views:

1289

answers:

3

Hi all,

I'd like to call caspol from within a script inside a custom action in an msi (setup project). I'd prefer a standard msi to ClickOnce, because with a standard msi I can install drivers & associate filetypes with our application whereas with ClickOnce I can't.

When I execute the caspol command from the command line it succeeds, but from within vbscript it always fails with the error "Fehler: Unbekannte Mitgliedschaftsbedingung - -url.." - which translates as "Error: Unknown membership condition: -url". To further clarify: A copy & paste of the generated command works fine on the command line directly on the local drive of a virgin virtual machine, as local administrator, as part of a workgroup.

I have two ideas: 1. I'm no vbscript king, so maybe I've missed quotes or made some other sort of syntax error. 2. Caspol recognises that I'm running it from within a script and halts with an intentionally nonsensical error.

Personally, I believe it's just a dumb syntax error.

Here's my script:

set sh = CreateObject("Wscript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")

dim command
dim location
dim retVal

location = fso.GetFile(Wscript.ScriptFullName).ParentFolder

'%windir%\microsoft.net\framework\v2.0.50727\caspol.exe -pp off -m -addgroup 1 –url file://COMPUTER/SHARE/* FullTrust -name sbw2
command = fso.GetSpecialFolder(0) & "\microsoft.net\framework\v2.0.50727\caspol.exe -pp off -m -ag 1 –url file://"
for each s in Split(location, "\")
        if Len(s) > 0 then
                command = command & s & "/"
        end if
next
command = command & "* FullTrust -name sbw2"

'DEBUG
'command = fso.GetSpecialFolder(0) & "\microsoft.net\framework\v2.0.50727\caspol.exe -m -ag 1 –url file://mjlaptop/sbw2/* FullTrust"
Wscript.StdOut.WriteLine VbClrf
Wscript.StdOut.WriteLine command
Wscript.StdOut.WriteLine VbClrf

Set output = sh.Exec(command)

dim text
while Not output.StdOut.AtEndOfStream
        text = text & output.StdOut.Read(1)
Wend
Wscript.StdOut.WriteLine text

Thanks in advance,

Matt

A: 

No that's not it. Even with command = command & """" at the end of all that string concatenation.

Matt Jacobsen
The code answer provided above won't even compile. Nice idea to take my simple suggestion that I've missed a quote and, heh, quote it back to me, but if you're gonna do that you have to be certain it's going to run without throwing a simple syntax error.
Matt Jacobsen
A: 

Copy & pasted from your answer into my code:

"C:\WINDOWS\microsoft.net\framework\v2.0.50727\caspol.exe -pp off -m -ag 1 -url "file://mjlaptop/sbw2/*" FullTrust -name sbw2

\\mjlaptop\sbw2\setpolicy.vbs(32, 1) WshShell.Exec: Das System kann die angegebene Datei nicht finden.

It's missing a quote. And now, adding a closing quotation mark, as I guess you intended:

"C:\WINDOWS\microsoft.net\framework\v2.0.50727\caspol.exe" -pp off -m -ag 1 -url "file://mjlaptop/sbw2/*" FullTrust -name sbw2

Microsoft (R) .NET Framework CasPol 2.0.50727.42
Copyright (c) Microsoft Corporation. Alle Rechte vorbehalten.

Fehler: Unbekannte Mitgliedschaftsbedingung - -url..

That's the error as given in my original post. You're right: the command is valid. That the command is valid isn't the problem. I can copy and paste the bloody echo into a command window and it'll execute successfully. I can stick as many quotes in there as you like, and I reckon it'll still complain about the "unknown membership condition" though.

I'll try to make my replies in comments.

Matt Jacobsen
Tomalak, you were on the right track. I haven't tried your syntax though since I found the solution myself.
Matt Jacobsen
...yep! caspol must accept both formats of the "url", but for some reason the only one to work through vbs is the "network share" form. I've had some issues with this form of url in conjunction with caspol before at a customer site though.
Matt Jacobsen
A: 

Change url formatting of url in command to \\mjlaptop\sbw2* for some reason, formatted as "file://..." won't work. With or without quotes.

This uid (yossarian) belongs to me (Matt Jacobsen) too. I'd had to use the above as claimid was down for maintennance.

Matt Jacobsen
I'm accepting my own answer here. To clarify, I am both Cpt. Yossarian and Matt Jacobsen. Feel free to complain if you think it's necessary.
Matt Jacobsen
Convenient. Maybe you deserve an up-vote as well for finding out?
Tomalak