Thanks alot for your response Jim.
That response was quite an eye opener. A 2000 OWA does not make use of a EVanon directory at all. Rather it uses a file named owardr.asp. That should mean that the owauser.wsf script actually targets the evanon directory when used with /2003 and the owardr.asp file when used with /2000. Perhaps there are more to it than this but at least that is a pretty obvious difference.
This means that the question has evolved to this: Are there any known issues with accessing the vault servers from both 2000 and 2007 OWA's and thereby having both the evanon directory AND the owardr.asp?
I've pasted the entire content of the script below for what's it worth, sorry for the length that it brings this post to.
Also, for other people that might be reading this, the /2003 switch will not be needed for 2003 and 2007 OWA if your EV servers are at 2007 SP1. The only switch that's needed then is /2000 if you're implementing support for Exchange 2000 OWA.
/Tobbe
<!--
'
' Copyright © 2006 Symantec Corporation. All rights reserved.
'
' THIS SOFTWARE CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF SYMANTEC
' CORPORATION. USE, DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR
' EXPRESS WRITTEN PERMISSION OF SYMANTEC CORPORATION.
'
' The Licensed Software and Documentation are deemed to be "commercial
' computer software" and "commercial computer software documentation" as
' defined in FAR Sections 12.212 and DFARS Section 227.7202.
'
-->
<job>
<runtime>
<description>
This script is used to configure the Enterprise Vault Server for OWA access.
It must be run under the context of the Enterprise Vault Service Account.
</description>
<example>
Example:
cscript owauser.wsf /domain:myDomain /user:evowausr /password:P5ssword /exch2003
</example>
<named name="user" type="string" required="true" helpstring="User name without domain." />
<named name="domain" type="string" required="true" helpstring="Domain for user." />
<named name="password" type="string" required="true" helpstring="Password for user" />
<named name="exch2000" type="simple" required="false" helpstring="Configure for Exchange 2000. If this isn't specified, then /exch2003 must be specified." />
<named name="exch2003" type="simple" required="false" helpstring="Configure for Exchange 2003. If this isn't specified, then /exch2000 must be specified." />
<named name="alias" type="string" required="false" helpstring="Alias of the virtual directory to create. Only applies for Exchange 2003." />
<named name="skipverify" type="simple" required="false" helpstring="Don't verify the supplied user credentials" />
</runtime>
<script language="VBScript">
Option Explicit
Dim oInfoNT, sComputerName 'WinNT variables
Dim oNamedArgs, oArgs, sArg, aArg, i
Dim sUserDom, sUserName, sUserPass, sEVAnonAlias, bExch2003, bSkipVerify 'Command line variables
Dim WShell, oUser, oDomain, retCode, sWebAppVbs, bBadArgs, sAdminServiceAccount 'Others
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
Set WShell = WScript.CreateObject("WScript.Shell")
Dim s64Bit, UserRegKey, AliasRegKey, VaultAdminRegKey
If WShell.ExpandEnvironmentStrings("%PROCESSOR_ARCHITECTURE%") <> "x86" Then
s64Bit = "Wow6432Node\"
Else
s64Bit = ""
End If
UserRegKey = "HKCU\Software\KVS\Enterprise Vault\AnonymousUser"
AliasRegKey = "HKLM\Software\" & s64Bit& "KVS\Enterprise Vault\Install\OwaWebAppAlias"
VaultAdminRegKey = "HKLM\System\CurrentControlSet\Services\EnterpriseVaultAdminService\ObjectName"
'Initialise required arguments from command line
WScript.Echo "WScript version: " & WScript.Version
If StringToDouble(WScript.Version) >= 5.6 Then
Set oNamedArgs = WScript.Arguments.Named
Else
Set oNamedArgs = CreateObject("Scripting.Dictionary")
oNamedArgs.CompareMode = 1
Set oArgs = WScript.Arguments
For i = 0 to oArgs.Count - 1
sArg = oArgs(i)
If Left(sArg, 1) = "/" or Left(sArg, 1) = "-" Then
sArg = Mid(sArg, 2)
End If
If InStr(sArg, ":") Then
aArg = Split(sArg, ":")
oNamedArgs.Add aArg(0), aArg(1)
Else
oNamedArgs.Add sArg, ""
End If
Next
End If
If oNamedArgs.Exists("user") Then
sUserName = oNamedArgs.Item("user")
End If
If oNamedArgs.Exists("domain") Then
sUserDom = oNamedArgs.Item("domain")
End If
If oNamedArgs.Exists("password") Then
sUserPass = oNamedArgs.Item("password")
End If
bBadArgs = false
If oNamedArgs.Exists("Exch2003") Then
bExch2003 = true
WScript.Echo "Configuring for Exchange 2003"
ElseIf oNamedArgs.Exists("Exch2000") Then
bExch2003 = false
WScript.Echo "Configuring for Exchange 2000"
Else
bBadArgs = true
End If
If bBadArgs or sUserName = "" or sUserDom = "" or sUserPass = "" Then
WScript.Arguments.ShowUsage
WScript.Quit 0
End If
'Initialise optional arguments from the command line
If oNamedArgs.Exists("alias") Then
sEVAnonAlias = oNamedArgs.Item("alias")
Else
sEVAnonAlias = "EVAnon"
End If
bSkipVerify = false
If oNamedArgs.Exists("skipverify") Then
bSkipVerify = true
End If
'
'Spit out who we are
'
Set oInfoNT = CreateObject("WinNTSystemInfo")
WScript.Echo "Running as: " & oInfoNT.DomainName & "\" & oInfoNT.UserName
'
'Check we're the same as the admin service account
'
sAdminServiceAccount = WShell.RegRead(VaultAdminRegKey)
if LCase(sAdminServiceAccount) <> LCase(oInfoNT.DomainName & "\" & oInfoNT.UserName) then
WScript.Echo "ERROR: This script must be run under the context of the Enterprise Vault Service Account"
WScript.Quit 1
end if
WScript.Echo "User name: " & sUserName
WScript.Echo "User domain: " & sUserDom
If Not bSkipVerify Then
'
'Check supplied login credentials are correct
'
'1. Check that user account exists
' We are running as Vault Service account, which is always a domain user and local administrator.
' So we can perform an ADSI lookup using the current credentials to find the user.
on error resume next
Set oUser = GetObject("WinNT://" + sUserDom + "/" + sUserName + ",user")
If err.number <> 0 Then
WScript.Echo "ERROR: Specified user account does not exist"
WScript.Quit 1
End If
on error goto 0
'2. Check that password is correct
' Use authenticated ADSI lookup using supplied credentials
' For a domain account, the OpenDSObject call will fail if credentials are invalid
' For a local account, a subsequent GetObject call will fail if credentials are invalid
on error resume next
Const ADS_SECURE_AUTHENTICATION = 1
Set oDomain = GetObject("WinNT:").OpenDSObject("WinNT://" & sUserDom, sUserName, sUserPass, ADS_SECURE_AUTHENTICATION)
Set oUser = oDomain.GetObject("user", sUserName)
If err.number <> 0 Then
WScript.Echo "ERROR: Cannot log on to specified account"
WScript.Quit 1
End If
on error goto 0
'3. Warn if account is local account rather than domain account
sComputerName = oInfoNT.ComputerName
If LCase(sComputerName) = LCase(sUserDom) Then
WScript.Echo "WARNING: Specified user is a local account"
End If
End If
'
'Assign rights for user
'
' Access this computer from the network
SetUserRight("SeNetworkLogonRight")
' Allow log on locally
SetUserRight("SeInteractiveLogonRight")
' Log on as a batch job
SetUserRight("SeBatchLogonRight")
' Bypass traverse checking
SetUserRight("SeChangeNotifyPrivilege")
'
'Configure IIS
'
sWebAppVbs = Replace(Wscript.ScriptFullName, WScript.ScriptName, "WebApp.vbs", 1, 1, 1)
on error resume next
If bExch2003 Then
retCode = WShell.Run("""" & sWebAppVbs & """ /anon2003 /a " & sEVAnonAlias & " /user " & sUserDom & "\" & sUserName & " /pass " & sUserPass, 1, true)
Else
retCode = WShell.Run("""" & sWebAppVbs & """ /anon2000 /user " & sUserDom & "\" & sUserName & " /pass " & sUserPass, 1, true)
End If
If Err.number = -2147024894 Then
WScript.Echo "ERROR: Cannot find file: " & sWebAppVbs
WScript.Quit 1
ElseIf Err.number <> 0 Then
WScript.Echo "ERROR: Failed to run Enterprise Vault web app configuration script, error: " & Err.number & " " & Err.Description
WScript.Quit 1
End If
on error goto 0
If retCode = 0 Then
WScript.Echo "Configured Enterprise Vault web app"
ElseIf retCode = 7 Then
WScript.Echo "ERROR: ExchangeServers file does not exist. Please create the file and re-run this script"
WScript.Quit 1
ElseIf retCode = 8 Then
WScript.Echo "ERROR: Couldn't open ExchangeServers file. Please check the file and re-run this script"
WScript.Quit 1
ElseIf retCode = 9 Then
WScript.Echo "ERROR: ExchangeServers file contains invalid entries. Please check the file and re-run this script"
WScript.Quit 1
Else
WScript.Echo "ERROR: Failed to configure Enterprise Vault web app, error: " & retCode
WScript.Quit 1
End If
'
'Set regkeys
'
' AnonymousUser
WShell.RegWrite UserRegKey, sUserDom & "\" & sUserName, "REG_SZ"
' OwaWebAppAlias - Exchange 2003 only
If bExch2003 Then
WShell.RegWrite AliasRegKey, sEVAnonAlias, "REG_SZ"
End If
'Say we've finished, and that the admin must now restart the EV admin service
WScript.Echo "Anonymous access configuration completed."
WScript.Echo "*** You must now restart the Enterprise Vault Admin Service, and synchronize mailboxes for the settings to take effect. ***"
Sub SetUserRight(sRight)
Dim retCode
on error resume next
retCode = WShell.Run("evrights " & sUserDom & "\" & sUserName & " " & sRight, 0, true)
If Err.number = -2147024894 Then
WScript.Echo "ERROR: Failed to assign user right: " & sRight & "; Error: Cannot find evrights.exe"
ElseIf retCode <> 0 Then
WScript.Echo "ERROR: Failed to assign user right: " & sRight & "; Error: " & retCode
Else
WScript.Echo "Assigned user right: " & sRight
End If
on error goto 0
End Sub
Function StringToDouble(str)
Dim integerPart : integerPart = 0
Dim decimalPart : decimalPart = 0
Dim digit
Dim i
Dim j
For i = 1 to Len(str)
digit = Mid(str, i, 1)
If IsNumeric(digit) Then
integerPart = (10 * integerPart) + CLng(digit)
Else
Exit For
End If
Next
For j = Len(str) to i + 1 Step -1
digit = Mid(str, j, 1)
If IsNumeric(digit) Then
decimalPart = (decimalPart + CLng(digit)) / 10
Else
Exit For
End If
Next
StringToDouble = integerPart + decimalPart
End Function
</script>
</job>