________changeIUSRname.vbs________ On Error Resume Next Set objNetwork = WScript.CreateObject("WScript.Network") strComputerName = objNetwork.ComputerName 'This part changes the OS user name strNewUser = "IUSR_ACCT" strOldUser = ("IUSR_" & strComputerName) 'This part tells IIS what that new username is so it doesn't get confused Set oComputer = GetObject("WinNT://" & strComputerName) Set oUser = GetObject("WinNT://" & strComputerName & "/" & strOldUser & ",user") Set NewUser = oComputer.MoveHere(oUser.ADsPath, strNewUser) Dim WebServerObj Set WebServerObj = GetObject("IIS://localhost/W3SVC") WebServerObj.Put "AnonymousUserName", "IUSR_ACCT" WebServerObj.Put "AnonymousPasswordSync", TRUE WebServerObj.SetInfo ___________END______________ ________DeleteFTP.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission Set WshShell = WScript.CreateObject("WScript.Shell") value = "net stop " & chr(34) & "CISVC" & chr(34) WshShell.Run value, 0, true 'Remove FTP Service and Metabase Entries set IIsObject = GetObject("IIS://LocalHost/MSFTPSVC") if Err.Number <> &H80070003 then select case (err.number) case 0 err.clear set IIsObject = GetObject("IIS://LocalHost/MSFTPSVC/1/ROOT") if err.number <> &H80070003 then select case (err.number) case 0 vFTProotPath = IIsObject.Path set IIsObject = getObject("IIS://LocalHost/MSFTPSVC/1") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsFTPVirtualDir", "Root" if err.number <> &H80070003 then select case (err.number) case 0 IIsObject.SetInfo if err.number <> 0 then ReportError() case else ReportError() end select end if err.clear set IIsObject = getObject("IIS://LocalHost/MSFTPSVC") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsFTPServer", "1" if err.number <> 0 then ReportError() err.clear IIsObject.SetInfo if err.number <> 0 then ReportError() err.clear set IIsObject = getObject("IIS://LocalHost/MSFTPSVC") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsFTPInfo", "Info" if err.number <> 0 then ReportError() err.clear IIsObject.SetInfo if err.number <> 0 then ReportError() err.clear value = "net stop " & chr(34) & "MSFTPSVC" & chr(34) WshShell.Run value, 0, true set IIsObject = getObject("IIS://LocalHost") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsFTPService", "MSFTPSVC" if err.number <> 0 then ReportError() err.clear IIsObject.SetInfo if err.number <> 0 then ReportError() err.clear case else ReportError() end select err.clear end if case else ReportError() end select end if err.clear Sub ReportError() Dim ErrorDescription Select Case (Err.Number) Case &H80070003 ErrorDescription = "The path requested could not be found." Case &H80070005 ErrorDescription = "Access is denied for the requested path or property." Case &H80070094 ErrorDescription = "The requested path is being used by another application." Case Else ErrorDescription = Err.Description End Select ' Errorlog.WriteLine(ErrorDescription) ' Errorlog.WriteLine("ErrNumber: " & Err.Number) ' WScript.Echo ErrorDescription ' WScript.Echo "ErrNumber: " & Err.Number & " (0x" & Hex(Err.Number) & ") at " & Err.Line End Sub Function SplitParam(ObjectPath) ' Note: Assume the string has been sanitized (no leading or trailing slashes) On Error Resume Next Dim SlashIndex Dim TempParam Dim ObjectPathLen SplitParam = "" ' Assume no parameter ObjectPathLen = Len(ObjectPath) ' Separate the path of the node from the parameter SlashIndex = InStrRev(ObjectPath, "/") If (SlashIndex = 0) Or (SlashIndex = ObjectPathLen) Then TempParam = ObjectPath ObjectPath = "" ' ObjectParameter is more important Else TempParam = ObjectPath ObjectPath = Left(ObjectPath, SlashIndex - 1) TempParam = Right(TempParam, Len(TempParam) - SlashIndex) End If SplitParam = TempParam If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to Split the parameter from the object: " & ObjectPath WScript.Quit (Err.Number) End If End Function ___________END______________ ________RemoveOS2Sub.vbs________ 'Portions originally developed by Russ Cooper, and Cullen Johnson, and used with their permission Const HKEY_CLASSES_ROOT = &H80000000 Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 Const HKEY_USERS = &H80000003 Const HKEY_CURRENT_CONFIG= &H80000005 Const HKEY_DYN_DATA = &H80000006 Const REG_SZ = 1 Const REG_EXPAND_SZ = 2 Const REG_BINARY = 3 Const REG_DWORD = 4 Const REG_MULTI_SZ = 7 Set WshShell = WScript.CreateObject("WScript.Shell") Set objRegNT = GetObject( "winmgmts://localhost/root/default:StdRegProv" ) 'Set fso = Wscript.CreateObject("Scripting.FileSystemObject") On Error Resume Next mykey = "SubSystems" Subkey = "SYSTEM\CurrentControlSet\Control\Session Manager\" & mykey regvalue = Array( "" ) ChangeOptionValue = objRegNT.SetMultiStringValue(HKEY_LOCAL_MACHINE, Subkey, "Optional", regvalue) WshShell.RegDelete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\Os2LibPath" WshShell.RegDelete "HKLM\\SOFTWARE\Microsoft\OS/2 Subsystem for NT" WshShell.RegDelete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Os2" WshShell.RegDelete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Posix" ___________END______________ ________DisableFrntPgWeb.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission On Error Resume Next set IIsObject = getObject("IIS://LocalHost/W3SVC/1") IIsObject.FrontPageWeb = 0 IIsObject.SetInfo ___________END______________ ________DisableRDSVulnerabilty.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission Set WshShell = WScript.CreateObject("WScript.Shell") On Error Resume Next WshShell.RegDelete "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory\" WshShell.RegDelete "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory\" WshShell.RegDelete "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls\" ___________END______________ ________LockTCPUDPPorts.vbs________ ' I like this one a lot because it automates the painful task of locking ports down. This will tell ' Windows to ignore connections to all ports except 3389 and 80/tcp and 53/udp Const HKEY_CLASSES_ROOT = &H80000000 Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 Const HKEY_USERS = &H80000003 Const HKEY_CURRENT_CONFIG= &H80000005 Const HKEY_DYN_DATA = &H80000006 Const REG_SZ = 1 Const REG_EXPAND_SZ = 2 Const REG_BINARY = 3 Const REG_DWORD = 4 Const REG_MULTI_SZ = 7 Set objRegNT = GetObject( "winmgmts://localhost/root/default:StdRegProv" ) Set WshShell = WScript.CreateObject("WScript.Shell") Set objRegistry = GetObject("winmgmts:" & Computer & "root\default:StdRegProv") sNetworkCards = "Software\Microsoft\Windows NT\CurrentVersion\NetworkCards" RC = objRegistry.EnumKey(HKEY_LOCAL_MACHINE, sNetworkCards, sCardNumbers) If (RC = 0) And (Err.Number = 0) Then for q = lbound(sCardNumbers) to ubound(sCardNumbers) sNetCard = "Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\" & sCardNumbers(q) RCB = objRegistry.GetStringValue(HKEY_LOCAL_MACHINE, sNetCard, "ServiceName", sService) If (RCB > 0) then msgbox "Error Number: " & err.number & vbCrLf & "Description: " & err.description,,"Error " Else myCardObj = sService SubKey = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\" & myCardObj ' This sets the ports that are allowed to be open. You can totally modify these values. 3389 is for Terminal Server. TCPports = Array( "3389", "80" ) RawIPAllowed = Array( "53", "" ) ChangeTCPValues = objRegNT.SetMultiStringValue(HKEY_LOCAL_MACHINE, Subkey, "TCPAllowedPorts", TCPports) ChangeProtoValues = objRegNT.SetMultiStringValue(HKEY_LOCAL_MACHINE, Subkey, "RawIPAllowedProtocols", RawIPAllowed) End If next End if WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_" & myCardObj & "\NetbiosOptions", "2", "REG_DWORD" WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters", "1", "REG_DWORD" ___________END______________ ________RemoveAdminWebSite.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission On Error Resume Next 'Remove Administrative Web Site and Metabase entries set IIsObject = getObject("IIS://LocalHost/W3SVC") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsWebServer", "2" if err.number <> &H80070003 then select case (err.number) case 0 IIsObject.SetInfo if err.number <> 0 then ReportError() case else ReportError() end select err.clear end if Sub ReportError() Dim ErrorDescription Select Case (Err.Number) Case &H80070003 ErrorDescription = "The path requested could not be found." Case &H80070005 ErrorDescription = "Access is denied for the requested path or property." Case &H80070094 ErrorDescription = "The requested path is being used by another application." Case Else ErrorDescription = Err.Description End Select ' Errorlog.WriteLine(ErrorDescription) ' Errorlog.WriteLine("ErrNumber: " & Err.Number) ' WScript.Echo ErrorDescription ' WScript.Echo "ErrNumber: " & Err.Number & " (0x" & Hex(Err.Number) & ") at " & Err.Line End Sub Function SplitParam(ObjectPath) ' Note: Assume the string has been sanitized (no leading or trailing slashes) On Error Resume Next Dim SlashIndex Dim TempParam Dim ObjectPathLen SplitParam = "" ' Assume no parameter ObjectPathLen = Len(ObjectPath) ' Separate the path of the node from the parameter SlashIndex = InStrRev(ObjectPath, "/") If (SlashIndex = 0) Or (SlashIndex = ObjectPathLen) Then TempParam = ObjectPath ObjectPath = "" ' ObjectParameter is more important Else TempParam = ObjectPath ObjectPath = Left(ObjectPath, SlashIndex - 1) TempParam = Right(TempParam, Len(TempParam) - SlashIndex) End If SplitParam = TempParam If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to Split the parameter from the object: " & ObjectPath WScript.Quit (Err.Number) End If End Function ___________END______________ ________RemoveIISAdmin.