Management API - DeleteUMA

Hi SteveMo,

the provided UmaAPI.vbs script should work for you. You would need to query all users that are assigned to the machine ( mode 2 ) and remove all users from the machine in a second step ( mode 3 ).

'UMA operations by Script
'
'Arguments: mode = 1: Get all assigned machines from user
'			mode = 2: Get all assigned users from machine
'			mode = 3: delete User Machine relationships
'			mode = 4: create User Machine relationships and set the relationships's properties

'
'Call: E.g. cscript UMA_API.vbs mode [computer] [user]
'Call: E.g. cscript UMA_API.vbs 1 user
'Call: E.g. cscript UMA_API.vbs 2 computer
'Call: E.g. cscript UMA_API.vbs 3|4 xp-105 user

The POA will do a fall back to Autologon mode and the next user that logs on to the machine will create a new User Machine Assignment and will be the new owner of the machine.

As you may need to cary out additional administrative tasks on the machine and dont want to activate the POA again with your administrator account, you should work with a SGN Service Account (Service Accounts do not activate the POA and can be configured in the Management Center) after you removed the users with the script.

Cheers,

ChrisD

Hi ChrisD,

Thanks for the reply.

At the moment I am not able to run the UmaAPI.vbs. I'm getting errors. Does it need amending first or should it run 'out of the box' ? If so what is correct command line? When I add in the user or computer to the command line it errors.

Also where should I run this from? The laptop I wish to remove the users from?

Thanks

SteveMo

Of course you need to change the "msoName" and "sgnPassword" parameters and enter a Security Officer that is able to perform the changes (in example, try an MSO for testing) and need to run the script on the machine that has a configured SGN MC on it.

What errors do you see?

Chris

Sorry I obviously had changed the MSO user to one that I created with 'Scripting' permissions.

When I run it from my PC which has the SGN Management Centre installed I get...

C:\>cscript UMA_API.vbs 2 computer
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

UMA Excample-Skript
Created Base Object
Created Uma Object
API init
Authenticate :
Init Directory:
Init UMA:
Init:
An error has occurred

C:\>

In case you're running a x64 version of Windows, please try 

C:\Windows\SysWOW64>Cscript.exe C:\UmaAPI.vbs 2 computername 

Getting a little further now...

C:\Windows\SysWOW64>cscript.exe C:\UMA_API.vbs 2 computername
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

UMA Excample-Skript
Created Base Object
Created Uma Object
API init 0
Authenticate : -6
Init Directory: -6
Init UMA: -6
GetOneObject : 0 computername Module not initialized -> -2
Init: Module not initialized

C:\Windows\SysWOW64>

Check that the Security Officer name and password is correct. The return code "-6" points to wrong authentication.

Please find an extract of the basic return codes from the API manual below:

2.15 Error codes returned by the API methods

Note: As soon as an error is returned by the API, the user can call GetLastError to receive a
more detailed error message along with the internal error code. Note that the error message string
will be localized.

OBJECT_OWN_MEMBER = -15 Object cannot be its own member.
For example: a group cannot be its own member.
ACTION_NOT_FINALIZED = -14 Action (e.g. wildcard search) not finalized.
ACTION_NOT_INITIALIZED = -13 Action (e.g. wildcard search) not initialized.
RESULT_NOT_UNIQUE = -12 Result set is not unique.
INVALID_CHALLENGE_CODE = -11 Wrong challenge code entered for Challenge/
Response.
NO_MORE_DATA = -10 End of data in any wildcard search method.
INSUFFICIENT_RIGHTS = -9 Current Security Officer has insufficient rights.
CONFIG_FILE_ERROR = -8 .conf file could not be found or is invalid.
TOKEN_INVALID_SLOT = -7 Invalid token slot ID.
NOT_AUTHENTICATED = -6 Security Officer has not authenticated.
OBJECT_NOT_FOUND = -5 Object not found in the database.
OBJECT_ALREADY_EXISTS = -4 Object already exists.
TOKEN_NOT_PRESENT = -3 No token in the slot.
NOT_INITIALIZED = -2 API was not initialized.
FAILURE = -1 General failure.
OK = 0 Success.

Corrected that now. I was listing the .cer password and not the store password.

Now I'm getting...

C:\Windows\SysWOW64>cscript.exe C:\UMA_API.vbs 2 computername
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

UMA Excample-Skript
Created Base Object
Created Uma Object
API init 0
Authenticate : 0
Init Directory: 0
Init UMA: 0
GetOneObject : 0 computername Object not found. -> -5
Init: Error in parameter 1

C:\Windows\SysWOW64>

I have double-checked in SGN Management Centre and the computername is listed there with the old user still registered as the owner.

Hi SteveMo,

just to be on the safe side - you have replaced the "computername" attribute in the call with a machine from your environment? So in example:

C:\Windows\SysWOW64>cscript.exe C:\UMA_API.vbs 2 XPClient

 where XPClient would be the name of your SGN client machine

GetOneObject should deliver a 0 result if the machine name was found in the database, even if the machine is no SafeGuard Enterprise Client.

Regards,

Chris

Hi ChrisD,

Yes the "computername" is the machine name from our domain. I just replaced the name after pasting in the text from command line.

It definately exists and is a SGN client so what other possibilities could there be forgetting this error?

C:\Windows\SysWOW64>cscript.exe C:\UMA_API.vbs 2 computername
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

UMA Excample-Skript
Created Base Object
Created Uma Object
API init 0
Authenticate : 0
Init Directory: 0
Init UMA: 0
GetOneObject : 0 computername Object not found. -> -5
Init: Error in parameter 1

C:\Windows\SysWOW64>