removeDACL_Customers.vbs

10:32 PM

Option Explicit
On Error Resume Next
 
Dim oCompany
Dim objOU,objSubOU,objUser,objGroup,objParent,objChild,objSD,objDACL,objACE
 
 
Wscript.Echo " "
Wscript.StdOut.Write "Please enter in the Company Name: "
oCompany = Wscript.StdIn.ReadLine
oCompany = replace(oCompany, " ","")
 
 
' This section enumerated all users in the specified customer's OU
 
' Specify the OU/Container.
Set objOU = GetObject("LDAP://OU=" & oCompany & ",OU=Customers,DC=cust,DC=corp,DC=opsource,DC=net")
 
Call SetDaclUser(objOU)
 
Sub SetDaclUser(objParent)
 
  ' Filter on objects of class user.
  objParent.Filter = Array("user")
 
  ' Enumerate user objects.
  For Each objUser In objParent
 
    Set objSD = objUser.Get("ntSecurityDescriptor")
    Set objDACL = objSD.DiscretionaryACL
 
    For Each objACE in objDACL
      If objACE.Trustee = "NT AUTHORITY\Authenticated Users" Then
        objDACL.RemoveAce objACE
      End If
     
      If objACE.Trustee = "BUILTIN\Pre-Windows 2000 Compatible Access" Then
        objDACL.RemoveAce objACE
      End If   
    Next
 
    objSD.DiscretionaryAcl = objDacl
    objUser.Put "ntSecurityDescriptor", Array(objSD)
    objUser.SetInfo
    'WScript.Echo "Modified the user object: " & objUser
 
  Next
 
  ' Filter on child OU's/Containers.
  objParent.Filter = Array("container", "organizationalUnit")
  For Each objChild In objParent
   
  ' Call this subroutine recursively for each child container/OU.
    Call SetDaclUser(objChild)
   
  Next
   
End Sub
 
 
' This section enumerated all groups in the specified customer's OU
 
' Specify the OU/Container.
Set objOU = GetObject("LDAP://OU=" & oCompany & ",OU=Customers,DC=cust,DC=corp,DC=opsource,DC=net")
 
Call SetDaclGroup(objOU)
 
Sub SetDaclGroup(objParent)
 
  ' Filter on objects of class group.
  objParent.Filter = Array("group")
 
  ' Enumerate user objects.
  For Each objGroup In objParent
 
    Set objSD = objGroup.Get("ntSecurityDescriptor")
    Set objDACL = objSD.DiscretionaryACL
 
    For Each objACE in objDACL
      If objACE.Trustee = "NT AUTHORITY\Authenticated Users" Then
        objDACL.RemoveAce objACE
      End If
 
      If objACE.Trustee = "BUILTIN\Pre-Windows 2000 Compatible Access" Then
        objDACL.RemoveAce objACE
      End If
    Next
 
    objSD.DiscretionaryAcl = objDacl
    objGroup.Put "ntSecurityDescriptor", Array(objSD)
    objGroup.SetInfo
    'WScript.Echo "Modified the group object: " & objGroup
 
  Next
 
  ' Filter on child OU's/Containers.
  objParent.Filter = Array("container", "organizationalUnit")
  For Each objChild In objParent
   
  ' Call this subroutine recursively for each child container/OU.
    Call SetDaclGroup(objChild)
   
  Next
   
End Sub
 
 
' This section enumerated all OU's in the specified customer's OU
 
' Specify the OU/Container.
Set objOU = GetObject("LDAP://OU=" & oCompany & ",OU=Customers,DC=cust,DC=corp,DC=opsource,DC=net")
 
Set objSD = objOU.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryACL
 
For Each objACE in objDACL
  If objACE.Trustee = "NT AUTHORITY\Authenticated Users" Then
    objDACL.RemoveAce objACE
  End If
 
  If objACE.Trustee = "BUILTIN\Pre-Windows 2000 Compatible Access" Then
    objDACL.RemoveAce objACE
  End If
Next
 
objSD.DiscretionaryAcl = objDacl
objOU.Put "ntSecurityDescriptor", Array(objSD)
objOU.SetInfo
'WScript.Echo "Modified the OU object: " & objOU
 
Call SetDaclOU(objOU)
 
Sub SetDaclOU(objParent)
 
  ' Filter on objects of class group.
  objParent.Filter = Array("organizationalUnit")
 
  ' Enumerate user objects.
  For Each objSubOU In objParent
 
    Set objSD = objSubOU.Get("ntSecurityDescriptor")
    Set objDACL = objSD.DiscretionaryACL
 
    For Each objACE in objDACL
      If objACE.Trustee = "NT AUTHORITY\Authenticated Users" Then
        objDACL.RemoveAce objACE
      End If
 
      If objACE.Trustee = "BUILTIN\Pre-Windows 2000 Compatible Access" Then
        objDACL.RemoveAce objACE
      End If
    Next
 
    objSD.DiscretionaryAcl = objDacl
    objSubOU.Put "ntSecurityDescriptor", Array(objSD)
    objSubOU.SetInfo
    'WScript.Echo "Modified the OU object: " & objSubOU
 
  Next
 
  ' Filter on child OU's/Containers.
  objParent.Filter = Array("container", "organizationalUnit")
  For Each objChild In objParent
   
  ' Call this subroutine recursively for each child container/OU.
    Call SetDaclOU(objChild)
   
  Next
   
End Sub

You Might Also Like

0 comments

Contact Form

Name

Email *

Message *

Translate

Wikipedia

Search results