'**********************************************************************
'
' Configure Computer Rights in AD
'
'**********************************************************************
'**********************************************************************
'Connecting to the default naming context
'**********************************************************************
Set oRootDSE = GetObject("LDAP://RootDSE")
strNamingContext = oRootDSE.Get("defaultNamingContext")
set oSubscription = GetObject("LDAP://"&strNamingContext)
'**********************************************************************
'Getting the security descriptor of the domain root
'**********************************************************************
on error resume next
set oSecDesc = oSubscription.Get("ntSecurityDescriptor")
set oACL = oSecDesc.DiscretionaryACL
if err.number<>0 then
wscript.echo "Error : "&error.number&" "&error.description
wscript.quit(1)
end if
'**********************************************************************
'Create a new ACE giving write access to the comment field of computer objects
'**********************************************************************
Set objACE = CreateObject("accessControlEntry")
objACE.Trustee = "Domain Computers"
objACE.AccessMask = 32
objACE.AceType = 5
objACE.AceFlags = 10
objACE.Flags = 3
objAce.ObjectType="{BF967A6A-0DE6-11D0-A285-00AA003049E2}"
objACE.InheritedObjectType="{BF967A86-0DE6-11D0-A285-00AA003049E2}"
oACL.AddAce(objACE)
oSecDesc.DiscretionaryACL = oACL
'**********************************************************************
'Write back the security descriptor
'**********************************************************************
oSubscription.Put "ntSecurityDescriptor",oSecDesc
oSubscription.SetInfo
if err.number<>0 then
wscript.echo "Error : "&error.number&" "&error.description
wscript.quit(1)
end if
No comments:
Post a Comment