", oComp.Division >>%1 echo ' outParam "OperatingSystem", oComp.OperatingSystem >>%1 echo ' outParam "OperatingSystemVersion", oComp.OperatingSystemVersion >>%1 echo ' outParam "Processor", oComp.Processor >>%1 echo ' outParam "ProcessorCount", oComp.ProcessorCount >>%1 echo. >>%1 echo ' Set oComp = Nothing >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Glob Vars: none >>%1 echo '============================================================================= >>%1 echo Sub enum_schemaWinNT() >>%1 echo openXMLtag "schema" >>%1 echo addAttr "type", "domain" >>%1 echo openXMLtag "class" >>%1 echo getWinNT_Schema "domain" >>%1 echo closeXMLtag "class" >>%1 echo. >>%1 echo addAttr "type", "computer" >>%1 echo openXMLtag "class" >>%1 echo getWinNT_Schema "computer" >>%1 echo closeXMLtag "class" >>%1 echo. >>%1 echo addAttr "type", "group" >>%1 echo openXMLtag "class" >>%1 echo getWinNT_Schema "group" >>%1 echo closeXMLtag "class" >>%1 echo. >>%1 echo addAttr "type", "user" >>%1 echo openXMLtag "class" >>%1 echo getWinNT_Schema "user" >>%1 echo closeXMLtag "class" >>%1 echo. >>%1 echo closeXMLtag "schema" >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Glob Vars: none >>%1 echo '============================================================================= >>%1 echo Sub getWinNT_Schema( ByVal sClass ) >>%1 echo. >>%1 echo On Error Resume Next >>%1 echo Dim oClass, oParent >>%1 echo. >>%1 echo Set oClass = GetObject("WinNT://" ^& sTarget ^& "/Schema/" ^& sClass ) >>%1 echo Set oParent = GetObject(oClass.Parent) >>%1 echo. >>%1 echo Dim sParam, oParam >>%1 echo. >>%1 echo '-- Mandatory attributes >>%1 echo For Each sParam in oClass.MandatoryProperties >>%1 echo Set oParam = oParent.GetObject("Property", sParam) >>%1 echo addAttr "isMandatory","yes" >>%1 echo addAttr "syntax", oParam.Syntax >>%1 echo If oParam.MultiValued Then >>%1 echo addAttr "valued", "multivalued" >>%1 echo Else >>%1 echo addAttr "valued", "single-valued" >>%1 echo End If >>%1 echo outTag "property", sParam >>%1 echo Next >>%1 echo. >>%1 echo '-- Optional attributes >>%1 echo For Each sParam in oClass.OptionalProperties >>%1 echo Set oParam = oParent.GetObject("Property", sParam) >>%1 echo addAttr "isMandatory","no" >>%1 echo addAttr "type", oParam.Syntax >>%1 echo If oParam.MultiValued Then >>%1 echo addAttr "valued", "multivalued" >>%1 echo Else >>%1 echo addAttr "valued", "single-valued" >>%1 echo End If >>%1 echo outTag "attribute", sParam >>%1 echo Next >>%1 echo. >>%1 echo '-- clear vars >>%1 echo Set oParam = Nothing >>%1 echo Set oClass = Nothing >>%1 echo Set oParent = Nothing >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Query WinNT domain security policy (one per a domain ) >>%1 echo '============================================================================= >>%1 echo Sub get_WinNT_security_policy( ByVal sWinNT ) >>%1 echo. >>%1 echo Dim sFuncName : sFuncName="get_WinNT_security_policy" >>%1 echo. >>%1 echo On Error Resume Next >>%1 echo printDebug( "+++++ " ^& sFuncName ) >>%1 echo. >>%1 echo Dim oDomain >>%1 echo. >>%1 echo openXMLtag "domain_security_policy" >>%1 echo. >>%1 echo Set oDomain = GetObject(sWinNT) >>%1 echo. >>%1 echo If not ( IsObject( oDomain ) ) Then >>%1 echo printError( "Could not obtain domain security policy" ) >>%1 echo outComment "Could not obtain domain security policy, exiting with a error" >>%1 echo closeXMLtag "domain_security_policy" >>%1 echo printDebug( "----- " ^& sFuncName ) >>%1 echo Exit Sub >>%1 echo End If >>%1 echo. >>%1 echo '-- List Domain Password Policy Settings >>%1 echo openXMLtag "password_policy" >>%1 echo. >>%1 echo Dim iMaxPwdAgeSeconds, iMinPwdAgeSeconds >>%1 echo iMaxPwdAgeSeconds = oDomain.Get("MaxPasswordAge") >>%1 echo iMinPwdAgeSeconds = oDomain.Get("MinPasswordAge") >>%1 echo. >>%1 echo addAttr "desc","Enforce password history" >>%1 echo addAttr "measure","passwords remembered" >>%1 echo outTag "PasswordHistoryLength", oDomain.Get("PasswordHistoryLength") >>%1 echo. >>%1 echo addAttr "desc","Maximum password age" >>%1 echo addAttr "measure","days" >>%1 echo outTag "MaxPasswordAge", Int((iMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) >>%1 echo. >>%1 echo addAttr "desc","Minimum password age" >>%1 echo addAttr "measure","days" >>%1 echo outTag "MinPasswordAge", Int((iMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) >>%1 echo. >>%1 echo addAttr "desc","Minimum password length" >>%1 echo addAttr "measure","characters" >>%1 echo outTag "MinPasswordLength ", oDomain.Get("MinPasswordLength") >>%1 echo. >>%1 echo. >>%1 echo closeXMLtag "password_policy" >>%1 echo. >>%1 echo '-- List Account Lockout Policy Settings >>%1 echo openXMLtag "account_lockout_policy" >>%1 echo Dim iLockOutObservationWindowSeconds, iLockoutDurationSeconds >>%1 echo iLockOutObservationWindowSeconds = oDomain.Get("LockoutObservationInterval") >>%1 echo iLockoutDurationSeconds = oDomain.Get("AutoUnlockInterval") >>%1 echo. >>%1 echo addAttr "desc","Account lockout duration" >>%1 echo addAttr "measure","minutes" >>%1 echo outComment "If AutoUnlockInterval=0 then Administrator must manually unlock locked accounts" >>%1 echo If iLockoutDurationSeconds ^<^> -1 Then >>%1 echo outTag "AutoUnlockInterval", Int(iLockOutDurationSeconds/SEC_IN_MIN) >>%1 echo Else >>%1 echo outTag "AutoUnlockInterval", "0" >>%1 echo End If >>%1 echo. >>%1 echo addAttr "desc","Account lockout threshold" >>%1 echo addAttr "measure","invalid logon attempts" >>%1 echo outTag "lockoutThreshold", oDomain.Get("MaxBadPasswordsAllowed") >>%1 echo. >>%1 echo addAttr "desc","Reset account lockout counter after" >>%1 echo addAttr "measure","minutes" >>%1 echo outTag "LockoutObservationInterval", Int(iLockOutObservationWindowSeconds/SEC_IN_MIN) >>%1 echo. >>%1 echo closeXMLtag "account_lockout_policy" >>%1 echo. >>%1 echo closeXMLtag "domain_security_policy" >>%1 echo. >>%1 echo '-- clean vars >>%1 echo Set oDomain = Nothing >>%1 echo. >>%1 echo printDebug( "----- " ^& sFuncName ) >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Open a XML tag with attributes stored in the global dictionary aAttr >>%1 echo '* Glob Vars: aAttr >>%1 echo '============================================================================= >>%1 echo Sub openXMLtag( ByVal sTag ) >>%1 echo Dim sTmp, sKey, sVal : sTmp="" >>%1 echo '-- check XML tag attributes >>%1 echo If aAttr.Count ^> 0 Then >>%1 echo For each sKey in aAttr.Keys >>%1 echo sVal = aAttr.Item( sKey ) >>%1 echo sTmp = sTmp ^& " " ^& sKey ^& "='" ^& prepXML( sVal ) ^& "'" >>%1 echo Next >>%1 echo '-- clear all attributes >>%1 echo aAttr.RemoveAll >>%1 echo End If >>%1 echo. >>%1 echo outLine( PutIndent ^& "<" ^& sTag ^& sTmp ^&">" ) >>%1 echo IncrIndent >>%1 echo End Sub >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Sub closeXMLtag( ByVal sTag ) >>%1 echo DecrIndent >>%1 echo outLine( PutIndent ^& "" ) >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* >>%1 echo '============================================================================= >>%1 echo Sub outParam( ByVal sParam, ByVal sValue ) >>%1 echo ' If Err.Number Then >>%1 echo ' outComment "Error with " ^& sParam ^&":" ^& Err.Description >>%1 echo If IsNull( sValue ) or IsEmpty( sValue ) Then >>%1 echo Exit Sub >>%1 echo ElseIf Len( sValue ) ^< 1 Then >>%1 echo Exit Sub >>%1 echo Else >>%1 echo outTag sParam, sValue >>%1 echo End If >>%1 echo End Sub >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Glob Vars: aAttr >>%1 echo '============================================================================= >>%1 echo Sub outTag( ByVal sTag, ByVal sMsg ) >>%1 echo Dim sTmp, sKey, sVal : sTmp="" >>%1 echo. >>%1 echo '-- check XML tag attributes >>%1 echo If aAttr.Count ^> 0 Then >>%1 echo For each sKey in aAttr.Keys >>%1 echo sVal = aAttr.Item( sKey ) >>%1 echo sTmp = sTmp ^& " " ^& sKey ^& "='" ^& prepXML( sVal ) ^& "'" >>%1 echo Next >>%1 echo '-- clear all attributes >>%1 echo aAttr.RemoveAll >>%1 echo End If >>%1 echo If sMsg="" or IsEmpty(sMsg) or IsNull( sMsg) Then >>%1 echo outLine( PutIndent ^& "<" ^& sTag ^& sTmp ^& " />" ) >>%1 echo Else >>%1 echo outLine( PutIndent ^& "<" ^& sTag ^& sTmp ^& ">" ^& prepXML( sMsg ) ^& "" ) >>%1 echo End If >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Sub outComment( ByVal sMsg ) >>%1 echo outLine( PutIndent ^& "" ) >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Purpose: write a line into the assessment XML file >>%1 echo '* Input: message to output >>%1 echo '* Output: none >>%1 echo '* Global Var: oFileXML >>%1 echo '============================================================================== >>%1 echo Sub outLine( ByVal sMsg ) >>%1 echo sMsg = CStr( sMsg ) >>%1 echo If not IsEmpty( oFileXML ) Then >>%1 echo oFileXML.Write( sMsg ^& NewLine ) >>%1 echo Else >>%1 echo WScript.Echo( sMsg ) >>%1 echo End If >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Function prepXML( ByVal sLine ) >>%1 echo Dim sTmp >>%1 echo sTmp = Replace( sLine, "&", "&" ) >>%1 echo sTmp = Replace( sTmp, ">", ">" ) >>%1 echo sTmp = Replace( sTmp, "<","<" ) >>%1 echo sTmp = Replace( sTmp, "'","'" ) >>%1 echo prepXML = sTmp >>%1 echo End Function >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Sub IncrIndent() >>%1 echo iIndent = iIndent + 2 >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Sub DecrIndent() >>%1 echo If iIndent^>0 Then >>%1 echo iIndent = iIndent - 2 >>%1 echo Else >>%1 echo iIndent = 0 >>%1 echo End If >>%1 echo End Sub >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Function PutIndent() >>%1 echo PutIndent = Space( iIndent ) >>%1 echo End Function >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Sub addAttr( ByVal sKey, ByVal sVal ) >>%1 echo aAttr.Add sKey, sVal >>%1 echo End Sub >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Function fnGet_HexString(intSID) >>%1 echo Dim strRet, i, b >>%1 echo strRet = "" >>%1 echo For i = 0 to Ubound(intSID) >>%1 echo b = hex(ascb(midb(intSID,i+1,1))) >>%1 echo If( len(b) = 1 ) then b = "0" ^& b >>%1 echo strRet = strRet ^& b >>%1 echo Next >>%1 echo. >>%1 echo fnGet_HexString = fnHexStrToDecStr(strRet) >>%1 echo. >>%1 echo End Function >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '============================================================================= >>%1 echo Function fnHexStrToDecStr(strSid) >>%1 echo. >>%1 echo Dim arrbytSid, lngTemp, j >>%1 echo. >>%1 echo ReDim arrbytSid(Len(strSid)/2 - 1) >>%1 echo For j = 0 To UBound(arrbytSid) >>%1 echo arrbytSid(j) = CInt("&H" ^& Mid(strSid, 2*j + 1, 2)) >>%1 echo Next >>%1 echo. >>%1 echo fnHexStrToDecStr = "S-" ^& arrbytSid(0) ^& "-" _ >>%1 echo ^& arrbytSid(1) ^& "-" ^& arrbytSid(8) >>%1 echo. >>%1 echo lngTemp = arrbytSid(15) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(14) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(13) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(12) >>%1 echo. >>%1 echo fnHexStrToDecStr = fnHexStrToDecStr ^& "-" ^& CStr(lngTemp) >>%1 echo. >>%1 echo lngTemp = arrbytSid(19) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(18) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(17) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(16) >>%1 echo. >>%1 echo fnHexStrToDecStr = fnHexStrToDecStr ^& "-" ^& CStr(lngTemp) >>%1 echo. >>%1 echo lngTemp = arrbytSid(23) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(22) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(21) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(20) >>%1 echo. >>%1 echo fnHexStrToDecStr = fnHexStrToDecStr ^& "-" ^& CStr(lngTemp) >>%1 echo. >>%1 echo lngTemp = arrbytSid(25) >>%1 echo lngTemp = lngTemp * 256 + arrbytSid(24) >>%1 echo. >>%1 echo fnHexStrToDecStr = fnHexStrToDecStr ^& "-" ^& CStr(lngTemp) >>%1 echo. >>%1 echo End Function >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Purpose: Convert date into string DD-MMM-YYYY >>%1 echo '* Input: date to convert >>%1 echo '* Output: result string >>%1 echo '============================================================================= >>%1 echo Function formatDateDDMMMYYYY( ByVal dDate ) >>%1 echo. >>%1 echo If IsDate( dDate ) Then >>%1 echo formatDateDDMMMYYYY = Add0(DatePart("d", dDate ),2) ^& "-" ^&_ >>%1 echo aMonth( DatePart("m", dDate )) ^& "-" ^&_ >>%1 echo DatePart("yyyy", dDate ) >>%1 echo Else >>%1 echo formatDateDDMMMYYYY = "" >>%1 echo End If >>%1 echo. >>%1 echo End