Photo Gallery
Member List
Search
Calendars
FAQ
Ticket List
Log Out
Forums
Register
Login
My Profile
Inbox
Address Book
My Subscription
My Forums
UserAccountControl
Logged in as: Guest
arrSession:exec spGetSession 2,16,45081
Active Users: There are
0
members and
0
guests.
Users viewing this topic: none
Printable Version
All Forums
>>
[Scripting]
>>
Post a VBScript
>> UserAccountControl
Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks!
Page:
[1]
Login
Message
<< Older Topic
Newer Topic >>
UserAccountControl -
3/27/2007 6:06:26 AM
johnrod
Posts: 9
Score: 0
Joined: 9/19/2005
Status:
offline
I wrote this script recently to return all applicable flags from the UserAccountControl attribute of an object.
I hope this may be of use to someone. Any comments would be appreciated.
Option Explicit Dim ACCList Dim AccountControl Dim objMember Dim Object Dim Item Dim SCRIPTv Dim ACCOUNTDISABLEv Dim HOMEDIR_REQUIREDv Dim LOCKOUTv Dim PASSWD_NOTREQDv Dim PASSWD_CANT_CHANGEv Dim ENCRYPTED_TEXT_PWD_ALLOWEDv Dim TEMP_DUPLICATE_ACCOUNTv Dim NORMAL_ACCOUNTv Dim INTERDOMAIN_TRUST_ACCOUNTv Dim WORKSTATION_TRUST_ACCOUNTv Dim SERVER_TRUST_ACCOUNTv Dim DONT_EXPIRE_PASSWORDv Dim MNS_LOGON_ACCOUNTv Dim SMARTCARD_REQUIREDv Dim TRUSTED_FOR_DELEGATIONv Dim NOT_DELEGATEDv Dim USE_DES_KEY_ONLYv Dim DONT_REQ_PREAUTHv Dim PASSWORD_EXPIREDv Dim TRUSTED_TO_AUTH_FOR_DELEGATIONv '_____________________________________________ SCRIPTv = "The logon script will be run." ACCOUNTDISABLEv = "The account is disabled." HOMEDIR_REQUIREDv = "The home folder is required." LOCKOUTv = "This account is locked out." PASSWD_NOTREQDv = "No password is required." PASSWD_CANT_CHANGEv = "The user cannot change the password. This is a permission on the user's object." ENCRYPTED_TEXT_PWD_ALLOWEDv = "The user can send an encrypted password." TEMP_DUPLICATE_ACCOUNTv = "This is an account for users whose primary account is in " _ & "another domain. This account provides user access to this " _ & "domain, but not to any domain that trusts this domain. " _ & "This is sometimes referred to as a local user account." NORMAL_ACCOUNTv = "This is a default account type that represents a typical user." INTERDOMAIN_TRUST_ACCOUNTv = "This is a permit to trust an account for a system domain that trusts other domains. " WORKSTATION_TRUST_ACCOUNTv = "This is a computer account for a computer that is running " _ & "Microsoft Windows NT 4.0 Workstation, Microsoft Windows NT 4.0 Server, " _ & "Microsoft Windows 2000 Professional, or Windows 2000 Server and " _ & "is a member of this domain." SERVER_TRUST_ACCOUNTv = "This is a computer account for a domain controller that is a member of this domain." DONT_EXPIRE_PASSWORDv = "The password will never expire on the account." MNS_LOGON_ACCOUNTv = "This is an MNS logon account." SMARTCARD_REQUIREDv = "User will be forced to log on by using a smart card." TRUSTED_FOR_DELEGATIONv = "The service account (the user or computer account) " _ & "under which a service runs is trusted for Kerberos delegation. Any such " _ & "service can impersonate a client requesting the service." NOT_DELEGATEDv = "The security context of the user is not " _ & "delegated to a service even if the service account is set as " _ & "trusted for Kerberos delegation." USE_DES_KEY_ONLYv = "(Windows 2000/Windows Server 2003) Restrict this principal to use only " _ & "Data Encryption Standard (DES) encryption types for keys. " DONT_REQ_PREAUTHv = "(Windows 2000/Windows Server 2003) This account does not require " _ & "Kerberos pre-authentication for logging on." PASSWORD_EXPIREDv = "The object's password has expired." TRUSTED_TO_AUTH_FOR_DELEGATIONv = "(Windows 2000/Windows Server 2003) The account is enabled for delegation. " _ & "This is a security-sensitive setting. Accounts with this option enabled " _ & "should be tightly controlled. This setting allows a service that runs under " _ & "the account to assume a client's identity and authenticate as that user to " _ & "other remote servers on the network." Object = "CN=SomeObject,OU=SomeOU,DC=your,DC=companies,DC=domain,DC=com" ACCList = Array("SCRIPTv", "ACCOUNTDISABLEv", "HOMEDIR_REQUIREDv", "LOCKOUTv", "PASSWD_NOTREQDv", _ "PASSWD_CANT_CHANGEv", "ENCRYPTED_TEXT_PWD_ALLOWEDv", "TEMP_DUPLICATE_ACCOUNTv", _ "NORMAL_ACCOUNTv", "INTERDOMAIN_TRUST_ACCOUNTv", "WORKSTATION_TRUST_ACCOUNTv", _ "SERVER_TRUST_ACCOUNTv", "DONT_EXPIRE_PASSWORDv", "MNS_LOGON_ACCOUNTv", _ "SMARTCARD_REQUIREDv", "TRUSTED_FOR_DELEGATIONv", "NOT_DELEGATEDv", "USE_DES_KEY_ONLYv", _ "DONT_REQ_PREAUTHv", "PASSWORD_EXPIREDv", "TRUSTED_TO_AUTH_FOR_DELEGATIONv") '_____________________________________________ Set objMember = GetObject("LDAP://" & Object) wscript.echo "Display Name: " & objMember.DisplayName wscript.echo "SamAccountName: " & objMember.SamAccountName wscript.echo "________________________________" AccountControl = UACC(objMember.UserAccountControl) For each Item in ACCList If Instr(AccountControl, Item) > 0 Then Wscript.echo Eval(Item) End If Next '_____________________________________________ function UACC(ACNum) Dim ObjStatus CONST SCRIPT = &H1 CONST ACCOUNTDISABLE = &H2 CONST HOMEDIR_REQUIRED = &H8 CONST LOCKOUT = &H10 CONST PASSWD_NOTREQD = &H20 CONST PASSWD_CANT_CHANGE = &H40 CONST ENCRYPTED_TEXT_PWD_ALLOWED = &H80 CONST TEMP_DUPLICATE_ACCOUNT = &H100 CONST NORMAL_ACCOUNT = &H200 CONST INTERDOMAIN_TRUST_ACCOUNT = &H800 CONST WORKSTATION_TRUST_ACCOUNT = &H1000 CONST SERVER_TRUST_ACCOUNT = &H2000 CONST DONT_EXPIRE_PASSWORD = &H10000 CONST MNS_LOGON_ACCOUNT = &H20000 CONST SMARTCARD_REQUIRED = &H40000 CONST TRUSTED_FOR_DELEGATION = &H80000 CONST NOT_DELEGATED = &H100000 CONST USE_DES_KEY_ONLY = &H200000 CONST DONT_REQ_PREAUTH = &H400000 CONST PASSWORD_EXPIRED = &H800000 CONST TRUSTED_TO_AUTH_FOR_DELEGATION = &H1000000 If ACNum AND TRUSTED_TO_AUTH_FOR_DELEGATION Then ObjStatus = "TRUSTED_TO_AUTH_FOR_DELEGATIONv" & "," & ObjStatus & "," End If If ACNum AND PASSWORD_EXPIRED Then ObjStatus = "PASSWORD_EXPIREDv" & "," & ObjStatus & "," End If If ACNum AND DONT_REQ_PREAUTH Then ObjStatus = "DONT_REQ_PREAUTHv" & "," & ObjStatus & "," End If If ACNum AND USE_DES_KEY_ONLY Then ObjStatus = "USE_DES_KEY_ONLYv" & "," & ObjStatus & "," End If If ACNum AND NOT_DELEGATED Then ObjStatus = "NOT_DELEGATEDv" & "," & ObjStatus & "," End If If ACNum AND TRUSTED_FOR_DELEGATION Then ObjStatus = "TRUSTED_FOR_DELEGATIONv" & "," & ObjStatus & "," End If If ACNum AND SMARTCARD_REQUIRED Then ObjStatus = "SMARTCARD_REQUIREDv" & "," & ObjStatus & "," End If If ACNum AND MNS_LOGON_ACCOUNT Then ObjStatus = "MNS_LOGON_ACCOUNTv" & "," & ObjStatus & "," End If If ACNum AND DONT_EXPIRE_PASSWORD Then ObjStatus = "DONT_EXPIRE_PASSWORDv" & "," & ObjStatus & "," End If If ACNum AND SERVER_TRUST_ACCOUNT Then ObjStatus = "SERVER_TRUST_ACCOUNTv" & "," & ObjStatus & "," End If If ACNum AND WORKSTATION_TRUST_ACCOUNT Then ObjStatus = "WORKSTATION_TRUST_ACCOUNTv" & "," & ObjStatus & "," End If If ACNum AND INTERDOMAIN_TRUST_ACCOUNT Then ObjStatus = "INTERDOMAIN_TRUST_ACCOUNTv" & "," & ObjStatus & "," End If If ACNum AND NORMAL_ACCOUNT Then ObjStatus = "NORMAL_ACCOUNTv" & "," & ObjStatus & "," End If If ACNum AND TEMP_DUPLICATE_ACCOUNT Then ObjStatus = "TEMP_DUPLICATE_ACCOUNTv" & "," & ObjStatus & "," End If If ACNum AND ENCRYPTED_TEXT_PWD_ALLOWED Then ObjStatus = "ENCRYPTED_TEXT_PWD_ALLOWEDv" & "," & ObjStatus & "," End If If ACNum AND PASSWD_CANT_CHANGE Then ObjStatus = "PASSWD_CANT_CHANGEv" & "," & ObjStatus & "," End If If ACNum AND PASSWD_NOTREQD Then ObjStatus = "PASSWD_NOTREQDv" & "," & ObjStatus & "," End If If ACNum AND LOCKOUT Then ObjStatus = "LOCKOUTv" & "," & ObjStatus & "," End If If ACNum AND HOMEDIR_REQUIRED Then ObjStatus = "HOMEDIR_REQUIREDv" & "," & ObjStatus & "," End If If ACNum AND ACCOUNTDISABLE Then ObjStatus = "ACCOUNTDISABLEv" & "," & ObjStatus & "," End If If ACNum AND SCRIPT Then ObjStatus = "SCRIPTv" & "," & ObjStatus & "," End If UACC = ObjStatus End Function
Post #: 1
RE: UserAccountControl -
3/28/2007 4:33:20 PM
Snipah
Posts: 1343
Score: 6
Joined: 11/1/2004
From: Netherlands
Status:
offline
Johnrod, looks great
If you're maybe able to change all the IF-statements...it would cut down in filesize..
_____________________________
For more information, please see the "
Read me First
" topic.
http://www.visualbasicscript.com
(in reply to
johnrod
)
Revisions: 2
|
Post #: 2
If you found our site useful please link to us
<a href="http://www.visualbasicscript.com">VisualBasicScript.com</a>
.
All Forums
>>
[Scripting]
>>
Post a VBScript
>> UserAccountControl
Page:
[1]
Jump to:
Select a Forum
All Forums
----------------------
[Welcome]
- - Forum Rules
- - Test Posting Messages
- - New Member Area/Introduction
[Scripting]
- - WSH & Client Side VBScript
- - WSH & Client Side VBScript Tutorial
- - Post a VBScript
- - Windows PowerShell
- - ASP
- - ASP.NET
- - Windows Script Components
[General Forum]
- - Other Programming/Scripting Languages
- - Suggestions & Feedback
- - Off-Topic Lounge
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
Forum Software ©
ASPPlayground.NET
Advanced Edition
2.5.5 ANSI
All Forums >> [Scripting] >> Post a VBScript >> UserAccountControl 
Printable Version
UserAccountControl - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread