我有几个使用基于角色的安全性的COM +应用程序。在任何故障排除期间,手动检查每个组件以确保选中“强制组件级别访问检查”和“为所选项目设置的角色明确”框可能会很麻烦。
使用下面的脚本解决了一半问题(强制执行组件级别访问检查),但我很难找到一种方法来以编程方式确定分配给组件的任何角色是否也启用了其复选框。
非常感谢任何帮助!
Clear-Host;
$comAdmin = New-Object -com ("COMAdmin.COMAdminCatalog.1");
$applications = $comAdmin.GetCollection("Applications") ;
$applications.Populate() ;
$appfilter = "ABC";
foreach ($application in $applications){
if($application.name.substring(0,3) -eq $appfilter){
try{
$components = $applications.GetCollection("Components",$application.key)
$components.Populate()
foreach ($component in $components){
$componentName = $component.Name;
Write-Host $componentName;
$accesschecks = $component.Value("ComponentAccessChecksEnabled");
Write-Host "Access Checks Enabled: " -NoNewLine;
Switch ($accesschecks){
$true{Write-Host $accesschecks -ForegroundColor Green}
$false{Write-Host $accesschecks -ForegroundColor red -BackgroundColor white}
}
$roles = $applications.GetCollection("Roles",$application.key) ;
$roles.Populate();
$rolename = $roles.Item(0).Name;
#$roleenabled = !!???!!
Write-Host "Role: $rolename Enabled: " -NoNewLine;
Switch ($roleenabled){
$true{Write-Host $roleenabled -ForegroundColor Green}
$false{Write-Host $roleenabled -ForegroundColor red -BackgroundColor white}
}
Write-Host;
}
}
catch{}
}
Write-Host "-------------------------------------";
}
答案 0 :(得分:1)
破解了。如果未在组件安全设置中选中角色框,则角色不会在RolesforComponent集合中列出,就好像根本没有角色一样。此外,可能会为组件分配多个角色,因此需要另一个枚举循环:
Clear-Host;
$comAdmin = New-Object -com ("COMAdmin.COMAdminCatalog.1");
$applications = $comAdmin.GetCollection("Applications") ;
$applications.Populate() ;
$appfilter = "ABC";
foreach ($application in $applications){
if($application.name.substring(0,3) -eq $appfilter){
try{
Write-Host $application.name -ForegroundColor White;
$components = $applications.GetCollection("Components",$application.key)
$components.Populate()
foreach ($component in $components){
$componentName = $component.Name;
$componentID = $component.Value("CLSID");
Write-Host "*"$componentName;
$accesschecks = $component.Value("ComponentAccessChecksEnabled");
Write-Host " Access Checks Enabled: " -NoNewLine;
Switch ($accesschecks){
$true{Write-Host $accesschecks -ForegroundColor Blue -BackgroundColor Green}
$false{Write-Host $accesschecks -ForegroundColor White -BackgroundColor Red}
}
}
$RolesForComponent = $components.GetCollection("RolesForComponent",$component.Value("CLSID"))
$RolesForComponent.Populate();
If ($RolesForComponent.Count -eq 0){
Write-Host " " -NoNewLine;
Write-Host "Check Roles!" -ForegroundColor White -BackgroundColor Red;
}
Else{
foreach ($role in $RolesForComponent){
$rolename = $role.Name;
Write-Host " " -NoNewLine;
Write-Host $rolename -NoNewLine;
Write-Host " " -NoNewLine;
Write-Host "Role OK" -ForegroundColor Blue -BackgroundColor Green;
Write-Host;
}
}
}
catch{}
}
Write-Host "----------------------------------------------------------------------";
}