removeDACL_Customers.vbs
10:32 PMOption ExplicitOn Error Resume NextDim oCompanyDim objOU,objSubOU,objUser,objGroup,objParent,objChild,objSD,objDACL,objACEWscript.Echo " "Wscript.StdOut.Write "Please enter in the Company Name: "oCompany = Wscript.StdIn.ReadLineoCompany = replace(oCompany, " ","")' This section enumerated all users in the specified customer's OU' Specify the OU/Container.Set objOU = GetObject("LDAP://OU=" & oCompany & ",OU=Customers,DC=cust,DC=corp,DC=opsource,DC=net")Call SetDaclUser(objOU)Sub SetDaclUser(objParent) ' Filter on objects of class user. objParent.Filter = Array("user") ' Enumerate user objects. For Each objUser In objParent Set objSD = objUser.Get("ntSecurityDescriptor") Set objDACL = objSD.DiscretionaryACL For Each objACE in objDACL If objACE.Trustee = "NT AUTHORITY\Authenticated Users" Then objDACL.RemoveAce objACE End If If objACE.Trustee = "BUILTIN\Pre-Windows 2000 Compatible Access" Then objDACL.RemoveAce objACE End If Next objSD.DiscretionaryAcl = objDacl objUser.Put "ntSecurityDescriptor", Array(objSD) objUser.SetInfo 'WScript.Echo "Modified the user object: " & objUser Next ' Filter on child OU's/Containers. objParent.Filter = Array("container", "organizationalUnit") For Each objChild In objParent ' Call this subroutine recursively for each child container/OU. Call SetDaclUser(objChild) Next End Sub' This section enumerated all groups in the specified customer's OU' Specify the OU/Container.Set objOU = GetObject("LDAP://OU=" & oCompany & ",OU=Customers,DC=cust,DC=corp,DC=opsource,DC=net")Call SetDaclGroup(objOU)Sub SetDaclGroup(objParent) ' Filter on objects of class group. objParent.Filter = Array("group") ' Enumerate user objects. For Each objGroup In objParent Set objSD = objGroup.Get("ntSecurityDescriptor") Set objDACL = objSD.DiscretionaryACL For Each objACE in objDACL If objACE.Trustee = "NT AUTHORITY\Authenticated Users" Then objDACL.RemoveAce objACE End If If objACE.Trustee = "BUILTIN\Pre-Windows 2000 Compatible Access" Then objDACL.RemoveAce objACE End If Next objSD.DiscretionaryAcl = objDacl objGroup.Put "ntSecurityDescriptor", Array(objSD) objGroup.SetInfo 'WScript.Echo "Modified the group object: " & objGroup Next ' Filter on child OU's/Containers. objParent.Filter = Array("container", "organizationalUnit") For Each objChild In objParent ' Call this subroutine recursively for each child container/OU. Call SetDaclGroup(objChild) Next End Sub' This section enumerated all OU's in the specified customer's OU' Specify the OU/Container.Set objOU = GetObject("LDAP://OU=" & oCompany & ",OU=Customers,DC=cust,DC=corp,DC=opsource,DC=net")Set objSD = objOU.Get("ntSecurityDescriptor")Set objDACL = objSD.DiscretionaryACLFor Each objACE in objDACL If objACE.Trustee = "NT AUTHORITY\Authenticated Users" Then objDACL.RemoveAce objACE End If If objACE.Trustee = "BUILTIN\Pre-Windows 2000 Compatible Access" Then objDACL.RemoveAce objACE End IfNextobjSD.DiscretionaryAcl = objDaclobjOU.Put "ntSecurityDescriptor", Array(objSD)objOU.SetInfo'WScript.Echo "Modified the OU object: " & objOUCall SetDaclOU(objOU)Sub SetDaclOU(objParent) ' Filter on objects of class group. objParent.Filter = Array("organizationalUnit") ' Enumerate user objects. For Each objSubOU In objParent Set objSD = objSubOU.Get("ntSecurityDescriptor") Set objDACL = objSD.DiscretionaryACL For Each objACE in objDACL If objACE.Trustee = "NT AUTHORITY\Authenticated Users" Then objDACL.RemoveAce objACE End If If objACE.Trustee = "BUILTIN\Pre-Windows 2000 Compatible Access" Then objDACL.RemoveAce objACE End If Next objSD.DiscretionaryAcl = objDacl objSubOU.Put "ntSecurityDescriptor", Array(objSD) objSubOU.SetInfo 'WScript.Echo "Modified the OU object: " & objSubOU Next ' Filter on child OU's/Containers. objParent.Filter = Array("container", "organizationalUnit") For Each objChild In objParent ' Call this subroutine recursively for each child container/OU. Call SetDaclOU(objChild) Next End Sub
0 comments