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission On Error Resume Next set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT") if err.number <> 0 then select case (err.number) case &H80070003 case else ReportError() end select err.clear else set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT/IISADMIN") if err.number <> 0 then select case (err.number) case &H80070003 case else ReportError() end select err.clear else vIISAdminPath = IIsObject.Path set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsWebVirtualDir", "IISADMIN" if err.number <> 0 then ReportError() err.clear IIsObject.SetInfo if err.number <> 0 then ReportError() err.clear end if end if err.clear Sub ReportError() Dim ErrorDescription Select Case (Err.Number) Case &H80070003 ErrorDescription = "The path requested could not be found." Case &H80070005 ErrorDescription = "Access is denied for the requested path or property." Case &H80070094 ErrorDescription = "The requested path is being used by another application." Case Else ErrorDescription = Err.Description End Select ' Errorlog.WriteLine(ErrorDescription) ' Errorlog.WriteLine("ErrNumber: " & Err.Number) ' WScript.Echo ErrorDescription ' WScript.Echo "ErrNumber: " & Err.Number & " (0x" & Hex(Err.Number) & ") at " & Err.Line End Sub Function SplitParam(ObjectPath) ' Note: Assume the string has been sanitized (no leading or trailing slashes) On Error Resume Next Dim SlashIndex Dim TempParam Dim ObjectPathLen SplitParam = "" ' Assume no parameter ObjectPathLen = Len(ObjectPath) ' Separate the path of the node from the parameter SlashIndex = InStrRev(ObjectPath, "/") If (SlashIndex = 0) Or (SlashIndex = ObjectPathLen) Then TempParam = ObjectPath ObjectPath = "" ' ObjectParameter is more important Else TempParam = ObjectPath ObjectPath = Left(ObjectPath, SlashIndex - 1) TempParam = Right(TempParam, Len(TempParam) - SlashIndex) End If SplitParam = TempParam If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to Split the parameter from the object: " & ObjectPath WScript.Quit (Err.Number) End If End Function ___________END______________ ________RemoveIISAdmpwd.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission On Error Resume Next set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT") if err.number <> 0 then select case (err.number) case &H80070003 case else ReportError() end select err.clear else set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT/IISADMPWD") if err.number <> 0 then select case (err.number) case &H80070003 case else ReportError() end select err.clear else vIISADMPWDPath = IIsObject.Path set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsWebVirtualDir", "IISADMPWD" if err.number <> 0 then ReportError() err.clear IIsObject.SetInfo if err.number <> 0 then ReportError() err.clear end if end if err.clear Sub ReportError() Dim ErrorDescription Select Case (Err.Number) Case &H80070003 ErrorDescription = "The path requested could not be found." Case &H80070005 ErrorDescription = "Access is denied for the requested path or property." Case &H80070094 ErrorDescription = "The requested path is being used by another application." Case Else ErrorDescription = Err.Description End Select ' Errorlog.WriteLine(ErrorDescription) ' Errorlog.WriteLine("ErrNumber: " & Err.Number) ' WScript.Echo ErrorDescription ' WScript.Echo "ErrNumber: " & Err.Number & " (0x" & Hex(Err.Number) & ") at " & Err.Line End Sub Function SplitParam(ObjectPath) ' Note: Assume the string has been sanitized (no leading or trailing slashes) On Error Resume Next Dim SlashIndex Dim TempParam Dim ObjectPathLen SplitParam = "" ' Assume no parameter ObjectPathLen = Len(ObjectPath) ' Separate the path of the node from the parameter SlashIndex = InStrRev(ObjectPath, "/") If (SlashIndex = 0) Or (SlashIndex = ObjectPathLen) Then TempParam = ObjectPath ObjectPath = "" ' ObjectParameter is more important Else TempParam = ObjectPath ObjectPath = Left(ObjectPath, SlashIndex - 1) TempParam = Right(TempParam, Len(TempParam) - SlashIndex) End If SplitParam = TempParam If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to Split the parameter from the object: " & ObjectPath WScript.Quit (Err.Number) End If End Function ___________END______________ ________RemoveIISHelp.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission On Error Resume Next set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT") if err.number <> 0 then select case (err.number) case &H80070003 case else ReportError() end select err.clear else set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT/IISHELP") if err.number <> 0 then select case (err.number) case &H80070003 case else ReportError() end select err.clear else vIISHelpPath = IIsObject.Path set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsWebVirtualDir", "IISHELP" if err.number <> 0 then ReportError() err.clear IIsObject.SetInfo if err.number <> 0 then ReportError() err.clear end if end if err.clear Sub ReportError() Dim ErrorDescription Select Case (Err.Number) Case &H80070003 ErrorDescription = "The path requested could not be found." Case &H80070005 ErrorDescription = "Access is denied for the requested path or property." Case &H80070094 ErrorDescription = "The requested path is being used by another application." Case Else ErrorDescription = Err.Description End Select ' Errorlog.WriteLine(ErrorDescription) ' Errorlog.WriteLine("ErrNumber: " & Err.Number) ' WScript.Echo ErrorDescription ' WScript.Echo "ErrNumber: " & Err.Number & " (0x" & Hex(Err.Number) & ") at " & Err.Line End Sub Function SplitParam(ObjectPath) ' Note: Assume the string has been sanitized (no leading or trailing slashes) On Error Resume Next Dim SlashIndex Dim TempParam Dim ObjectPathLen SplitParam = "" ' Assume no parameter ObjectPathLen = Len(ObjectPath) ' Separate the path of the node from the parameter SlashIndex = InStrRev(ObjectPath, "/") If (SlashIndex = 0) Or (SlashIndex = ObjectPathLen) Then TempParam = ObjectPath ObjectPath = "" ' ObjectParameter is more important Else TempParam = ObjectPath ObjectPath = Left(ObjectPath, SlashIndex - 1) TempParam = Right(TempParam, Len(TempParam) - SlashIndex) End If SplitParam = TempParam If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to Split the parameter from the object: " & ObjectPath WScript.Quit (Err.Number) End If End Function ___________END______________ ________RemoveIISSamples.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission On Error Resume Next set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT") if err.number <> 0 then select case (err.number) case &H80070003 case else ReportError() end select err.clear else set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT/IISSAMPLES") if err.number <> 0 then select case (err.number) case &H80070003 case else ReportError() end select err.clear else vIISSamplesPath = IIsObject.Path set IIsObject = getObject("IIS://LocalHost/W3SVC/1/ROOT") if err.number <> 0 then ReportError() err.clear IIsObject.Delete "IIsWebVirtualDir", "IISSAMPLES" if err.number <> 0 then ReportError() err.clear IIsObject.SetInfo if err.number <> 0 then ReportError() err.clear end if end if err.clear Sub ReportError() Dim ErrorDescription Select Case (Err.Number) Case &H80070003 ErrorDescription = "The path requested could not be found." Case &H80070005 ErrorDescription = "Access is denied for the requested path or property." Case &H80070094 ErrorDescription = "The requested path is being used by another application." Case Else ErrorDescription = Err.Description End Select ' Errorlog.WriteLine(ErrorDescription) ' Errorlog.WriteLine("ErrNumber: " & Err.Number) ' WScript.Echo ErrorDescription ' WScript.Echo "ErrNumber: " & Err.Number & " (0x" & Hex(Err.Number) & ") at " & Err.Line End Sub Function SplitParam(ObjectPath) ' Note: Assume the string has been sanitized (no leading or trailing slashes) On Error Resume Next Dim SlashIndex Dim TempParam Dim ObjectPathLen SplitParam = "" ' Assume no parameter ObjectPathLen = Len(ObjectPath) ' Separate the path of the node from the parameter SlashIndex = InStrRev(ObjectPath, "/") If (SlashIndex = 0) Or (SlashIndex = ObjectPathLen) Then TempParam = ObjectPath ObjectPath = "" ' ObjectParameter is more important Else TempParam = ObjectPath ObjectPath = Left(ObjectPath, SlashIndex - 1) TempParam = Right(TempParam, Len(TempParam) - SlashIndex) End If SplitParam = TempParam If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to Split the parameter from the object: " & ObjectPath WScript.Quit (Err.Number) End If End Function ___________END______________ ________RmvUnsaveScriptMaps.vbs________ 'Originally developed by Russ Cooper, and Cullen Johnson, and used with their permission 'Remove unsafe script mappings for all web directories 'Edit at will. pathlist = FindData ("w3svc/ScriptMaps") for each path in pathlist set IIsObject = getobject(path) if err.number <> 0 then ReportError() err.clear value = IIsObject.get("ScriptMaps") if err.number <> 0 then ReportError() err.clear value = filter(value, ".cdx,", False, 1) value = filter(value, ".cer,", False, 1) value = filter(value, ".htr,", False, 1) value = filter(value, ".printer,", False, 1) value = filter(value, ".idc,", False, 1) value = filter(value, ".htw,", False, 1) value = filter(value, ".ida,", False, 1) value = filter(value, ".idq,", False, 1) value = filter(value, ".stm,", False, 1) value = filter(value, ".shtm,", False, 1) value = filter(value, ".shtml,", False, 1) IIsObject.Put "ScriptMaps", value if err.number <> 0 then ReportError() err.clear IIsObject.SetInfo if err.number <> 0 then ReportError() err.clear next err.clear Function FindData (ObjectPath) On Error Resume Next Dim ObjectParameter Dim NewObjectparameter Dim IIsObjectPath Dim IIsObject Dim Path Dim PathList Dim I MachineName = "LocalHost" ObjectParameter = SplitParam(ObjectPath) If ObjectPath = "" Then IIsObjectPath = "IIS://" & MachineName Else IIsObjectPath = "IIS://" & MachineName & "/" & ObjectPath End If Set IIsObject = GetObject(IIsObjectPath) If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to find data paths for the Object (GetObject Failed): " & ObjectPath WScript.Quit (Err.Number) End If ' Now, list out all the places where this property exists. PathList = IIsObject.GetDataPaths(ObjectParameter, IIS_DATA_INHERIT) If Err.Number <> 0 Then PathList = IIsObject.GetDataPaths(ObjectParameter, IIS_DATA_NO_INHERIT) If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to get a path list (GetDataPaths Failed): " & ObjectPath WScript.Quit (Err.Number) End If FindData = PathList If UBound(PathList) < 0 Then WScript.Echo "Property " & ObjectParameter & " was not found at any node beneath " & ObjectPath Else For Each Path In PathList Path = Right(Path, Len(Path) - 6) Path = Right(Path, Len(Path) - InStr(Path, "/")) Next End If If (Err.Number <> 0) Then ReportError () WScript.Echo "Error listing the data paths (_newEnum Failed): " & ObjectPath WScript.Quit (Err.Number) End If End Function Sub ReportError() Dim ErrorDescription Select Case (Err.Number) Case &H80070003 ErrorDescription = "The path requested could not be found." Case &H80070005 ErrorDescription = "Access is denied for the requested path or property." Case &H80070094 ErrorDescription = "The requested path is being used by another application." Case Else ErrorDescription = Err.Description End Select ' Errorlog.WriteLine(ErrorDescription) ' Errorlog.WriteLine("ErrNumber: " & Err.Number) ' WScript.Echo ErrorDescription ' WScript.Echo "ErrNumber: " & Err.Number & " (0x" & Hex(Err.Number) & ") at " & Err.Line End Sub Function SplitParam(ObjectPath) ' Note: Assume the string has been sanitized (no leading or trailing slashes) On Error Resume Next Dim SlashIndex Dim TempParam Dim ObjectPathLen SplitParam = "" ' Assume no parameter ObjectPathLen = Len(ObjectPath) ' Separate the path of the node from the parameter SlashIndex = InStrRev(ObjectPath, "/") If (SlashIndex = 0) Or (SlashIndex = ObjectPathLen) Then TempParam = ObjectPath ObjectPath = "" ' ObjectParameter is more important Else TempParam = ObjectPath ObjectPath = Left(ObjectPath, SlashIndex - 1) TempParam = Right(TempParam, Len(TempParam) - SlashIndex) End If SplitParam = TempParam If (Err.Number <> 0) Then ReportError () WScript.Echo "Error trying to Split the parameter from the object: " & ObjectPath WScript.Quit (Err.Number) End If End Function ___________END______________ ________SecureSNMP.vbs________ Set WshShell = WScript.CreateObject("WScript.Shell") On Error Resume Next WshShell.RegDelete "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities\public" WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities\monitor", "4", "REG_DWORD" ___________END______________ ________SetIISLogging.vbs________ Dim Site Dim ServerName Dim SiteIndex ServerName = "LocalHost" SiteIndex = "1" Set Site = GetObject("IIS://" & ServerName & "/W3SVC/" & SiteIndex) Site.LogExtFileDate = True Site.LogExtFileTime = True Site.LogExtFileClientIp = True Site.LogExtFileUserName = True Site.LogExtFileSiteName = False Site.LogExtFileComputerName = False Site.LogExtFileServerIp = True Site.LogExtFileServerPort = True Site.LogExtFileMethod = True Site.LogExtFileUriStem = True Site.LogExtFileUriQuery = False Site.LogExtFileHttpStatus = False Site.LogExtFileWin32Status = False Site.LogExtFileBytesSent = False Site.LogExtFileBytesRecv = False Site.LogExtFileTimeTaken = False Site.LogExtFileProtocolVersion = False Site.LogExtFileUserAgent = True Site.LogExtFileCookie = False Site.LogExtFileReferer = False Site.SetInfo ___________END______________ ________EnableFrntPgWeb.vbs________ set IIsObject = getObject("IIS://LocalHost/W3SVC/1") IIsObject.FrontPageWeb = 1 IIsObject.SetInfo ___________END______________ ________RestoreOS2Sub.vbs________ 'Portions originally developed by Russ Cooper, and Cullen Johnson, and used with their permission Const HKEY_CLASSES_ROOT = &H80000000 Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 Const HKEY_USERS = &H80000003 Const HKEY_CURRENT_CONFIG= &H80000005 Const HKEY_DYN_DATA = &H80000006 Const REG_SZ = 1 Const REG_EXPAND_SZ = 2 Const REG_BINARY = 3 Const REG_DWORD = 4 Const REG_MULTI_SZ = 7 Set WshShell = WScript.CreateObject("WScript.Shell") Set objRegNT = GetObject( "winmgmts://localhost/root/default:StdRegProv" ) 'Set fso = Wscript.CreateObject("Scripting.FileSystemObject") On Error Resume Next mykey = "SubSystems" Subkey = "SYSTEM\CurrentControlSet\Control\Session Manager\" & mykey regvalueOptional = Array( "Os2", "Posix" ) ChangeOptionValue = objRegNT.SetMultiStringValue(HKEY_LOCAL_MACHINE, Subkey, "Optional", regvalueOptional) WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Os2", "%SystemRoot%\system32\os2ss.exe", "REG_EXPAND_SZ" WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Posix", "%SystemRoot%\system32\psxss.exe", "REG_EXPAND_SZ" ___________END______________ ________RestoreAdminWebSite.vbs________ 'From Microsoft Q247364 article. ' Force explicit declaration of all variables Option Explicit Dim WshShell Dim objEnv On Error Resume Next Dim ArgIPAddress, ArgRootDirectory, ArgServerComment, ArgSkeletalDir, ArgHostName, ArgPort Dim ArgComputers, ArgStart Dim ArgSiteNumber Dim oArgs, ArgNum Dim verbose ArgIPAddress = "0" ArgHostName = "" ArgPort = 8365 ArgStart = True ArgComputers = Array(1) ArgComputers(0) = "LocalHost" ArgSiteNumber = 0 verbose = false ArgRootDirectory = "C:\Winnt\system32\inetsrv\iisadmin" ArgServerComment = "Administrative Web Site" Set oArgs = WScript.Arguments ArgNum = 0 While ArgNum < oArgs.Count Select Case LCase(oArgs(ArgNum)) Case "--port","-o": ArgNum = ArgNum + 1 ArgPort = oArgs(ArgNum) Case "--ipaddress","-i": ArgNum = ArgNum + 1 ArgIPAddress = oArgs(ArgNum) Case "--rootdirectory","-r": ArgNum = ArgNum + 1 ArgRootDirectory = oArgs(ArgNum) Case "--comment","-t": ArgNum = ArgNum + 1 ArgServerComment = oArgs(ArgNum) Case "--hostname","-h": ArgNum = ArgNum + 1 ArgHostName = oArgs(ArgNum) Case "--computer","-c": ArgNum = ArgNum + 1 ArgComputers = Split(oArgs(ArgNum), ",", -1) Case "--sitenumber","-n": ArgNum = ArgNum + 1 ArgSiteNumber = CLng(oArgs(ArgNum)) Case "--dontstart": ArgStart = False Case "--help","-?": Call DisplayUsage Case "--verbose", "-v": verbose = true Case Else: WScript.Echo "Unknown argument "& oArgs(ArgNum) Call DisplayUsage End Select ArgNum = ArgNum + 1 Wend If (ArgRootDirectory = "") Or (ArgServerComment = "") Then if (ArgRootDirectory = "") then WScript.Echo "Missing Root Directory" else WScript.Echo "Missing Server Comment" end if Call DisplayUsage WScript.Quit(1) End If Call ASTCreateWebSite(ArgIPAddress, ArgRootDirectory, ArgServerComment, ArgHostName, ArgPort, ArgComputers, ArgStart) Sub ASTCreateWebSite(IPAddress, RootDirectory, ServerComment, HostName, PortNum, Computers, Start) Dim w3svc, WebServer, NewWebServer, NewDir, Bindings, BindingString, NewBindings, ComputerIndex, Index, SiteObj, bDone Dim comp On Error Resume Next For ComputerIndex = 0 To UBound(Computers) comp = Computers(ComputerIndex) If ComputerIndex <> UBound(Computers) Then Trace "Creating web site on " & comp & "." End If ' Grab the web service object Err.Clear Set w3svc = GetObject("IIS://" & comp & "/w3svc") If Err.Number <> 0 Then Display "Unable to open: "&"IIS://" & comp & "/w3svc" End If BindingString = IpAddress & ":" & PortNum & ":" & HostName Trace "Making sure this web server doesn't conflict with another..." For Each WebServer in w3svc If WebServer.Class = "IIsWebServer" Then Bindings = WebServer.ServerBindings If BindingString = Bindings(0) Then Trace "The server bindings you specified are duplicated in another virtual web server." WScript.Quit (1) End If End If Next Index = 1 bDone = False Trace "Creating new web server..." ' If the user specified a SiteNumber, then use that. Otherwise, ' test successive numbers under w3svc until an unoccupied slot is found If ArgSiteNumber <> 0 Then Set NewWebServer = w3svc.Create("IIsWebServer", ArgSiteNumber) NewWebServer.SetInfo If (Err.Number <> 0) Then WScript.Echo "Couldn't create a web site with the specified number: " & ArgSiteNumber WScript.Quit (1) Else Err.Clear ' Verify that the newly created site can be retrieved Set SiteObj = GetObject("IIS://"&comp&"/w3svc/" & ArgSiteNumber) If (Err.Number = 0) Then bDone = True Trace "Web server created. Path is - "&"IIS://"&comp&"/w3svc/" & ArgSiteNumber Else WScript.Echo "Couldn't create a web site with the specified number: " & ArgSiteNumber WScript.Quit (1) End If End If Else While (Not bDone) Err.Clear Set SiteObj = GetObject("IIS://"&comp&"/w3svc/" & Index) If (Err.Number = 0) Then ' A web server is already defined at this position so increment Index = Index + 1 Else Err.Clear Set NewWebServer = w3svc.Create("IIsWebServer", Index) NewWebServer.SetInfo If (Err.Number <> 0) Then ' If call to Create failed then try the next number Index = Index + 1 Else Err.Clear ' Verify that the newly created site can be retrieved Set SiteObj = GetObject("IIS://"&comp&"/w3svc/" & Index) If (Err.Number = 0) Then bDone = True Trace "Web server created. Path is - "&"IIS://"&comp&"/w3svc/" & Index Else Index = Index + 1 End If End If End If ' sanity check If (Index > 10000) Then Trace "Seem to be unable to create new web server. Server number is "&Index&"." WScript.Quit (1) End If Wend End If NewBindings = Array(0) NewBindings(0) = BindingString NewWebServer.ServerBindings = NewBindings NewWebServer.ServerComment = ServerComment NewWebServer.SetInfo ' Now create the root directory object. Trace "Setting the home directory..." Set NewDir = NewWebServer.Create("IIsWebVirtualDir", "ROOT") NewDir.Path = RootDirectory NewDir.AccessScript = true Err.Clear NewDir.SetInfo NewDir.AppCreate (True) NewDir.AppFriendlyName = "Default Application" NewDir.AppIsolated = 2 NewDir.SetInfo If (Err.Number = 0) Then Trace "Home directory set." Else Display "Error setting home directory." End If Trace "Web site created!" If Start = True Then Trace "Attempting to start new web server..." Err.Clear Set NewWebServer = GetObject("IIS://" & comp & "/w3svc/" & Index) NewWebServer.Start If Err.Number <> 0 Then Display "Error starting web server!" Err.Clear Else Trace "Web server started succesfully!" End If End If Next End Sub ___________END______________ ________RestoreIISAdmin.vbs________ strVD = "IISadmin" strVD1 = "C:\WINNT\System32\inetsrv\iisadmin" set IISWebSvc = GetObject("IIS://LocalHost/W3SVC") set IISWebSvr = IISWebSvc.GetObject("IISWebServer", "1") set IISWebSvrVirtRoot = IISWebSvr.GetObject("IISWebVirtualDir","Root") set IISWebSvrNewVD = IISWebSvrVirtRoot.Create("IISWebVirtualDir", strVD) IISWebSvrNewVD.path=strVD1 IISWebSvrNewVD.SetInfo 'IISWebSvrNewVD.AppDelete IISWebSvrNewVD.AppCreate True IISWebSvrNewVD.AppFriendlyName = "Administration Application" IISWebSvrNewVD.AccessScript = True 'IISWebSvrNewVD.AccessExecute = True IISWebSvrNewVD.AppIsolated = 2 'IISWebSvrNewVD.EnableDirBrowsing = True IISWebSvrNewVD.SetInfo Set IISWebSvrNewVD = Nothing Set ISWebSvrVirtRoot = Nothing Set IISWebSvr = Nothing Set IISWebSvc = Nothing ___________END______________ ________RestoreIISAdmpwd.vbs________ strVD = "IISADMPWD" strVD1 = "C:\Winnt\System32\Inetsrv\Iisadmpwd" set IISWebSvc = GetObject("IIS://LocalHost/W3SVC") set IISWebSvr = IISWebSvc.GetObject("IISWebServer", "1") set IISWebSvrVirtRoot = IISWebSvr.GetObject("IISWebVirtualDir","Root") set IISWebSvrNewVD = IISWebSvrVirtRoot.Create("IISWebVirtualDir", strVD) IISWebSvrNewVD.path=strVD1 IISWebSvrNewVD.SetInfo 'IISWebSvrNewVD.AppDelete False 'IISWebSvrNewVD.AppCreate True 'IISWebSvrNewVD.AppFriendlyName = "Default Application" IISWebSvrNewVD.AccessScript = True 'IISWebSvrNewVD.AccessExecute = True 'IISWebSvrNewVD.AppIsolated = False IISWebSvrNewVD.SetInfo Set IISWebSvrNewVD = Nothing Set ISWebSvrVirtRoot = Nothing Set IISWebSvr = Nothing Set IISWebSvc = Nothing ___________END______________ ________RestoreIISHelp.vbs________ strVD = "IISHelp" strVD1 = "c:\winnt\help\iishelp" set IISWebSvc = GetObject("IIS://LocalHost/W3SVC") set IISWebSvr = IISWebSvc.GetObject("IISWebServer", "1") set IISWebSvrVirtRoot = IISWebSvr.GetObject("IISWebVirtualDir","Root") set IISWebSvrNewVD = IISWebSvrVirtRoot.Create("IISWebVirtualDir", strVD) IISWebSvrNewVD.path=strVD1 IISWebSvrNewVD.SetInfo 'IISWebSvrNewVD.AppDelete IISWebSvrNewVD.AppCreate True IISWebSvrNewVD.AppFriendlyName = "IIS Help Application" IISWebSvrNewVD.AccessScript = True 'IISWebSvrNewVD.AccessExecute = True IISWebSvrNewVD.AppIsolated = 2 'IISWebSvrNewVD.EnableDirBrowsing = True IISWebSvrNewVD.SetInfo Set IISWebSvrNewVD = Nothing Set ISWebSvrVirtRoot = Nothing Set IISWebSvr = Nothing Set IISWebSvc = Nothing ___________END______________ ________RestoreIISLogging.vbs________ Dim Site Dim ServerName Dim SiteIndex ServerName = "LocalHost" SiteIndex = "1" Set Site = GetObject("IIS://" & ServerName & "/W3SVC/" & SiteIndex) 'The two below never change Site.LogExtFileDate = True Site.LogExtFileTime = True 'These rest vary Site.LogExtFileClientIp = True Site.LogExtFileUserName = True Site.LogExtFileSiteName = False Site.LogExtFileComputerName = False Site.LogExtFileServerIp = True Site.LogExtFileServerPort = True Site.LogExtFileMethod = True Site.LogExtFileUriStem = True Site.LogExtFileUriQuery = True 'Site.LogExtFileHttpStatus = False Site.LogExtFileWin32Status = False Site.LogExtFileBytesSent = False Site.LogExtFileBytesRecv = False Site.LogExtFileTimeTaken = False Site.LogExtFileProtocolVersion = False Site.LogExtFileUserAgent = True Site.LogExtFileCookie = False Site.LogExtFileReferer = False Site.SetInfo ___________END______________ ________RestoreIISSamples.vbs________ strVD = "IISSamples" strVD1 = "c:\inetpub\iissamples" set IISWebSvc = GetObject("IIS://LocalHost/W3SVC") set IISWebSvr = IISWebSvc.GetObject("IISWebServer", "1") set IISWebSvrVirtRoot = IISWebSvr.GetObject("IISWebVirtualDir","Root") set IISWebSvrNewVD = IISWebSvrVirtRoot.Create("IISWebVirtualDir", strVD) IISWebSvrNewVD.path=strVD1 IISWebSvrNewVD.SetInfo 'IISWebSvrNewVD.AppDelete IISWebSvrNewVD.AppCreate True IISWebSvrNewVD.AppFriendlyName = "Sample Application" IISWebSvrNewVD.AccessScript = True 'IISWebSvrNewVD.AccessExecute = True IISWebSvrNewVD.AppIsolated = 2 IISWebSvrNewVD.EnableDirBrowsing = True IISWebSvrNewVD.SetInfo Set IISWebSvrNewVD = Nothing Set ISWebSvrVirtRoot = Nothing Set IISWebSvr = Nothing Set IISWebSvc = Nothing ___________END______________ ________RestoreIUSRname.vbs________ Set objNetwork = WScript.CreateObject("WScript.Network") strComputerName = objNetwork.ComputerName strNewUser = ("IUSR_" & strComputerName) strOldUser = "IUSR_ACCT" Set oComputer = GetObject("WinNT://" & strComputerName) Set oUser = GetObject("WinNT://" & strComputerName & "/" & strOldUser & ",user") Set NewUser = oComputer.MoveHere(oUser.ADsPath, strNewUser) Dim WebServerObj Set WebServerObj = GetObject("IIS://localhost/W3SVC") WebServerObj.Put "AnonymousUserName", strNewUser WebServerObj.Put "AnonymousPasswordSync", TRUE WebServerObj.SetInfo ___________END______________ ________RestoreRDS.vbs________ Set WshShell = WScript.CreateObject("WScript.Shell") On Error Resume Next OSVer = WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion") WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.DataFactory\", "", "REG_DWORD" WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory\", "", "REG_DWORD" If OSVer = "4.0" Then WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls\", "", "REG_DWORD" 'Next ___________END______________ ________RestoreScriptMaps.vbs________ 'Portions originally developed by Russ Cooper, and Cullen Johnson, and used with their permission 'Most of this was written by Michael Harris, and I can't take credit for it. Thanks Michael! ObjectPath = "W3SVC" MachineName = "LocalHost" Set IIsObject = GetObject("IIS://" & MachineName & "/" & ObjectPath) arScriptMaps = IIsObject.ScriptMaps Set d = CreateObject("Scripting.Dictionary") d.CompareMode = vbCompareText For each s in arScriptMaps m = split(s,",",1) '==> keeps 1st existing occurrence only... '==> to keep the last occurence, drop the Exists test. If Not d.Exists(m(0)) Then d(m(0)) = s Next For each s in arScriptMaps m = split(s,",",1) '==> keeps the existing sdScriptMaps occurrences... '==> to keep the Apps occurences, drop the Exists test. If Not d.Exists(m(0)) Then d(m(0)) = s Next 'Set d = CreateObject("Scripting.Dictionary") d(d.count) = ".htw,C:\WINNT\System32\webhits.dll,1,GET, HEAD, POST" d(d.count) = ".ida,C:\WINNT\System32\idq.dll,2,GET, HEAD, POST" d(d.count) = ".idq,C:\WINNT\System32\idq.dll,5,GET, HEAD, POST" d(d.count) = ".asp,C:\WINNT\System32\inetsrv\asp.dll,5,GET, HEAD, POST" d(d.count) = ".cer,C:\WINNT\System32\inetsrv\asp.dll,5,GET, HEAD, POST" d(d.count) = ".cdx,C:\WINNT\System32\inetsrv\asp.dll,5,GET, HEAD, POST" d(d.count) = ".asa,C:\WINNT\System32\inetsrv\asp.dll,5,GET, HEAD, POST" d(d.count) = ".htr,C:\WINNT\System32\inetsrv\ism.dll,5,GET, HEAD, POST" d(d.count) = ".idc,C:\WINNT\System32\inetsrv\httpodbc.dll,5,GET, HEAD, POST" d(d.count) = ".shtm,C:\WINNT\System32\inetsrv\ssinc.dll,5,GET, HEAD, POST" d(d.count) = ".shtml,C:\WINNT\System32\inetsrv\ssinc.dll,5,GET, HEAD, POST" d(d.count) = ".stm,C:\WINNT\System32\inetsrv\ssinc.dll,5,GET, HEAD, POST" d(d.count) = ".printer,C:\WINNT\System32\msw3ort.dll.dll,5,GET, HEAD, POST" arScriptMaps = IIsObject.ScriptMaps 'WScript.echo Join(arScriptMaps,vbCrLf) IIsObject.Put "ScriptMaps", d.Keys IISObject.SetInfo IIsObject.ScriptMaps = d.Items IISObject.SetInfo ___________END______________ ________RestoreSNMP.vbs________ Set WshShell = WScript.CreateObject("WScript.Shell") On Error Resume Next WshShell.RegDelete "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities\monitor" WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities\public", "4", "REG_DWORD" ___________END______________ ________UnLockTCPUDPPorts.vbs________ Const HKEY_CLASSES_ROOT = &H80000000 Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 Const HKEY_USERS = &H80000003 Const HKEY_CURRENT_CONFIG= &H80000005 Const HKEY_DYN_DATA = &H80000006 Const REG_SZ = 1 Const REG_EXPAND_SZ = 2 Const REG_BINARY = 3 Const REG_DWORD = 4 Const REG_MULTI_SZ = 7 Set objRegNT = GetObject( "winmgmts://localhost/root/default:StdRegProv" ) Set WshShell = WScript.CreateObject("WScript.Shell") Set objRegistry = GetObject("winmgmts:" & Computer & "root\default:StdRegProv") sNetworkCards = "Software\Microsoft\Windows NT\CurrentVersion\NetworkCards" RC = objRegistry.EnumKey(HKEY_LOCAL_MACHINE, sNetworkCards, sCardNumbers) If (RC = 0) And (Err.Number = 0) Then for q = lbound(sCardNumbers) to ubound(sCardNumbers) sNetCard = "Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\" & sCardNumbers(q) RCB = objRegistry.GetStringValue(HKEY_LOCAL_MACHINE, sNetCard, "ServiceName", sService) If (RCB > 0) then msgbox "Error Number: " & err.number & vbCrLf & "Description: " & err.description,,"Error " Else myCardObj = sService SubKey = "SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\" & myCardObj TCPports = Array( "0", "" ) RawIPAllowed = Array( "0", "" ) ChangeTCPValues = objRegNT.SetMultiStringValue(HKEY_LOCAL_MACHINE, Subkey, "TCPAllowedPorts", TCPports) ChangeProtoValues = objRegNT.SetMultiStringValue(HKEY_LOCAL_MACHINE, Subkey, "RawIPAllowedProtocols", RawIPAllowed) End If next End if WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_" & myCardObj & "\NetbiosOptions", "0", "REG_DWORD" WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters", "0", "REG_DWORD" ___________END______________