I found the command line below that is used to add IP addresses to restrict in IIS 7
appcmd set config /section:ipsecurity /+"[ipaddress='10.0.0.1',allowed='false']"
Is there an equivalent command for IIS 6?
Thanks!
No, there's no built-in Windows command to do it. You can find evidence of scripts that people have written to mitigate for this.
Ultimately, you want to modify a metabase entry called IPSecurity. Here's the thing: this IPSecurity entry can be set up at the top level (W3SVC service) all of the way down to individual files. So, you can define security for any of:
Service
Site
VDir
Folder
File
The example in your question is service-wide, so you'd want to target IIS://localhost/W3SVC. If you wanted to configure only the default website, you'd target IIS://localhost/W3SVC/1/Root.
Once you know what level you want to modify, you need to identify what the course of action is for a matching IP. You clearly want to block. That means you'll need to modify the IPDeny List.
Now you just need to write a script in the language of your choice that connected to the metabase via ADSI and modifies the IPDeny list to include the additional IP.
I've modified the one from the MSDN page to take an argument:
Dim SecObj
Dim MyIPSec
Dim IPList
Set SecObj = GetObject("IIS://LocalHost/W3SVC")
Set MyIPSec = SecObj.IPSecurity
If (FALSE = MyIPSec.GrantByDefault) Then
MyIPSec.GrantByDefault = TRUE
End If
if WScript.Arguments.Count = 0 then
WScript.Echo "Missing IP Address"
WScript.Quit(1)
end if
' WScript.Echo "Adding " & WScript.Arguments(0)
IPList = MyIPSec.IPDeny
Redim Preserve IPList (Ubound(IPList)+1)
IPList (Ubound(IPList)) = WScript.Arguments(0)
MyIPSec.IPDeny = IPList
SecObj.IPSecurity = MyIPSec
SecObj.Setinfo
If you save this as blockip.vbs, you can call it with:
wscript blockip.vbs 10.0.0.1
FYI, This works fine with IIS6, but works once, then fails after the list exists, on Win7 (IIS 7.5).
Related
I need a lotus script for mass move of users mail files from one domino directory to another. I've found script for mass user deletion and just replaced method notesAdministrationProcess.DeleteUser with method noteID$ = notesAdministrationProcess .MoveMailUser( username$ , newhomeserver$ , newhomeservermailpath$ ) , where is newhomeservermailpath$ - moved - directory which I previously created to move mail files from default mail folder mail. Domino console didn't report any error but script doesn't move user's mail files. What is missing? Am I doing something wrong?
Script code:
Sub Initialize
Dim session As New NotesSession
Dim db,addbk As NotesDatabase
Dim usrvw As NotesView
Dim Username As String
Dim movecounter As Integer
Dim nap As NotesAdministrationProcess
Dim FIleNumber As Integer
Dim Filename As String
Set nap = session.CreateAdministrationProcess("MyServer/myserverdomain")
Set db = session.CurrentDatabase
Set addbk=session.GetDatabase("MyServer/myserverdomain","names.nsf",0)
Set usrvw=addbk.getview("$NamesFieldLookup")
filenumber%=FreeFile()
fileName$="D:\moveMail.csv"
Open fileName For Input As fileNumber%
On Error Resume Next
movecounter=0
Do Until EOF(fileNumber%)
Input #fileNumber%,Username
movecounter=movecounter+1
Call nap.MoveMailUser(Username, MyServer/myserverdomain , moved)
Print "Moved" & CStr(movecounter) "Users"
Loop
End Sub
There are -as stated in comments- some major problems with your code:
First: NEVER use "On Error Resume Next" except for expected single errors you want to suppress.
Your case is the best example: Your code fails because of non defined variables, but you will never get an error message because you suppress it: No chance of knowing where it went wrong.
Second: EVER add
Option Declare
to any code you write in LotusScript. There is even a Designer setting to do this automatically. This option would have checked if all variables you use are declared... and would have not even allowed you to save this code.
Third: The errors in code. You managed to produce 2 errors when changing one single line of code...
This is how it looks:
Call nap.MoveMailUser(Username, MyServer/myserverdomain , moved)
This is how it should look:
Call nap.MoveMailUser(Username, "MyServer/myserverdomain" , "moved")
Just look at the difference... I will not start to teach you basics about variables vs. string literals as these are the same for almost every programming language.
-off topic-
One more thing: The way you approach business tasks is reckless at least but in any case very dangerous... You seem to copy some code from somewhere but even lack the very basics in coding. Seeing that you delete productive users and move productive mail databases I would be very concerned when I saw you doing this via "trial and error"... But this is just my point of view...
-/end off topic-
If you do it in the Administrator client, moving a user's mailfile consist of several steps, see https://help.hcltechsw.com/domino/10.0.1/admn_moveamailfilefromoneservertoanother_r.html
Check mail server's access
Create new mail file replica
Add new mail file fields
Monitor new mail file fields
Replace mail file fields
(user has to login to Notes client, or you have to create AdminRequest programmatically)
Push changes to new mail server
Get mail file information for deletion
Approve mail file deletion
I have Microsoft Access Runtime not full version of Microsoft Access, When i create object in Excel VBA
Set objAccess = CreateObject("Access.Application")
That time i am getting
Error 429 "ActiveX component can't create object."
Suggest how to create object?
I'm not sure whether this information is still relevant to OP, but it might help out others (like me) who were looking for a solution:
In cases where the simple route
Dim AccApp as Object
Set AccApp = CreateObject("Access.Application")
doesn't work (e.g. because only the Runtime Version of Access is available), the following route seems to work:
Const PathToDBFile as String = "W:\here\Your\DB\lies.accdb"
Const PathToAccess as String = "C:\Program files\YourOfficeVersion\MSACCESS.EXE"
Dim ShellCmd as String
' Piece together the parts (yes, the quotes are necessary in case there are spaces in the paths)
ShellCmd = """" & PathToAccess & """ """ & PathToDBFile & """"
' Execute the command in the shell
VBA.Shell ShellCmd
' Now GetObject can return the newly created instance of Access
Dim AccApp as Object
Set objAcc = GetObject(PathToDBFile)
(Source)
This code is only the bare bones to show the essential steps. One likely wants to make sure there isn't already an instance of Access running. Also I've not yet worked out how I can reliably get the path to the MSAccess.exe on different systems. But the above worked for me when I tried on a system with only the Runtime Version installed. (I was able to get the correct return from AccApp.Run "MyFunction".)
I'm maintaining an application which sends out E-Mails with a notes url link like this:
noteshref = "notes://" & serverName.Common & "/" & docToLink.Parentdatabase.Replicaid & "/" & viewUNID & "/" & docToLink.Universalid
the viewUNID is calculated thusly:
Dim viewUNID As String
Set nc = db.Createnotecollection(False)
nc.Selectviews=True
nc.Selectionformula={#isMember("Vtousdocuments";#explode($Title;"|"))}
nc.Buildcollection
If nc.Count > 0 Then
viewID = nc.Getfirstnoteid
Dim note As NotesDocument
Set note = db.Getdocumentbyid(viewID)
viewUNID=note.Universalid
Delete note
Else
viewUNID="0"
End If
Delete nc
I've looked at the documentation for the NotesURL:
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/notes-urls
I've seen demonstrations via a remote session when the database icon on the workspace is not created when opening the link. The Document gets opened, but no bananas on the 'create a Workspace icon on the database' behaviour.
I haven't been able to reproduce this on my machine, and I've also noted that, contrary to the documentation, the server 'hint' is not considered - one of the possible replicas is pulled out of thin air and recreated on the workspace.
Am I missing anything? Are there perhaps some combinations of the notesurl that do not create icons on the workspace (i.e. a naming convention for the server)? Or could it be something more obscure, like corrupted desktop.ndks?
I have used this URL format in few places and it has always worked and it opens the right server. One thing I do differently is use /0/ instead of the view UNID "/" & viewUNID & "/". This would directly open the document if its present in the db and its also faster.
But your solution also should work, if the issue is specific for few users you should delete the cache/desktop and try.
WARNING: **PLEASE MAKE SURE THAT YOU DO NOT USE THIS APPROACH IF YOU ARE WORKING WITH UN-TRUSTED DEVICES/IP's. You do not want to automatically cache Ssh Host Keys which are unknown to you. Do take care.
The purpose of my code is to run ssh through plink.exe from VBA Excel for a given list of IP's. I am just checking for SSH connectivity and IP's list is dynamic.
I am trying to pass y when running ssh using plink.exe. The reason for y is because first time PLink (PuTTY) asks for caching the IP.
Echo y does that automatically from command prompt and runs fine as below.
C:\>echo y | Users\Admin\Desktop\plink.exe -ssh 10.0.0.1
The command passes y and the IP is cached which makes my code automated and the code cycles through the whole list.
I am unable to execute that same command in VBA excel (which is where the tool is) and would need guidance in how to implement it. Please suggest where I am going wrong.
Dim strShellCommand As String
Dim filename As String
Dim Run As String
Dim a As String
Dim b As String
filename = Sheet1.Cells(8, 2).Value
a = "echo y |"
b = "-ssh"
' Comments!!
' filename from cell = "C:\Users\Admin\Desktop\plink.exe"
' echo y | C:\Users\Admin\Desktop\plink.exe -ssh 10.0.0.1
' strCompaddress is any IP
Run = a & " " & filename & " " & b & " " & strCompAddress
Set osh = CreateObject("Wscript.Shell")
Set oEx = osh.Exec(Run)
Do not try to circumvent the verification of the SSH host key. It's there by purpose for your own security:
This is a feature of the SSH protocol. It is designed to protect you against a network attack known as spoofing: secretly redirecting your connection to a different computer, so that you send your password to the wrong machine. Using this technique, an attacker would be able to learn the password that guards your login account, and could then log in as if they were you and use the account for their own purposes.
Use the -hostkey switch instead to provide a fingerprint of the expected host key.
3.8.3.20 -hostkey: manually specify an expected host key
This option overrides PuTTY's normal SSH host key caching policy by telling it exactly what host key to expect, which can be useful if the normal automatic host key store in the Registry is unavailable. The argument to this option should be either a host key fingerprint, or an SSH-2 public key blob. See section 4.20.2 for more information.
You can specify this option more than once if you want to configure more than one key to be accepted.
Note that the -hostkey switch was introduced in PuTTY/PLink 0.64.
If you use your code to test connectivity, why do you need to accept the host key? The mere fact that the server was able to present the host key is proof of the connectivity.
If you really use your code to cache the host keys, so that "they don't have the click 'yes' for every IP to cache it, " do not. That's absolutely unacceptable. Not only that you break your own security. You deliberately break security of other users that will unknowingly trust any host key that you blindly accepted.
The only correct way to pre-cache the host keys is by importing the known host keys to the registry.
Export personally verified (I mean it) host keys from your registry to a file like SshHostKeys.reg:
[HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\SshHostKeys]
"rsa2#22:example.com"="0x23,0xab603b8511a67679bdb540db3bd2034b004ae936d06be3d760f08fcbaadb4eb4edc3b3c791c70aae9a74c95869e4774421c2abea92e554305f38b5fd414b3208e574c337e320936518462c7652c98b31e16e7da6523bd200742a6444d83fcd5e1732d03673c7b7811555487b55f0c4494f3829ece60f94255a95cb9af537d7fc8c7fe49ef318474ef2920992052265b0a06ea66d4a167fd9f3a48a1a4a307ec1eaaa5149a969a6ac5d56a5ef627e517d81fb644f5b745c4f478ecd082a9492f744aad326f76c8c4dc9100bc6ab79461d2657cb6f06dec92e6b64a6562ff0e32084ea06ce0ea9d35a583bfb00bad38c9d19703c549892e5aa78dc95e250514069"
and import them on the target machine.
For example using:
reg import SshHostKeys.reg
If you really do not care about a security, for example because you are connecting within a private network, use:
Run = Environ("COMSPEC") & " /c echo y | " & filename & " -ssh " & strCompAddress
(assuming a path to plink.exe in filename)
To make an input redirection working, you have to run the process via shell interpreter (cmd.exe). The environment variable COMSPEC points to it (typically C:\WINDOWS\system32\cmd.exe).
See also Redirecting input to an executable from Excel VBA.
I’m using nslater's wonderful script for counting words and characters in a selected block of text, but I need two enchancements:
have the script available even without text selected. Currently, when I pull up the list of available Services without a selection, the Service isn’t there (that’s logical, of course, but enhancement #2 would change things).
add a conditional behaviour to the script: if no text is selected, process all text, but if there is a selection, then only process the selected text.
Here is nslater's script, which I pasted into Automator (I created the Service by following the steps in his commented instructions):
# Word and Character Count service for Mac OS X
#
# Adds a Word and Character Count option to the text selection context menu in all apps
#
# Use Automator.app to create a new service, and then select the Run AppleScript action.
# Paste this code in to the text box, and save as Word and Character Count. Now switch to
# a new app, select some text, and open the context menu to find the new option.
on run {input, parameters}
tell application "System Events"
set _appname to name of first process whose frontmost is true
end tell
set word_count to count words of (input as string)
set character_count to count characters of (input as string)
tell application _appname
display alert "" & word_count & " words, " & character_count & " characters"
end tell
return input
end run
The following AppleScript code will do what you are after:
tell application "System Events" to set frontApplication to (first application process whose frontmost is true)
set theText to my getCurrentTextContents(frontApplication)
if theText is not "" then
set wordCount to count words of theText
set charCount to count characters of theText
tell application (name of frontApplication) to display alert "" & wordCount & " words, " & charCount & " characters"
end
on getCurrentTextContents(ofApplication)
tell application "System Events"
try -- time-out as some UI elements block, notably system sheets
with timeout of 5 seconds
set allElements to entire contents of window 1 of ofApplication
end timeout
on error
return ""
end try
repeat with UIelement in allElements
try –– very large element collections can change before looped through
if focused of UIelement is true then
if attribute "AXSelectedTextRange" of UIelement exists then
set {x, y} to value of attribute "AXSelectedTextRange" of UIelement
if y ≥ x then
return value of attribute "AXSelectedText" of UIelement
else
return value of UIelement
end if
else
return ""
end if
end if
on error errorMessage
log errorMessage
return ""
end try
end repeat
return ""
end tell
end getCurrentTextContents
If you want to use it in service, you will have to set that service to take “No Input” – as Ken Thomases correctly stated in his comment, services only process input if there is a selection. In the case of a “No Input” service, you are essentially creating a global (or app-specific, if you restrict the service to an application) launch point for a script. Any other script launcher that does not steal focus from the app it targets will serve as well (and might be faster – Automator services tend to be veeerrrrryyyyy sssllllooooowwww on first launch).
Also note the whole thing works through the Accessibility API (the foundation for GUI scripting) and needs access to the API to be enabled by the user – either by checking “Enable Access for Assistive Devices” in the “Accessibility“ pane of System Preferences, or by doing
tell application "System Events" to if not UI elements enabled then
activate
set UI elements enabled to true
end if
it also requires the target application to support the Accessibility API in its text views as defined by Apple (see documentation linked to above), and do so correctly. MS Office applications, don’t, for one (they use non-standard views without selection attributes – thanks #adayzdone), and I wouldn’t be surprised if Adobe CS applications didn’t either. Java and AIR applications will probably be problematic, too.
Finally, while I‘m at the caveat empteor stage, I’ll add the speed of the script depends directly on the complexity of the UI hierarchy of the targeted application. This is not problem in the case of ordinary apps, but it is definitely in the case of WebKit generated web views – aka Safari and co. – as these map the whole DOM to UI elements. Although very laudable in terms of accessibility, this results in a humongous UI hierarchy which will take quite a time to traverse.