Adding an Access Rule

This VBScript example creates a new FPCURLSet object in the FPCURLSets collection of the Forefront TMG computer, adds sites to the URL set, creates a new FPCPolicyRule object representing an access rule, and adds the new URL set to the objects referenced in the URLSets property of the new access rule. The script includes a single subprocedure, called AddRuleAndUrlSet.

This example is included as the AddRuleAndUrlSet.vbs script in the Samples\Admin folder of the Forefront TMG Software Development Kit (SDK).

The following procedure lists the steps used to create a URL set and an access rule in the code example that follows.

To add an access rule

  1. Define values from the FpcIncludeStatus and FpcProtocolSelectionType enumerations. For more information about using values defined in Forefront TMG enumerated types in scripts, see Using Enumerated Types in Scripts.
  2. Create an instance of the FPC COM object, which provides access to the other Forefront TMG administration COM objects.
  3. Declare an FPCArray object, an FPCPolicyRules collection, an FPCURLSet object, an FPCURLSets collection, and two FPCPolicyRule objects.
  4. Get references to the existing FPCArray object, FPCPolicyRules collection, and FPCURLSets collection.
  5. Call the Add method of the URL sets collection to create a new URL set that will be called Blocked Web Sites, and then use the Add method of the new URL set to add specific URLs to the set.
  6. Call the AddAccessRule method of the policy rules collection to create a new access rule named Deny Access to Some Web Sites that will deny access to the Web sites in the Blocked Web Sites URL set.
  7. Call the Add method of the FPCRefs collection for the Networks property of the FPCSelectionIPs object retrieved in the SourceSelectionIps property of the new rule to define the External network as the source network for the new access rule.
  8. Call the Add method of the FPCRefs collection retrieved in the URLSets property of the FPCAccessProperties object for the new rule to add the Blocked Web Sites URL set to the objects referenced by the URLSets property of the new access rule.
  9. Set the NeverCacheResponse property on the Excluded Cache Rule FPCCacheRule object to True.
  10. Call the Add method of the FPCRefs collection retrieved in the SpecifiedProtocols property of the FPCAccessProperties object for the new rule twice to set the protocols to HTTP and HTTPS, and then set the ProtocolSelectionMethod property to fpcSpecifiedProtocols.
  11. Call the Add method of the FPCRefs collection retrieved in the UserSets property of the FPCAccessProperties object for the new rule to set All Users as the user set to which the rule applies.
  12. Call the Save method of the policy rules collection to write the changes to the new access rules to persistent storage.

The following code can be saved to a .vbs file and run from a command prompt on a computer running Forefront TMG with the Microsoft Firewall service installed.

Sub AddRuleAndUrlSet()
	' Define enumeration values.
	Const fpcInclude = 0
	Const fpcSpecifiedProtocols = 1
	' Create the root object.
	Dim root  ' The FPCLib.FPC root object
	Set root = CreateObject("FPC.Root")
	'Declare the other objects needed.
	Dim isaArray	' An FPCArray object
	Dim policyrules ' An FPCPolicyRules collection
	Dim urlsets	 ' An FPCURLSets collection
	Dim urlset	' An FPCURLSet object
	Dim newrule	 ' An FPCPolicyRule object
	' Get references to the array object, the policy
	' rules collection, and the URL sets collection.
	Set isaArray = root.GetContainingArray()
	Set policyrules = isaArray.ArrayPolicy.PolicyRules
	Set urlsets = isaArray.RuleElements.URLSets
	WScript.Echo "Creating a new URL set containing sites to be blocked ..."
	Set urlset = urlsets.Add("Blocked Web Sites")
	urlset.Add "http://www.northwindtraders.com"
	urlset.Add "http://www.widgets.com"
	urlset.Save
	WScript.Echo "Creating a new access rule ..."
	Set newrule = policyrules.AddAccessRule("Deny Access to Some Web Sites")
	' Define the source for the new access rule.
	newrule.SourceSelectionIPs.Networks.Add "External", fpcInclude
	' Add the new destination URL set to the objects referenced
	' by the URLSets property of the new access rule.
	newrule.AccessProperties.URLSets.Add "Blocked Web Sites", fpcInclude
	'Set the protocols to HTTP and HTTPS.
	newrule.AccessProperties.SpecifiedProtocols.Add "HTTP", fpcInclude
	newrule.AccessProperties.SpecifiedProtocols.Add "HTTPS", fpcInclude  
	newrule.AccessProperties.ProtocolSelectionMethod =  fpcSpecifiedProtocols
	' Set the user set to which the rule applies.
	newrule.AccessProperties.UserSets.Add "All Users", fpcInclude
	' Save the changes to the new access rule.
	policyrules.Save
	WScript.Echo "Done!"
End Sub 
AddRuleAndUrlSet

Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.