Help Desk Application

FastTrack Automation Studio comes with the ability to build an application to perform basic operations on your Active Directory by a Help Desk or similar without being domain administrators plus a few extras, such as the ability to restart the spooler service remotely on clients. The purpose of this is to both make sure the Help Desk cannot do more than needed, to avoid accidentally deleting or moving of objects, but also to avoid having them being domain administrators. Imagine someone accidentally deleting an OU with all users in it, or dragging an entire OU sub-structure somewhere else, resulting in new policies applying. The result nothing short of a disaster.

The Home Screen can build the application for you, where you simply select which features you would like to make available. The great part about it is that it's basically just a pre-built FastTrack script, so if it does not suffice, you can simply tweak is however you need in Scripting Mode and modify to your needs and hit the save as exe button to built your customized version.

Because this script/application uses all the most common Active Directory features of the core language, this page also serves as the general documentation page for Active Directory core scripting commands.

Help Desk Self-Service

The application

When the application (script compiled into an exe file) is executed, the Help Desk user sees the menu below, which allows only the tasks the administrator has decided that he or she is allowed to perform. All that is required to produce the application below including all functionality and validation, is only 150 script lines including comments and readability spacing, and requires no embedding of graphics or third-party tools!

Help Desk application

Building from the Home Screen

When you start FastTrack Automation Studio, you start in the Home Screen. Click the "Help Desk" icon and click "Help Desk App" in the submenu. In the wizard, select the menu options you need and you have a Help Desk Application exe file ready to run.

Home Screen Help Desk App Generator

Help Desk application feature select

The above shows the page in the wizard, where you select features. A page will also show up allowing you to enter credentials for a domain administrator account to switch to upon execution of the exe file.

Interactive demonstration

Before you read on, you can click the play button below to watch Senior Technical Writer Steve Dodson from Binary Research International walk you through the script and show you how you can modify it for your own needs in the Script Editor. Note that the video was shot before it was possible to build the application from the Home Screen, but it shows the application in function. The rest of this page explains how to use the Active Directory features of the core language using this Help Desk application as a case.




Active Directory Scripting



Active Directory operations in the core language

Most of the script behind the Help Desk application is querying the end-user for information, asking for verification and wrappers. The actual operations performed, are always only one script line. Let's look a the Help Desk application script as a case on how to modify Active Directory from scripts, which you can easily create you self in the Script Editor.

When scripting the Active Directory with FastTrack, no knowledge of the inner workings of the Active Directory is required. Interfacing with the Active Directory requires all objects named by their full distinguished name, but FastTrack will resolve this for you; you can enter the full distinguished name of an object, but in general, just use the names shown in "Active Directory Users and Computers". The domain, the object location in the organizational unit tree and the actual distinguished name of the object will automatically be resolved at run-time for you.

Below a list of the actual Active Directory commands and collections used in this example script to perform the Active Directory operations. Collections are typically used for loops and list menus and in this example the collections are used to feed the ListMenu function with values, to a produce a selectable list. For readability, variables are in the two tables below are replaced by static values.
Active Directory commands used
Create a user account in an OU with a plain text password: CreateUserPlain AcmeUser,MyAcmePassword,Acme Sales
Set the first and last names of a user: SetUserName AcmeUser,John,Doe
Delete a user account: DeleteUser AcmeUser
Disable a user account: DisableUser AcmeUser
Enable a user account: EnableUser AcmeUser
Unlock a user account: UnlockUser AcmeUser
Change the password of a user: SetUserPasswordPlain AcmeUser,MyNewAcmePassword
Move a user to another Organizational Unit: MoveUser AcmeUser,Acme Sales Europe
Add a user to an Active Directory group: AddUserToGroup AcmeUser,Sales Staff
Remove a user from an Active Directory group: RemoveUserFromGroup AcmeUser,Sales Staff

Active Directory collections used
Collection of all Organizational Units: [AllOUs]
Collection of all users: [AllUsers]
Collection of all Active Directory groups: [AllGroups]
Collection of a users' Active Directory groups: [UserGroups AcmeUser]
Collection of all users in an Active Directory group: [GroupUsers Acme Sales]
If you are fairly large organization with a development division, consider the option of building a company specific Help Desk application that lets FastTrack handle the complexities of your Active Directory. All your application has to do to execute the operations, is to build a script file in normal ASCII format and pass it to FSH.Exe.

Graphical user interfaces

FastTrack is the only scripting language available that delivers a real graphical user interface to the scripter, without requiring any kind of graphics skills. This example script uses only built-in menus, icons and dialogs that are easy to use when writing scripts.

Every time the Help Desk user clicks a menu item, a new graphical user interface is shown with professional looking dialog boxes. When clicking "Create User" for instance, information about the new user must be entered. It requires just one simple script line with the MultiInput command to produce the screen below to the left, where all fields are returned as variables for the further processing. When the information is entered, a list of all organizational units are displayed to request organizational placement of the new user, as shown below to the right. This also requires just one script line, where the collection AllOUs is fed to the ListMenu function.

Help Desk input dialogue box

Ask for additional user information (MultiInput command)

Help Desk list menu

Ask for OU (AllOUs collection fed to the ListMenu function)


Elevating permissions (optional)

In most cases, it is preferable not to have to execute the actual script as an administrator. To avoid this, you can simple insert a single line at the top to change the executing user of the script. The password for your domain admin user is irreversible and must be encoded inside the script editor. Licensed users can encrypt the whole script to also hide the domain admin user name.

ChangeUser AcmeDom\AcmeAdmin,"<encryptedpassword>"

The script

The script listed is available directly in the script editor. Go to the "Documentation" tab, select "Help Desk Example Application" under the "Insert Example Script" submenu and press F5 to execute it.

/******************************************************************************

Help Desk Demo Script by FastTrack Software

 

This script may be used for any purpose without permission from the author

******************************************************************************/

 

/**************** ELEVATE FROM UAC *****************/

ElevateUser

 

/********************************* SHOW MENU **********************************/

:Restart

SetVar Selection,[Menu Help Desk Application,Shield|Create User,Trashcan|Delete User,Lock|Disable User,Config|Enable User,_

                       Connected|Change User Password,Network|Unlock User Account,Defrag|Move User,Tools|Show User Groups,_

                       Download|Show Group Members,NetworkFolder|Add User To Group,ControlPanel|Remove User From Group]

If Not [Var Selection]=[Blank] Then Goto [Var Selection]

Exit

 

/******************* CREATE USER ACCOUNT IN A SELECTABLE OU *******************/

:Create User

MultiInput New User,UserName|User name (Initials),First name,Last name,Password

If Not [Var UserName]=[Blank] Then

  SetVar SelectedOU,[ListMenu Select location,Root,[AllOUs]]

  If Not [Var SelectedOU]=[Blank] Then

    If Ask "Are you sure you wish to create the user [Var UserName] in the location [Var SelectedOU]?" Then

      If [Var SelectedOU]=Root Then

        CreateUserPlain [Var UserName],[Var Password]

      Else

        CreateUserPlain [Var UserName],[Var Password],[Var SelectedOU]

      End If

      SetUserName [Var UserName],[Var First name],[Var Last name]

      ShowMessage "User [UserFullName [Var UserName]] is now created and ready to logon"

    End If

  End If

End If

Goto Restart

 

/**************************** DELETE USER ACCOUNT *****************************/

:Delete User

SetVar SelectedUser,[ListMenu Select user,[AllUsers]]

If Not [Var SelectedUser]=[Blank] Then

  If Ask "Are you SURE you wish to DELETE the user [Var SelectedUser]?" Then

    DeleteUser [Var SelectedUser]

    ShowMessage "User [Var SelectedUser] is now deleted and can no longer log on to the network"

  End If

End If

Goto Restart

 

/**************************** DISABLE USER ACCOUNT ****************************/

:Disable User

SetVar SelectedUser,[ListMenu Select user,[AllUsers]]

If Not [Var SelectedUser]=[Blank] Then

  If Ask "Are you sure you wish to disable the user [Var SelectedUser]?" Then

    DisableUser [Var SelectedUser]

    ShowMessage "User [Var SelectedUser] is now disabled and can no longer log on"

  End If

End If

Goto Restart

 

/**************************** ENABLE USER ACCOUNT *****************************/

:Enable User

SetVar SelectedUser,[ListMenu Select user,[AllUsers]]

If Not [Var SelectedUser]=[Blank] Then

  If Ask "Are you sure you wish to enable the user [Var SelectedUser]?" Then

    EnableUser [Var SelectedUser]

    ShowMessage "User [Var SelectedUser] is now enabled"

  End If

End If

Goto Restart

 

/**************************** UNLOCK USER ACCOUNT *****************************/

:Unlock User Account

SetVar SelectedUser,[ListMenu Select user,[AllUsers]]

If Not [Var SelectedUser]=[Blank] Then

  If Ask "Are you sure you wish to unlock the user [Var SelectedUser]?" Then

    UnlockUser [Var SelectedUser]

    ShowMessage "User account [Var SelectedUser] is now unlocked"

  End If

End If

Goto Restart

 

/**************************** CHANGE USER PASSWORD ****************************/

:Change User Password

SetVar SelectedUser,[ListMenu Select user,[AllUsers]]

If Not [Var SelectedUser]=[Blank] Then

  SetVar Password,[InputPassword Enter new password]

  If Ask "Are you sure you wish to change the password for user [Var SelectedUser]?" Then

    SetUserPasswordPlain [Var SelectedUser],[Var Password]

    UnlockUser [Var SelectedUser]  ''Just in case the user has tried with bad passwords

    ShowMessage "The user [Var SelectedUser] can now log on with the new password"

  End If

End If

Goto Restart

 

/***************************** MOVE USER ACCOUNT *****************************/

:Move User

SetVar SelectedUser,[ListMenu Select user,[AllUsers]]

If Not [Var SelectedUser]=[Blank] Then

 SetVar SelectedOU,[ListMenu Select new location,[AllOUs]]

  If Ask "Are you sure you wish to move the user [Var SelectedUser] to [Var SelectedOU]?" Then

    MoveUser [Var SelectedUser],[Var SelectedOU]

    ShowMessage "User [Var SelectedUser] is now moved to location [Var SelectedOU]"

  End If

End If

Goto Restart

 

/***************************** SHOW USER'S GROUPS *****************************/

:Show User Groups

SetVar SelectedUser,[ListMenuForced Select user,[AllUsers]]

SetVar SelectedGroup,[ListMenu User [Var SelectedUser] is member of:,[UserGroups [Var SelectedUser]]]

Goto Restart

 

/***************************** SHOW GROUP MEMBERS *****************************/

:Show Group Members

SetVar SelectedGroup,[ListMenuForced Select a group,[AllGroups]]

SetVar SelectedMember,[ListMenu Members of [Var SelectedGroup],[GroupUsers [Var SelectedGroup]]]

Goto Restart

 

/***************************** ADD USER TO GROUP ******************************/

:Add User To Group

SetVar SelectedGroup,[ListMenu Select a group,[AllGroups]]

If Not [Var SelectedGroup]=[Blank] Then

  If [IndexOf [Var SelectedGroup],Admin]>0 Then

    ShowMessage "You cannot add users to any administrator group!"

  Else

    SetVar SelectedUser,[ListMenu Select a user to add,[AllUsers]]

    If Not [Var SelectedUser]=[Blank] Then

      If Ask "Are you sure you wish to add [UserFullName [Var SelectedUser]] to the group [Var SelectedGroup]?" Then

        AddUserToGroup [Var SelectedUser],[Var SelectedGroup]

        ShowMessage "User [UserFullName [Var SelectedUser]] is now a member of the group [Var SelectedGroup]"

      End If

    End If

  End If

End If

Goto Restart

 

/*************************** REMOVE USER FROM GROUP ***************************/

:Remove User From Group

SetVar SelectedGroup,[ListMenu Select a group,[AllGroups]]

If Not [Var SelectedGroup]=[Blank] Then

  If [IndexOf [Var SelectedGroup],Admin]>0 Then

    ShowMessage "You cannot remove users from any administrator group!"

  Else

    SetVar SelectedUser,[ListMenu Select a user to remove,[GroupUsers [Var SelectedGroup]]]

    If Not [Var SelectedUser]=[Blank] Then

      If Ask "Are you sure you wish to remove [UserFullName [Var SelectedUser]] from the group [Var SelectedGroup]?" Then

        RemoveUserFromGroup [Var SelectedUser],[Var SelectedGroup]

        ShowMessage "User [UserFullName [Var SelectedUser]] is no longer member of the group [Var SelectedGroup]"

      End If

    End If

  End If

End If

Goto Restart



Rating: 5 out of 5

"Use this as a replacement for VBScript and PowerShell"

"It's easy to include attractive GUI elements in FastTrack scripts, beyond the basic dialog boxes and text input that VBScript offers ... Another powerful feature is the ability to distribute scripts as Windows Installer (.msi) or standard .exe files. Although interesting in its own right, this ability results in a much more intriguing capability: to repackage -- or wrap -- software installers as .msi files without using snapshots. If you've ever created an .msi installer file from before-and-after system snapshots, for use with a software distribution system such as Group Policy or SCCM, then you know how hit-and-miss the results can be."

Read full review


Rating: 8 out of 10

"Faster than the rest"

"We found the FastTrack syntax to be more transparent and easier to learn than Microsoft's PowerShell – the editor in particular provided good support in this regard. the Script Editor offers a large number of options from the command set through to simple output of graphical elements, which cannot be achieved at all with PowerShell or other solutions or only with a significantly greater level of effort."

"Anyone wanting to tackle the many hurdles in everyday admin and especially anyone for whom logon scripts and client automation is a priority will benefit from the variety of functions offered by FastTrack."

Review in English      Review in German