Function >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Purpose: Convert date into string YYYYMMDD >>%1 echo '* Input: date to convert >>%1 echo '* Output: result string in format YYYYMMDD or blank string >>%1 echo '============================================================================= >>%1 echo Function formatDigDate( ByVal dDate ) >>%1 echo If IsDate( dDate ) Then >>%1 echo formatDigDate = DatePart("yyyy", dDate ) ^& Add0(DatePart("m", dDate ),2) ^&_ >>%1 echo Add0(DatePart("d", dDate ),2) >>%1 echo Else >>%1 echo formatDigDate = "" >>%1 echo End If >>%1 echo End Function >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Purpose: Add leading zeros >>%1 echo '* Input: number to convert, number or required zeros >>%1 echo '* Output: result string >>%1 echo '============================================================================= >>%1 echo Function Add0( ByVal iNum, ByVal iZeros ) >>%1 echo Dim sNum : sNum = CStr( iNum ) >>%1 echo Add0 = String(iZeros-Len(sNum), "0") ^& sNum >>%1 echo End Function >>%1 echo. >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Purpose: Conver Bool val into yes/no >>%1 echo '* Input: bool param >>%1 echo '* Output: string "yes" or "no" >>%1 echo '============================================================================= >>%1 echo Function formatYesNo( ByVal bParam ) >>%1 echo If bParam Then >>%1 echo formatYesNo = "yes" >>%1 echo Else >>%1 echo formatYesNo = "no" >>%1 echo End If >>%1 echo End Function >>%1 echo. >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Purpose: detect an error >>%1 echo '* Input: message to output >>%1 echo '* Output: true if error >>%1 echo '============================================================================== >>%1 echo Private Function IsError(ByVal sMsg) >>%1 echo. >>%1 echo On Error Resume Next >>%1 echo IsError = False >>%1 echo. >>%1 echo If Err.Number Then >>%1 echo printError( " 0x" + CStr(Hex(Err.Number)) + ":"+ sMsg ) >>%1 echo If Err.Description ^<^> "" Then >>%1 echo printError( " description: " + Err.Description) >>%1 echo End If >>%1 echo Err.Clear >>%1 echo IsError = True >>%1 echo End If >>%1 echo. >>%1 echo End Function >>%1 echo. >>%1 echo. >>%1 echo '============================================================================= >>%1 echo '* Purpose: output information to STDOUT if in Debug mode >>%1 echo '* >>%1 echo '* >>%1 echo '============================================================================= >>%1 echo Sub printDebug(ByVal sMsg) >>%1 echo. >>%1 echo If gDebug Then '-- if debug mode >>%1 echo 'oLogFile.Write( "-- " + sMsg + NewLine ) >>%1 echo Print( "-- " ^& sMsg ) >>%1 echo End If >>%1 echo. >>%1 echo End Sub >>%1 echo. >>%1 echo '============================================================================== >>%1 echo '============================================================================== >>%1 echo Sub PrintError( ByVal sMsg ) >>%1 echo Print "~~~ Error: " ^& sMsg >>%1 echo End Sub >>%1 echo. >>%1 echo '============================================================================== >>%1 echo '============================================================================== >>%1 echo Sub Print( ByVal sMsg ) >>%1 echo WScript.Echo( sMsg ) >>%1 echo End Sub >>%1 echo. >>%1 echo '============================================================================== >>%1 echo '============================================================================== >>%1 echo Sub die >>%1 echo WScript.Quit(13) >>%1 echo End Sub >>%1 echo. >>%1 echo '============================================================================== >>%1 echo '============================================================================== >>%1 echo Public Function NewLine() >>%1 echo NewLine = vbCrLf >>%1 echo End Function >>%1 goto :EOF :USAGE echo This script collects objects and security policy settings of a MS Windows Domain echo and saves them into a XML result file. echo. echo Usage: %0 echo. echo Run it on a domain member server/controller with Domain Admin privileges echo The script requires MS VB Script Host file %VBS_EXE% to run goto END :END echo Done!