Click here to send us your inquires or call (852) 36130518

Scripts To Manage ISA Server

 Forefront Threat Management Gateway (Forefront TMG) is Microsoft's Firewall, Web Proxy and VPN Gateway Product

 
 Welcome!

Welcome!  Here you'll find free scripts and resources for Microsoft Internet Security and Acceleration Server (ISA Server) and Microsoft Forefront Threat Management Gateway (Forefront TMG). All the scripts are in the public domain with no rights reserved and no registration required. More scripts are in development, and if there is a type of script you'd really like to see here, let me know and maybe I'll write it!

My name is Jason Fossen, I'm a security consultant at Enclave Consulting LLC and I regularly teach a week-long course on Windows security for the SANS Institute. This web site is where I share materials with my conference attendees, consulting clients, and anyone else interested in security for Microsoft-based networks. -- Cheers!
 

  Hey, The Scripts Are Free, But I Have To Pay For This Site Somehow!

 
 


 ISA Server Websites & Blogs
 
 Firewall Policy Scripts

All the scripts and files described below are in this zip file.

In the zip file, look in the \ISA_Server folder for the ISA Server scripts. The comment headers in the scripts provide more information and most scripts have a "/?" switch for help too. 

  • ISA_Array_Sizing_Spreadsheet.xls
    A firewall array sizing spreadsheet based on Microsoft's Best Practices for Performance whitepaper, but you can plug in your own traffic requirements and it'll calculate the estimates for you. (BETA)
     
  • HTTP_Header_Descriptions.xls (Spreadsheet)
    Spreadsheet of all the RFC 2616 HTTP request, response, entity and general headers and their descriptions to assist in editing HTTP application-layer filters and interpreting log data.
     
  • ISA_Fill_Domain_Name_Set.vbs
    Create or update a Domain Name Set with domains obtained from a local file or from an HTTP URL, such as for the blacklisted domains of spammers, advertisers, pornographers, hate groups, etc.
     
  • ISA_Fill_URL_Set.vbs
    Create or update a URL Set with URLs obtained from a local file or from an HTTP URL, such as for the blacklisted URLs of spammers, advertisers, pornographers, hate groups, etc.
     
  • ISA_Fill_Computer_Set_Subnets.vbs
    Create or update a Computer Set with subnets obtained from a local file or from an HTTP URL, such as for bogon routes, unallocated routes, known attackers, unwanted countries, etc.
     
  • ISA_Fill_Computer_Set_Computers.vbs
    Create or update a Computer Set with computer objects obtained from a text file containing hostnames and their IP addresses.
     
  • ISA_Copy_HTTP_Filter_Settings.vbs
    Copies the HTTP application-layer filter settings from one rule to another in the firewall policy so that you only have to create the filter once.  Can display the raw XML of the filter for analysis or backup too.
     
  • ISA_Enable-Disable_Rule.vbs
    Enable/disable firewall rules from the command line.
     
  • ISA_Manage_Domain_Name_Sets.vbs
    Variety of functions for viewing, creating, deleting and modifying Domain Name Set objects. For VBScript coders.
     
  • ISA_Manage_Subnets.vbs
    Variety of functions for viewing, creating, deleting and modifying Subnet objects. For VBScript coders.
     
  • ISA_Manage_URL_Sets.vbs
    Variety of functions for viewing, creating, deleting and modifying URL Set objects. For VBScript coders.
 Logging and Error Codes

  • ISA_Server_Error_Codes.xls (Spreadsheet)
    Spreadsheet of names, descriptions and hex numbers of ISA Server error, cache and response codes. Handy for troubleshooting. You might also want to get Microsoft's event log messages help file for ISA Server.
     
  • ISA_Quick_WHOIS.vbs
    Copy a line of log data on the Logging tab to the clipboard using the Tasks pane, run the script, and a WHOIS query of the client's IP address pops up.  Copy the script to the Start menu or associate a keyboard shortcut with it if you need to do it often.
     
  • ISA_MSDE_Max_Memory.vbs
    Displays or edits the maximum amount of memory the MSDE service (sqlservr.exe) is permitted to use, since database logging can sometimes cause a memory leak (KB909636).
     
  • ISA_MSDE_Detach_Database.vbs
    Gracefully detach one or all MSDE logging database files so that they can be deleted, copied or moved from the ISA Server.
     
  • ISA_LogParser.vbs
    Demonstrates over 20 queries against ISA Server and IIS log files using the free Microsoft Log Parser tool to show, for example, which rules are the most frequently used, which IP addresses are sending the most denied packets, which users are consuming the most bandwidth, who is sending Ping of Death packets, etc.
     
  • ISA_Parse_Raw_Hex_Payload.vbs
    Uses the command-line version of the free Wireshark sniffer to analyze the raw hex fields of offending packets in firewall logs.
 Alerts

  • ISA_List_Alert_Definitions.vbs
    Lists all alert definitions and their detailed properties.
     
  • ISA_E-Mail_Alert.vbs
    Script to e-mail the output of any chosen command, such as "ipconfig /all", when the script is executed by an ISA Server alert action, scheduled job, EventTriggers.exe, Performance Monitor alert, etc. Unlike ISA Server e-mail alerts, you can specify a username and password, and use SSL for SMTPS. Especially nice for being alerted when DHCP-assigned IP addresses change.
     
  • ISA_Reset_Acknowledge_Alerts.vbs
    View, reset and acknowledge triggered alerts by severity level.
     
  • ISA_Panic_Script.bat
    A batch script to run when you really need to go into lockdown mode.
 Cache - RRAS - DNS - Misc.

  • ISA_DNS_Binding_Order.vbs
    To be used on VPN clients, the script changes the order in which DNS servers are queried so that the DNS servers associated with the VPN connection are always used first. This helps to solve a known name resolution problem for Windows VPN and dial-up clients (KB311218).
     
  • ISA_CARP_Name_Resolution.vbs
    Manages how the names or IP addresses of CARP array members in an Enterprise Edition array are represented in the cache array script download by Web Proxy clients.  Useful when the array has multiple network objects which have Web Proxy clients on each network.
     
  • ISA_Add-Remove_Cached_File.vbs
    Add/remove individual files to or from the Web Proxy cache, such as for pre-loading files into the cache from URL or local drive sources.
     
  • ISA_Manage_Sessions.vbs
    Dump current sessions into a comma-delimited format (imports to Excel); functions for disconnecting sessions based on IP address, user name or client process name; and a function to disconnect VPNs by IP address.
     
  • ISA_Manage_SSL_Ports.vbs
    View and edit permitted outbound HTTPS/SSL ports, since ISA Server only permits TCP 443 and 563 out by default (KB283284).
     
  • BlackHole.bat
    Adds, removes and lists "blackholed" routes in ISA Server's route table; these are routes to IP's or subnets that drops packets without editing firewall rules or disrupting other communications. If you blackhole an internal machine's IP address, for example, it will not be able to maintain a Firewall Client channel or Web Proxy connection to the ISA Server, but its other internal communications won't be affected. Similar in purpose to the "rathole script" Microsoft uses on its own ISA Server arrays.
     
  • RRAS_Account_Lockout.vbs
    Manages the RRAS user lockout feature on local or remote ISA Server VPN gateways to thwart password-guessing attacks.
     
  • ISA_Server_Security_Template.inf
    Security template for ISA Server firewalls for use with SECEDIT.EXE or the Security Configuration & Analysis snap-in.  This disables unneeded services and can break things, so make sure to make a backup first and test the template on a non-production server!
 Registry Edits

The following are REGEDIT.EXE exports for registry values that frequently need to be changed on an ISA Server.  They are also in the download zip file.

 

 Other Useful Scripts


The following scripts and files are also in the zip file, but they are not specifically for ISA Server. Most are in the \Day6 folder in the zip file.

  • Set_Service_Recovery_Options.bat
    Uses SC.EXE to set service failure response actions for the Windows services listed in an input file; for example, configure your critical services to send an alert e-mail to admins when any one fails.
     
  • WMI_ADO_DumpEventLog.vbs
    Dump and clear local or remote Event Logs to local comma-delimited CSV file which can be cleanly opened in Excel, imported into a database, or easily searched (with sample searches).
     
  • Import_To_Excel.vbs
    Imports a one- or two-dimensional array into a new Excel spreadsheet.  Useful when sifting through large amounts of tabular data, such as log entries or a list of sessions.
     
  • CDOSYS_Send_Mail.vbs
    Script for sending e-mail without an e-mail client or the SMTP service locally installed.  Supports authentication and SMTPS.
     
  • SnapShot.bat
    Create an auditing baseline snapshot of a server to be used later to analyze changes to the box, such as after a compromise or failure.
     
  • Start-Telnet.bat
    Pass in IP address of XP or later machine, script configures remote machine to only support NTLM Telnet authentication, enables Telnet service, opens Telnet session, then stops and disables Telnet service afterwards.  Use with an IPSec policy to encrypt Telnet traffic.
     
  • Search_Text_Log.vbs
    Searches a text log from ISA, IIS or whatever source for matches from a file of regular expression patterns that indicate malware or hacking, then prints a report of the number of signature matches found. Includes a file (signatures.txt) of 35 potential hacking signatures in ISA Web Proxy or IIS logs.
     
  • IPSecPol_* and NetShell_*
    Example scripts for managing IPSec and networking settings, such as configuring a NIC with static settings or creating an IPSec policy.
     
  • Firewall_*
    A bunch of scripts for the Windows Firewall (not ISA Server).
     
  • ADO_*
    A bunch of scripts for database queries and manipulation, such as for managing imported log data.
     
  • ADSI_*
    A bunch of scripts for Active Directory and user account management, including one for brute-force password guessing attacks over LDAP with a dictionary file.
     
  • CAPICOM_*
    Some scripts for PKI and cryptography, including a script for Group Policy to remove unwanted trusted root CA certificates.
     
  • WMI_*
    A bunch of scripts for system management with Windows Management Instrumentation, such as for remote execution, process termination, listing of processes/drivers/patches/packages, forcing logoff/shutdown/reboots, starting and stopping services in dependency sets, setting registry values, etc.

 

 Contact Google

 

THE SOFTWARE AND OTHER FILES AND INFORMATION ON THIS WEB SITE ARE PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, CORRECTNESS, ERROR-FREE OPERATION, ACCURACY, RELIABILITY OR OTHERWISE. YOU ASSUME ALL RISKS IN USING OR RELYING UPON THIS WEB SITE OR THE INFORMATION OR SOFTWARE RELATED TO IT. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY THE AUTHOR OR THOSE ASSOCIATED WITH THIS WEB SITE SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF ANY WARRANTY, UNLESS SUCH WARRANTIES ARE IN WRITING AS A PART OF A COMMERCIAL AGREEMENT OR CONTRACT. IN NO EVENT SHALL THE AUTHOR, ENCLAVE CONSULTING LLC OR THOSE ASSOCIATED WITH THIS WEB SITE BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF THERE HAS BEEN ADVISEMENTS OF THE POSSIBILITY OF SUCH DAMAGES. ACCESSING THIS WEB SITE OR DOWNLOADING FILES FROM IT WILL NOT CREATE A CUSTOMER OR CLIENT RELATIONSHIP WITH ANY PARTY ASSOCIATED WITH THIS WEB SITE. CERTAIN STATES DO NOT PERMIT EXCLUSIONS OF IMPLIED WARRANTIES OR LIMITATIONS OF LIABILITY, SO THIS DISCLAIMER MAY NOT APPLY TO YOU OR MAY APPLY TO YOU ONLY IN PART. YOU MAY HAVE OTHER LEGAL RIGHTS WHICH VARY FROM STATE TO STATE.
This web site is not associated with or endorsed by Microsoft Corporation in any way.
This site is produced and sponsored solely by Enclave Consulting LLC.
Microsoft, Windows, Internet Security and Acceleration Server, ISA Server, Forefront, Forefront Threat Management Gateway, TMG, Exchange Server, IIS, SharePoint, Active Directory, ActiveSync, .NET, Visual Basic, VBScript, Active Server Pages, Visual Studio, Office, Excel, SQL Server, PowerShell, WMI, Windows Management Instrumentation, SecureNAT, PowerShell, Outlook, Outlook Web Access, and OWA are either registered trademarks, trademarks or products of Microsoft Corporation in the United States and/or other countries. Other trademarks are the property of their respective owners.

Last Updated: 2.Mar.2011

 

雪茄| 雪茄烟网购/雪茄网购| 雪茄专卖店| 古巴雪茄专卖网| 古巴雪茄价格| 雪茄价格| 雪茄怎么抽| 雪茄哪里买| 雪茄海淘| 古巴雪茄品牌| 推荐一个卖雪茄的网站| 非古雪茄| 陈年雪茄| 限量版雪茄| 高希霸| 帕特加斯d4| 保利华雪茄| 大卫杜夫雪茄| 蒙特雪茄| 好友雪茄

古巴雪茄品牌| 非古雪茄品牌

Tomtop|

IT Support| POS label| System Integration| Software development| label printing| QR code scanner| wms| vending machine| barcode scanner| SME IT| it solution| rfid tag| rfid| rfid reader| it outsourcing| IRLS| inventory management system| digital labelling| barcode label| Self Service Kiosk| Kiosk| Voice Picking| POS scanner| POS printer| System Integrator| printing labels| Denso| inventory management| warehouse management| Business service| vending| mobile app development| terminal handheld| printer hong kong| thermal printer| thermal label printer| mdm| mobile solutions| mdm solutions| mobile device management

banner| Backdrop| Bannershop| Ebanner| Eprint| foamboard| hk print| hong kong printing| Printing| backdrop| print100

Beauties' Secret cosmetic and skincare| 暢銷護膚品/化妝品| 面部護理/面膜產品| 眼部護理/眼膜產品| 護膚產品推介| 護膚品優惠

DecorCollection European design furniture| sofa hk| sofas| beds| coffee tables| dining tables| dining chairs| sideboards| furniture hk| Cattelan Italia| Koinor

Addmotor electric bike shop

地產代理/物業投資| 租辦公室/租寫字樓| 地產新聞

Grade A Office| Office for lease / office leasing| Office building| Commercial Building| Office for sale| Hong Kong Office Rental / Rent Office

Hong Kong Grade A Office Rental

Jardine House| Admiralty Centre| One Island East| One Kowloon| The Center| World Wide House| United Centre| Exchange Square| Ocean Centre| Lippo Centre

Wycombe Abbey| private school hong kong| English primary school Hong Kong| primary education| top schools in Hong Kong| best international schools hong kong| best primary schools in hong kong| school day| boarding school Hong Kong| Wycombe Abbey School

edm| Mailchimp| Hubspot| Sendinblue| ActiveCampaign| SMS

xiaomi m365| XT175| xiaomi Roborock S50| Wltoys| VISUO XS812| Vernee T3 Pro| Ulefone Power 5| SJCAM SJ8 PRO| Rowin WS-20| MXQ PRO| MJX Bugs 5W| JJPRO X5| hubsan h501s x4| hohem isteady pro| Feiyu Tech G6| Bugs 5W| anet a8 3d printer review| andoer| amazfit bip| Viltrox EF-M2| Tronxy X5S| SONOFF| LEMFO LEM8| lemfo lem4 pro| LEMFO| koogeek| Hubsan| Creality Ender 3| ammoon