Creating Policy Rule Reports

  • Article

In Microsoft Internet Security and Acceleration (ISA) Server, reports containing information about policy rules can be created by retrieving the properties of the objects that represent these rules. The Microsoft Visual Basic Scripting Edition (VBScript) code in PolicyRulesReport.vbs (script below) retrieves the collection of system policy rules and the collection of policy rules, and iterates through the collections, generating a report that includes the names of the rules with an indication of whether each rule is enabled. The script can be modified to generate reports that include other properties of the rules.

Usage:Cscript PolicyRulesReport.vbs

To create a policy rules report

  1. Create an instance of the FPC COM object, which provides access to the other ISA Server administration COM objects.

  2. Declare an FPCArray object, two FPCPolicyRules collections, and an FPCPolicyRule object.

  3. Get references to the existing FPCArray object, the FPCPolicyRules collection for the system policy rules, and the FPCPolicyRules collection for the ordinary policy rules.

  4. In a For loop, iterate the objects in the system policy rules collection. For each system policy rule, retrieve the values of the Enabled property and display the name of the rule followed by an indication of whether the rule is enabled or disabled.

  5. In a For loop, iterate the objects in the policy rules collection. For each policy rule, retrieve the values of the Enabled property and display the name of the rule followed by an indication of whether the rule is enabled or disabled.

Script listing: PolicyRulesReport.vbs

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

' Copyright (c) Microsoft Corporation. All rights reserved.

' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE

' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE

' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS

' HEREBY PERMITTED.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

' This script retrieves the collection of system policy rules and the

' collection of policy rules and implicitly uses the _NewEnum property to

' iterate through the collections and display the names of the rules with

' an indication of whether each rule is enabled.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Sub IteratePolicyRules()

' Create the root obect.

Set root = CreateObject("FPC.Root")

' Declare the other objects needed.

Dim array ' An FPCArray object

Dim spRules ' An FPCPolicyRules collection

Dim rules ' An FPCPolicyRules collection

Dim rule ' An FPCPolicyRule object

Dim isEnabled ' A string

' Get references to the array object, the system

' policy rules collection, and the policy rules collection.

Set array = root.GetContainingArray()

Set spRules = array.SystemPolicy.PolicyRules

Set rules = array.ArrayPolicy.PolicyRules

' List the system policy rules and indicate whether each

' rule is enabled.

WScript.Echo "***System Policy Rules***"

For Each rule In spRules

If rule.Enabled = True Then

isEnabled = "Enabled"

Else

isEnabled = "Disabled"

End If

WScript.Echo rule.Name & ": " & isEnabled

Next

' List the policy rules and indicate whether each

' rule is enabled.

WScript.Echo vbCrLf & "***Policy Rules***"

For Each rule In rules

If rule.Enabled = True Then

isEnabled = "Enabled"

Else

isEnabled = "Disabled"

End If

WScript.Echo rule.Name & ": " & isEnabled

Next

End Sub

IteratePolicyRules