Option Explicit
'*******************************************************************************
'* *
'* This Script list all the Users, their description, their Group membership *
'* and the last time they logged on the computer, in a ~ delimited text file *
'* for easy import into a database or an Excel spreadsheet. *
'* *
'* Tested on Windows XP, Windows 2000 Server and Windows 2003 (stand alone) *
'*******************************************************************************
' Copyright (c) 2007 Vicky Desjardins
' Version 2.1 - Montreal, February 15, 2007
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.
Dim colCSItems
Dim dtmEventDate
Dim Groups
Dim Message
Dim objFSO
Dim objStream
Dim objConnection
Dim objCommand
Dim objRecordSet
Dim objComputer
Dim objCSItem
Dim objWMIService
Dim PrimaryDate
Dim strComputer
Dim strDateLastlog
Dim strGenerated
Dim strLine
Dim sComputer
Dim Utilisateur
Dim UserID
Dim OsVer
Dim objWMI
Dim objItem
Dim colItems
Dim Apprun
On error resume next
'*******************************************************************************
' There is 4 different ways to retrieve User's information Please select one. *
' *
' 1 Retrieve all information. *
' 2 Retrieve all except last logon. *
' 3 Retrieve all except Group Membership. *
' 4 Retrieve UserID, name and description only. *
' *
'PS: Getting the last logon time is very long to run since it has to query the *
' entire Security log. Please be patient or use the scheduler. *
'*******************************************************************************
'===========================================================
Apprun = 1
'===========================================================
'*******************************************************************************
'* *
'* Creating the text file where the results are going to be stored. *
'* You can change the name or location of the file as you wish. *
'* *
'*******************************************************************************
Set objFSO = createobject("scripting.filesystemobject")
Set objStream = objFSO.CreateTextFile("C:\RetrieveUserSecurity.txt", True)
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
'******************************************************************************
'* *
'* Test the OS to see if running windows 2000 *
'* *
'******************************************************************************
strComputer = "."
Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMI.ExecQuery("SELECT * FROM Win32_OperatingSystem",,48)
For Each objItem in colItems
OsVer = objItem.Caption
Next
If OsVer = "Microsoft Windows 2000 Server" then
Set objComputer = CreateObject("WScript.Network")
sComputer = objComputer.ComputerName
Else
Set objComputer = CreateObject("Shell.LocalMachine")
sComputer = objComputer.MachineName
End if
' ******************************************************************************
' * *
' * Creating Titles Depending on the information requested *
' * *
' ******************************************************************************
StrLine = sComputer
objStream.Writeline strLine
strLine= ""
Select Case Apprun
Case "1"
' This Title line is for retrieving all the user informations
StrLine = "UserID~Full Name~Description~Last Logon~Group Membership"
Case "2"
' This Title line is for user informations without last logon time
StrLine = "UserID~Full Name~Description~Group Membership"
Case "3"
' This Title line is for user informations without Group Membeship
StrLine = "UserID~Full Name~Description~Last Logon"
Case "4"
' This Title line is for user informations only
StrLine = "UserID~Full Name~Description"
End Select
objStream.Writeline strLine
strLine= ""
' ******************************************************************************
' * *
' * Main Module Query computer for users *
' * *
' ******************************************************************************
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & _
"{impersonationLevel=impersonate}!\\" & strComputer & "\root\CIMV2")
Set colCSItems = objWMIService.ExecQuery("SELECT * FROM Win32_UserAccount")
For Each objCSItem In colCSItems
Utilisateur = objCSItem.Name
strLine = strLine & objCSItem.Name & "~"
strLine = strLine & objCSItem.FullName & "~"
strLine = strLine & objCSItem.Description & "~"
PrimaryDate = 19700830074757
UserID = sComputer & "\\" & Utilisateur
Select Case Apprun
Case "1"
strDateLastlog = Lastlog(UserID)
If PrimaryDate = strDateLastlog then
strLine = strLine & "Never Logged on "
strLine = strLine & "~"
Else
dtmEventDate = strDateLastlog
strGenerated = WMIDateStringToDate(dtmEventDate)
strLine = strLine & "Last loggin : " & strGenerated
strLine = strLine & "~"
End If
Groups = GroupMembership (Utilisateur)
strLine = strLine & Groups
Case "2"
Groups = GroupMembership (Utilisateur)
strLine = strLine & Groups
Case "3"
strDateLastlog = Lastlog(UserID)
If PrimaryDate = strDateLastlog then
strLine = strLine & "Never Logged on "
strLine = strLine & "~"
Else
dtmEventDate = strDateLastlog
strGenerated = WMIDateStringToDate(dtmEventDate)
strLine = strLine & "Last loggin : " & strGenerated
strLine = strLine & "~"
End If
End Select
strDateLastlog = ""
Utilisateur =""
objStream.Writeline strLine
strLine= ""
Next
'*******************************************************************************
'* *
'* Convert Date Function *
'* *
'*******************************************************************************
Function WMIDateStringToDate(dtmEventDate)
WMIDateStringToDate = CDate(Mid(dtmEventDate, 5, 2) & "/" & _
Mid(dtmEventDate, 7, 2) & "/" & Left(dtmEventDate, 4) _
& " " & Mid (dtmEventDate, 9, 2) & ":" & _
Mid(dtmEventDate, 11, 2) & ":" & Mid(dtmEventDate, _
13, 2))
End Function
'*******************************************************************************
'* *
'* Retrieve User Last logon Function *
'* *
'*******************************************************************************
Function Lastlog (StrUserID)
Dim strComputer
Dim TestDate
Dim StrQuery
Dim objWMIService
Dim collectionItems
Dim objItem
Dim PreDate
strComputer = "."
TestDate = 19700830074757
StrQuery = "select * from win32_ntlogEvent Where LogFile='Security' "
StrQuery = StrQuery & "and eventCode = 528 and User = '" & StrUserID & "'"
Set objWMIService = GetObject("winmgmts:" & _
"{impersonationLevel=impersonate,(Security)}!\\" & strComputer & "\root\CIMV2")
Set collectionItems = objWMIService.ExecQuery(StrQuery)
For Each objItem In collectionItems
PreDate = objItem.TimeGenerated
If TestDate <= PreDate then
TestDate = objItem.TimeGenerated
End if
Next
Lastlog = TestDate
End Function
'*******************************************************************************
'* *
'* Retrieve User's Group membership *
'* *
'*******************************************************************************
Function GroupMembership (UserName)
Dim StrGroups
Dim strComputer
Dim Virgule
Dim colGroups
Dim objGroup
Dim objUser
StrGroups = ""
strComputer = "."
Virgule = 0
Set colGroups = GetObject("WinNT://" & strComputer & "")
colGroups.Filter = Array("group")
For Each objGroup In colGroups
For Each objUser in objGroup.Members
If objUser.name = Username Then
if Virgule <> 0 then StrGroups = StrGroups & "~" End if
StrGroups = StrGroups & objGroup.Name
Virgule = Virgule + 1
End If
Next
Next
GroupMembership = StrGroups
End Function