→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
Description: Chkdsk On Next Reboot
cmd.exe /K \\server\share$\Lansweeper\psexec.exe -c -f \\{computer} \\server\share$\Lansweeper\run_chkdsk.bat

\\server\share$\Lansweeper\run_chkdsk.bat
echo Y|chkdsk /F c:


Description: Delete User Profiles > 6 months
\\server\share$\Lansweeper\delprof.exe /q /i /c:\\{computer} /d:180


Description: Restore SAP Logon
cmd.exe /K \\server\share$\Lansweeper\saplogon.bat {computer}

\\server\share$\Lansweeper\saplogon.bat
copy \\server\share$\Lansweeper\saplogon.ini \\%1\c$\windows


Description: Uptime
cmd.exe /K \\server\share$\Lansweeper\uptime.exe {computer} /s


Description: Who's Logged On?
cmd.exe /K \\server\share$\Lansweeper\psloggedon.exe \\{computer}


All the tools used here can be downloaded from Microsoft.
12 REPLIES 12
Jono
Champion Sweeper II
I've cleaned up the code a bit, added labels, and made the resulting displays a little easier to read at a quick glance. I have the results show the date that the password was changed even if the account settings are for the password to never expire; this info was skipped previously. I also added 4 screenshots to show 4 different results based on different account settings, password expirations, etc.

As always, I welcome feedback or tips on how to improve the code.
Jono
Champion Sweeper II
Hello everyone - I've combined several VBS scripts and came up with a script that will provide user account status like the screenshots below.

The information will change based on whether the account is
- Enabled or Disabled
- Locked or Not Locked
- Password Expired or Not Expired

- Date Password was Changed
- Date Password Expires/Expired — # of days from now, if not yet expired
- (Maximum password age based on group policy)

- Whether or not the user can change their password, and after however many days the GPO says is the minimum pasword age.

Here's the VBS code named acctstat.vbs:
If WScript.Arguments.Count = 1 Then
struser = WScript.Arguments(0)
Set objUser = GetObject("LDAP://" & struser)
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
Set objUserLDAP = GetObject("LDAP://" & struser)
intCurrentValue = objUserLDAP.Get("userAccountControl")
strSAMAccountName = objUser.Get("sAMAccountName")
strCN = objUser.Get("cn")
Set objNet = CreateObject("WScript.NetWork")
dtmValue = objUserLDAP.PasswordLastChanged
intTimeInterval = int(now - dtmValue)
Set objDomainNT = GetObject("WinNT://" & objNet.UserDomain)
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")/86400
intMinPwdAge = objDomainNT.Get("MinPasswordAge")/86400

For Each Ace In objDACL
If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
(LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
blnEnabled = True
End If
Next


'Clear strMsg

strMsg = ""


'Account Disabled?

If objuser.AccountDisabled = True Then
MsgBox "This account is Disabled.",0,strCN & " (" & strSAMAccountName & ")"
Else


'Account Locked?

If objuser.IsAccountLocked = True Then
strMsg = strMsg & "This account is Enabled but Locked." & VbCrLf & VbCrLf
Else
strMsg = strMsg & "This account is Enabled and Not Locked." & VbCrLf & VbCrLf
End If


'Password Expires?

If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
strMsg = strMsg & "The Password Never Expires for this account due to account settings." & VbCrLf & _
" Password Changed: " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & VbCrLf
Else

If intMaxPwdAge < 0 Then
strMsg = strMsg & "The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire." & VbCrLf & VbCrLf
Else


'Password Expired already?

If intTimeInterval >= intMaxPwdAge Then
strMsg = strMsg & "The password has Expired." & VbCrLf & _
" Password Changed: " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & _
" Password Expires: " & DateValue(dtmValue + intMaxPwdAge) & VBTab & int(now - (dtmValue + intMaxPwdAge)) & " days ago" & VbCrLf & _
" (Maximum password age: " & intMaxPwdAge & " days)" & VbCrLf & VbCrLf
Else
strMsg = strMsg & "The password has Not Expired." & VbCrLf & _
" Password Changed: " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & _
" Password Expires: " & DateValue(dtmValue + intMaxPwdAge) & VBTab & int((dtmValue + intMaxPwdAge) - now + 1) & " days from today" & VbCrLf & _
" (Maximum password age: " & intMaxPwdAge & " days)" & VbCrLf & VbCrLf
End If
End If
End If


'User can Change the Password?

If blnEnabled Then
strMsg = strMsg & strCN & " cannot change the password due to account settings."
Else
If intTimeInterval >= intMinPwdAge Then
strMsg = strMsg & strCN & " can change the password."
Else
strMsg = strMsg & strCN & " can change the password after " & DateValue(dtmValue) + intMinPwdAge & "." & VbCrLf & _
" (Minimum password age: "& intMinPwdAge & " days)"
End If
End If

'Display the Info

MsgBox strMsg,0,strCN & " (" & strSAMAccountName & ")"

End If

Else
WScript.Echo "Error"

End If

Set objNet = Nothing
Set objUser = Nothing
Set objSD = Nothing
Set objDACL = Nothing
Set objUserLDAP = Nothing
Set objDomainNT = Nothing


I'm not very good at VBS, so the code is probably pretty messy, but it works.

If the account is disabled, then the MsgBox will just show that the account is disabled and it'll skip the rest of the information. Otherwise, all of the information will be there.

I've added this custom action in LS Configuration under User actions:
Description - Account Status
Action - {actionpath}acctstat.vbs "{cn}"

I hope others find it useful.

Jono

Update: 14-Dec-11
My thanks to romwarrior for pointing out a problem in the code. I think I've corrected it; I added a line and edited a line to get the domain name programatically rather than having to hard code the domain name.

I've also added lines at the bottom of the code to release memory. Also, the title bar of the MsgBox now shows the User's common name along with their user ID.

Update: 19-Dec-11
I've cleaned up the code a bit, added labels, and made the resulting displays a little easier to read at a quick glance. I had the results show the date that the password was changed even if the account settings are for the password to never expire; this info was skipped previously. I also added 4 screenshots to show 4 different results based on different account settings, password expirations, etc.

As always, I welcome feedback or tips on how to improve the code.
Jono wrote:
Update: 14-Dec-11
My thanks to romwarrior for pointing out a problem in the code. I think I've corrected it; I added a line and edited a line to get the domain name programatically rather than having to hard code the domain name.

I've also added lines at the bottom of the code to release memory. Also, the title bar of the MsgBox now shows the User's common name along with their user ID.


New code works great. Thanks!
Jono wrote:
Hello everyone - I've combined several VBS scripts and came up with a script that will provide user account status like this example.


Thanks for that - very useful. I had to change this line:

Set objDomainNT = GetObject("WinNT://SEND")

I had to change "SEND" to my domain name to get it to work. Could be done using arguments too but I only have one domain so it was an easier fix.
Jono
Champion Sweeper II
romwarrior wrote:
I had to change [it] to my domain name to get it to work. Could be done using arguments too but I only have one domain so it was an easier fix.


Thanks romwarrior! I've made the correction and added some other things above. I think it's better now.

If anyone has other tips on how to make this script better or cleaner, please let me know.

Thanks,
Jono
patrikekstrom
Engaged Sweeper
The batfile is this:
copy \\server\share$\Lansweeper\saplogon.ini \\%1\c$\windows
Copy it into a textfile and rename it .bat or .cmd.
stoneriveruser
Engaged Sweeper
BullGates wrote:
Description: Restore SAP Logon
cmd.exe /K \\server\share$\Lansweeper\saplogon.bat {computer}

\\server\share$\Lansweeper\saplogon.bat
copy \\server\share$\Lansweeper\saplogon.ini \\%1\c$\windows



Where can I download the .bat file you used here?
ffA
Engaged Sweeper
have a look here there are a few tools in the download
xhen
Engaged Sweeper
and where I can find the exe files?