A Scripting Server for Domain Automation Tasks

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

University of Southampton Electronics and Computer Science M-grid: Using Ubiquitous Web Technologies to create a Computational Grid Robert John Walters.
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
Slide 1 of 10 Job Event Basics A Job Event is the name for the collection of components that comprise a scheduled job. On the iSeries a the available Job.
Module 5: Configuring Access for Remote Clients and Networks.
8/26/98The DESY WindowsNT Group1 Windows NT at DESY l Status report l new developments for the automation of administrative tasks l outlook to our preparations.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Reliability and Performance Application protection IIS Reliable Restart Socket pooling Multisite hosting Process throttling Bandwidth throttling.
Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.
11 WORKING WITH COMPUTER ACCOUNTS Chapter 8. Chapter 8: WORKING WITH COMPUTER ACCOUNTS2 CHAPTER OVERVIEW Describe the process of adding a computer to.
Printing Terminology. Requirements for Network Printing At least one computer to operate as the print server Sufficient RAM to process documents Sufficient.
Asynchronous Web Services Approach Enrique de Andrés Saiz.
Configuring Task Scheduler Lesson 9. Skills Matrix Technology SkillObjective Domain SkillDomain # Understanding Task Scheduler Configure and manage the.
Today’s Agenda Chapter 12 Admin Tasks Chapter 13 Automating Admin Tasks.
Meir Botner David Ben-David. Project Goal Build a messenger that allows a customer to communicate with a service provider for a fee.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 11.
Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.
JavaScript, Fourth Edition Chapter 12 Updating Web Pages with AJAX.
Finish configuration cloudclinica root jdbc:postgresql:5432//localhost/cc_db JDBC Url: JDBC Driver: User name: Password: ******** org.postgresql.Driver.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Internet, intranet, and multimedia database processing l Database processing across local and wide area networks l Alternative architectures for distributing.
Copyright MCL-Technologies v MCL-Collection MCL-Link.
Robert Fourer, Jun Ma, Kipp Martin Copyright 2006 An Enterprise Computational System Built on the Optimization Services (OS) Framework and Standards Jun.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
Module 7: Fundamentals of Administering Windows Server 2008.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
CS480 Computer Science Seminar Introduction to Microsoft Solutions Framework (MSF)
Database-Driven Web Sites, Second Edition1 Chapter 5 WEB SERVERS.
IS 221: DATABASE ADMINISTRATION Lecture 6:Create Users & Manage Users. Information Systems Department 1.
Introduction to the Adapter Server Rob Mace June, 2008.
Database control Introduction. The Database control is a tool that used by the database administrator to control the database. To enter to Database control.
10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
Chapter 10: Rights, User, and Group Administration.
2 Using Administration Tools Objectives Using the Server Manager Line Mode Identifying administration applications supplied with the Oracle Enterprise.
ASP. What is ASP? ASP stands for Active Server Pages ASP is a Microsoft Technology ASP is a program that runs inside IIS IIS stands for Internet Information.
Tom Meyer, Iowa State SCT/Pixel Online Workshop June, 2001 CORBA Common Object Request Broker Architecture.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
CCCognos Connection RSReport Studio ASAnalysis Studio QSQuery Studio ESEvent Studio CSContent Store FWM Framework.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
Configuring and Deploying Web Applications Lesson 7.
ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
Raina NEC Application Object Describes the methods, properties, and collections of the object that stores information related to the entire Web.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Splunk Enterprise Instructor: Summer Partain 3 Day Course.
ADO .NET from. ADO .NET from “ADO .Net” Evolution/History of ADO.NET MICROSOFT .NET “ADO .Net” Evolution/History of ADO.NET History: Most applications.
 Project Team: Suzana Vaserman David Fleish Moran Zafir Tzvika Stein  Academic adviser: Dr. Mayer Goldberg  Technical adviser: Mr. Guy Wiener.
G. Russo, D. Del Prete, S. Pardi Kick Off Meeting - Isola d'Elba, 2011 May 29th–June 01th A proposal for distributed computing monitoring for SuperB G.
SQL Database Management
Architecture Review 10/11/2004
Reliability and Performance
ASP.NET Programming with C# and SQL Server First Edition
Managing, Storing, and Executing DTS Packages
.NET Remoting Priyanka Bharatula.
Chapter 2: System Structures
TYPES OF SERVER. TYPES OF SERVER What is a server.
PHP / MySQL Introduction
IBM WEBSPHERE MESSAGE QUEUE online Training | IBM WEBSPHERE MQ Training
Chapter 3: Windows7 Part 4.
Database Driven Websites
Chapter 27: System Security
Exploring the Power of EPDM Tasks - Working with and Developing Tasks in EPDM By: Marc Young XLM Solutions
We Need To Talk Security
Presentation transcript:

A Scripting Server for Domain Automation Tasks Christian Trachimow, DESY 5/13/2019 The DESY WindowsNT Group

Domain administration tasks User management delegated to group administrators and „user service“ set passwords, create, move, delete, archive,... Group management define composition System management query computers for special properties license management different group are taking part of this processes But: most jobs can be done only with domain admin privileges Need a server, that holds scripts, controls security and executes scripts 5/13/2019 The DESY WindowsNT Group

Requirements for a Scripting Server Scripts should be stored on the Scripting Server Scripts can be triggered by remote machines Secure connections with remote machines (Encryption) Scripts must be run with DA privileges (Impersonation) Identify which users submits the execution request (Authentication ) Define which groups are allowed to launch the script (Security control) Easy way of launching scripts Logging all operations (Event log) 5/13/2019 The DESY WindowsNT Group

Why Transaction Server ? Only used as DCOM repository Impersonation: can be defined for a package (collection of objects) Encryption: DCOM network security: „packet privacy„ Authentication is done by DCOM: NTLM Easy way of invoking scripts (DCOM)  Implement a COM object on MTS Read config file identify calling user and check if user is allowed .. Execute script and return standard output 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Basic Idea 1 Store all script on the tranaction server (MTS) moveuser.pl setpasswd.vbs movehome.pl Edit config file: xml format 2 Alias Name Script location Role Pass calling user MoveUser Perl.exe moveuser.pl User Support No Passwd Cscript.exe setpasswd.vbs MoveHomedir Perl.exe movehome.pl Domain Operator 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Basic Idea (cont.) 3 Define Roles on Transaction Server User Support: desynt\usg desynt\Domain Admins Domain Operators: desynt\Domain Admins desynt\operators User Support Domain Operators 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Basic Idea (cont.) Set obj = CreateObject(„DSH.ExecuteSync“) obj.InvokeScript(„Passwd“, „user1 newpassword“) Alias Name Script location Role Pass calling user MoveUser Perl.exe moveuser.pl User Support No Passwd Cscript.exe setpasswd.vbs MoveHomedir Perl.exe movehome.pl Domain Operator COM object Client / Web Server execute script User Support Domain Operators Tranaction Server 5/13/2019 The DESY WindowsNT Group

Implementation COM object COM object Client / Web Server Load config file by MS XML provider COM object on MTS: Impersonation „GetOriginalCallerID“ from ISecurityContext DCOM: Network: „packet privacy“ Authentication: NTLM Alias Name Script location Role Pass calling user MoveUser Perl.exe moveuser.pl User Support No Passwd Cscript.exe setpasswd.vbs MoveHomedir Perl.exe movehome.pl Domain Operator COM object COM object Client / Web Server User Support Domain Operators IObjectContext interface provides „IsCallerInRole“ method Execute script redirect standard output to pipe Log activity Tranaction Server 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Example store script on MTS define role on MTS configure config file Alias name Script location Role ActiveX control makes changes in configuration file write client script / Web interface (ASP) Example: write script / configure server / write client script / call script 5/13/2019 The DESY WindowsNT Group

Conditional execution Problem: allow execution only if some conditions are valid Group administrators are only allowed to set the password of their users, not of all users Group adminis can remove their computers from the domain Could be done within the script Execute „Passwd“, „user1 newpassword“ only if calling user is allowed to manage „user1“ Condition table defines relationship between calling user and managed object Defines which management groups are permitted to manage which kind of users, computers or groups 5/13/2019 The DESY WindowsNT Group

Management definition table Check if „Calling User“ is in management group and the argument is in a group which is managed Calling User Argument of type „user“ Management groups Groups to manage Group1adm Group2adm Group3adm Domain Admins Group1 Group2 Group3 * 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Set obj = CreateObject(„DSH.ExecuteSync“) obj.InvokeScript(„Passwd“, „user1 newpassword“) Who is calling ? COM object Calling User Argument Management groups Groups to manage Group1adm Group2adm Group3adm Domain Admins Group1 Group2 Group3 * 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Config File Extension Alias Name Script location Role Pass calling user Arg. to check Arg. type Passwd Cscript.exe setpasswd.vbs User Support No 1 User Types of arguments: COMPUTERS USERS GROUPS 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Summary Script can be stored and executed on the „Scripting Server“ (within Domain Administrator rights) Define by „role“ who is permitted to launch the scripts Conditional execution: a table defines relationship between calling user and managed object Configuration settings can be managed by ActiveX component Example: configure condition 5/13/2019 The DESY WindowsNT Group

Asynchronous Execution Some scripts take a long time to finish Move homedirectory, archive user data Web server has timeout interval for ASP pages The user cannot see, if script was executed successfully Asynchronous execution submitting a script execution request, method returns an ID Check status of the execution by ID In queue / currently executed / finished Notification after execution has finished 5/13/2019 The DESY WindowsNT Group

Implementation: MSMQ (Message Queue Server) execution request currently executed finished transaction server Set obj = CreateObject(„DSH.ExecuteAync“) obj.InvokeScript(„Passwd“, „user1 newpassword“, „user@desy.de“, „some text for the body“) 5/13/2019 The DESY WindowsNT Group

Event Driven Execution Query computer for special properties Problem: script fails if computer is not online Hold script in queue and launch script only if event occurs Events: „computer is online“, „time is reached“, ... Other requirements: retry execution on error define a time range until execution request will be dropped notification by email 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Implementation: MSMQ check event: „computer is online“ execution request currently executed finished transaction server 5/13/2019 The DESY WindowsNT Group

The DESY WindowsNT Group Example Web based domain management 5/13/2019 The DESY WindowsNT Group

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.