1.     Introduction

This script runs on the ISA server and offers rapid error free configuration of web publishing rules and web listener for publishing RD Gateway server. Additionally, the script can verify existing web publishing rules which are being used to publish RD Gateway. In case of issues discovered, the script will provide a list of warnings and errors to the Administrator.  

 

2. Requirements

1. ISA server (any version above and including ISA server 2004) is installed on the machine.

2. ISA is being used with gateway in the scenario as mentioned in the step by step guide http://technet.microsoft.com/en-us/library/cc731353.aspx

3. The script requires CAPICOM SDK for using CryptoAPI. Please download and install CAPICOM from  http://msdn.microsoft.com/en-us/library/ms759176(VS.85).aspx

4. User’s running the script must have administrator privileges

 

3.  How to use the script

The ISA configuration script for RD Gateway can be used for the following purposes:

v  Create a web listener

v  Create a web publishing rule

v  Validate existing/newly created rules and diagnose the common problems

 

3.1 Creating a web listener on ISA server

 

A web publishing rule uses a web listener to listen for incoming connections. To create a web listener through the script, use the command line switch “-createweblistener”. The following inputs need to be given while creating a web listener:

a)      IP address on which to listen for connections :

This is an optional parameter. If no IP address is specified, the script configures the web listener to listen on all IP addresses in the “External” network of the ISA server. Use the switch “/IPaddress” to specify the IP address.

 

b)      SSL server authentication certificate :

The web listener expects a SSL certificate to be used for server authentication as input. This certificate can be specified either as a Personal Information Exchange (.pfx) file or as a X.509 (.cer ) file. Use the command line switch “/CertPath” to specify the certificate file.

Note that the script will not import the certificate to the “Personal” certificate store on the local computer. This needs to be done by the user.

 

c)       Authentication method to authenticate the incoming connection :

Although the ISA server offers multiple options for authentication, only three are supported in RD Gateway scenario namely – “Radius OTP”, “SSL Client Certificate Authentication” and “No Authentication”. Use the command line switch “/ListenerAuthentication” to specify the authentication method – 0 for “No Authentication”, 1 for “Radius OTP” and 2 for “SSL Client Certificate”.

When “Radius OTP” is the preferred authentication scheme, the user also needs to specify the name of the Radius server which will be used by the ISA server for authentication purposes. Use the command line switch “/RadiusServer” to specify the Radius server name.

Also, if the authentication mechanism is “Radius OTP”, the web listener created has its HTTPOnly attribute value is set to false. This eliminates the need of using the script for modifying the HTTPOnly attribute as mentioned in the RD Gateway OTP scenario step by step guide.

 

 

3.1.1 Passing parameters to create a Web listener:

There are two modes in which the parameters for web listener creation can be specified:

 

1.       Command line switches

The following example creates a web listener to be used in the RDG-ISA core scenario using the mandatory command line switches.

cscript.exe   ISAConfigScript.vbs  -createweblistener   /wlname:RDGlistener /certpath:certificate.cer   /listenerauthentication:0

 

2.       Configuration file

The web listener created using command line switches can also be created by providing the input parameters in a text file. A sample configuration file is shown below. Please copy and save it as a text file.

 

/*

This is the configuration file for creating a web listener.

Specify the parameter values for the different switches and run the script.

*/

 

/* Name of the web listener to be created */

wlname:

 

 

/* Certificate file(.pfx or .cer) path */

certpath:

 

 

/* Web listener authentication: 0 for No Authentication, 1 for Radius OTP, 2 for SSL Client Certificate */

listenerauthentication:

 

 

/* Optional paramenter. Specify only if listener authentication is RADIUS OTP */

RadiusServer:

 

 

/* Optional parameter. Default value is the IP address in the external network */

IPAddress:

 

To create the web listener using configuration file, execute the script as follows:

 

cscript.exe ISAConfigScript.vbs -createweblistener /file: <filename.txt>

 

3.2 Create a web publishing rule on ISA server

A web publishing rule enables the access of a web server placed inside a corpnet from a non-corporate site e.g. internet. It uses a web listener to listen for incoming connections and then takes a decision whether to allow or block the connection. The web publishing rule provides a host of configurable parameters to help make this decision. In RD Gateway scenario, the web server is the RD Gateway server.

This script provides the opportunity to create a web publishing rule. This can be done by using the command line switch “-createwebpublishingrule”. Note that only those parameters which are relevant to RD Gateway scenario can be specified as input while creating the web publishing rule. They are mentioned below:

 

1.       Web rule name: Use the command line switch “/WRNameto specify the name of the web rule.

2.       Web Server’s internal name: Internal name of the RD Gateway server. ISA server uses this to establish connection to RD Gateway. Use the command line switch “/ServerName” to specify its value.

3.       Web Server’s public name: Public name of the RD Gateway server. Clients specify this as the RD Gateway server name while making a remote connection. Use the command line switch “/PublicName” to specify its value.

4.       Web listener name: Name of the web listener which the web publishing rule will use to listen for incoming connections. Use the command line switch “/WLName” to specify its value.

5.       Bridging type: ISA server offers users with the option of SSL offloading. This involves terminating the incoming SSL connection from the clients and establishing HTTP connections to the RD Gateway server. Use the command line switch “ /BridgingType” to specify its value - 0 for HTTPS-HTTP bridging, 1 for HTTPS-HTTPS bridging.

6.       User Set: This option determines the users who will be allowed access to the RD Gateway server by the server publishing rule. The script offers two choices for this parameter – “All Users” and “All Authenticated Users”. Use the command line switch “/UserSetto specify its value - 0 for “All users”, 1 for “All Authenticated users”.

 

Certain values are hardcoded when a web publishing rule is created using the script. They are:

 

1.       Authentication Delegation: ISA server can delegate authentication on behalf of the client to the web server. However, in RD Gateway scenario we do not recommend delegation by ISA server. Hence this value is permanently set as “No Delegation but client may authenticate directly”

2.       Rule Action: A web publishing rule can be tempered to either “Allow” or “Deny” a connection when a connection satisfies all the pre-requisites as specified in the rule.

This value is set as “Allow” since we want the connection to through if it passes the checks of the web publishing rule.

3.       Publishing Type: ISA server allows the user the option of publishing either a single web site, a server farm of load balanced web servers or multiple web sites. RD Gateway scenario is always published using the “Single Web Site” option.  

 

3.2.1 Passing parameters to create a Web publishing rule:

There are two modes in which the parameters for creation of a web publishing rule can be specified:

 

a)      Command line switches

The following example creates a web listener to be used in the RDG-ISA core scenario using command line switches.

 

cscript.exe   ISAConfigScript.vbs   -createwebpublishingrule   /WRName:RDGrule /ServerName:rdgateway.rdg.com   /PublicName:rdgateway.rdg.com /WLName:RDGlistener

 

b)      Configuration file

Similar to a web listener, a web publishing rule can also be created by using a configuration file with input parameters specified in it. A sample configuration file is shown below. Please copy and save it as a text file.

 

/*

This is the configuration file for creating a web publishing rule.

Specify the parameter values for the different switches and run the script.

*/

 

/* Name of the web publishing rule to be created */

 WRName: 

 

/* Name of the server the ISA server will connect to*/

 ServerName:

 

/* Name of the TSG server the client will connect to */

 PublicName:

 

 

/* Name of the web listener to be used */

 WLName:

 

/* Bridging type to be used: 0 for HTTPS-HTTP, 1 for HTTPS-HTTPS */

 BridgingType:

 

 

/* User Sets allowed by the web publishing rule: 0 for All users, 1 for All authenticated users */

 UserSet:

 

 

To create the web publishing rule using configuration file, execute the script as follows:

cscript.exe ISAConfigScript.vbs -createwebpublishingrule /file: <filename.txt>

 

3.3 Validating the web publishing rules for RD Gateway-ISA scenario

 

The script offers basic diagnostic capabilities useful even when the wizards have been used for web listener and web rule creation. It scans the specified web publishing rule and associated web listener for erroneous configurations and reports the same to the user. The checks are done by examining the settings of the web rule and the web listener with the intention of identifying areas which could lead to a problem in connection. RD Gateway settings are not under the purview of this and as such the troubleshooting can be said to be of static nature. The script does not make a run time connection to the published RD Gateway server to verify the web publishing rule.  Following are some of the problems which the script will not report:

1.       RD Gateway server is unavailable or unreachable.

2.       The web listener is not configured with certificates matching one or more public names defined in the web rule used to publish RD Gateway server. This can, however, be seen as a warning under the “Listener” tab of the web publishing rule in the ISA server management console.

3.       ISA server needs to trust the certificate which is installed on RD Gateway server. The script does not intimate the user if the certificate is not trusted.

4.       RD Gateway server supports various certificate types - self signed, public CA, private CA, wildcard certificates, and SAN certificates. However, the ISA server versions – 2004, 2006 or 2006 sp1 impose certain restrictions on the different types of certificates which can be used with RD Gateway server. The blog mentions them under the heading Certificates that can be used on TS Gateway. The script does not report an issue if the RD Gateway - ISA server certificate configuration is different from what is recommended.

 

To validate a web publishing rule, use the “-validaterule” switch with the rule name as shown below:

cscript.exe ISAConfigScript.vbs -validaterule /wrname: <RuleName>

 

4. Restrictions

1.   The script will work for both Standard and Enterprise editions of ISA server. However, for the Enterprise edition, the user must run the script on an ISA server machine which is part of the array for which the configuration is to be done. The script does not work for CSS-only or management console only scenarios for ISA server.

 2.  Usage on non-English ISA server  -  To make the script work on non-English versions of ISA server, there are certain strings mentioned at the start of the script which need to be localized.

 

PowerShell
Edit|Remove
Option Explicit

'Define the constants needed
const Error_FileNotFound = &H80070002
const Error_WebListenerNotFound = &HC0040357
const Error_IncorrrectCertificatePassword = -2147024810
const Error_InvalidIpAddress = -2147024809
const Error_CAPICOMnotInstalled = 429
const Error_PropertyDoesNotExist = 438
const fpcAllow  = 0
const fpcWebServerThruHTTP = 0
const fpcWebServerThruSSL = 1
const fpcPolicyRuleWebPublishing = 2
const fpcSystemPolicyConfigGroup_CRL = 23
const GUIDforHTTPOnlyCookie = "{29022EBA-B030-4839-9CA6-DD8875BC7B47}"
const GUIDforWebRule = "{5e302ed5-f5d5-4fad-9b8a-01c72e1569f3}"

'These strings are English local only. Please localize them appropriately in case of non-English languages.
const FBAWITHRADIUSOTP = "FBA WITH RADIUS OTP"         
const ALLUSERS = "ALL USERS"
const ALLAUTHENTICATEDUSERS = "ALL AUTHENTICATED USERS"
const EXTERNAL = "EXTERNAL"

'Command line arguments
Dim ruleName           : ruleName        = NULL
Dim serverName         : serverName      = NULL
Dim publicName         : publicName      = NULL
Dim certName           : certName        = NULL
Dim certPassword       : certPassword    = ""
Dim wlName             : wlName          = NULL
Dim BridgingType       : BridgingType    = NULL
Dim weblistenerauthentication : weblistenerauthentication = NULL
Dim userset            : userset         = NULL
Dim Certificate        : Certificate     = NULL
Dim RadiusServerName   : RadiusServerName  = NULL
Dim ipaddress          : ipaddress       = NULL
Dim root               : root            = NULL  'A FPCLib.FPC root object
Dim oArray             : oArray          = NULL  'A FPCArray object 

'We Start here
Main

Sub Main()
   
    'First make sure the script is executed by CScript.exe.
    If InStr(1, UCase(Wscript.FullName), "CSCRIPT.EXE", 1) = 0 Then
       Wscript.Echo "This script can only be executed by CScript.exe."
       Exit Sub
    End If

    If not(Init)then 
       WScript.Echo "This script should only be run on an ISA server."
       WScript.Echo
       DisplayUsage
       Exit Sub
    End If   

    If (ParseCommandLine) then
        WScript.Echo "Saving data..."
        oArray.Save false,false
    End if
    
End Sub 'Main

'This function contains the main logic for the script. It decides what is to be done - create a rule , create a
'web listener or vaildate a rule. Thereafter is calls the appropriate functions to accomplish the task.
Function ParseCommandLine
  
   ParseCommandLine = false

    'If the number of arguments passed from commmand line are zero then display help
    if (Wscript.Arguments.Count = 0) then 
     DisplayUsage
     exit Function
    end if
  
   'Parse command line.

   Select Case UCase(Wscript.Arguments(0))

     case "-CREATEWEBPUBLISHINGRULE"
       
       'Parse command line arguments for web listener
       if not(ParseCommandLineForWebPublishingRule) then exit Function
       
       'Creating web publishing rule
       if not(AddWebPubRule) then exit Function

       'Adding custom Vendor Parameter Name Value pairs to the created rule which are required for RPC over HTTP traffic
       if not(CustomizeWebRulewithVPS(ruleName)) then exit Function
 
       'Checking the created web publishing rule for common misconfigurations
       if not(CheckWebPublishingRule ) then exit Function
       
       ParseCommandLine = true

     Case "-CREATEWEBLISTENER"
      
       'Parse command line arguments for web listener
       if not(ParseCommandLineForWebListener) then exit Function

       'Creating web listener
       if not(CreateWebListener) then exit Function
       
       'Set HTTPOnly Cookie value to false incase listener uses RADIUS OTP
       if not(CustomizeWebListenerWithVPS(wlName)) then exit Function

       ParseCommandLine = true
         
     Case "-VALIDATERULE"
       
       'Parse command line arguments for validating rule
       if not(ParseCommandLineForValidateRule) then exit Function
        
       'Validate the web publishing rule 
       if not(CheckWebPublishingRule) then exit Function
 
     Case Else
    
        WScript.Echo "Please specify one of the following switches: CREATEWEBPUBLISHINGRULE, CREATEWEBLISTENER, or VALIDATERULE"
        WScript.Echo
        DisplayUsage
   
   End Select
      
     
End Function ' ParseCommandLine

'This function creates the root object and gets reference to the array object for the ISA server
Function Init

	Init = false
	On Error Resume Next
	'Create the root obect.
	Set root = CreateObject("FPC.Root")
	If err.number <> 0 Then  
        WScript.Echo Err.Description
        WScript.Echo Err.number
        exit Function
    End If  
    'Get reference to the array object
	Set oArray = root.GetContainingArray
	If err.number <> 0 Then  
        WScript.Echo Err.Description
        WScript.Echo Err.number
        exit Function
    End If  
    On Error Goto 0
	Init = true

End Function 'Init


'This function creates a web publishing rule
Function AddWebPubRule()

     AddWebPubRule = false

    Dim rules        ' An FPCPolicyRules collection
    Dim rule         ' An FPCPolicyRule object
    Dim publicNames  ' An FPCPublicNames collection
    Dim path         ' An FPCPathMapping Object
    Dim retval       ' A bool variable

    Set rules = oArray.ArrayPolicy.PolicyRules

    On Error Resume Next
    Set rule = rules.Item(ruleName)
    If err.number <> 0 Then  
        If err.Number <> Error_FileNotFound Then
          WScript.Echo "An error has occurred while creating the web publishing rule."
          WScript.Echo Err.Description
          WScript.Echo Err.number
          WScript.Echo "Ending the script ..."
          exit Function
        Else
          WScript.Echo "Creating the web publishing rule ..."
          On Error Goto 0
          Set rule = rules.AddWebPublishingRule(ruleName)
         End If
    Else
        On Error Goto 0
        retval = MsgBox ("The web publishing rule """ & ruleName &  """ already exists. Do you want to recreate it?",VBYesNo)
	    If retval = vbYes Then
          rules.Remove(ruleName)
          WScript.Echo "Deleted web publishing rule """ & ruleName & """"
          Set rule = rules.AddWebPublishingRule(ruleName)
        Else
          WScript.Echo "New rule """ & ruleName & """ has not been created."
          exit Function
        End If
    End If

    'Set  general properties   
    rule.Description="Publishes TSG"
    rule.Enabled = true
    'Rule action 0 means Allow connections that match this rule
    rule.Action = fpcAllow   
    rule.WebPublishingProperties.TranslateLinks = false
        
    'Set rule properties.
    rule.WebPublishingProperties.WebSite = serverName
    Set publicNames = rule.WebPublishingProperties.PublicNames
    publicNames.Add(publicName)
    
   'Set the web listener for the web publishing rule. 
    Err.Clear
    On Error Resume Next 
    rule.WebPublishingProperties.SetWebListener(wlName)
    If err.Number = Error_WebListenerNotFound Then
        WScript.Echo "The web listener """ & wlName & """ does not exist."
        WScript.Echo "Please create the associated web listener before creating the web publishing rule."
        WScript.Echo "Ending the script ..."
        exit Function
    ElseIf err.Number <> 0 Then
        WScript.Echo Err.Description
        WScript.Echo Err.number
        WScript.Echo "Ending the script ..."
        exit Function
    End If

	On Error Goto 0
	'We need to check whether the web listener authentication is set to HTML form based using
	'RADIUS OTP as validation method. If yes, it sets the value of HTTPOnlyCookie attribute in web listener to false
	If NOT(CustomizeWebListenerWithVPS(wlName)) Then
		exit Function
	End If

	'In case the web listener uses SSL CLient Certificate authentication the system policy rule
	' "Allow all HTTP traffic from ISA Server to all networks (for CRL downloads)"
	If NOT(EnableCRLDownloads) Then exit Function
     
    If (BridgingType = 1) Then
      'For HTTPS-HTTPS briging
      rule.WebPublishingProperties.PublishedServerType = fpcWebServerThruSSL
      rule.WebPublishingProperties.SSLRedirectPort = 443
    Else
      'For HTTPS-HTTP briging
       rule.WebPublishingProperties.PublishedServerType = fpcWebServerThruHTTP
       rule.WebPublishingProperties.HTTPRedirectPort =  80
    End If

   
    'Authentication delegation property is only present in ISA Server 2006 and above 
    'we set the authentication delegation type to 0 ( No delegation but client may authenticate directly)
     Err.Clear
     On Error Resume Next
     rule.WebPublishingProperties.CredentialsDelegationType = 0
     If (err.Number <> 0) AND (err.Number <> Error_PropertyDoesNotExist) Then
        WScript.Echo Err.Description
        WScript.Echo Err.number
        WScript.Echo "Ending the script ..."
        exit Function
     End If
     On Error Goto 0

    'Associating the appropriate user set with the web publishing rule

    'Clearing any user sets already present
      If Not(rule.WebPublishingProperties.UserSets.Count = 0) then
        rule.WebPublishingProperties.UserSets.RemoveAll()
      End If
 
    Select Case userset 
     Case 0
      rule.WebPublishingProperties.UserSets.Add ALLUSERS, 0  
     Case 1
      rule.WebPublishingProperties.UserSets.Add ALLAUTHENTICATEDUSERS, 0   
    End Select  

    WScript.Echo "Web publishing rule """ & ruleName & """ has been created."

    'Printing the settings of the rule created
    PrintWebRuleSettings
       
    AddWebPubRule = true
   
End Function 'AddWebPubRule

'This function creates a web listener
Function CreateWebListener()

    CreateWebListener =false
       
    'Setting constants
    const  fpcAllIPAddresses =0
    const fpcSpecifiedIPAddresses = 2
   'Declare the other objects needed.
    Dim weblisteners  ' An FPCWebListeners collection
    Dim newlistener    ' An FPCWebListener object
    Dim SSLCertificates 'An FPCCertificates collection
    Dim server          ' An FPCServer object
    Dim SSLCertificate   ' An FPCCertificate object
    Dim retval             ' A bool variable
    Dim newWebListenerCreated   ' A bool variable
    Dim AuthenticationSchemes    'An FPCRefs object
    Dim AuthenticationScheme     'An FPCRef object
    Dim CertHash                 'Stores the hash value of the certificate
    Dim IsCertInStore            'Bool variable
    
    'Get references to the array object,and the policy rules collection, 
    Set weblisteners = oArray.RuleElements.WebListeners


    On Error Resume Next
    Set newlistener = weblisteners.Item(wlName)
    'If the web listener does not exist, create it
    If err.number <> 0 Then 
        If err.Number <> Error_FileNotFound Then
            WScript.Echo "An error has occurred while creating the web listener."
            WScript.Echo Err.Description
            WScript.Echo Err.number
            WScript.Echo "Ending the script ..."
            exit Function
        Else
            WScript.Echo "Creating the web listener ..."
            On Error GoTo 0     
            Set newlistener = weblisteners.Add(wlName)
            newWebListenerCreated = "true"
       End If
    Else
        On Error Goto 0
        retval = MsgBox ("The """ & wlName  & """ web listener already exists. Do you want to delete it and create a new one?",VBYesNo)
        If retval = vbYes Then
            'A web listener cannot be deleted if is already being used in some rule. 
            'Make sure that the web listener is not being used in some web rule before deleting it
            If NOT(CheckIfWebListenerIsBeingUsed) Then
                exit Function
            End If
                 
            'Deleting the existing web listener
             weblisteners.Remove(newlistener.Name)
             WScript.Echo "Deleted web listener """ & wlName  & """"
             Set newlistener = weblisteners.Add(wlName)
             newWebListenerCreated = "true"
        Else
             WScript.Echo "A new web listener has not been created."
             exit Function
        End If
    End If

    If  newWebListenerCreated = "true" Then
        'Load the certificate file
        If not(LoadCertificate) then exit Function
    
        'Set the ip's for web listener to listen on
        If isNull(ipaddress) Then
            'Set the web listener to listen on all ip's in external network
            newlistener.IPsOnNetworks.Add EXTERNAL,fpcAllIPAddresses,""    
        Else
            'Set the web listener to specified ip in  external network
            newlistener.IPsOnNetworks.Add EXTERNAL,fpcSpecifiedIPAddresses,ipaddress     
        End if

        'Set the web listener to listen for SSL requests on port 443
        'Setting TCP port to 0 implies that the web listener will not handle incoming HTTP requests
        newlistener.Properties.TCPPort=0
        newlistener.Properties.SSLPort=443

        'Associating SSL cert with the web listener
        Set server = root.GetContainingServer()   
        Set SSLCertificates = server.SSLServerCertificates

        'Get the hash value of the certificate given as input
        CertHash = Certificate.Thumbprint
      
        'Check if the certificate given as input is present in the store
        For Each SSLCertificate In SSLCertificates 
            If CertHash = ByteArrayToHexString(SSLCertificate.Hash) Then
                IsCertInStore  = "true"
                newlistener.Properties.AppliedSSLCertificates.Add SSLCertificate.Hash,""
            End If
        Next
         
        If IsEmpty(IsCertInStore) Then
            WScript.Echo "The certificate """ & certName & """ is not available for use by the web listener."
            WScript.Echo "Make sure the certificate has been added to the ""Personal"" store store of the computer, has an associated private key and is meant for server authentication."
            exit Function
        End If
     
        'Set the web listener authentication mode to "No authentication"
        'Default for BasicAuthentication, DigestAuthentication, Integrated Windows Authentication is false
        newlistener.Properties.BasicAuthentication = false  
        newlistener.Properties.DigestAuthentication = false
        newlistener.Properties.IntegratedWindowsAuthentication = false
        newlistener.Properties.AlwaysAuthenticate =false

        'Set SSLCertificateAuthentication (authentication method available only if SSL listening is enabled) to false
        'Default is also false
        newlistener.Properties.SSLCertificateAuthentication = false  

        'Get the authentication schemes object which contains the pre-existing schemes like Radius,Radius with OTP etc. which are used with this web listener 
        Set AuthenticationSchemes = newlistener.Properties.AuthenticationSchemes
            
        'Set authenitcation scheme on web listener as given in input   
        Select Case weblistenerauthentication
            Case 1
                On Error Resume Next
                ' Authentication scheme "FBA with RADIUS OTP" is not aviable in ISA server 2004
                Set AuthenticationScheme = AuthenticationSchemes.Add(FBAWITHRADIUSOTP,0) 
                If Err.Number <> 0 Then
                    WScript.Echo "The RADIUS OTP property is not available on ISA server 2004"
                    WScript.Echo Err.Description
                    WScript.Echo Err.number
                    WScript.Echo "Ending the script ..."
                    exit Function
                End If 
                On Error Goto 0
                ' Adding the radius client in the ISA server
                If NOT(AddRadiusServer) Then
                    exit Function
                End If
            Case 2
                newlistener.Properties.SSLCertificateAuthentication = true
        End Select  

        'Saving web listener collection
        WScript.Echo "The web listener """ & wlName & """ has been created."

        'Print the settings of the web listener created
        PrintWebListenerSettings
    End If
    
    CreateWebListener = true    
      
End Function  ' CreateWebListener

'This function checks if the web listener is associated with some web rule. 
'If it is,it specifies the web rule name and aborts the script.
Function CheckIfWebListenerIsBeingUsed()

    CheckIfWebListenerIsBeingUsed =false

    'Declare the other objects needed.
    Dim rules        ' An FPCPolicyRules collection
    Dim rule         ' An FPCPolicyRule object
    Dim publicNames  ' An FPCPublicNames collection
    Dim webListernerUsed 'A variable to store web listener names
   

    Set rules = oArray.ArrayPolicy.PolicyRules

     
    For Each rule In rules
		'Get the web listener name associated with the web rule
	    If fpcPolicyRuleWebPublishing = rule.Type Then
		    Set webListernerUsed = rule.WebPublishingProperties.WebListenerUsed
			If LCase(webListernerUsed.Name) = LCase(wlName) Then
			    WScript.Echo "The web listener """ & wlName & """ is associated with the web publishing rule """ & rule.Name & """." & VbCrLf _ 
			    & "Please delete the rule """ & rule.Name & """ and re-run the script to create the web listener."
			    exit Function
			End If
		End If
    Next
        
    CheckIfWebListenerIsBeingUsed = true   
   
End Function  'CheckIfWebListenerIsBeingUsed


'This function adds the radius server in the ISA server which the web listener will use for authentication when 
'it authenticatses using FBA with Radius OTP
Function AddRadiusServer()
  
    AddRadiusServer = false
  
    Dim RadiusServers    'An FPCRadiusServers object
    Dim RadiusServer     'An FPCRadiusServer object
    Dim retval           'A bool variable

    'Get the list of Radius servers already configured on the ISA server
    Set RadiusServers = oArray.RuleElements.RadiusServers

    On Error Resume Next
   'Check if the specified Radius server is already present
    Set RadiusServer = RadiusServers.Item(RadiusServerName)
    If Err.number <> 0 Then 
        If Err.number <> Error_FileNotFound Then 
            WScript.Echo "* An error has occurred while adding radius server"
            WScript.Echo Err.Description
            WScript.Echo Err.number
            WSript.Echo "* Ending the script ..."
            exit Function
        Else
            WScript.Echo "Adding the Radius server """ & RadiusServerName & """ to the Radius Servers list."
            On Error Goto 0
            Set RadiusServer = RadiusServers.Add(RadiusServerName)
        End If
    Else
        On Error Goto 0
        retval = MsgBox ("The Radius server """ & RadiusServerName &  """ already exists in the RADIUS Servers list. Do you want to delete the existing RADIUS server and then re-add it?",VBYesNo)
        If retval = vbYes Then
            'Deleting the existing radius server 
            RadiusServers.Remove(RadiusServerName)
            WScript.Echo "Radius server """ & RadiusServerName & """ has been deleted from the RADIUS servers list."
            'Adding the radius server
            Set RadiusServer = RadiusServers.Add(RadiusServerName)
        Else
            WScript.Echo "The existing Radius Server """ & RadiusServerName & """ will be used for authentication"
        End If
     End If

    AddRadiusServer = true 
   
End Function 'AddRadiusServer


'This function loads the .cer or .pfx certificate. It uses CAPICOM.dll which needs to be installed
Function LoadCertificate()

    LoadCertificate = false 
     
    Err.Clear
    On Error Resume Next
    Set Certificate = CreateObject("CAPICOM.Certificate")
    If Err.number <> 0 then 
        If Err.number = Error_CAPICOMnotInstalled then
            WScript.Echo Err.Description
            WScript.Echo Err.number
            WScript.Echo "Make sure CAPICOM is installed. You can install it from http://msdn.microsoft.com/en-us/library/ms759176(VS.85).aspx"
        Else
            WScript.Echo Err.Description
            WScript.Echo Err.number
        End If
        WScript.Echo "Ending the script..." 
        exit Function
    End If
   
    On Error Goto 0 
    'Checking if certificate type is .pfx or .cer
    If (Right(certName,3) = "pfx" Or (Mid( certName,Len(certName)-3,3) = "pfx") And Right(certName,1)="""") then
        'If certificate is .pfx type , get password from user
        certPassword = GetCertPassword()
    End If   
    
    Err.Clear
    On Error Resume Next

  
    Certificate.Load certName, certPassword
    If Err.number <> 0 then 
        If Err.Number = Error_IncorrrectCertificatePassword Then
            WScript.Echo "The password specified for the certificate file is incorrect."
            WScript.Echo "Please specify the correct password and then re-run the script."
            exit Function
         End If
         WScript.Echo "An error occurred while loading the certificate."
         WScript.Echo Err.Description
         WScript.Echo Err.number
         exit Function
    End If

    On Error Goto 0
    LoadCertificate = true

End Function 'LoadCertificate


'This function checks if the certificate file exists
Function CheckIfCertificateExists()
 
    CheckIfCertificateExists = false
    Dim CertificateFile : CertificateFile = null
    Err.Clear
    On Error Resume Next
    Set CertificateFile = CreateObject("CAPICOM.Certificate")
    If Err.number <> 0 then 
        If Err.number = Error_CAPICOMnotInstalled then
            WScript.Echo Err.Description
            WScript.Echo Err.number
            WScript.Echo "Please ensure that the CAPICOM is installed. You can install it from http://msdn.microsoft.com/en-us/library/ms759176(VS.85).aspx"
        Else
            WScript.Echo Err.Description
            WScript.Echo Err.number
        End If
        WScript.Echo "Ending the script..." 
        exit Function
    End If
    
    Err.Clear
    CertificateFile.Load certName, ""
    If Err.number <> 0 then 
        If err.Number = Error_FileNotFound Then
                WScript.Echo "The system cannot find the file " & certName
                WScript.Echo "Please specify the correct certificate path and then re-run the script."
                exit Function
        End If

    End If
    
    On Error Goto 0
    
    CheckIfCertificateExists = true
    
End Function
    
'This function gets the password needed for .pfx certificate file from user
Function GetCertPassword()
 
    Dim objPassword
    Set objPassword = CreateObject("ScriptPW.Password") 
    WScript.StdOut.Write "Please enter the certificate password:" 
    Wscript.Echo
    GetCertPassword = objPassword.GetPassword() 
  
End Function 'GetCertPassword


'This function parses the input paramters if a web publishing rule is being created
Function ParseCommandLineForWebPublishingRule

    ParseCommandLineForWebPublishingRule = false
  
    Dim filename: filename = null

    If WScript.Arguments.Named.Exists("?") Then
        DisplayUsage
        exit Function
    End If
  
    If Not(WScript.Arguments.Named.Exists("File")) Then
        'Read command line parameters
        If WScript.Arguments.Named.Exists("WRNAME") Then
            ruleName= WScript.Arguments.Named.Item("WRNAME")
            ruleName= IfEmptyStringAssignNull(ruleName)
        End if
        If WScript.Arguments.Named.Exists("SERVERNAME") Then
            serverName= WScript.Arguments.Named.Item("SERVERNAME")
            serverName= IfEmptyStringAssignNull(serverName)
        End if
        If WScript.Arguments.Named.Exists("PUBLICNAME") Then
            publicName= WScript.Arguments.Named.Item("PUBLICNAME")
            publicName= IfEmptyStringAssignNull(publicName)
        End if
        If WScript.Arguments.Named.Exists("WLNAME") Then
            wlName = WScript.Arguments.Named.Item("WLNAME")
            wlName= IfEmptyStringAssignNull(wlName)
        End if
        If WScript.Arguments.Named.Exists("BRIDGINGTYPE") Then
            BridgingType= WScript.Arguments.Named.Item("BRIDGINGTYPE")
            BridgingType= IfEmptyStringAssignNull(BridgingType)
        End if
        If WScript.Arguments.Named.Exists("USERSET") Then
            userset= WScript.Arguments.Named.Item("USERSET")
            userset= IfEmptyStringAssignNull(userset)
        End if
    Else
        filename = WScript.Arguments.Named.Item("File")
        filename= IfEmptyStringAssignNull(filename)
     
        If IsNull(filename) Then
            WScript.Echo "Please enter a file name and then re-run the script."
            WScript.Echo "Ending the script ..."
            exit Function
        End if 
     
        If InvalidFile(filename) Then 
            exit Function
        end if

        ruleName = ReadKeyValueFromFile ("WRNAME",filename)
        serverName = ReadKeyValueFromFile ("SERVERNAME",filename)
        publicName = ReadKeyValueFromFile ("PUBLICNAME",filename)
        wlName = ReadKeyValueFromFile ("WLNAME",filename)
        BridgingType = ReadKeyValueFromFile ("BRIDGINGTYPE",filename)
        userset = ReadKeyValueFromFile ("USERSET",filename)
    End If

 'Check the passed parameters  
   
 'Check if all mandatory parameters have been specified 
    If (IsNull(ruleName) OR IsNull(serverName) OR IsNull(publicName) OR IsNull(wlName) OR IsNull(BridgingType) or isnull(userset))  Then
        WScript.Echo "The following mandatory parameter values are missing: "
        If IsNull(ruleName) Then WScript.Echo "WRNAME"
        If IsNull(serverName) Then WScript.Echo "SERVERNAME"
        If IsNull(publicName) Then WScript.Echo "PUBLICNAME"
        If IsNull(wlName) Then WScript.Echo "WLNAME"
        If IsNull(BridgingType) Then WScript.Echo "BRIDGINGTYPE"
        If Isnull(userset) Then WScript.Echo "USERSET"
        WScript.Echo 
        DisplayUsage
        exit Function
    End If  
   
 'Check the parameter passed for bridging type 
    If IsNumeric(BridgingType) = FALSE Then
        DisplayUsage 
        exit Function
    Else  
        If (BridgingType <> 0 And BridgingType <> 1) Then
            WScript.Echo "Please enter a valid option for bridging type (0 or 1):"
            WScript.Echo
            DisplayUsage
            exit Function
       End If
    End If 
  
'Check the parameter passed for user set
    If IsNumeric(userset) = FALSE Then
        DisplayUsage
        exit Function
    Else
        If Not(userset=0 Or userset=1)  then
            WScript.Echo "Please enter a valid option for user sets (0 or 1):"
            WScript.Echo
            DisplayUsage
            exit Function
         End If
     End If
   
    ParseCommandLineForWebPublishingRule = true  
  
End Function ' ParseCommandLineForWebPublishingRule

'This function parses the input paramters if a web listener is being created
Function ParseCommandLineForWebListener

  ParseCommandLineForWebListener = false 
  
  Dim filename: filename = null

  If WScript.Arguments.Named.Exists("?") Then   
  DisplayUsage
  exit Function
  End If
  
  If Not(WScript.Arguments.Named.Exists("File")) Then
  'Read command line parameters
         If WScript.Arguments.Named.Exists("CERTPATH") Then
          certName= WScript.Arguments.Named.Item("CERTPATH")
          certName= IfEmptyStringAssignNull(certName)
        End if
        If WScript.Arguments.Named.Exists("WLNAME") Then
          wlName= WScript.Arguments.Named.Item("WLNAME")
          wlName= IfEmptyStringAssignNull(wlName)
        End if
        If WScript.Arguments.Named.Exists("LISTENERAUTHENTICATION") Then
          weblistenerauthentication= WScript.Arguments.Named.Item("LISTENERAUTHENTICATION")
          weblistenerauthentication= IfEmptyStringAssignNull(weblistenerauthentication)
        End if
        If WScript.Arguments.Named.Exists("RADIUSSERVER") Then
          RadiusServerName= WScript.Arguments.Named.Item("RADIUSSERVER")
          RadiusServerName= IfEmptyStringAssignNull(RadiusServerName)
        End if
        If WScript.Arguments.Named.Exists("IPADDRESS") Then
          ipaddress= WScript.Arguments.Named.Item("IPADDRESS")
          ipaddress= IfEmptyStringAssignNull(ipaddress)
        End if
   Else
         filename = WScript.Arguments.Named.Item("File")
         filename= IfEmptyStringAssignNull(filename)
         
         if IsNull(filename) then
              WScript.Echo "Please enter a file name and then re-run the script."
              WScript.Echo "Ending the script ..."
              exit Function
         end if 
         
         if InvalidFile(filename) then 
            exit Function
         end if
         certName = ReadKeyValueFromFile ("CERTPATH",filename)
         wlName = ReadKeyValueFromFile ("WLNAME",filename)
         weblistenerauthentication = ReadKeyValueFromFile ("LISTENERAUTHENTICATION",filename)
         RadiusServerName = ReadKeyValueFromFile ("RADIUSSERVER",filename)
         ipaddress = ReadKeyValueFromFile ("IPADDRESS",filename)
   End If
    
  'Check passed parameters
    
  'Checking if all mandatory parameters have been given
  If (IsNull(certName) OR IsNull(wlName) OR IsNull(weblistenerauthentication))  Then
   WScript.Echo "The following mandatory parameter values are missing: "
   If IsNull(wlName) Then WScript.Echo "WLNAME"
   If IsNull(certName) Then WScript.Echo "CERTPATH"
   If IsNull(weblistenerauthentication) Then WScript.Echo "LISTENERAUTHENTICATION"
   WScript.Echo
   DisplayUsage
   exit Function
  End If 
    
  'Check certificate 
  If NOT(Right(certName,3) = "pfx" Or (Mid(certName,Len(certName)-3,3) = "pfx" And Right(certName,1)="""") Or Right(certName,3) = "cer" Or (Mid(certName,Len(certName)-3,3) = "cer" And Right(certName,1)="""")) Then
   WScript.Echo "Please enter a valid certificate file. It should have either a .cer or a .pfx extension."
   WScript.Echo
   DisplayUsage
   exit Function
  End If

  'Remove the quotations from the certificate path if they exist
  If Left(certName,1) = """" And Right(certName,1)="""" Then
   CertName = Mid(certName,2,Len(CertName)-2)
  End If
  
  
  'Check if certificate file exists
  If Not(CheckIfCertificateExists) Then
   WScript.Echo
   DisplayUsage
   exit Function
  End If

  'Check listener authentication value
  If Not(weblistenerauthentication=0 Or weblistenerauthentication=1 Or weblistenerauthentication=2) then
    WScript.Echo "Please enter a valid option for the web listener authentication scheme ( 0, 1, or 2):"
    WScript.Echo
    DisplayUsage
    exit Function
  End If

 
  'Check that web listener authentication has not been specified on ISA server 2004
   If (weblistenerauthentication = 1) and (Left(GetISAProductVersion,1)="4") Then
    WScript.Echo "The authentication scheme RADIUS OTP is not available on ISA server 2004 versions. Please install ISA server 2006 with supportability update or later to use RADIUS OTP in ISA RD Gateway scenarios."
    exit Function
   End If
  
  'Check that radius client has been specified if RADIUS OTP is being used
  If (weblistenerauthentication = 1) and (IsNull(RadiusServerName)) then
   WScript.Echo "HTML form-based authentication(RADIUS OTP) needs a RADIUS server."
   WScript.Echo "Please specify a RADIUS server."
   WScript.Echo
   DisplayUsage
   exit Function
  End If

  'Check that the ip address specified is a valid one
  If not(IsNull(ipaddress)) then
   If NOT(CheckifValidIP) Then
   exit Function
   End If
  End if

ParseCommandLineForWebListener = true

End Function ' ParseCommandLineForWebListener'


Function IfEmptyStringAssignNull(variable)
 
  if variable = "" then
  IfEmptyStringAssignNull = null
  else
  IfEmptyStringAssignNull = variable
  end if
  
End Function 'IfEmptyStringAssignNull


'This function parses the input paramters if a rule validation is being done
Function ParseCommandLineForValidateRule

    ParseCommandLineForValidateRule = false

    If WScript.Arguments.Named.Exists("?") Then   
        DisplayUsage
        exit Function
    End If
  
    If WScript.Arguments.Named.Exists("WRNAME") Then
        ruleName= WScript.Arguments.Named.Item("WRNAME")
    End if
        
    If IsNull(ruleName ) Then
        WScript.Echo "Not all parameters have been specified."
        WScript.Echo
        DisplayUsage
        exit Function
    End If

    ParseCommandLineForValidateRule = true

End Function ' ParseCommandLine

'This function reads a key value from the configuration file
Function ReadKeyValueFromFile (key,filename)

    Dim filesystemobject
    Dim strLine
    Dim fileobject
    Dim pos

    ReadKeyValueFromFile = null

    Set filesystemobject = CreateObject( "Scripting.FileSystemObject" )

    Set fileobject = filesystemobject.OpenTextFile(filename, 1, False )
    Do While fileobject.AtEndOfStream = False
        strLine = Trim(fileobject.ReadLine)
        pos=InStr(strLine,":")
        If not(pos=0) Then
            If UCase(Mid(strLine,1,pos-1)) = UCase(key) Then
                ReadKeyValueFromFile = Trim (Right(strLine,Len(strLine) - pos))
                exit do
            End if
        End if
    Loop

    fileobject.Close

    If ReadKeyValueFromFile = "" Then
        ReadKeyValueFromFile = null
    end if

End function 'ReadKeyValueFromFile

'This function checks if the configuration file exists
Function InvalidFile(filename)

    InvalidFile = true 
    Dim filesystemobject
    Set filesystemobject = CreateObject( "Scripting.FileSystemObject" )
    If NOT(filesystemobject.FileExists( filename )) Then
        WScript.Echo "Please specify a valid configuration file."
        WScript.Echo "Ending the script ..."
        exit Function
    End If
    InvalidFile = false

End function 'InvalidFile

'This function checks that the ip supplied by the user is valid i.e. it is an ip associated with one of the nic's 
'and in the "External" network of the ISA computer
Function CheckifValidIP()
 
    CheckifValidIP = false
 
    ' Web listener should listen on an ip which is in the adress range set of one of the nic's 
    'and belonging to the "External" network of ISA computer 

    Dim server         'An FPCServer object
    Dim adapters       'An FPCAdapters object
    Dim adapter        'An FPCAdapter object
    Dim retval         'A bool variable
    Dim internalnetwork  'An FPCNetwork object
    Dim boolval          'A bool variable
 
 
    Set server = root.GetContainingServer()
    Set adapters = server.adapters
   
  
    'Here we check if the ip address actually belongs to one of the nic's on the machine
    For Each adapter in adapters
   
        Err.Clear
        On Error Resume Next
        boolval = adapter.IsIpInAddressSet(ipaddress)  
     
        If Err.Number = Error_InvalidIpAddress Then 
            WScript.Echo "Please specify a valid IPv4 address and then re-run the script."
            exit Function
        End If
     
        If Err.number <> 0 Then
            WScript.Echo Err.Description
            WScript.Echo Err.number
            exit Function
        End If
     
        On Error goto 0
     
        If  boolval then
            retval = true
            end if
    Next

    If not(retval) Then
        WScript.Echo "The IP address """ & ipaddress & """ does not belong to any enabled network adapter of the computer." 
        Wscript.Echo "Please specify an IP address which is in the address range of the enabled network adapters of the computer and then re-run the script."
        exit Function
    End if
 

    'Check if the ip address belongs to the external network.
    'This is being done by checking if it is in the Internal network.
    Set internalnetwork = oArray.NetworkConfiguration.Networks.Item("Internal")
    
    'We do not check if it is in external network because there is no iprange set property associated with "External" network
    'This is a inverted test.
    If internalnetwork.IPRangeSet.IsIpInSet(ipaddress) Then
        retval = MsgBox ("The IP address is not in the external network range of ISA server. Do you still want to continue?",VBYesNo)
        If retval = 7 Then
            Wscript.Echo "Ending the script ... "
            exit Function
        End If  
    End if

    CheckifValidIP = true

End Function 'CheckifValidIP

'This function enables a system policy rule to be used with "SSL Client Certificate authentication" on web listener
Function  EnableCRLDownloads

    EnableCRLDownloads = false

    Dim WebListener               'An FPCWebListener object
    Dim configGroup               'An FPCSystemPolicyConfigGroup  object
  
    'Get the object containing the web listener
    Set WebListener = oArray.RuleElements.WebListeners(wlName)

    'Check if the listener authentication scheme is SSL Client Certificate authentication
    If WebListener.Properties.SSLCertificateAuthentication = true Then
        Set configGroup = oArray.SystemPolicy.CreateConfigurationGroupInstance(fpcSystemPolicyConfigGroup_CRL)
        configGroup.Enabled = True
        configGroup.Save
        WScript.Echo "Enabling the system policy rule ""Allow all HTTP traffic from ISA Server to all networks (for CRL downloads)"" is needed for authentication method ""SSL Client Certificate"" of the web listener."
    End if

    EnableCRLDownloads = true

 End Function 'EnableCRLDownloads

'This function checks that is the user set in web publishing rule is "All Authenticated Users"
'then the associated web listener authentication should not be "No Authentication".
'This is one of the common misconfigurations done on ISA server which leads to a continuous
'credentials prompt for user
Function CheckWebPublishingRule 
  
    CheckWebPublishingRule = false

    Dim WebListener 									
    Dim IsAlwaysAuthenticate :  IsAlwaysAuthenticate = false   				'A bool variable
    Dim IsBasicAuthentication : IsBasicAuthentication = false  				'A bool variable
    Dim IsDigestAuthentication : IsDigestAuthentication =false   				'A bool variable
    Dim IsIntegratedWindowsAuthentication : IsIntegratedWindowsAuthentication =false  	'A bool variable
    Dim IsSSLCertificateAuthentication : IsSSLCertificateAuthentication = false   	'A bool variable
    Dim IsAuthenticationFBAWithRadiusOTP : IsAuthenticationFBAWithRadiusOTP = false   	'A bool variable
    Dim AuthenticationSchemes    								
    Dim AuthenticationScheme 								
    Dim AuthenticationSchemeCount : AuthenticationSchemeCount = false                     'A bool variable
    Dim IsUserSetAllUsers :   IsUserSetAllUsers  = false                                  'A bool variable
    Dim IsUserSetAllAuthenticatedUsers : IsUserSetAllAuthenticatedUsers = false           'A bool variable
    Dim CredentialsDelegationType : CredentialsDelegationType = 0
    Dim userSets
    Dim userSet
    Dim rules
    Dim rule
    Dim PathAll : PathAll = null
    Dim PathRPC : PathRPC = null
    Dim PathRPCwithCert : PathRPCwithCert = null
    Dim PathTs : PathTs = null
    Dim PathRdWeb : PathRdWeb = null
    Dim path
    Dim pathmappings
    Dim WebListenerVps
    Dim CookieAuthVps
    Dim configGroup                                        

    Set rules = oArray.ArrayPolicy.PolicyRules
   
    Err.Clear
    On Error Resume Next
    Set rule = rules.Item(ruleName)
    If err.number <> 0 Then
        If err.Number = Error_FileNotFound Then
            WScript.Echo "The web publishing rule """ & ruleName & """ does not exist."
            WScript.Echo "Please enter a valid web publishing rule name and re-run script."
            exit Function
        Else
            WScript.Echo "An error occurred while reading the web publishing rule """ & ruleName 
            WScript.Echo Err.Description
            WScript.Echo Err.number
            WScript.Echo "Ending the script..."
            exit Function
        End If  
    End If
  
      
    If fpcPolicyRuleWebPublishing <> rule.Type Then
	    Wscript.Echo "The rule """ & ruleName & """ is not a web publishing rule."
        WScript.Echo "Please enter a valid web publishing rule name and re-run script."
        exit Function
	End If
    
    Err.Clear     
 
    Set WebListener = oArray.RuleElements.WebListeners(rule.WebPublishingProperties.WebListenerUsed.Name)
    If err.Number <> 0 Then
        WScript.Echo "An error occurred while reading the web listener."
        WScript.Echo Err.Description
        WScript.Echo Err.number
        WScript.Echo "Ending the script..."
        exit Function
    End If
    On Error goto 0 

    If WebListener.Properties.TCPPort <> 0 and WebListener.Properties.SSLPort <> 0 Then 
        WScript.Echo "*WARNING* The web listener has been configured to listen for both HTTP and SSL requests. It is recommended that it only listens for SSL requests on port 443."
        WScript.Echo 
    Else
        If WebListener.Properties.SSLPort <> 443 and WebListener.Properties.SSLPort <> 0 Then 
            WScript.Echo "*WARNING* The web listener SSL port is " & WebListener.Properties.SSLPort & ". Please configure the web listener to listen for SSL requests on port 443."
            WScript.Echo 
        Else
        If  WebListener.Properties.TCPPort <> 0 Then
            WScript.Echo "*WARNING* The web listener is only listening for HTTP requests. Please disable HTTP listening and enable SSL client connections on port 443."
            WScript.Echo 
        End if
        End if
    End if
   
   'Check for authentication delegation on web publishing rule
    Err.Clear
    On Error Resume Next
    CredentialsDelegationType = rule.WebPublishingProperties.CredentialsDelegationType
    If (err.Number <> 0) AND (err.Number <> Error_PropertyDoesNotExist) Then
        WScript.Echo Err.Description
        WScript.Echo Err.number
        WScript.Echo "Ending the script ..."
    exit Function
    ElseIf  CredentialsDelegationType <> 0 then
       	WScript.Echo "*WARNING* Authentication delegation on the web publishing rule is not set to ""No delegation but client may authenticate directly"". It is recommended that you use ""No delegation but client may authenticate directly"" as the authentication delegation method for all RD Gateway ISA scenarios."
        WScript.Echo
    End If  
 
    'Check for user sets on web publishing rule
    Set UserSets = rule.WebPublishingProperties.UserSets
    For Each userSet in UserSets
        If UCase(userSet.Name) = ALLUSERS Then 
            IsUserSetAllUsers = true
        End If
        If UCase(userSet.Name) = ALLAUTHENTICATEDUSERS Then 
            IsUserSetAllAuthenticatedUsers = true
        End If
    Next
    
    'Check if authentication scheme on Web listener is always authenticate client
    If WebListener.Properties.AlwaysAuthenticate  = true then
        IsAlwaysAuthenticate = true
    End if

    'Check if authentication scheme on Web listener is set to basic authentication
    If WebListener.Properties.BasicAuthentication  = true then
    IsBasicAuthentication = true
    End if

    'Check if authentication scheme on Web listener is set to digest authentication
    If WebListener.Properties.DigestAuthentication  = true then
        IsDigestAuthentication = true
    End if

    'Check if authentication scheme on Web listener is set to integrated windows authentication
    If WebListener.Properties.IntegratedWindowsAuthentication  = true then
        IsIntegratedWindowsAuthentication = true
    End if

    'Check if authentication scheme on Web listener is SSL CLient Certificate Authentication
    If WebListener.Properties.SSLCertificateAuthentication = true then
        IsSSLCertificateAuthentication =true
    End if
    

    'If SSL Certification is used then system policy rule "Allow all HTTP traffic from ISA Server to all networks (for CRL downloads)" should be enabled
    If IsSSLCertificateAuthentication then
        Set configGroup = oArray.SystemPolicy.CreateConfigurationGroupInstance(fpcSystemPolicyConfigGroup_CRL)
        If configGroup.Enabled = False then
            WScript.Echo "*WARNING* SSL certificate authentication on the web listener requires the system policy rule ""Allow all HTTP traffic from ISA Server to all networks (for CRL downloads)"" to be enabled. It is currently disabled."
            WScript.Echo 
        End if
        WScript.Echo "*WARNING* SSL certificate authentication on the web listener can only be used when the ISA server is joined to a domain. Please make sure that it is joined to a domain."
        WScript.Echo 
   End if

    'Check if any authentication scheme is set on the  web listener 
    Set AuthenticationSchemes = WebListener.Properties.AuthenticationSchemes
    For each AuthenticationScheme in AuthenticationSchemes
        AuthenticationSchemeCount = true
        If UCase(AuthenticationScheme.Name) = FBAWITHRADIUSOTP then   
            IsAuthenticationFBAWithRadiusOTP = true
        End If
    Next
   
    'Check that "All Authenticated Users" should not be configured without an authentication scheme on web listener
    If IsUserSetAllAuthenticatedUsers Then
        If not (IsAlwaysAuthenticate or IsBasicAuthentication or IsDigestAuthentication or IsIntegratedWindowsAuthentication or IsSSLCertificateAuthentication or AuthenticationSchemeCount) then
            WScript.Echo "*WARNING* No authentication scheme has been specified on the web listener but the user set on the web publishing rule contains ""All Authenticated Users"". Please set it to one of the supported types for RD Gateway scenarios  - ""SSL Client Certificate"" or ""FBA with RADIUS OTP""."
            WScript.Echo
        Else 
        If not(IsAuthenticationFBAWithRadiusOTP or IsSSLCertificateAuthentication) Then
            WScript.Echo "*WARNING* An authentication scheme not supported for RD Gateway scenarios has been specified on the web listener. Please set it to one of the supported types: ""SSL Client Certificate"" or ""FBA with RADIUS OTP""."
            WScript.Echo
        End If
        End If
    End If


 
    If IsUserSetAllUsers and not(IsUserSetAllAuthenticatedUsers)  Then
        If (IsAuthenticationFBAWithRadiusOTP or IsSSLCertificateAuthentication) Then       
            WScript.Echo "*WARNING* A supported authenticaion scheme has been set on the web listener but the web publishing rule contains ""All Users"" in its User Set. This is a security risk as even unauthenticated users can access RD Gateway."
            WScript.Echo
        Else
        If (IsAlwaysAuthenticate or IsBasicAuthentication or IsDigestAuthentication or IsIntegratedWindowsAuthentication or IsSSLCertificateAuthentication or AuthenticationSchemeCount) then
            WScript.Echo "*WARNING* The web publishing rule contains ""All users"" in its User Set but the web listener has an authentication method set. It is recommended that you use ""All Users"" with No Authentication method set on the web listener."
            WScript.Echo
        End If
        End If
    End If   
  
   
    Set pathmappings = rule.WebPublishingProperties.PathMappings

    For each path in pathmappings
        If (Ucase(path.InternalPath) = "/*") then 
            Set PathAll = path
        End if
 
        If (Ucase(path.InternalPath) = "/RPC/*") then 
            Set PathRPC = path
        End if

        If (Ucase(path.InternalPath) = "/RPCWITHCERT/*") then 
            Set PathRPCwithCert = path
        End if
        
        If (Ucase(path.InternalPath) = "/TS/*") then 
            Set PathTs = path
        End if
        
        If (Ucase(path.InternalPath) = "/RDWEB/*") then 
            Set PathRdWeb = path
        End if                
    Next

    If not(isNull(PathAll)) then
        If not PathAll.SameAsInternalPath Then
            If not (UCase(PathAll.ExternalPath) = UCase(PathAll.InternalPath)) then
                WScript.Echo "*WARNING* External path """ & PathAll.ExternalPath & """ is not the same as Internal path """ & PathAll.InternalPath & """" 
                WScript.Echo " It is recommended that the external path be the same as internal path """ & PathAll.InternalPath & """"
                WScript.Echo
            End If
        End If
    End If
   
 
    If not(isNull(PathRPC)) then
        If not PathRPC.SameAsInternalPath Then
            If not (UCase(PathRPC.ExternalPath) = UCase(PathRPC.InternalPath)) then
                WScript.Echo "*WARNING* External path """ & PathRPC.ExternalPath & """ is not the same as Internal path """ & PathRPC.InternalPath & """"
                WScript.Echo "  It is recommended that the external path be the same as internal path """ & PathRPC.InternalPath & """"
                WScript.Echo
            End If
        End If
    End If
    
    If not(isNull(PathRPCwithCert)) then
        If not PathRPCwithCert.SameAsInternalPath Then
            If not (UCase(PathRPCwithCert.ExternalPath) = UCase(PathRPCwithCert.InternalPath)) then
                WScript.Echo "*WARNING* External path """ & PathRPCwithCert.ExternalPath & """ is not the same as Internal path """ & PathRPCwithCert.InternalPath & """"
                WScript.Echo " It is recommended that the external path be the same as internal path """ & PathRPCwithCert.InternalPath & """"
                WScript.Echo
            End If
        End If  
    End If
  
  
    If not(isNull(PathTs)) then
        If not PathTs.SameAsInternalPath Then
            If not (UCase(PathTs.ExternalPath) = UCase(PathTs.InternalPath)) then
                WScript.Echo "*WARNING* External path """ & PathTs.ExternalPath & """ is not the same as Internal path """ & PathTs.InternalPath & """"
                WScript.Echo " It is recommended that the external path be the same as internal path """ & PathTs.InternalPath & """"
                WScript.Echo
            End If
        End If  
    End If
    
    If not(isNull(PathRdWeb)) then
        If not PathRdWeb.SameAsInternalPath Then
            If not (UCase(PathRdWeb.ExternalPath) = UCase(PathRdWeb.InternalPath)) then
                WScript.Echo "*WARNING* External path """ & PathRdWeb.ExternalPath & """ is not the same as Internal path """ & PathRdWeb.InternalPath & """"
                WScript.Echo " It is recommended that the external path be the same as internal path """ & PathRdWeb.InternalPath & """"
                WScript.Echo
            End If
        End If  
    End If

    If isNull(PathAll) then
    
        If isNull(PathRPCwithCert) and not(isNull(PathRPC)) then
            WScript.Echo "*WARNING* RPCwithcert virtual directory of the gateway has not been published. This will cause smart card authentication not to work for RD Gateway. Please include ""/rpcwithcert/*"" in the Paths tab of the web publishing rule." 
            WScript.Echo
        End If

        If isNull(PathRPC) and not(isNull(PathRPCwithCert)) then
            WScript.Echo "*WARNING* RPC virtual directory of the gateway has not been published. This will cause password authentication not to work for RD Gateway. Please include ""/rpc/*"" in the Paths tab of the web publishing rule." 
            WScript.Echo
        End If
    
        If isNull(PathRPCwithCert) and isNull(PathRPC) then
            WScript.Echo "*WARNING* RPC and RPCwithcert virtual directory of the gateway have not been published.Please include ""/*"" in the Paths tab of the web publishing rule. Alternatively, both the virtual directories can be published by including the paths ""/rpc/*"" and ""/rpcwithcert/*""." 
            WScript.Echo
        End If
        
        If isNull(PathTs) and isNull(PathRdWeb) then
            WScript.Echo "*WARNING* If the rule is also being used to publish TS Web Access or RD Web Access, include the appropriate virtual directories (""/ts/*"" or ""/rdweb/*"") on the Paths tab of the web publishing rule." 
            WScript.Echo
        End If
  
    End If
  
  
  'Doing checks for bridging scenarios
    If  rule.WebPublishingProperties.PublishedServerType <> fpcWebServerThruHTTP and rule.WebPublishingProperties.PublishedServerType <> fpcWebServerThruSSL Then
        WScript.Echo "*WARNING* The web publishing rule's bridging type needs to be set to either HTTPS-HTTPS or HTTPS-HTTP. Please set bridging on the web publishing rule to one of the supported types for RD Gateway ISA scenarios."
        WScript.Echo
    Else
        If  rule.WebPublishingProperties.PublishedServerType = fpcWebServerThruHTTP Then
            If  rule.WebPublishingProperties.PublishedServerType = fpcWebServerThruHTTP and rule.WebPublishingProperties.HTTPRedirectPort <> 80 Then
                WScript.Echo "*WARNING* The web publishing rule is set to use HTTPS-HTTP bridging. However, the HTTP redirect port is " & rule.WebPublishingProperties.HTTPRedirectPort & ". Please set the HTTP redirect port to 80 which is the supported configuration for RD Gateway ISA scenarios."
                WScript.Echo
            Else
                WScript.Echo "*WARNING* The web publishing rule is set to use HTTPS-HTTP bridging. Please ensure that the gateway is correctly configured for HTTPS-HTTP bridging. Incorrect configuration of the gateway could lead to denial of client connections."
                WScript.Echo
            End If
        Else 
            If  rule.WebPublishingProperties.PublishedServerType = fpcWebServerThruSSL and rule.WebPublishingProperties.SSLRedirectPort <> 443 Then
                WScript.Echo "*WARNING* The web publishing rule is set to use HTTPS-HTTPS bridging. However, the SSL redirect port is " & rule.WebPublishingProperties.SSLRedirectPort & ". Please set the SSL redirect port to 443 which is the supported configuration for RD Gateway ISA scenarios."
                WScript.Echo
            Else
                WScript.Echo "*WARNING* The web publishing rule is set to use HTTPS-HTTPS bridging. Please ensure that the gateway is correctly configured for HTTPS-HTTPS bridging. Incorrect configuration of the gateway could lead to denial of client connections."
                WScript.Echo
            End if
        End If
  End if      
   


   'If FBA with Radius OTP is used then give a warning to the user about the ISA version it is supported for 
    If( IsAuthenticationFBAWithRadiusOTP = true ) Then
        
        If IsValidVersion then
	        Set WebListenerVps = WebListener.VendorParametersSets
	        Err.Clear
	        Set CookieAuthVps = WebListenerVps.Item(GUIDforHTTPOnlyCookie)
	        If Err.Number <> 0 Then
	            Wscript.Echo "*WARNING* The authentication scheme on the web listener is ""Forms Based Authentication with RADIUS OTP"" but the value of ""HTTPOnlyCookie"" for the web listener is not set to False. Please set the value to False for RADIUS OTP with RD Gateway to work. To do this, either use the script available at the following Web site: http://go.microsoft.com/fwlink/?LinkId=115137 or re-create the web listener using this script."
                Wscript.Echo
	        Else
	            If CookieAuthVps.Value("HttpOnlyCookie") = true then
	                Wscript.Echo "*WARNING* The authentication scheme on the web listener is ""Forms Based Authentication with RADIUS OTP"" but the value of ""HTTPOnlyCookie"" for the web listener is not set to False. Please set the value to False for RADIUS OTP with RD Gateway to work. To do this, either use the script available at the following Web site: http://go.microsoft.com/fwlink/?LinkId=115137 or re-create the web listener using this script."
                    Wscript.Echo
	            End If
            End If
        Else
            WScript.Echo "*WARNING* The currently installed ISA version is not supported for the RADIUS OTP ISA RD Gateway scenario. RADIUS OTP with RD Gateway is supported only for ISA Server 2006 with supportability update and above."
            WScript.Echo
        End If
  
    End If

    CheckWebPublishingRule = true

End Function 'CheckWebPublishingRule
 

'Print the settings of the web listener created
 Sub PrintWebListenerSettings
 
    Wscript.Echo
    Wscript.Echo "The web listener has been created with the following options:"
    Wscript.Echo " 1. Name : " & wlName
    Wscript.Echo " 2. Protocol : SSL"
    Wscript.Echo " 3. Port     : 443"

    Select case weblistenerauthentication  
        case 0
            Wscript.Echo  " 4. Authentication : No Authentication"
        case 1
            Wscript.Echo  " 4. Authentication : Radius OTP"
        case 2
            Wscript.Echo  " 4. Authentication : SSL CLient Certificate"
     end Select 

     If IsNull(ipaddress) then
        Wscript.Echo " 5. IP address : All ip addresses in ""External"" network"
     Else
        Wscript.Echo " 5. IP address : " & ipaddress
     End if

     Wscript.Echo " 6. Certificate path : " & certName

     If not(IsNull(RadiusServerName)) and (weblistenerauthentication  = 1) then
        Wscript.Echo " 7. Radius Server : " & RadiusServerName
     End if
     Wscript.Echo

 End Sub 'PrintWebListenerSettings


 'Print the settings of the web publishing rule created
 Sub PrintWebRuleSettings
  
     Wscript.Echo
     Wscript.Echo "The web publishing rule has been created with the following options:"
     Wscript.Echo " 1. Name : " & ruleName
     Wscript.Echo " 2. Rule Action : Allow"
     Wscript.Echo " 3. Publishing Type : Single Web Site"
     Wscript.Echo " 4. Internal Site Name : " & serverName
     Wscript.Echo " 5. Public Name : " & publicName
     Wscript.Echo " 6. Path  : /* "
     Wscript.Echo " 7. Web Listener Name : " &  wlName 
     
     If BridgingType = 0 then 
        Wscript.Echo " 8. Bridging Type : HTTPS-HTTP" 
     Else
      Wscript.Echo " 8. Bridging Type : HTTPS-HTTPS" 
     End if

     If userset = 0 then
        Wscript.Echo " 9. User Set : All Users" 
     Else
        Wscript.Echo " 9. User Set : All Authenticated Users" 
     End if

     Wscript.Echo " 10. Authentication Delegation : No delegation, but client may authenticate directly" 
     Wscript.Echo

 End Sub 'PrintWebRuleSettings

'This function checks whether the web rule is using HTTPS-HTTP bridging. If so, it adds a vendor paramter named
'{5e302ed5-f5d5-4fad-9b8a-01c72e1569f3} and sets a name-value pair as "AddHttpsFrontEndOn" = integer(-1) 
Function CustomizeWebRulewithVPS (ruleName)    
 
    CustomizeWebRulewithVPS = false
    Dim rules
    Dim rule
    Dim AddHttpsFrontEndOnVps
    Dim WebRuleVps
    Dim check
    Dim WebListener
    Dim AuthenticationSchemes
    Dim AuthenticationScheme
    Dim retval
   
    Set rules = oArray.ArrayPolicy.PolicyRules
    Set rule = rules.Item(ruleName)
   
   
   'Add check to ensure that these parameter is set only in case of HTTPS-HTTP auth    
    If ((rule.WebPublishingProperties.PublishedServerType = fpcWebServerThruHTTP ) AND (NOT( rule.WebPublishingProperties.HTTPRedirectPort =  0))) Then
        retval = AddVPS (rule, GUIDforWebRule, "AddHttpsFrontEndOn", True)
        
        If NOT(retval) Then
            WScript.Echo "Unable to customize the rule. ."
            exit Function
        End If
        
    End If     
    
    Set WebListener = oArray.RuleElements.WebListeners(rule.WebPublishingProperties.WebListenerUsed.Name)
    Set AuthenticationSchemes = WebListener.Properties.AuthenticationSchemes
    
    
    For Each AuthenticationScheme in AuthenticationSchemes
        If UCase(AuthenticationScheme.Name) = FBAWITHRADIUSOTP then 
            check = true
        End If
    Next
    
    'Add check to ensure that the web listener handled 401 from TSG server properly
    If (check) Then
        retval = AddVPS (rule, GUIDforWebRule, "SendLogonOn401", False)
        If NOT(retval) Then
            WScript.Echo "Failed to customize rule."
            exit Function
        End If
    End If   
    
    WScript.Echo "* Customization of the web rule for RPC over HTTP traffic done. "	     
    WScript.Echo  

    CustomizeWebRulewithVPS  = true
  
 End Function 'CustomizeWebRulewithVPS
 
 
'This function checks whether the web listener authentication is set to HTML form based using
'RADIUS OTP as validation method. If yes, it sets the value of HTTPOnlyCookie attribute in web listener to false
Function CustomizeWebListenerWithVPS (WebListenerName)
 
    CustomizeWebListenerWithVPS = false 'added recently
    
    Dim weblisteners              'An FPCWebListener collection
    Dim WebListener               'An FPCWebListener object
    Dim AuthenticationScheme      'An FPCAuthenticationScheme object
    Dim AuthenticationSchemes     'An FPCAuthenticationSchemes object
    Dim isOTP    : isOTP =false   'Bool variable
    Dim retval   : retval =false  'Bool variable

  
    Set weblisteners = oArray.RuleElements.WebListeners
    Set WebListener = weblisteners.Item(WebListenerName)
  
    'Check if the web listener authentication mode has been set to RADIUS OTP. If yes go and set the HTTPOnlyCookie value to false
    Set AuthenticationSchemes = WebListener.Properties.AuthenticationSchemes
    For Each AuthenticationScheme in AuthenticationSchemes
        If UCase(AuthenticationScheme.Name) = FBAWITHRADIUSOTP then 
            isOTP = true
        End If
    Next

	If isOTP Then
	  
        retval = AddVPS (WebListener, GUIDforHTTPOnlyCookie, "HttpOnlyCookie",  False)
        If NOT(retval) Then
            WScript.Echo "Unable to customize the web listener."
            exit Function
        End If

        WScript.Echo "Value of HTTPOnlyCookie in web listener " & WebListenerName & " has been set to false"

 	End If
 	
 
   CustomizeWebListenerWithVPS = true
 
 End Function 'CustomizeWebListenerWithVPS
 

'Adds a Vendor Paramter  Name Value pair to the referred object.
'If the Vendor Parameter does not exist , the function adds it to the object and adds the Name-Value pair to it.
'If the Vendor Parameter already exists , the function sets the appropriate Name-Value pair .
 Function AddVPS (ByRef Obj, GUID, Name, Value)
 
    AddVPS = false
  
    Dim VPSets
    Dim VPSet
  
  
    Set VPSets = Obj.VendorParametersSets
 
 	Err.Clear
	On Error Resume Next
 	Set VPSet = VPSets.Item(GUID)
    If Err.number = Error_FileNotFound Then
        On Error Goto 0 
        Set VPSet = VPSets.Add(GUID)
    Else 
        If Err.number <> 0 Then
        Wscript.Echo "An error occurred while reading the attribute" & Name
        WScript.Echo Err.Description
        WScript.Echo Err.number
        Exit Function
        End If
        On Error Goto 0
    End If    
     
    VPSet.Value(Name) = Value
    AddVPS = true	      

End Function 'AddVPS

 
 
 'This function checks whether the ISA version installed supports RDG RADIUS OTP authentication scenario
 'The minimum ISA version supported at the time this script was written is 5.0.5723.493 (SP1)
 Function IsValidVersion
    
    IsValidVersion = false 
    
    Dim VerPart
   
    VerPart = Split(GetISAProductVersion,".")
    
    'If the version number begins with 4 it is not supported
    If VerPart(0) < 5 Then exit Function
	
    'If the version number begins with 5 but is less than 5.0.5271.240 it is not supported
    If VerPart(0) = 5 Then
        If VerPart(1) = 0 Then
       
            If VerPart(2) < 5721 Then
                exit Function
            End If
       
            If VerPart(2) = 5721 AND VerPart(3) < 240 Then
                exit Function
            End If
         End If
     End If  
     
     IsValidVersion = true
  
 End Function 'IsValidVersion
 
 
'This function converts a byte array into its corresponding hexadecimal string
Function ByteArrayToHexString(bytearray)

    Dim I
    ReDim HexVal(lenb(bytearray)-1)
    For I=1 to lenb(bytearray)
        HexVal(I-1) = right("0" & hex(AscB(MidB(bytearray,I,1))),2)
    Next
    ByteArrayToHexString = Join(HexVal,"")

End Function 'ByteArrayToHexString

'This function gets the ISA server version
Function GetISAProductVersion
    Dim server
    Set server = root.GetContainingServer()
    GetISAProductVersion = server.ProductVersion 
End Function 'GetISAProductVersion


'Displays the usage for the script
Sub DisplayUsage()

    Wscript.Stdout.Writeline "Usage 1: ISAConfigScript.vbs  -CREATEWEBPUBLISHINGRULE /WRName:<value> /ServerName:<value> /PublicName:<value> /WLName:<value> /BridgingType:<value> /UserSet:<value>  /?" 
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "Usage 2: ISAConfigScript.vbs  -CREATEWEBPUBLISHINGRULE /File:<value>" 
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "Usage 3: ISAConfigScript.vbs  -CREATEWEBLISTENER /WLName:<value> /CertPath:<value> /ListenerAuthentication:<value> /RadiusServer:<value> /IPAddress:<value> /?" 
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "Usage 4: ISAConfigScript.vbs  -CREATEWEBLISTENER /File:<value>" 
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "Usage 5: ISAConfigScript.vbs  -VALIDATERULE  /WRName:<value>" 
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "Options:" 
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "For -CREATEWEBPUBLISHINGRULE :"
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "  /WRName         <value>     Name of the web publishing rule to be created"
    Wscript.Stdout.Writeline "  /ServerName     <value>     Name of the server the ISA will connect to"
    Wscript.Stdout.Writeline "  /PublicName     <value>     Name of the TSG server the client will connect to"
    Wscript.Stdout.Writeline "  /WLName         <value>     Name of the web listener to be used"
    Wscript.Stdout.Writeline "  /BridgingType   <value>     Bridging type to be used: " 
    Wscript.Stdout.Writeline "                              0 for HTTPS-HTTP , 1 for HTTPS-HTTPS" 
    Wscript.Stdout.Writeline "  /UserSet        <value>     User Sets allowed by the web publishing rule :"
    Wscript.Stdout.Writeline "                              0 for All users, 1 for All Authenticated users" 
    Wscript.Stdout.Writeline "  /File           <value>     Path of the configuration file which contains parameters for the web publishing rule" 
    Wscript.Stdout.Writeline "                              A sample file is provided with the script"
    Wscript.Stdout.Writeline "  /?                          Script help"
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "For -CREATEWEBLISTENER :"
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "  /WLName                 <value>      Name of the web listener to be created"
    Wscript.Stdout.Writeline "  /CertPath               <value>      Certificate file(.pfx or .cer) path"
    Wscript.Stdout.Writeline "  /ListenerAuthentication <value>      Web listener authentication:"
    Wscript.Stdout.Writeline "                                       0 for No Authentication"
    Wscript.Stdout.Writeline "                                       1 for Radius OTP"
    Wscript.Stdout.Writeline "                                       2 for SSL Client Certificate" 
    Wscript.Stdout.Writeline "  /RadiusServer           <value>      Optional paramenter. Specify only if"
    Wscript.Stdout.Writeline "                                       listener authentication is RADIUS OTP"
    Wscript.Stdout.Writeline "  /IPAddress              <value>      Optional parameter. Default value is"
    Wscript.Stdout.Writeline "                                       the IP address in the external network"
    Wscript.Stdout.Writeline "  /File                   <value>      Path of the configuration file which contains parameters for the web listener" 
    Wscript.Stdout.Writeline "                                       A sample file is provided with the script"
    Wscript.Stdout.Writeline "  /?                                   Script help"
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "For -VALIDATERULE :"
    Wscript.Stdout.Writeline
    Wscript.Stdout.Writeline "  /WRName         <value>     Name of the web publishing rule to be created"
   
End Sub 'DisplayUsage