Novell Home

ADM File Utilities 1.4

Novell Cool Solutions: Trench
By Peter Riesett

Digg This - Slashdot This

Posted: 9 Aug 2002
 

These scripts are provided "as is", with absolutely no warranty expressed or implied. Any use is at your own risk. We will try to update them as we locate any problems with it, but there are no guarantees.

These scripts were written by Tim Dobrowolsky and Peter Riesett, for the Community College of Baltimore County. You may distribute these scripts, as long as you do so FOR FREE. Please include this file as well. Should you make any changes to them, please give credit to the original creators.

Required

The ADM File Utilities require ActivePerl version 5.6.1 for Windows workstations.

Syntax

The proper Command line syntax for Un-Adm is: perl unadm.pl admfile

The proper command line syntax for Adm is: perl adm.pl classname admfile

The proper command line syntax for the KEYNAME and VALUENAME List Creator is: perl kvex.pl admfile

The proper command line syntax for the ADM File Joiner is: perl joinadm.pl adm1 adm2 newadm

Tutorial

A quick tutorial on Un-Adm.pl and Adm.pl

1. Copy and paste the admin.adm from ConsoleOne in the same directory as unadm.pl

2. Open up a command prompt, and "decompile" your admin.adm using the syntax as stated above. (note: it is not neccessary to type 'perl' at the beginning of the command line in order for it to work in XP)

Note that two directories have shown up, one for class USER, and one for class MACHINE. We will only be going into the USER policies, so I have deleted the MACHINE directory.

3. We want to change the way 'Control Panel' displays, so we browse down to there.

4. Move the text files into the 'Control Panel' directory and delete the old directories.

5. We know that the 'Restrict Network Control Control Panel' policy will not work in XP properly, so we want to create a new one. So I have renamed the old policy to reflect the OSs it affects, and created a new text file with the same name, changing the OSs portion of the filename.

6. Put the following text in the new text file:

KEYNAME ""Software\Policies\Microsoft\Windows\Network Connections"" 

  PART "Restrict ADD and REMOVE Components" CHECKBOX 
   VALUENAME "NC_AddRemoveComponents" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict Advanced Settings" CHECKBOX 
   VALUENAME "NC_AdvancedSettings" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict Advanced TCP/IP" CHECKBOX 
   VALUENAME "NC_AllowAdvancedTCPIPConfig" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict protocol service bindings" CHECKBOX 
   VALUENAME "NC_ChangeBindState" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict deletion of public RAS connections" CHECKBOX 
   VALUENAME "NC_DeleteAllUserConnection" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict deletion of RAS connections" CHECKBOX 
   VALUENAME "NC_DeleteConnection" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict Changes to Dial-up" CHECKBOX 
   VALUENAME "NC_DialupPrefs" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Enable Win2K network connections for admin" CHECKBOX 
   VALUENAME "NC_EnableAdminProhibits" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict LAN Properties" CHECKBOX 
   VALUENAME "NC_LanChangeProperties" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict connecting and disconnecting a LAN connection" CHECKBOX 
   VALUENAME "NC_LanConnect" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict properties of a LAN connection" CHECKBOX 
   VALUENAME "NC_LanProperties" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Disable the Network Connection wizard" CHECKBOX 
   VALUENAME "NC_Disable the Network Connection wizard" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict access to properties of public RAS" CHECKBOX 
   VALUENAME "NC_RasAllUserProperties" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict access to properties of a RAS connection" CHECKBOX 
   VALUENAME "NC_RasChangeProperties" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict connecting and disconnecting RAS connection" CHECKBOX 
   VALUENAME "NC_RasConnect" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict private RAS properties" CHECKBOX 
   VALUENAME "NC_RasMyProperties" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict renaming of public RAS" CHECKBOX 
   VALUENAME "NC_RenameAllUserRasConnection" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict renaming of connections" CHECKBOX 
   VALUENAME "NC_RenameConnection" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict renaming of LAN connections" CHECKBOX 
   VALUENAME "NC_RenameLanConnection" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Restrict renaming private RAS connections" CHECKBOX 
   VALUENAME "NC_RenameMyRasConnection" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 
  PART "Disable status statistics for active connection" CHECKBOX 
   VALUENAME "NC_Statistics" 
   VALUEON NUMERIC "1" VALUEOFF NUMERIC "0" 
  END PART 

7. If you do not have unadm.pl and adm.pl in the same directory, move the USER directory into the directory containing adm.pl

8. Re-create the admfile using adm.pl. Note the syntax earlier in the file as it varies slightly from unadm. Currently, ADM will only do one class at a time, so you will need to create seperate admfiles for USER and MACHINE, then copy and paste them into the same file if you wish your ADM to have both. If you use the same filename as a file in the directory, it will delete the file and re-create it, so be careful.

You should now have a working admfile. See below for some troubleshooting tips.

Troubleshooting Tips

If you get an error stating that it got an unexpected EOF, add an END CATEGORY statement right before [strings]. Sometimes adm.pl has trouble keeping track for some reason.

Download

Download admutils.zip from this page.

The zip file contains the following items:

1. readme.html...................This file.
2. adm.jpg..........................Image for Readme.html
3. adm2.jpg........................Image for Readme.html
4. adm3.jpg........................Image for Readme.html
5. adm4.jpg........................Image for Readme.html
6. adm5.jpg........................Image for Readme.html
7. adm6.jpg........................Image for Readme.html
8. adm7.jpg........................Image for Readme.html
9. adm8.jpg........................Image for Readme.html
10. ccbcuser.adm.................An example user ADM file that includes some policies for Windows XP
11. unadm.pl........................Un-Adm Perl Script
12. adm.pl............................Adm Perl Script
13. kvex.pl...........................KEYNAME and VALUENAME List Creator
14. joinadm.pl......................Adm File Joiner Script
15. splitadm.pl......................Adm File Splitter

Revision Changes

For V1.5.081302

1. Fixed an error in adm.pl by putting a counter in for CATEGORY and END CATEGORY statements. Now, instead of adding three END CATEGORY statements to the end of the file, it subtracts the amount of END CATEGORY statements from the amount of CATEGORY statements, and prints the number of END CATEGORY statements needed to close the file properly, so you should no longer get any errors when dealing with smaller adm files.

2. Cleaned up all of the scripts so you would not receive any warnings should you have perl warnings turned on, and you type in the proper command line arguments.

For V1.4.080602

1. Added ADM Splitter Script. For splitting up ADM files into user and machine ADMs.

2. Added ccbcuser.adm, an example class user adm file that includes most user policies out there, including those for XP.

For V1.3.080302

1. Added the ADM File Joiner Script to the utilities. This will allow you to combine two ADM files as one.

2. Started using version numbers that include the date of release...makes it much easier to track. :)

For V1.2

1. KEYNAME and VALUENAME List Creator added. This will allow you to track multiple keyname entries and valuename entries and help tracking any duplicates you may have created.

2. Adm will now create a file called 'tmp.tmp' for it's temorary operations instead of 'tmp.adm'.

For V1.1

Un-Adm:

1. Un-Adm now filters out all characters that can not be part of a filename from the strings. This way it can not hang up on any entries when creating filenames.

2. Un-Adm now creates a filename in each directory called "catkey.diz" This is a plaintext file that contains the category's keyname. Previously, we were trying to put the category keyname in the policy file, provided there was no KEYNAME entry in the policy itself. The problem was that a keyname can be inside a PART, which is in the policy, so it would not write the category keyname. if there were multiple parts, and one did not have a keyname, it would error.

Adm:

1. Adm now reads in the catkey.diz file for each directory and places it as the keyname entry for it's respective category.

For More Info

If you wish to be put on a mailing list to receive the newest version of the ADM File Utilities, e-mail Peter at priesettTAKETHISOUT@ccbcmd.edu


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell