Appendix A for Windows Server 2003 PKI Operations

  • Article

Applies To: Windows Server 2003 with SP1

The following basic VBScript can be run by an end user or administrator to enumerate all the enterprise CAs in the forest, list the individual CAs, and display the role(s) held by the current user for each of the CA(s) as appropriate:

on error resume next 
dim certadm 
dim configobj 
dim config 
dim index 
dim roles(9) 
roles(0) = "CAADMIN" 
roles(1) = "OFFICER" 
roles(2) = "AUDITOR" 
roles(3) = "OPERATOR" 
roles(8) = "READ" 
roles(9) = "ENROLL" 
set certadm = CreateObject("CertificateAuthority.Admin") 
Call ExitOnError("Createobject CertificateAuthority.Admin") 
set configobj = CreateObject("CertificateAuthority.Config") 
Call ExitOnError("Createobject CertificateAuthority.Config") 
index = 0 
do while index <> -1 
    config = "" 
    config = configobj.GetField("config") 
    if(config <> "") then 
        wscript.echo "CA: ", config 
        PrintRoles(config) 
    end if 
    index = configobj.Next() 
    Call ExitOnError("ICertConfig::Next") 
loop 
sub PrintRoles(config) 
    value = certadm.GetMyRoles(config) 
    Call ExitOnError("GetMyRoles") 
    wscript.echo "Roles: 0x" & hex(value) 
    for count=0 to 9 
        if((count<4 or count>7) and value mod 2) then 
            wscript.echo "      ", roles(count) 
        end if 
        value = value \ 2 
    next 
End Sub 
Sub ExitOnError(failedCall) 
'    if err.number <> 0 then 
 '   wscript.echo "Error calling " + failedCall + " : " + err.value 
  '  end if 
End Sub

This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

2003. Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Visual Studio, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.