Monday, April 18, 2011

SCCM 2007 User/Group Rights Distribution

Example of SetPermissions.txt:
# Permissions based off available 'ClassPermissions' Property in the SMS_UserClassPermissions Class found here:  http://msdn.microsoft.com/en-us/library/cc143194.aspx
# Example Syntax:
#  Class;[ObjectName;]domain\[user|group][;Permission1[,Permission2,Permission3]]
#
# Example 1 - Sets all permissions to all classes for the specified user/group:
#   CLASS_ALL;contoso\Contoso SCCM Administrators
#
# Example 2 - Setting Specific class permissions:
#  Advertisement;contoso\Contoso SCCM Administrators;READ&MODIFY&DELETE&ADMINISTER&CREATE
#  Collection;contoso\Contoso SMS Site Administrators;READ&MODIFY&DELETE&REMOTE_CONTROL&ADVERTISE&MODIFY_RESOURCE&ADMINISTER&CREATE&VIEW_COLL_FILE&READ_RESOURCE&MODIFYCOLLECTIONSETTING&MANAGEBMC&VIEWBMC
#  MeteredProductRule;contoso\Contoso SMS Site Administrators;READ
#
# Example 3 - Instance specific permissions:
#  This section is out-of-date.  At the writing of this document, the source script has changed.  Please visit http://pleasepressanykey.blogspot.com/2011/04/vbscript-set-permissons-on-configmgr.html for the latest version of the instance-specific permissions for more information.


Script:
' ********************************************************************************
'
' Author:  Cameron Wilson (aka thepip3r)
' Date:   4/15/2011
' Credit:  Original script development and import format taken and adapted from Jonas Hettich's script for setting instance-specific permissions (4/15/2011)
'    http://pleasepressanykey.blogspot.com/2011/04/vbscript-set-permissons-on-configmgr.html
' Description: Jonas's script is designed around setting instance-specific permissions.   At my location, we almost exclusively set class-level permissions only so
'    this version of the script goes through and sets class-level permissions.  Other deviations from Jonas's script are some variable spelling and naming
'    consistency changes, the inclusion of all Class objects and all possible permissions as constants for use, and also some custom work that allows you
'    to just specify a class name and the script assigns all available rights off of a static assignment.
' 
' ********************************************************************************



Dim strChosenPermissions  
Dim strSiteServer : strSiteServer = ""  
Dim strSitecode : strSitecode = ""  
Dim objSWbemLocator : Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")  
Dim objSWbemServices : Set objSWbemServices = objSWbemLocator.ConnectServer(strSiteServer,"root/sms/site_" & strSitecode)  
  
Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")  
Dim objFile : Set objFile = objFSO.OpenTextFile("SetPermissions.txt")  
Dim strCurrentLine  
Dim strObjectsType, strObjectName, strUser, strPermissions  

' Class Permission Constants
Const CP_READ      = 1
Const CP_MODIFY      = 2
Const CP_DELETE      = 4
Const CP_DISTRIBUTE     = 8
' Class Permission 16 is NOT used
Const CP_REMOTE_CONTROL    = 32
Const CP_ADVERTISE     = 64
Const CP_MODIFY_RESOURCE   = 128
Const CP_ADMINISTER     = 256
Const CP_DELETE_RESOURCE   = 512
Const CP_CREATE      = 1024
Const CP_VIEW_COLL_FILE    = 2056
Const CP_READ_RESOURCE    = 4096
Const CP_DELEGATE     = 8192
Const CP_METER      = 16384
Const CP_MANAGESQLCOMMAND   = 32768
Const CP_MANAGESTATUSFILTER   = 65536
Const CP_MANAGEFOLDER    = 131072
Const CP_NETWORKACCESS    = 262144
Const CP_IMPORTMACHINE    = 524288
Const CP_CREATETSMEDIA    = 1048576
Const CP_MODIFYCOLLECTIONSETTING = 2097152
Const CP_MANAGEOSDCERTIFICATE  = 4194304
Const CP_RECOVERUSERSTATE   = 8388608
Const CP_MANAGEBMC     = 16777216
Const CP_VIEWBMC     = 33554432
Const CP_MANAGEAI     = 67108864
Const CP_VIEWAI      = 134217728

