Ben Ari's UAG and IAG Blog

Plenty of useful and fun info on UAG, Microsoft's remote access and reverse-proxy product.

Some client-side magic scripting

Some client-side magic scripting

  • Comments 3
  • Likes

In a previous blog post, I’ve detailed how to create a custom application template to perform a special drive-mapping. Later on, I’ve posted another one, which offers a way to use the “relay” template format to run a VBScript that can do other things.

The “relay” template is one of the most powerful features of UAG and IAG, because it’s so customizable. You can use it to run pretty much any BATCH command on the client, and using the method I suggested back-then, you can use the batch commands to generate a dynamic VBScript file, which is even more powerful. There are some limitations to this, because when using the ECHO batch command to generate the file, you can’t use the & sign (the CMD interpreter uses that to link commands, so it will think the text after the sign is a new command). This means you can’t combine variables like you’re used to if you’re a veteran VBScript writer. Instead, you can use the + sign.

Another challenge this method has is that on Vista and Windows 7 systems, the OS is protected by the UAG system against most of the really interesting modifications you may want to do. The good news is that there IS a way around that by using some tricky code:

If WScript.Arguments.length =0 Then
          Set objShell = CreateObject("Shell.Application")
          objShell.ShellExecute "wscript.exe", Chr(34) + WScript.ScriptFullName + Chr(34) + " uac", "", "runas", 1
Else
    ***Your violent code!!!****
End If

This little trick cause the VBScript engine to invoke the UAC confirmation dialog, and if the user approves it, it will execute your violent code.

The way to make use of this for your purposes is this:

1. You write the VBScript that does what it is you need, and test it properly on some client. You need to be sure to avoid using the & sign.

2. You convert the code to a dynamic CMD processing format, using the ECHO command to push the VB commands into a file generated in the system’s TEMP folder. For example:

@echo wscript.sleep 500 >>%temp%\DoMyBidding.vbs

Note that I use the @ sign so that the user won’t see what’s happening, because this is being processed in a visible CMD window on the client. Also, I use the >> symbol to APPEND this content to the file I’m generating. I would use just one > in the 1st line of the batch so as to make sure the file is overwritten initially (because the user may run this app multiple times). I’m also putting the file in the %temp% folder, because it’s freely writeable and so I don’t have to worry about permissions.

3. You add a line to actually RUN the file using the silent CSCRIPT interpreter:

@cscript %temp%\SetDns.vbs

4. You put all that into a custom SSL-VPN template based on the relay format. To do so, you create a new text file, and paste this into it, updating the relevant part with your code from steps 1-3:

<config>
<templates version="3" use-lsp="1">
<template name="DoMyBiddingTemplate" userrights="562" repository-type="NT Domain,Active Directory" credvar-prefix="WhlDrvMap" use-with-lsp="yes" win="yes"><!--Windows-->
<port id="0" remoteport="139" flags="10"  use-with-lsp="yes"/>
<config-file flags="1" path="%Temp%\DrvMain-%InternalAppID%.bat" use-with-lsp="yes"><![CDATA[

***Your Code from step 1-3 comes here***

]]>
</config-file>
<exec exe='%Temp%\DrvMain-%InternalAppID%.bat %DrvLetter% "%WhlDrvMapPwd%" %WhlDrvMapDomain%\%WhlDrvMapUser%' flags="4" param=""/>
</template>
</templates>
</config>

You save this file under the name SSLVPNTemplates.xml in the folder <UAG Folder>\von\conf\CustomUpdate

The <UAG Folder> is typically c:\Program Files\Microsoft Forefront Unified Access Gateway

5. You have to CLOSE the UAG console before continuing!!!

6. You create a custom Wizard template to call the new relay template you just created. To do so, you create a new text file, and paste this into it:

[Application_List]
NumOfApps=1
App1=DoMyBidding

[DoMyBidding]
Name=My Custom Application
AppType=1
WhaleApp=0
Types=1,2
SSLVpnTemplate=DoMyBiddingTemplate
SSLVPNNumOfElements=3
SSLVPNElement0ID=0
SSLVPNElement1ID=ShareName
SSLVPNElement2ID=DrvLetter
0Name=Server NetBIOS Name:
0Type=0
0GuiType=0
0Validation=IP/DNS NotEmpty
DrvLetterName=Drive Letter:
DrvLetterType=2
DrvLetterGuiType=3
DrvLetterValue=*
DrvLetterListValue=*;D;E;F;G;H;I;J;K;L;M;O;N;P;Q;R;S;T;U;V;W;X;Y;Z
DrvLetterGuiWidth=35
ShareNameName=Share Name:
ShareNameType=2
ShareNameGuiType=0
ShareNameValidation=Pattern(Exclude /:*?"<>|) NotEmpty
AutoLaunch=0
CreateEntryLink=0
ActivateSmugglingProtection=0
MaxHTTPBodySize=49152
ContentTypeList=application/x-www-form-urlencoded|multipart/form-data

You save this file under the name WizardDefaultParam.ini in the folder <UAG Folder>\von\conf\WizardDefaults\CustomUpdate

7. You re-open the UAG configuration console, and you should now see the new application template appear in the Client/Server and Legacy application list container. When you create a new application based on that template, you are asked to fill in various details, but don’t worry about it – other than the applications’ name, the rest has no bearing on what the application actually does, so you can fill-in bogus data.

8. Don’t forget that you can set this app to launch automatically with the portal login, if it performs something all your users need to do.

To conclude this, here’s a sample of a complete SSL-VPN template that I created recently. It changes the DNS settings on the client to point it to a specific public DNS server, instead of the user’s default one:

<config>
<templates version="3" use-lsp="1">
<template name="configdns" userrights="562" repository-type="NT Domain,Active Directory" credvar-prefix="WhlDrvMap" use-with-lsp="yes" win="yes"><!--Windows-->
<port id="0" remoteport="139" flags="10"  use-with-lsp="yes"/>
<config-file flags="1" path="%Temp%\DrvMain-%InternalAppID%.bat" use-with-lsp="yes"><![CDATA[
@echo If WScript.Arguments.length =0 Then >%temp%\SetDns.vbs
@echo  Set objShell = CreateObject("Shell.Application") >>%temp%\SetDns.vbs
@echo  objShell.ShellExecute "wscript.exe", Chr(34) + WScript.ScriptFullName + Chr(34) + " uac", "", "runas", 1 >>%temp%\SetDns.vbs
@echo Else >>%temp%\SetDns.vbs
@echo Dim aDNS(1) >>%temp%\SetDns.vbs
@echo aDNS(0) = "4.2.2.2" >>%temp%\SetDns.vbs
@echo aDNS(1) = "4.2.2.1" >>%temp%\SetDns.vbs
@echo set objWMIService = GetObject("winmgmts:\\.\root\cimv2") >>%temp%\SetDns.vbs
@echo Set colItems = objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = 1") >>%temp%\SetDns.vbs
@echo For Each objItem in colItems >>%temp%\SetDns.vbs
@echo errDNS = objItem.SetDNSServerSearchOrder() >>%temp%\SetDns.vbs
@echo wscript.sleep 500 >>%temp%\SetDns.vbs
@echo errDNS = objItem.SetDNSServerSearchOrder(aDNS) >>%temp%\SetDns.vbs
@echo next >>%temp%\SetDns.vbs
@echo End If >>%temp%\SetDns.vbs
@cscript %temp%\SetDns.vbs
]]>
</config-file>
<exec exe='%Temp%\DrvMain-%InternalAppID%.bat %DrvLetter% "%WhlDrvMapPwd%" %WhlDrvMapDomain%\%WhlDrvMapUser%' flags="4" param=""/>
</template>
</templates>
</config>

Comments
  • If you want to echo out an actual "&" symbol from a batch file, you can precede it with a carat "^". Check out the difference between these two commands:

    echo I like fish & echo chips

    echo I like fish ^& chips

    And nice set of posts - the ability to do stuff like this is certainly not obvious anywhere else I looked.

  • Hi Ben,

    thanks for inspiration - this article helped me a lot to get my own scripts and templates up and running.

    I did some additional research on the VPNSSLTeamplate and WizardDefault settings and those files are even better for your task^^

    <config>

    <templates version="3" use-lsp="1">

    <template name="SomeScripts" userrights="0" use-with-lsp="yes" win="yes">

    <port id="0" flags="1" ip2relay="1.3.3.7" remoteport="1337"/>

    <config-file flags="1" path="%Temp%\Script.vbs" use-with-lsp="yes">

    <![CDATA[

    MsgBox "Did you know?", 32, "It works!"

    ]]>

    </config-file>

    <exec exe='WScript.exe %Temp%\Script.vbs' flags="4" param=""/>

    </template>

    </templates>

    </config>

    [Application_List]

    NumOfApps=1

    App1=SomeScripts

    [SomeScripts]

    Name=Some Scripts

    AppType=1

    InternalApp=0

    Types=1,2

    Image=images/AppIcons/GenericHTTP.gif

    SSLVpnTemplate=SomeScripts

    CanBeInitialApp=0

    AutoLaunch=0

    CreateEntryLink=1

    ActivateSmugglingProtection=0

    MaxHTTPBodySize=49152

    ContentTypeList=application/x-www-form-urlencoded|multipart/form-data

    Thanks mate!

    -Kai

  • Hi,

    I am getting below mentioned error while trying to launch a custom application.

    " Application cannot start because of an internal server error. Contact the system administrator."

    When I check the logs on UAG web monitor, i would see a warning which says "Application cannot be started on trunk srat; Secure=1. The session ID is 160AA544-4A6B-4892-A426-552BEE881D76. The error code is Failed to retrieve application configuration.".

    Please advice.

    Regards
    Shubham

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment