Nov 24

This is the beginning of a little standalone identity management project me and Kevin are working on for IPSwitch’s WhatsUp Gold product.

Overview:

This “WhatsUp Enterprise New User System” aka WENUS enumerates a configured LDAP Group (and any nested groups) for user accounts–any users that do not exist in the WhatsUp are created automatically.  It also reads the user account’s department attribute and creates access to the device group that has a matching device group description.  In our case we have ~200 remote sites, at each of those sites there are up to 2 techs who use WhatsUp to monitor systems at each site.  These remote sites are broken out into Device Groups, we populated all the device group description fields with the corresponding site/dept code–which is also populated in the user account’s LDAP department attribute.  This script can be run nightly or weekly to ensure the proper folks get access to only their respective area.  Furthermore it outputs to the WhatsUp System Activity Log, so you can see new users being created, and any errors there.

This was written for WhatsUp Gold v15 but should work on older versions–perhaps requiring slight modifications.

WENUS Features:

  • Enumerates a LDAP Group (and any nested groups) to create WhatsUp User Accounts when additions are made to the group
  • Scopes WhatsUp Device Group Security based on Department LDAP attribute & Matching WhatsUp Device Group Description fields
  • Outputs to the WhatsUp System Activity Log – any Creates and any Errors are logged centrally.
SQL Server credentials are required to be put into this script, to prevent this from being accessible via clear-text you can use Microsoft’s Script Encoder to encode this VBScript so Username/Password won’t be easily readable.  Download @ http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=3375
This script was created to be adapted with minimal effort to other systems, feel free to let me know if you modify this to support other systems/products.
Disclaimer: Safety is not guaranteed, test this before rolling into production.

Read the rest of this entry »

Nov 12

Couple of my buddy’s just threw this blog up: http://desktopengi.com.  Check them out, they have a very strong focus on Desktop Engineering/DevOps.

Some of the things you will find there:

  • Scripts to assist with a Google Apps Migration/Support Google Apps Long-Term
  • A Clean Login Script to handle multiple drive mappings on a per dept basis that ingests data from OUs and CSVs making changes a snap
  • Identity Management Scripts – Automation of Sec. Groups, etc.
  • *Very* Comprehensive Shortcut creation script–good for software deployment folks