BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
bheinsius
Lapis Lazuli | Level 10

Hi,

 

I have 12 Application Server Contexts that I have to apply the SAS 9.4 Recommended Operating System Protections for Windows Machines to.

 

Does anyone have a script that does this?

 

Thanks,

Bart

1 ACCEPTED SOLUTION

Accepted Solutions
angian
SAS Employee

I don't have a script but I do use Powershell to quickly apply a set of permissions manually defined on a single folder to others.

For example I can manually set the permissions for ConnectSpawner as follows

SYSTEM FC
Administrators FC
Everyone Remove

Then quickly apply the same to 4 other folders.  You will see there are not many different combinations

 

$ConnectSpawner_ACL = Get-ACL D:\SAS\Config\Lev1\ConnectSpawner
Set-ACL -path D:\SAS\Config\Lev1\ObjectSpawner -AclObject $ConnectSpawner_ACL
Set-ACL -path D:\SAS\Config\Lev1\SASApp\OLAPServer -AclObject $ConnectSpawner_ACL
Set-ACL -path D:\SAS\Config\Lev1\SASMeta\MetadataServer -AclObject $ConnectSpawner_ACL
Set-ACL -path D:\SAS\Config\Lev1\ShareServer -AclObject $ConnectSpawner_ACL

Also to check my permissions are consistent between environments you can run this command and compare the output with a diff tool

 

 dir -Recurse -Directory D:\SAS | %{$file=$_;get-acl $($_.FullName)} | %{$_.GetAccessRules($True,$False,[Security.Principal.SecurityIdentifier]) | Get-Unique -OnType | %{Get-Acl -Path $($file.FullName) | Format-Table -Wrap}}

View solution in original post

2 REPLIES 2
jklaverstijn
Rhodochrosite | Level 12

Hi Bart,

 

Have you considered Ansible for this? I do not have scripts for this specific use case as we have Linux servers. But having lots of (Windows or Linux) machines that all need to undergo the same treatment is something that Ansible does very well. That's why the Viya deployment relies heavily upon it for anything OS related.

 

Regards,

- Jan.

angian
SAS Employee

I don't have a script but I do use Powershell to quickly apply a set of permissions manually defined on a single folder to others.

For example I can manually set the permissions for ConnectSpawner as follows

SYSTEM FC
Administrators FC
Everyone Remove

Then quickly apply the same to 4 other folders.  You will see there are not many different combinations

 

$ConnectSpawner_ACL = Get-ACL D:\SAS\Config\Lev1\ConnectSpawner
Set-ACL -path D:\SAS\Config\Lev1\ObjectSpawner -AclObject $ConnectSpawner_ACL
Set-ACL -path D:\SAS\Config\Lev1\SASApp\OLAPServer -AclObject $ConnectSpawner_ACL
Set-ACL -path D:\SAS\Config\Lev1\SASMeta\MetadataServer -AclObject $ConnectSpawner_ACL
Set-ACL -path D:\SAS\Config\Lev1\ShareServer -AclObject $ConnectSpawner_ACL

Also to check my permissions are consistent between environments you can run this command and compare the output with a diff tool

 

 dir -Recurse -Directory D:\SAS | %{$file=$_;get-acl $($_.FullName)} | %{$_.GetAccessRules($True,$False,[Security.Principal.SecurityIdentifier]) | Get-Unique -OnType | %{Get-Acl -Path $($file.FullName) | Format-Table -Wrap}}

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • 914 views
  • 3 likes
  • 3 in conversation