Script Sample: Create UPM Policies

Application Control

Home

This page refers to an older version of the product.
View the current version of the online Help.

Sample Script: Create UPM Policies

The following VB script creates a user privileges management policy:

'URM Group Action options

const AM_URMGroupAction_Add = 0

const AM_URMGroupAction_Drop = 1

'URM Privileges

const AM_URMPrivilegeConstant_SeAssignPrimaryTokenPrivilege = 0

const AM_URMPrivilegeConstant_SeAuditPrivilege = 1

const AM_URMPrivilegeConstant_SeBackupPrivilege = 2

const AM_URMPrivilegeConstant_SeChangeNotifyPrivilege = 3

const AM_URMPrivilegeConstant_SeCreateGlobalPrivilege = 4

const AM_URMPrivilegeConstant_SeCreatePagefilePrivilege = 5

const AM_URMPrivilegeConstant_SeCreatePermanentPrivilege = 6

const AM_URMPrivilegeConstant_SeCreateSymbolicLinkPrivilege = 7

const AM_URMPrivilegeConstant_SeCreateTokenPrivilege = 8

const AM_URMPrivilegeConstant_SeDebugPrivilege = 9

const AM_URMPrivilegeConstant_SeEnableDelegationPrivilege = 10

const AM_URMPrivilegeConstant_SeImpersonatePrivilege = 11

const AM_URMPrivilegeConstant_SeIncreaseBasePriorityPrivilege = 12

const AM_URMPrivilegeConstant_SeIncreaseQuotaPrivilege = 13

const AM_URMPrivilegeConstant_SeIncreaseWorkingSetPrivilege = 14

const AM_URMPrivilegeConstant_SeLoadDriverPrivilege = 15

const AM_URMPrivilegeConstant_SeLockMemoryPrivilege = 16

const AM_URMPrivilegeConstant_SeMachineAccountPrivilege = 17

const AM_URMPrivilegeConstant_SeManageVolumePrivilege = 18

const AM_URMPrivilegeConstant_SeProfileSingleProcessPrivilege = 19

const AM_URMPrivilegeConstant_SeRelabelPrivilege = 20

const AM_URMPrivilegeConstant_SeRemoteShutdownPrivilege = 21

const AM_URMPrivilegeConstant_SeRestorePrivilege = 22

const AM_URMPrivilegeConstant_SeSecurityPrivilege = 23

const AM_URMPrivilegeConstant_SeShutdownPrivilege = 24

const AM_URMPrivilegeConstant_SeSyncAgentPrivilege = 25

const AM_URMPrivilegeConstant_SeSystemEnvironmentPrivilege = 26

const AM_URMPrivilegeConstant_SeSystemProfilePrivilege = 27

const AM_URMPrivilegeConstant_SeSystemtimePrivilege = 28

const AM_URMPrivilegeConstant_SeTakeOwnershipPrivilege = 29

const AM_URMPrivilegeConstant_SeTcbPrivilege = 30

const AM_URMPrivilegeConstant_SeTimeZonePrivilege = 31

const AM_URMPrivilegeConstant_SeTrustedCredManAccessPrivilege = 32

const AM_URMPrivilegeConstant_SeUndockPrivilege = 33

const AM_URMPrivilegeConstant_SeUnsolicitedInputPrivilege = 34

'URM Privilege actions

const AM_URMPrivilegeAction_NoChange = 0

const AM_URMPrivilegeAction_Enable = 1

const AM_URMPrivilegeAction_Disable = 2

const AM_URMPrivilegeAction_Remove = 3

'Create the configuration

Dim Configuration

Set Configuration = CreateObject("AM.Configuration.5")

'Create the configuration helper

Dim ConfigurationHelper

Set ConfigurationHelper = CreateObject("AM.ConfigurationHelper.1")

'Load the live configuration

Dim ConfigurationXml

ConfigurationXml = ConfigurationHelper.LoadLiveConfiguration

Configuration.ParseXML ConfigurationXml

'create a new URMPolicy

Dim URMPolicy

Set URMPolicy = Configuration.CreateInstanceFromClassName("AM.URMPolicy")

URMPolicy.Name = "Add Administrator"

Configuration.URMPolicies.Add URMPolicy.Xml

'Add a Group Behaviour Action

Dim URMBehaviour

Set URMBehaviour = Configuration.CreateInstanceFromClassName("AM.URMGroupBehaviour")

URMBehaviour.DisplayName = "BUILTIN\Administrators"

URMBehaviour.SID = "S-1-5-Domain-544"

URMBehaviour.Action = AM_URMGroupAction_Add

Configuration.URMPolicies("Add Administrator").GroupMembershipActions.Add

URMBehaviour.Xml

'Set up the privilege actions

Dim PrivilegeAction

Set PrivilegeAction = Configuration.CreateInstanceFromClassName("AM.URMPrivilege")

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeAssignPrimaryTokenPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeAssignPrimaryTokenPrivilege