' ' Groupwise Shared Folder Audit ' zVersion = 1 ' Created: 31/08/06 ' By: Craig Cram ' ' Setup set wshshell = createobject("wscript.shell") on error resume next 'fix: if key does not exist continue! ztmp = wshshell.regread("HKCU\Software\CompanyX\GrpWiseAudit\Flag") on error goto 0 'Fix: enable error logging! if ztmp = zVersion then wscript.quit ' Script Already Run on User - Exitng!!!! end if ' Record path of the output file if WScript.Arguments.Count > 0 then zpath = wscript.arguments.item(0) if right(zpath,1) <> "\" then zpath = zpath + "\" end if else ' default back to london if no arguments are found! zpath = "\\server\vol1\gwaudit\" end if ' Check for Logged on username On Error resume next if wshshell.expandenvironmentstrings("%NWUSERNAME%") <> "%NWUSERNAME%" then zusername = wshshell.expandenvironmentstrings("%NWUSERNAME%") ' Novell username else zusername = wshshell.expandenvironmentstrings("%USERNAME%") ' Use windows username if NWUSERNAME is not found! end if On error goto 0 ' Start EventLog Tracking wshshell.logevent 0, "Started: Groupwise Shared Folder Audit" + vbcrlf + vbcrlf +"For User: " + zusername ' Check for Groupwise being loaded set objwmiservice = getobject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") zloop = 1 zlogit = 0 do while zloop = 1 set ColProcesses = objwmiservice.execquery ("select * from win32_process where name = 'grpwise.exe'") if ColProcesses.count = 0 then ' loop unitil groupwise is loaded if zlogit = 0 then wshshell.logevent 4, "GroupWise Audit Sleeping - No Groupwise Loaded!!" zlogit = 1 end if wscript.sleep 180000 ' 1000 = 1 Sec !! 1000 * 60 * 3 = 180000 (3 Mins) else wshshell.logevent 4, "GroupWise Audit Groupwise Detected - Completing Audit" zloop = 0 end if loop wscript.sleep 3000 ' Connect to Groupwise set vGroupWise = CreateObject("NovellGroupWareSession") set vAccount = vGroupWise.Login("","") set vFolder = vAccount.AllFolders zusername = zusername + " (" + vAccount.owner.displayname + ")" ' start audit #1 zauditlog = "Audit#1 (Archive Path),Username,Audited,ArchivePath,DistinguishedName,AuditVer" + vbcrlf zauditlog = zauditlog + "Audit#1 (Archive Path)," zauditlog = zauditlog+ zusername+"," zauditlog = zauditlog + cstr(now) +"," zauditlog = zauditlog + ucase(Vaccount.DefaultPathToArchive) + " - ("+DrivetoUnc(Vaccount.DefaultPathToArchive) + ")," zauditlog = zauditlog + Vaccount.DistinguishedName + "," zauditlog = zauditlog + cstr(zVersion) + vbcrlf + vbcrlf zauditlog = zauditlog + "Audit#2 (Proxy Rights),Username,Audited,ProxyUser,MailPhone (Read),MailPhone (Write),Appointments (Read),Appointments (Write),Notes (Read),Notes (Write),Tasks (Read),Tasks (Write),SubscribeNotifications,SubscribeAlarms,ModifyOptionsRulesFolders,ReadPrivateEmails" + vbcrlf ' default rights zauditlog = zauditlog + "Audit#2 (Proxy Rights)," zauditlog = zauditlog+ zusername+"," zauditlog = zauditlog + cstr(now) +"," zauditlog = zauditlog + "(Default User)," zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.ReadMailPhone) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.WriteMailPhone) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.ReadAppointments) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.WriteAppointments) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.ReadNotes) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.WriteNotes) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.ReadTasks) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.WriteTasks) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.ReceiveNotifications) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.ReceiveAlarms) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.ModifyPrefsRulesGroups) zauditlog = zauditlog + checkrights(vaccount.DefaultAccountRights.ReadPrivate) zauditlog = zauditlog + vbcrlf ' check other users for i = 1 to vaccount.accountrights.count zauditlog = zauditlog + "Audit#2 (Proxy Rights)," zauditlog = zauditlog+ zusername+"," zauditlog = zauditlog + cstr(now) +"," if instr(vaccount.accountrights.item(i).address.displayname,",") > 0 then ztmparray = split(vaccount.accountrights.item(i).address.displayname,",") ztmp2 = ltrim(ztmparray(1))+" "+ztmparray(0) else ztmp2 = vaccount.accountrights.item(i).address.displayname end if zauditlog = zauditlog + ztmp2 + " (" + vaccount.accountrights.item(i).address + ")," zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).ReadMailPhone) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).WriteMailPhone) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).ReadAppointments) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).WriteAppointments) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).ReadNotes) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).WriteNotes) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).ReadTasks) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).WriteTasks) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).ReceiveNotifications) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).ReceiveAlarms) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).ModifyPrefsRulesGroups) zauditlog = zauditlog + checkrights(vaccount.accountrights.item(i).ReadPrivate) zauditlog = zauditlog + vbcrlf next zauditlog = zauditlog + vbcrlf + vbcrlf zauditlog = zauditlog + "Audit#3 (Shared Folders),Username,Audited,FolderOwner,FolderDirection,FolderName,UserRights" + vbcrlf For Each vFolder In vFolder ' loop each folder set vFolderRights = vfolder.FolderRights if vFolderRights.count >= 1 then ' check for shared folder and skip others zauditlog = zauditlog + "Audit#3 (Shared Folders)," zauditlog = zauditlog + zusername+"," zauditlog = zauditlog + cstr(now) +"," zauditlog = zauditlog + vFolder.owner.displayname + " ("+vFolder.owner+")"+"," zauditlog = zauditlog + replace(replace(cstr(vFolder.shared),"1","Outgoing"),"2","Incoming") +"," zauditlog = zauditlog + vFolder.ParentFolder.name + "\" + vFolder.name +"," for y = 1 to vFolderRights.count ' loop each user rights if instr(vFolderRights.item(y).address.displayname,",") > 0 then ztmparray = split(vFolderRights.item(y).address.displayname,",") ztmp2 = ltrim(ztmparray(1))+" "+ztmparray(0) else ztmp2 = vFolderRights.item(y).address.displayname end if ' audit rights zauditlog = zauditlog + ztmp2 + " [Read" if vFolderRights.item(y).Allowadd then zauditlog = zauditlog + " - Add" end if if vFolderRights.item(y).AllowModify then zauditlog = zauditlog + " - Modify" end if if vFolderRights.item(y).AllowDelete then zauditlog = zauditlog + " - Delete" end if zauditlog = zauditlog + "]$" next zauditlog = zauditlog + vbcrlf end if next zauditlog = zauditlog + vbcrlf ' Add Blank Line 'create output file set oFso = createobject("scripting.FilesystemObject") set outfile = oFso.opentextfile(wshshell.expandenvironmentstrings("%WINDIR%")+"\debug\gwsh"+ zusername+".csv",2,true) outfile.write zauditlog outfile.close on error resume next oFso.copyfile wshshell.expandenvironmentstrings("%WINDIR%")+"\debug\gwsh"+ zusername+".csv", zpath+"gwsh"+ zusername+".csv", true If Err = 0 Then on error goto 0 ' event log update on completed wshshell.logevent 0, "GroupWise Audit Completed" wshshell.regwrite "HKCU\Software\CompanyX\GrpWiseAudit\Flag",zVersion,"REG_DWORD" wshshell.regwrite "HKCU\Software\CompanyX\GrpWiseAudit\LastUpdated",now,"REG_SZ" wshshell.regwrite "HKCU\Software\CompanyX\GrpWiseAudit\ErrorInfo","None","REG_SZ" wshshell.regwrite "HKCU\Software\CompanyX\GrpWiseAudit\OutputFile",zpath+"gwsh"+ zusername+".csv","REG_SZ" else ztmp = cstr(Err.Number)+" - "+Err.Source+": "+Err.Description wshshell.logevent 0, "GroupWise Audit Failed: " + vbcrlf + ztmp on error goto 0 wshshell.regwrite "HKCU\Software\CompanyX\GrpWiseAudit\ErrorInfo",ztmp,"REG_SZ" wshshell.regwrite "HKCU\Software\CompanyX\GrpWiseAudit\LastUpdated",Now,"REG_SZ" wshshell.regwrite "HKCU\Software\CompanyX\GrpWiseAudit\OutputFile",zpath+"gwsh"+ zusername+".csv","REG_SZ" End If 'debug 'wscript.echo "Done!" wscript.quit function checkrights(zcheckrights) if zcheckrights then checkrights = "Yes," else checkrights = "No," end if end function Function DrivetoUnc(zDrivetoUNC) Dim objWshNetwork, objDrives, intCounter, blnDriveletterInUse, objFSO Set objWshNetwork = CreateObject("WScript.Network") Set objFSO = CreateObject("Scripting.FileSystemObject") Set objDrives = objWshNetwork.EnumNetworkDrives For intCounter = 0 to objDrives.Count - 1 Step 2 If UCase(Left(objDrives.Item(intCounter), 1)) = UCase(Left(zDrivetoUNC, 1)) Then DrivetoUnc = UCase(objDrives.Item(intCounter+1))+right(zDrivetoUNC,len(zDrivetoUNC)-2) Next End Function on error goto 0