' Class Constants
Const C_COLLECTION      = 1  ' ConfigMgr DisplayName:  'Collection'
Const C_PACKAGE       = 2  ' ConfigMgr DisplayName:  'Package'
Const C_ADVERTISEMENT     = 3  ' ConfigMgr DisplayName:  'Advertisement'
Const C_STATUSMESSAGE     = 4  ' ConfigMgr DisplayName:  'Status message'
' Class ID 5 NOT USED
Const C_SITE       = 6  ' ConfigMgr DisplayName:  'Site'
Const C_QUERY       = 7  ' ConfigMgr DisplayName:  'Query'
Const C_REPORT       = 8  ' ConfigMgr DisplayName:  'Report'
Const C_METEREDPRODUCTRULE    = 9  ' ConfigMgr DisplayName:  'Software metering rule'
Const C_APPLICABLEUPDATESSUMMARYEX  = 10 ' ConfigMgr DisplayName:  'Applicable updates summary' 
Const C_CONFIGURATIONITEM    = 11 ' ConfigMgr DisplayName:  'Configuration items'
' Class ID 12 Omitted
' Class ID 13 Omitted
Const C_OPERATINGSYSTEMINSTALLPACKAGE = 14 ' ConfigMgr DisplayName:  'OS install package'
Const C_TEMPLATE      = 15 ' ConfigMgr DisplayName:  'Deployment template'
Const C_UPDATESASSIGNMENT    = 16 ' ConfigMgr DisplayName:  'Deployment'
Const C_STATEMIGRATION     = 17 ' ConfigMgr DisplayName:  'Computer association'
Const C_IMAGEPACKAGE     = 18 ' ConfigMgr DisplayName:  'OS image'
Const C_BOOTIMAGEPACKAGE    = 19 ' ConfigMgr DisplayName:  'Boot image package'
Const C_TASKSEQUENCEPACKAGE    = 20 ' ConfigMgr DisplayName:  'Task sequence package'
Const C_DEVICESETTINGPACKAGE   = 21 ' ConfigMgr DisplayName:  'Device setting package'
Const C_DEVICESETTINGITEM    = 22 ' ConfigMgr DisplayName:  'Device setting item'
Const C_DRIVERPACKAGE     = 23 ' ConfigMgr DisplayName:  'Driver Package'
Const C_SOFTWAREUDPATESPACKAGE   = 24 ' ConfigMgr DisplayName:  'Deployment package'
Const C_DRIVER       = 25 ' ConfigMgr DisplayName:  ?





' Begin Code Execution
 
 WScript.Echo "Site Server:  " & strSiteServer 
 
'Loop the Source File  
Do While not objFile.AtEndOfStream  
 strCurrentLine = objFile.ReadLine  

 'Skip Comment and Blank lines  
 If strCurrentLine <> "" Then  
  If Not Left(strCurrentLine,1) = "#" Then  
   'Parse the information  
   arrLine = Split(strCurrentLine,";")
   
   If Ubound(arrLine) = 1 Then ' Check for 2 arguments, if so, assume set all class permissions on user/group
    ' Set Class Permissions
    WSCript.Echo "Found Custom-Level ALL Definition... Executing"
    strObjectsType = arrLine(0)  
    strUser = arrLine(1)  
    
    Call SetClassRights_All(strUser)
   ElseIf Ubound(arrLine) = 2 Then ' Check for 3 arguments, if so, assume assignment of a class-level permission on user/group
    ' Set Class Permissions
    WSCript.Echo "Found Class-Level Definition... Executing"
    strObjectsType = arrLine(0)  
    strUser = arrLine(1)  
    strPermissions = arrLine(2)
    
    Call SetClassRights(strObjectsType, strUser, strPermissions)
   ElseIf (Ubound(arrLine)) = 3 Then ' Check for 4 arguments, if so, assume assignment of an instance-level permission on an entity for a user/group
    ' Set Instance Permissions
    WSCript.Echo "Found Instance-Level Definition... Executing"
    strObjectsType = arrLine(0)  
    strObjectName = arrLine(1)  
    strUser = arrLine(2)  
    strPermissions = arrLine(3)
    
    Call SetInstanceRights(strObjectsType, strObjectName, strUser, strPermissions)
   Else
    WScript.Echo "An invalid number of parameters have been passed, please check the permissions file for proper formatting."
    WScript.Quit
   End If

     

   'Reset the Permissions for the next action  
   strChosenPermissions = 0  
  End If  
 End If  

Loop  
  
' Grabs the GUID for the instance-level object
' Not modified from Jonas's script except for variable renaming 
Function NameToID(strObjectType,strObjectName)  
 Dim colResuls, objResult  

