The only thing I've seen are people using the <cd-rom>\SDK\Samples\Admin\ImportExport.vbs script from the ISA 2004 CD and using a Scheduled Task to call the script.
Posts: 80
Joined: 12.May2006
From: Suffolk, UK
Status: offline
Hi, I have only just got round to testing this. Seems to work well, I need to remove the parts of the VBS that echo onto the screen in order to use it as a scheduled task, but apart from that the process of importing and exporting seems simple enough with that script. Ont thing though, I did a backup through ISA and the xml file came out at 492KB, when I exported using the VBS it came out at 466KB. Does anyone know what the VBS may be missing that the backup through ISA does not? I deleted a couple of rules and reset a bit of VPN Config and also removed some PC's from the management group in system policies, then imported using the VBS and all came back OK. One thing to note, if you export using the VBS, you have to import using it, you cannot select the xml using the restore method in ISA. Incidently I am looking at trying to modify the vbs to email when it has completed OK, if anyone has any VB expertise then feel free to let me know how to do this!!
Thanks
Andy
< Message edited by Andy_UK -- 26.May2006 1:23:27 PM >
Posts: 80
Joined: 12.May2006
From: Suffolk, UK
Status: offline
Hi All, I have managed to incoropate a couple of changes to the vbs. I will paste it below, it works OK on my ISA, although you should clearly test this for yourselves. You will need to replace SETTHISVALUE in the vbs with your own details. When you run the vbs from the command line, if you just add an e after it, it will export the config to the folder you specify in the vbs (one of the SETTHISVALUE values) and then email you to let you know it has finished. There are no prompt or message boxes making this easier to schedule in windows scheduler. When you run the VBS from the command line with an i, it will prompt for the full folder and file name to import. This still puts a message onscreen to let you know it is running and when it has finished. The only thing I have found so far, is that when you import a file, it seems to add duplicate entries for management computers.
The file contents are below. As I say PLEASE make sure you are happy with this before relying on it. Mods, I am not sure if posting scripts is a problem, if it is then please accept my apologies and remove from the thread. Thanks
Andy
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' This script exports the configuration of the array object of an ISA Server ' computer to a specified XML file or imports the configuration in a specified ' XML file to array object of the ISA Server computer. ' The following parameter must be included on the command line: ' 1. The letter "e" or "i" to indicate whether the configuration will be ' exported or imported. ' When e is selected, script will export to file and location specified and then ' email to the specified address. ' When i is selected, a prompt box will appar asking for full path and filename ' to import, a message will be displayed when selection has been made and when ' import is complete. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Sub ImportExport() ' Define a constant to indicate that no optional data will ' be exported or imported. const noOptionalData = 0 'Declare the objects needed Dim root ' The FPCLib.FPC root object Dim firewall ' An FPCArray object Dim strComputer ' Create the root obect. Set root = CreateObject("FPC.Root") ' Get a reference to the array object (firewall). Set firewall = root.GetContainingArray If WScript.Arguments(0) = "e" Then
' Export the configuration to the XML file. ' Notice that values are not specified for the optional parameters. firewall.ExportToFile "C:\SETTHISVALUE\"& replace(Date,"/","_")+"_ISA_CONFIG.XML", noOptionalData Set objMessage = CreateObject("CDO.Message") objMessage.Subject = "SETTHISVALUE" objMessage.From = "SETTHISVALUE" objMessage.To = "SETTHISVALUE" objMessage.TextBody = "SETTHISVALUE" '==This section provides the configuration information for the remote SMTP server. '==Normally you will only change the server name or IP. objMessage.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 'Name or IP of Remote SMTP Server objMessage.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "SETTHISVALUE" 'Server port (typically 25) objMessage.Configuration.Fields.Item _ ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 objMessage.Configuration.Fields.Update '==End remote SMTP server configuration section== objMessage.Send WScript.Quit End If
If WScript.Arguments(0) = "i" Then Do strfileloc = (InputBox(" Location and Filename to Import", "File to Import")) If strfileloc <> "" Then strInput = True End if Loop until strInput = True WScript.Echo "Importing the configuration from " & strfileloc & " to the " & firewall.Name & " array object, a message will appear when complete" ' Import the firewall's configuration from the XML file specified. ' Notice that values are not specified for some of the optional parameters. firewall.ImportFromFile strfileloc,noOptionalData,,,True WScript.Echo "Importing was completed successfully." End If End Sub ImportExport
I am not sure why you will need to email the XML file. Here is my revision of the script you've just posted. Note that you will need to set the path for your import and export file names in fName variable.
'******This script will export ISA configuration********
Option Explicit 'Declare some variables Dim fName, IsaRoot, IsaServer
'Get a reference to ISA server objects Set IsaRoot = CreateObject("FPC.Root") Set IsaServer = ISARoot.GetContainingArray
'Filename to export the configuration fName = "c:\IsaExportConfig.xml"
'Export the configuration IsaServer.ExportToFile fName, 0
'******End of Export script**********************
Now open the notepad and copy/paste the script. Name the file as export.vbs. Run this file from the scheduler everyday.
Here is the import script:
'*******Start of the Import script************
Option Explicit
Dim fName, IsaRoot, IsaServer
Set IsaRoot = CreateObject("FPC.Root") Set IsaServer = ISARoot.GetContainingArray
fName = "c:\IsaImportConfig.xml"
IsaServer.ImportFromFile fName,0,,,True
Wscript.echo "XML file is imported" Wscript.quit
'********End of Import Script********
< Message edited by H4ppyGilmore -- 28.May2006 1:45:11 AM >
Posts: 80
Joined: 12.May2006
From: Suffolk, UK
Status: offline
Hi, I added the email part as in my department we receive email confirmation that all backups have completed successfully. So to save having to rdp to the server, or check a file in a folder, I set up the email to save time! I am not sure what the difference is between the script generated xml and the ISA generated xml, but in my case at least, when you try to restore an xml created by script using the restore option in ISA, it errors. One clear difference is when you backup using ISA it asks for a password, when you use the script it doesn't, whether this is the key to why ISA won't restore it?
Good work on the script, i've tested it and it works fine on our systems. I was wondering is there an function to backup the whole isa configuration i.e. command line equivelent of the Right click on the servername and selecting backup?
I am not sure why no one has done an article on how to write simple scripts to interface with ISA 2004.
To answer your question:
I just skimmed through the FPC object hierarchy and don't see the Backup. May be MS didn't include it. If no one response, let me do further research on this.
Posts: 80
Joined: 12.May2006
From: Suffolk, UK
Status: offline
Hi H4ppy, Can you tell me which part of the System Policies are not being backed/restored up when using the script? I have just deleted DHCP from external in DHCP, and removed a few management PC's from within Systems Policies, then restored from the Exported xml file and it brought in all of the deleted settings.
If you export, everything is copied to the xml file except the system firewall policies.
If you Backup, everything is copied including the system firewall policies.
This is what I got from a ISA 2004 server book (not Tom's book).
From Tom's book (pg 86-87), he says they are both same except Export feature gives you more granular control of what you export. Then he goes on to say that "exporting" the configuration is recommended for cloning ISA servers.
KB838375 also says what Tom is saying.
From your test, both Tom and KB article are right. However, this leaves me with few questions.
Why didn't MS enforce password policy for Backup or Export when script is used? You're prompted for a password when you backup manually.
Why can't I use the Backup to clone ISA servers, if both Export and Backup are the same?
What happens if I backup/export a server with C: and D: partitions (ISA is installed on D: partition) and later restore/import to a server with just a C: parition?
< Message edited by H4ppyGilmore -- 31.May2006 4:06:47 PM >
Posts: 80
Joined: 12.May2006
From: Suffolk, UK
Status: offline
Hi H4ppy, I have found in the help file the following is not backed up when you do an export:
User credential passwords used in your ISA Server configuration. For example, in logging to a computer running SQL Server, running a program as a result of an alert, or L2TP remote authentication.
RADIUS shared secret.
VPN preshared IPsec key.
I have confirmed that the RADIUS Shared Secret does not restore when you use the import routine.
These can be exported when you choose Export Confidential information. Although I do not know how you would incorporate this into the script version of the export.
Andy
< Message edited by Andy_UK -- 31.May2006 4:53:54 PM >
Posts: 433
Joined: 18.Jul.2005
From: USA
Status: offline
how do I run the script, I am trying this manually at command prompt but it's not working for me. Here's what I used? C:\ISA Server data> C:\Windows\System32\wscript.exe "C:\ISA Server data\ImportEx port_Email.vbs",e