Thursday, June 14, 2007
Script the creation of SQL logins and role assignments for Commerce Server 2007

One of the more manually intense steps in the installation of Commerce Server is setting up the appropriate SQL logins and Database Role User Mapping.  This task can easily take 30 - 60 minutes to complete if done manually.  Futhermore, it's likely that this is the easiest step to make a mistake, which will cause problems for you down the road.

So, to make this process quicker and less prone to errors, I've created an SQL script that you can run against your database.  This script performs two tasks:

  1. Creates the SQL login accounts (e.g. COMPUTERNAME\CatalogWebSvc).
  2. Associates the SQL login accounts to database roles.

Note: this script is only for SQL Server 2005.  SQL Server 2000 uses a different set of database roles.

Take a look the Grant Web Applications and Window Services Access to the Databases section of the Installation Guide for Commerce Server 2007, and you'll see that the number of role assignments is quite extensive.

Rather than pasting the entire SQL script into this post, I am only going to upload the .SQL file.  You can modify this file as necessary in order to adapt it to your environment (e.g. changing the computer name, you may have different names for logins, or don't need services like the direct mailer).

CreateCSLoginsAndAssignRoles.sql.txt (12.54 KB) (just remove the .txt extension)

I hope this helps!

[Update]

I found it useful to create an abbreviated verion of this script that is used for adding new sites.  Whereas the script "CreateCSLoginsAndAssignRoles.sql.txt" is for brand new installations of Commerce Server 2007, the following script is useful for when you add a new site and re-use users and logins.

CreateCSLoginsAndAssignRolesForNewSites.sql.txt (8.42 KB) (just remove the .txt extension)

 Commerce Server 2007 | Scripts | SQL Server 2005
Posted on 06/14/2007 # Comments [0] Trackback
Script the creation and assignment of Windows groups for Commerce Server

Holy moly, I've gone script crazy!

Here's another little script that helps with the installation of Commerce Server 2007 (perhaps when I'm all done, I'll consolidate them all into an uber-script).  This script creates the Business Management Administrator Windows groups, which are used to control authorization roles within the Authorization Manager.

This script creates four Windows groups (CatalogAdminGroup, MarketingAdminGroup, ProfilesAdminGroup, and OrdersAdminGroup) and then assigns users to those groups.

Without further ado, here's the script:

' ===================================================================
' Author:      Wade Wegner
' Create date: 06/14/2007
' Description: Automate the creation and assigning of Windows Groups
' File Name:   CreateAndAssignCSGroups.vbs
' ===================================================================

' Set the local computer name. Unlike other examples, use the computer name,
' rather than "."; the AssignUserToGroup method requires the actual name
strComputer = "CS2007"

strCatalogAdminGroup = "CatalogAdminGroup"
strMarketingAdminGroup = "MarketingAdminGroup"
strProfilesAdminGroup = "ProfilesAdminGroup"
strOrdersAdminGroup = "OrdersAdminGroup"
strIISWorkerProcessGroup = "IIS_WPG"

' Run the Load method
Load

' Encapsulates the processing of this script
Sub Load()

   ' Create the windows groups
   CreateWindowsGroup strCatalogAdminGroup, "Catalog administration group"
   CreateWindowsGroup strMarketingAdminGroup, "Marketing administration group"
   CreateWindowsGroup strProfilesAdminGroup, "Profiles administration group"
   CreateWindowsGroup strOrdersAdminGroup, "Orders administration group"

   ' Add any users you desire
   AssignUserToGroup "Administrator", strCatalogAdminGroup
   AssignUserToGroup "Administrator", strMarketingAdminGroup
   AssignUserToGroup "Administrator", strProfilesAdminGroup
   AssignUserToGroup "Administrator", strOrdersAdminGroup

   ' This adds the various service accounts to the IIS_WPG group, so that the
   ' services can run as the identity for IIS app pools
   AssignUserToGroup "RunTimeUser", strIISWorkerProcessGroup
   AssignUserToGroup "CatalogWebSvc", strIISWorkerProcessGroup
   AssignUserToGroup "MarketingWebSvc", strIISWorkerProcessGroup
   AssignUserToGroup "OrdersWebSvc", strIISWorkerProcessGroup
   AssignUserToGroup "ProfilesWebSvc", strIISWorkerProcessGroup

   Msgbox "Complete!"

End Sub

' Create the Windows group
Sub CreateWindowsGroup(groupName, description)

   Set objComputer = GetObject("WinNT://" & strComputer & "")
   Set objGroup = objComputer.Create("group", groupName)

   objGroup.Description = description
   objGroup.SetInfo

End Sub

' Assign the user to the Windows group
Sub AssignUserToGroup(userName, groupName)

   Set objGroup = GetObject("WinNT://" & strComputer & "/" & groupName & ",group")
   Set objUser = GetObject("WinNT://" & strComputer & "/" & userName & ",user")

   objGroup.Add(objUser.ADsPath)

End Sub

Pretty straightforward.  Nothing too fancy or flashy.

CreateAndAssignCSGroups.vbs (1.98 KB)

I hope someone fiinds this helpful!

 Commerce Server 2007 | Scripts
Posted on 06/14/2007 # Comments [2] Trackback
 Wednesday, June 13, 2007
Script permission updates for Commerce Server 2007

Okay, so here's another useful script. 

Commerce Server 2007 requires you to give service accounts write permissions to various files and folders.  This script assigns the write permissions to the Catalog Web service, the Temporary ASP.NET folder, and the Windows Temporary folder.  These permission allow you to run the Business User applications through the Business Management Web services.

In order to run this script, you must have the XCACLS.vbs file available.  Learn more about this VBScript here, and download it here.

Here's the script:

' ==========================================================
' Author:      Wade Wegner
' Create date: 06/13/2007
' Description: Automate the task of assigning permissions
' File Name:   AssignCSPermissions.vbs
' ==========================================================

' Declare the users
Dim users(4)
users(0) = "RunTimeUser"
users(1) = "CatalogWebSvc"
users(2) = "MarketingWebSvc"
users(3) = "OrdersWebSvc"
users(4) = "ProfilesWebSvc"

' Run the Load method
Load

Sub Load()

   ' Write permissions to the catalog auth role
   strObject = "C:\Inetpub\wwwroot\CatalogWebService\CatalogAuthorizationStore.xml"
   UpdatePermissions strObject, users(1)

   ' Write permissions to temporary ASP.NET folder
   strObject = "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files"
   For Each user IN users
      UpdatePermissions strObject, user
   Next 

   ' Write permissions to the Windows temporary folder
   strObject = "C:\WINDOWS\Temp"
   For Each user IN users
      UpdatePermissions strObject, user
   Next

End Sub

' Update the permissions of the folder/file
Sub UpdatePermissions(strLocation, strUser)

   Set objShell = CreateObject("Wscript.Shell"
   ' Make sure to have the xcacls.vbs file available. Download from:
   ' http://download.microsoft.com/download/f/7/8/f786aaf3-a37b-45ab-b0a2-8c8c18bbf483/xcacls_installer.exe
   objShell.Run "xcacls.vbs """ + strLocation + """ /G " + strUser + ":XW /E", 2, True

End Sub

* Note that, in order to run this script, you may have to run "cscript.exe /h:cscript" from the command prompt, which changes the default scripting engine from Wscript to Cscript.

After running this script, you will have updated the permissions and you didn't have to do it manually!

AssignCSPermissions.vbs.txt (1.5 KB)

I hope this helps!

 Commerce Server 2007 | Scripts
Posted on 06/14/2007 # Comments [2] Trackback
Add “VS.NET Command Prompt Here” to Windows Explorer

I was browsing one of my new favorite websites, Microsoft's Script Repository, when I came upon the Add "Command Prompt Here" to Windows Explorer" Web page.  This script adds a "Command Prompt Here" command to the Windows Explorer system menu, so that if you select the command, a command window will open up in the same folder.  Nifty, eh?  Yes, I know, this has been around for quite awhile and is nothing new.  But, with a little twist, this can become a lot more useful.

Personally, I never use "cmd.exe" by itself.  I always use the "Visual Studio 2005 Command Prompt", as it has all the useful and fun PATHs already added to it.  So, with a small tweak to the script, we get the following enhancement:

Very handy!