 Select Case (strObjectType)  
  Case("Collection")  
   Set colResults = objSWbemServices.ExecQuery ("select * from SMS_Collection where Name='" & strObjectName & "'")  
   For Each objResult In colResults  
    NameToID = objResult.CollectionID  
   Next  
  Case("Package")  
   Set colResults = objSWbemServices.ExecQuery ("select * from SMS_Package where Name='" & strObjectName & "'")  
   For Each objResult In colResults  
    NameToID = objResult.PackageID  
   Next  
  Case ("Advertisement")  
   Set colResults = objSWbemServices.ExecQuery ("select * from SMS_Advertisement where AdvertisementName='" & strObjectName & "'")  
   For Each objResult In colResults  
    NameToID = objResult.AdvertisementID  
   Next  
 End Select  
End Function  

' Sets the permissions on the instance-level object
' Not modified from Jonas's script except for variable renaming 
Function SetInstanceRights(strObjectType, strObjectName, strUser, strPermissions)  
 Dim arrPermissions, strPermission  
 Dim strObjectID  
 Dim objUserInstancePermissions  
 SetInstanceRights = False  

 Set objUserInstancePermissions = objSWbemServices.Get("SMS_UserInstancePermissions")  

 'Create UserInstancePermissionsObject  
 Set objNewUserInstancePermissions = objUserInstancePermissions.SpawnInstance_  

 'Set the Object type  
 Select Case (strObjectType)   
  Case "Package"  
   objNewUserInstancePermissions.ObjectKey = 2  
  Case "Advertisement"  
   objNewUserInstancePermissions.ObjectKey = 3  
  Case "Collection"  
   objNewUserInstancePermissions.ObjectKey = 1  
  Case Else  
   WScript.Echo "Objecttype not supported"  
 End Select   


 'Set the Object ID  
 strObjectID = NameToID(strObjectType,strObjectName)  
 If strObjectID <> "" Then   
  objNewUserInstancePermissions.InstanceKey = strObjectID  
 Else  
  WScript.Echo strObjectType & " was not found: " & strObjectName  
  WScript.Quit  
 End if  

 'Set the User or Group  
 objNewUserInstancePermissions.UserName = strUser  

 'Set the Permissions  
 arrPermissions = Split(strPermissions,"&")  
 For Each strPermission In arrPermissions  
  'Parse the Permissions  
  Select Case UCASE(strPermission)  
   Case "READ"  
    strChosenPermissions = strChosenPermissions + 1  
   Case "MODIFY"  
    strChosenPermissions = strChosenPermissions + 2  
   Case "DELETE"  
    strChosenPermissions = strChosenPermissions + 4  
   Case "DISTRIBUTE"  
    strChosenPermissions = strChosenPermissions + 8  
   Case "REMOTE_CONTROL"  
    strChosenPermissions = strChosenPermissions + 32  
   Case "ADVERTISE"  
    strChosenPermissions = strChosenPermissions + 64  
   Case "MODIFY_RESOURCE"  
    strChosenPermissions = strChosenPermissions + 128  
   Case "ADMINISTER"  
    strChosenPermissions = strChosenPermissions + 256  
   Case "DELETE_RESOURCE"  
    strChosenPermissions = strChosenPermissions + 512  
   Case "CREATE"  
    strChosenPermissions = strChosenPermissions + 1024  
   Case "READ_RESOURCE"  
    strChosenPermissions = strChosenPermissions + 4096  
   Case "MODIFYCOLLECTIONSETTING"  
    strChosenPermissions = strChosenPermissions + 2097152  
   Case Else  
    WScript.Echo "Permissions not supported"  
  End Select   
 Next  

 objNewUserInstancePermissions.InstancePermissions = strChosenPermissions  


 'Creating Permissions  
 On Error Resume Next  
 objNewUserInstancePermissions.put_  


 If Err.Number = 0 Then  
  WScript.Echo "Successfully set following Permissions:"  
  WScript.Echo vbTab & " - " & strObjectType  
  WScript.Echo vbTab & " - " & strObjectName  
  WScript.Echo vbTab & " - " & strUser  
  WScript.Echo vbTab & " - " & strPermissions   
 Else  
  WScript.Echo "Error (" &Err.Description  &") when trying to create the object:"  
  WScript.Echo vbTab & " - " & strObjectType  
  WScript.Echo vbTab & " - " & strObjectName  
  WScript.Echo vbTab & " - " & strUser  
  WScript.Echo vbTab & " - " & strPermissions   
 End If  

 Set objNewUserInstancePermissions = Nothing  
End Function  


' Sets permissions on the class level object
Function SetClassRights(strObjectType, strUser, strPermissions)  
 Dim arrPermissions, strPermission  
 Dim strObjectID  
 Dim objUserClassPermissions  
 SetClassRights = False  

 Set objUserClassPermissions = objSWbemServices.Get("SMS_UserClassPermissions")  

 ' Create UserClassPermissionsObject  
 Set objNewUserClassPermissions = objUserClassPermissions.SpawnInstance_  

 ' Set the Object type  
 ' Here we specify all classes for greater script flexibility
 Select Case UCase(strObjectType)   
  Case "COLLECTION"
   objNewUserClassPermissions.ObjectKey = C_COLLECTION  
  Case "PACKAGE"
   objNewUserClassPermissions.ObjectKey = C_PACKAGE  
  Case "ADVERTISEMENT"
   objNewUserClassPermissions.ObjectKey = C_ADVERTISEMENT  
  Case "STATUSMESSAGE"
   objNewUserClassPermissions.ObjectKey = C_STATUSMESSAGE
  Case "SITE"
   objNewUserClassPermissions.ObjectKey = C_SITE
  Case "QUERY"
   objNewUserClassPermissions.ObjectKey = C_QUERY
  Case "REPORT"
   objNewUserClassPermissions.ObjectKey = C_REPORT
  Case "METEREDPRODUCTRULE"
   objNewUserClassPermissions.ObjectKey = C_METEREDPRODUCTRULE
  Case "APPLICABLEUPDATESSUMMARY"
   objNewUserClassPermissions.ObjectKey = C_APPLICABLEUPDATESSUMMARYEX
  Case "CONFIGURATIONITEM"
   objNewUserClassPermissions.ObjectKey = C_CONFIGURATIONITEM
  Case "OPERATINGSYSTEMINSTALLPACKAGE"
   objNewUserClassPermissions.ObjectKey = C_OPERATINGSYSTEMINSTALLPACKAGE
  Case "DEPLOYMENTTEMPLATE"
   objNewUserClassPermissions.ObjectKey = C_TEMPLATE
  Case "UPDATESASSIGNMENT"
   objNewUserClassPermissions.ObjectKey = C_UPDATESASSIGNMENT
  Case "STATEMIGRATION"
   objNewUserClassPermissions.ObjectKey = C_STATEMIGRATION
  Case "IMAGEPACKAGE"
   objNewUserClassPermissions.ObjectKey = C_IMAGEPACKAGE
  Case "BOOTIMAGEPACKAGE"
   objNewUserClassPermissions.ObjectKey = C_BOOTIMAGEPACKAGE
  Case "TASKSEQUENCEPACKAGE"
   objNewUserClassPermissions.ObjectKey = C_TASKSEQUENCEPACKAGE
  Case "DEVICESETTINGPACKAGE"
   objNewUserClassPermissions.ObjectKey = C_DEVICESETTINGPACKAGE
  Case "DEVICESETTINGITEM"
   objNewUserClassPermissions.ObjectKey = C_DEVICESETTINGITEM
  Case "DRIVERPACKAGE"
   objNewUserClassPermissions.ObjectKey = C_DRIVERPACKAGE
  Case "SOFTWAREUPDATESPACKAGE"
   objNewUserClassPermissions.ObjectKey = C_SOFTWAREUDPATESPACKAGE
  Case "DRIVER"
   objNewUserClassPermissions.ObjectKey = C_SOFTWAREUDPATESPACKAGE
  Case Else  
   WScript.Echo "Object type unknown:  " & strObjectType 
 End Select   

 ' Set the User or Group  
 objNewUserClassPermissions.UserName = strUser  

 ' Set the Permissions  
 ' Included all permissions avaiable for all classes.
 arrPermissions = Split(strPermissions,"&")  
 For Each strPermission In arrPermissions  
  'Parse the Permissions  
  Select Case UCASE(strPermission)  
   Case "READ"  
    strChosenPermissions = strChosenPermissions + CP_READ  
   Case "MODIFY"  
    strChosenPermissions = strChosenPermissions + CP_MODIFY  
   Case "DELETE"  
    strChosenPermissions = strChosenPermissions + CP_DELETE  
   Case "DISTRIBUTE"  
    strChosenPermissions = strChosenPermissions + CP_DISTRIBUTE  
   Case "REMOTE_CONTROL"  
    strChosenPermissions = strChosenPermissions + CP_REMOTE_CONTROL  
   Case "ADVERTISE"  
    strChosenPermissions = strChosenPermissions + CP_ADVERTISE  
   Case "MODIFY_RESOURCE"  
    strChosenPermissions = strChosenPermissions + CP_MODIFY_RESOURCE  
   Case "ADMINISTER"  
    strChosenPermissions = strChosenPermissions + CP_ADMINISTER  
   Case "DELETE_RESOURCE"  
    strChosenPermissions = strChosenPermissions + CP_DELETE_RESOURCE  
   Case "CREATE"  
    strChosenPermissions = strChosenPermissions + CP_CREATE
   Case "READ_RESOURCE"  
    strChosenPermissions = strChosenPermissions + CP_READ_RESOURCE
   Case "VIEW_COLL_FILE"  
    strChosenPermissions = strChosenPermissions + CP_VIEW_COLL_FILE 
   Case "DELEGATE"  
    strChosenPermissions = strChosenPermissions + CP_DELEGATE
   Case "METER"  
    strChosenPermissions = strChosenPermissions + CP_METER
   Case "MANAGESQLCOMMAND"  
    strChosenPermissions = strChosenPermissions + CP_MANAGESQLCOMMAND
   Case "MANAGESTATUSFILTER"  
    strChosenPermissions = strChosenPermissions + CP_MANAGESTATUSFILTER
   Case "MANAGEFOLDER"  
    strChosenPermissions = strChosenPermissions + CP_MANAGEFOLDER
   Case "NETWORKACCESS"  
    strChosenPermissions = strChosenPermissions + CP_NETWORKACCESS
   Case "IMPORTMACHINE"  
    strChosenPermissions = strChosenPermissions + CP_IMPORTMACHINE
   Case "CREATETSMEDIA"  
    strChosenPermissions = strChosenPermissions + CP_CREATETSMEDIA
   Case "MODIFYCOLLECTIONSETTING"  
    strChosenPermissions = strChosenPermissions + CP_MODIFYCOLLECTIONSETTING
   Case "MANAGEOSDCERTIFICATE"  
    strChosenPermissions = strChosenPermissions + CP_MANAGEOSDCERTIFICATE
   Case "RECOVERUSERSTATE"  
    strChosenPermissions = strChosenPermissions + CP_RECOVERUSERSTATE
   Case "MANAGEBMC"  
    strChosenPermissions = strChosenPermissions + CP_MANAGEBMC
   Case "VIEWBMC"  
    strChosenPermissions = strChosenPermissions + CP_VIEWBMC
   Case "MANAGEAI"  
    strChosenPermissions = strChosenPermissions + CP_MANAGEAI
   Case "VIEWAI"  
    strChosenPermissions = strChosenPermissions + CP_VIEWAI
    

   ' BEGIN:  Custom Class 'ALL' Descriptors 
   ' This allows for just the specification of a user/group for a class and these are all available permissions for each class

   Case "ADVERTISEMENT_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "APPLICABLE_UPDATES_SUMMARY_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE
   Case "ASSET_INTELLIGENCE_ALL"
    strChosenPermissions = CP_ADMINISTER + CP_DELEGATE + CP_MANAGEAI + CP_VIEWAI
   Case "BOOT_IMAGE_PACKAGE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_DISTRIBUTE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "COLLECTION_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_REMOTE_CONTROL + CP_ADVERTISE + CP_MODIFY_RESOURCE + CP_ADMINISTER + CP_DELETE_RESOURCE + CP_CREATE + CP_VIEW_COLL_FILE + CP_READ_RESOURCE + CP_DELEGATE + CP_MODIFYCOLLECTIONSETTING + CP_MANAGEBMC + CP_VIEWBMC
   Case "COMPUTER_ASSOCIATION_ALL"
    strChosenPermissions = CP_READ + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER + CP_RECOVERUSERSTATE
   Case "CONFIGURATION_ITEMS_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_DISTRIBUTE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER + CP_NETWORKACCESS
   Case "DEPLOYMENT_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE
   Case "DEPLOYMENT_PACKAGE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_DISTRIBUTE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "DEPLOYMENT_TEMPLATE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE 
   Case "DEVICE_DRIVER_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "DEVICE_SETTING_ITEM_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE
   Case "DEVICE_SETTING_PACKAGE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_DISTRIBUTE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "DRIVER_PACKAGE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_DISTRIBUTE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "OS_IMAGE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_DISTRIBUTE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "OS_INSTALL_PACKAGE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_DISTRIBUTE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "PACKAGE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_DISTRIBUTE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "QUERY_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "REPORT_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "SITE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_METER + CP_MANAGESQLCOMMAND + CP_MANAGESTATUSFILTER + CP_IMPORTMACHINE + CP_MANAGEOSDCERTIFICATE
   Case "SOFTWARE_METERING_RULE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER
   Case "STATUS_MESSAGE_ALL"
    strChosenPermissions = CP_READ + CP_DELETE + CP_ADMINISTER + CP_CREATE
   Case "TASK_SEQUENCE_PACKAGE_ALL"
    strChosenPermissions = CP_READ + CP_MODIFY + CP_DELETE + CP_ADMINISTER + CP_CREATE + CP_DELEGATE + CP_MANAGEFOLDER + CP_CREATETSMEDIA
    
   ' END:  Custom Class 'ALL' Descriptors 
    
   Case ""
   Case Else  
    WScript.Echo "Permission not supported:  " & strPermission 
    WScript.Echo "Object Type:  " & strObjectType
  End Select   
 Next  

 ' Set the permissions
 objNewUserClassPermissions.ClassPermissions = strChosenPermissions  


 'Creating Permissions  
 'On Error Resume Next  
 objNewUserClassPermissions.put_  


 'If Err.Number = 0 Then  
 ' WScript.Echo "Successfully set following Permissions:"  
 ' WScript.Echo vbTab & " - " & strObjectType  
 ' WScript.Echo vbTab & " - " & strObjectName  
 ' WScript.Echo vbTab & " - " & strUser  
 ' WScript.Echo vbTab & " - " & strPermissions   
 'Else  
 ' WScript.Echo "Error (" &Err.Description  &") when trying to create the object:"  
 ' WScript.Echo vbTab & " - " & strObjectType  
 ' WScript.Echo vbTab & " - " & strObjectName  
 ' WScript.Echo vbTab & " - " & strUser  
 ' WScript.Echo vbTab & " - " & strPermissions   
 'End If  

 Set objNewUserClassPermissions = Nothing  
End Function  

' Sets all permissions on all classes for the given user/group
Function SetClassRights_All(strUser)
 Call SetClassRights("COLLECTION", strUser, "COLLECTION_ALL")
 Call SetClassRights("PACKAGE", strUser, "PACKAGE_ALL")
 Call SetClassRights("ADVERTISEMENT", strUser, "ADVERTISEMENT_ALL")
 Call SetClassRights("STATUSMESSAGE", strUser, "STATUS_MESSAGE_ALL")
 Call SetClassRights("SITE", strUser, "SITE_ALL")
 Call SetClassRights("QUERY", strUser, "QUERY_ALL")
 Call SetClassRights("REPORT", strUser, "REPORT_ALL")
 Call SetClassRights("METEREDPRODUCTRULE", strUser, "SOFTWARE_METERING_RULE_ALL")
 Call SetClassRights("APPLICABLEUPDATESSUMMARY", strUser, "APPLICABLE_UPDATES_SUMMARY_ALL")
 Call SetClassRights("CONFIGURATIONITEM", strUser, "CONFIGURATION_ITEMS_ALL")
 Call SetClassRights("OPERATINGSYSTEMINSTALLPACKAGE", strUser, "OS_INSTALL_PACKAGE_ALL")
 Call SetClassRights("DEPLOYMENTTEMPLATE", strUser, "DEPLOYMENT_TEMPLATE_ALL")
 Call SetClassRights("UPDATESASSIGNMENT", strUser, "DEPLOYMENT_ALL")
 Call SetClassRights("STATEMIGRATION", strUser, "COMPUTER_ASSOCIATION_ALL")
 Call SetClassRights("IMAGEPACKAGE", strUser, "OS_IMAGE_ALL")
 Call SetClassRights("BOOTIMAGEPACKAGE", strUser, "BOOT_IMAGE_PACKAGE_ALL")
 Call SetClassRights("TASKSEQUENCEPACKAGE", strUser, "TASK_SEQUENCE_PACKAGE_ALL")
 Call SetClassRights("DEVICESETTINGPACKAGE", strUser, "DEVICE_SETTING_PACKAGE_ALL")
 Call SetClassRights("DEVICESETTINGITEM", strUser, "DEVICE_SETTING_ITEM_ALL")
 Call SetClassRights("DRIVERPACKAGE", strUser, "DRIVER_PACKAGE_ALL")
 Call SetClassRights("SOFTWAREUPDATESPACKAGE", strUser, "DEPLOYMENT_PACKAGE_ALL")
 'Call SetClassRights("DRIVER", strUser, "DRIVER_ALL")
End Function

No comments:

Post a Comment