Exemple de script : Création de stratégies UPM

Le script VB suivant crée une stratégie de gestion des privilèges utilisateur :

'Options d'action de groupe URM

const AM_URMGroupAction_Add = 0

const AM_URMGroupAction_Drop = 1

'Privilèges URM

const AM_URMPrivilegeConstant_SeAssignPrimaryTokenPrivilege = 0

const AM_URMPrivilegeConstant_SeAuditPrivilege = 1

const AM_URMPrivilegeConstant_SeBackupPrivilege = 2

const AM_URMPrivilegeConstant_SeChangeNotifyPrivilege = 3

const AM_URMPrivilegeConstant_SeCreateGlobalPrivilege = 4

const AM_URMPrivilegeConstant_SeCreatePagefilePrivilege = 5

const AM_URMPrivilegeConstant_SeCreatePermanentPrivilege = 6

const AM_URMPrivilegeConstant_SeCreateSymbolicLinkPrivilege = 7

const AM_URMPrivilegeConstant_SeCreateTokenPrivilege = 8

const AM_URMPrivilegeConstant_SeDebugPrivilege = 9

const AM_URMPrivilegeConstant_SeEnableDelegationPrivilege = 10

const AM_URMPrivilegeConstant_SeImpersonatePrivilege = 11

const AM_URMPrivilegeConstant_SeIncreaseBasePriorityPrivilege = 12

const AM_URMPrivilegeConstant_SeIncreaseQuotaPrivilege = 13

const AM_URMPrivilegeConstant_SeIncreaseWorkingSetPrivilege = 14

const AM_URMPrivilegeConstant_SeLoadDriverPrivilege = 15

const AM_URMPrivilegeConstant_SeLockMemoryPrivilege = 16

const AM_URMPrivilegeConstant_SeMachineAccountPrivilege = 17

const AM_URMPrivilegeConstant_SeManageVolumePrivilege = 18

const AM_URMPrivilegeConstant_SeProfileSingleProcessPrivilege = 19

const AM_URMPrivilegeConstant_SeRelabelPrivilege = 20

const AM_URMPrivilegeConstant_SeRemoteShutdownPrivilege = 21

const AM_URMPrivilegeConstant_SeRestorePrivilege = 22

const AM_URMPrivilegeConstant_SeSecurityPrivilege = 23

const AM_URMPrivilegeConstant_SeShutdownPrivilege = 24

const AM_URMPrivilegeConstant_SeSyncAgentPrivilege = 25

const AM_URMPrivilegeConstant_SeSystemEnvironmentPrivilege = 26

const AM_URMPrivilegeConstant_SeSystemProfilePrivilege = 27

const AM_URMPrivilegeConstant_SeSystemtimePrivilege = 28

const AM_URMPrivilegeConstant_SeTakeOwnershipPrivilege = 29

const AM_URMPrivilegeConstant_SeTcbPrivilege = 30

const AM_URMPrivilegeConstant_SeTimeZonePrivilege = 31

const AM_URMPrivilegeConstant_SeTrustedCredManAccessPrivilege = 32

const AM_URMPrivilegeConstant_SeUndockPrivilege = 33

const AM_URMPrivilegeConstant_SeUnsolicitedInputPrivilege = 34

'Actions de privilège URM

const AM_URMPrivilegeAction_NoChange = 0

const AM_URMPrivilegeAction_Enable = 1

const AM_URMPrivilegeAction_Disable = 2

const AM_URMPrivilegeAction_Remove = 3

'Créer la configuration

Dim Configuration

Set Configuration = CreateObject("AM.Configuration.5")

'Créer l'objet d'aide (helper) de configuration

Dim ConfigurationHelper

Set ConfigurationHelper = CreateObject("AM.ConfigurationHelper.1")

'Charger la configuration active

Dim ConfigurationXml

ConfigurationXml = ConfigurationHelper.LoadLiveConfiguration

Configuration.ParseXML ConfigurationXml

'Créer une nouvelle stratégie URMPolicy

Dim URMPolicy

Set URMPolicy = Configuration.CreateInstanceFromClassName("AM.URMPolicy")

URMPolicy.Name = "Add Administrator"

Configuration.URMPolicies.Add URMPolicy.Xml

'Ajouter une action Comportement de groupe

Dim URMBehaviour

Set URMBehaviour = Configuration.CreateInstanceFromClassName("AM.URMGroupBehaviour")

URMBehaviour.DisplayName = "BUILTIN\Administrators"

URMBehaviour.SID = "S-1-5-Domain-544"

URMBehaviour.Action = AM_URMGroupAction_Add

Configuration.URMPolicies("Add Administrator").GroupMembershipActions.Add

URMBehaviour.Xml

'Définir les actions de privilège

Dim PrivilegeAction

Set PrivilegeAction = Configuration.CreateInstanceFromClassName("AM.URMPrivilege")

PrivilegeAction.Action = AM_URMPrivilegeAction_NoChange

PrivilegeAction.Name = "SeAssignPrimaryTokenPrivilege"

PrivilegeAction.Privilege = AM_URMPrivilegeConstant_SeAssignPrimaryTokenPrivilege