Here's the script (it's so simple that I'm embarassed to share it!):

Set objShell = CreateObject("WScript.Shell")

objShell.RegWrite "HKCR\Folder\Shell\MenuText\Command\", _
    "cmd.exe ""C:\Program Files\Microsoft Visual Studio 8\VC\vcvarsall.bat"" x86 /k cd " & chr(34) & "%1" & chr(34)
objShell.RegWrite "HKCR\Folder\Shell\MenuText\", "VS.NET Command Prompt Here"

As I said, pretty simple, but oh so useful!

CommandPromptHere.vbs (.29 KB)

I hope this helps!

 Scripts | Tools
Posted on 06/14/2007 # Comments [0] Trackback
Script the creation of local user accounts for Commerce Server 2007

I'll be honest ... I'm lazy.  I hate doing repetitive things over, and over, and over again.  So, while I was going through and installing Commerce Server 2007 on a new virtual machine, I decided to script out the creation of the local user accounts.  Before we get to the script, a little background ...

It is recommended that you create multiple accounts to handle the various roles within Commerce Server (such as the four web services, staging, etc).  In a production environment, these should be created as Domain accounts; however, in development (or the virtual world) you may not have access to, or wish to use, a domain. Consequently, you can create these users as local accounts as well.

Below is a script that will go ahead and create these local users for you (if I have time I'll create a similar script for domain accounts).  Copy the text (or download the link) and save it to a .vbs file.  You should be able to simply double-click the file, and then open up Local Users and Groups under Computer Management to double-check.

' =====================================================
' Author:        Wade Wegner
' Create date:   06/13/2007
' Description:   Automate the creation of CS 2007 users
' File Name:     CreateCS2007LocalUsers.vbs
' =====================================================

' Set the local computer name
strComputer = "."

' Run the Load method
Load

' Encapsulates the processing of this script
Sub Load()

   ' Create the CS 2007 users
   CreateUser "CatalogWebSvc","Pa$$w0rd","Account for running the Catalog Web service"
   CreateUser "CSDMSvc","Pa$$w0rd","Account for running the Commerce Server Direct mailer service"
   CreateUser "CSHealthMonitorSvc","Pa$$w0rd","Account for running the Commerce Server health Monitoring service"
   CreateUser "CSLOB","Pa$$w0rd","Account for running the Commerce Server adapters"
   CreateUser "CSStageSvc","Pa$$w0rd","Account for running the Commerce Server Staging service"
   CreateUser "MarketingWebSvc","Pa$$w0rd","Account for running the Marketing Web service"
   CreateUser "OrdersWebSvc","Pa$$w0rd","Account for running the Orders Web service"
   CreateUser "ProfilesWebSvc","Pa$$w0rd","Account for running the Profiles Web service"
   CreateUser "RunTimeUser","Pa$$w0rd","IIS account for accessing a Commerce Server site or application"

   MsgBox "Complete!"

End Sub

' Create the local user
Sub CreateUser(userName, password, description)

   ' Check to see if the user exists; if so, then skip
   If NOT CheckIfUserExists(userName) Then
      Set objComputer = GetObject("WinNT://" & strComputer & "")
      Set objUser = objComputer.Create("user", userName)

      objUser.SetPassword password
      objUser.FullName = userName
      objUser.Description = description
      objUser.Put "UserFlags", 65600 ' Sets Password Never Expires to TRUE
      ' and sets User Can't Change Password to TRUE
      objUser.SetInfo
   Else
      MsgBox userName & " already exists!"
   End If

End Sub

' Check to see if user exists
Function CheckIfUserExists(userName)

   Set objComputer = GetObject("WinNT://" & strComputer & "")
   objComputer.Filter = Array("user")
   intFound = 0

   For Each User In objComputer
      If lcase(User.Name) = lcase(userName) Then
         intFound =
      End If 
   Next

   If intFound = 1 Then
      CheckIfUserExists = True
   Else
      CheckIfUserExists = False
   End If

End Function

And there you have it!

CreateCS2007LocalUsers.vbs (2.46 KB)

I hope someone else finds this useful!

 Commerce Server 2007 | Scripts | Tools | Windows Server 2003
Posted on 06/13/2007 # Comments [2] Trackback

Page rendered at  Saturday, May 17, 2008 4:22:19 AM (Central Standard Time, UTC-06:00)