Am I just being stupid? Which is likely.. - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Am I just being stupid? Which is likely..

Page 1 of 1

Topic Options

#148681 - 2005-09-28 04:55 PM Am I just being stupid? Which is likely..
clementp1 clementp1 Fresh Scripter Registered: 2005-06-28 Posts: 12	Hello all, Sorry if this question has been posted a thousand times… I did a search but could not find anything relevant. I’m trying to write and audit script to find out who has local admin rights, there what I have so far : - IF (@PRODUCTTYPE = "Windows 2000 Professional") or (@PRODUCTTYPE= "Windows XP Professional") $admin=ingroup('@wksta\'+sidtoname('S-1-5-32-544'))-1+@INWIN If $admin="1" $output="Administrator" endif If not $admin="1" $output="User" endif ? "Creating Audit Logs" IF Open( 3 , "\\zeus\kixlog$\LOG3_$output.TXT" , 5 ) = 0 $x = WriteLine( 3 , "____________________________________________________ " + @CRLF) $x = WriteLine( 3 , "Logged on " + @DATE) $x = WriteLine( 3 , " at " + @TIME + @CRLF) $x = WriteLine( 3 , "Username - " + @USERID + @CRLF) $x = WriteLine( 3 , "Workstation - " + @WKSTA + @CRLF) $x = WriteLine( 3 , "Local Group Membership - " + $output + @CRLF) $x = WriteLine( 3 , "Kix Version - " + @KIX + @CRLF) endif Once you’ve stopped laughing, could someone tell me why the command (I found in the FAQ & how to’s section of the forum): $admin=ingroup('@wksta\'+sidtoname('S-1-5-32-544'))-1+@INWIN Only returns a “1” regardless if the user is local admin or not. Am I just being stupid? Which is likely..
Top

#148682 - 2005-09-28 05:00 PM Re: Am I just being stupid? Which is likely..
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Whats that little bit on end there about ? this -1+@INWIN: $admin=ingroup('@wksta\'+sidtoname('S-1-5-32-544'))-1+@INWIN
Top

#148683 - 2005-09-28 05:07 PM Re: Am I just being stupid? Which is likely..
clementp1 clementp1 Fresh Scripter Registered: 2005-06-28 Posts: 12	To be honest I don’t know! I got the code from the Best Practices section of the Kixtart FAQ & How to’s! It reads: - $admin = ingroup('@wksta\'+sidtoname('S-1-5-32-544'))-1+@INWIN Is the Current logged in user an Admin? So I thought I found the code I was looking for…
Top

#148684 - 2005-09-28 05:21 PM Re: Am I just being stupid? Which is likely..
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	I think just this would be more to your liking... if ingroup('@wksta\'+sidtoname('S-1-5-32-544')) Think the other syntax was/is some tricky form of doing a combination ingroup(admin) and/or are we running Windows 98 check. -Shawn
Top

#148685 - 2005-09-28 05:39 PM Re: Am I just being stupid? Which is likely..
Jochen Jochen KiX Supporter Registered: 2000-03-17 Posts: 6380 Loc: Stuttgart, Germany	that -1+@inwin might be there to return always '1' if executed on 9x which is valid because everybody is an admin on 9x ... weee! _________________________
Top

#148686 - 2005-09-28 07:31 PM Re: Am I just being stupid? Which is likely..
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	thanks for translating lonkenized code. _________________________ ! download KiXnet
Top

#148687 - 2005-09-28 08:48 PM Re: Am I just being stupid? Which is likely..
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	And just to golf it down a bit this: Code: If $admin="1" $output="Administrator" endif If not $admin="1" $output="User" endif could be like this: Code: If $admin="1" $output="Administrator" Else $output="User" EndIf Jochen, You got an unlonkenizer If so, how to also get it? Afaik they are very rare. If you just google on lonkenizer you get just on link pointing to korg Edited by Mart (2005-09-28 08:50 PM) _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#148688 - 2005-09-29 10:09 AM Re: Am I just being stupid? Which is likely..
clementp1 clementp1 Fresh Scripter Registered: 2005-06-28 Posts: 12	Many thanks for the replies, For the purpose of learning form your experience could you guys look over this script and let me know if there’s a better way of doing things? ;-------------------------------------------------------------------- ; Local Admin Audit ;-------------------------------------------------------------------- ;Title ; ? "Local Admin Audit #3 " ;----------------------------------------------- ;Declaring Variables. ; DIM $lgroup, $admin, $output ;----------------------------------------------- ;Cheack if PC has aready Audited ? "Checking Registry key..." If ReadValue ("HKEY_CURRENT_USER\Software\kix","AuditLog3") "- PC aready Audited!" exit endif ;----------------------------------------------- ;Win2k/XP Audit IF (@PRODUCTTYPE = "Windows 2000 Professional") or (@PRODUCTTYPE= "Windows XP Professional") ? "Starting @PRODUCTTYPE Audit" $admin=ingroup('@wksta\'+sidtoname('S-1-5-32-544')) If $admin="1" $output="Administrator" Else $output="User" EndIf ? "Creating Audit Logs" IF Open( 3 , "\\zeus\kixlog$\LOG3_$output.TXT" , 5 ) = 0 $x = WriteLine( 3 , "____________________________________________________ " + @CRLF) $x = WriteLine( 3 , "Logged on " + @DATE) $x = WriteLine( 3 , " at " + @TIME + @CRLF) $x = WriteLine( 3 , "Username - " + @USERID + @CRLF) $x = WriteLine( 3 , "Workstation - " + @WKSTA + @CRLF) $x = WriteLine( 3 , "Local Group Membership - " + $output + @CRLF) $x = WriteLine( 3 , "Kix Version - " + @KIX + @CRLF) endif If Open( 4 , "\\zeus\kixlog$\EXCEL3_$output.TXT" , 5 ) = 0 $x = WriteLine( 4 , "," + @CRLF) $x = WriteLine( 4 , "," + @DATE) $x = WriteLine( 4 , "," + @TIME) $x = WriteLine( 4 , "," + @USERID) $x = WriteLine( 4 , "," + @WKSTA) $x = WriteLine( 4 , "," + $output + @CRLF) $x = WriteLine( 4 , "," + @KIX + @CRLF) endif ;----------------------------------------------- ;Setting Audited flag ? "Creating Registry Keys " WriteValue("HKEY_CURRENT_USER\Software\kix","AuditLog3","1","REG_SZ") ? "Audit complete" exit endif ;----------------------------------------------- ;Win98 Audit IF (@PRODUCTTYPE = "Windows 98") ? "Starting @PRODUCTTYPE Audit" If Not ReadValue("HKEY_CURRENT_USER\Software\kix","AuditLog3") IF Open( 5 , "\\zeus\kixlog$\LOG3_Win98.TXT" , 5 ) = 0 $x = WriteLine( 5 , "____________________________________________________ " + @CRLF) $x = WriteLine( 5 , "Logged on ," + @DATE + @CRLF) $x = WriteLine( 5 , "Username ," + @USERID + @CRLF) $x = WriteLine( 5 , "Workstation ," + @WKSTA + @CRLF) $x = WriteLine( 5 , "OS ," + @PRODUCTTYPE + @CRLF) $x = WriteLine( 5 , "Kix Version" + @KIX + @CRLF) endif ;----------------------------------------------- ;Setting Audited flag ? "Creating Registry Keys " WriteValue("HKEY_CURRENT_USER\Software\kix","AuditLog3","1","REG_SZ") ? "Audit complete" exit endif ;-------------------------------------------------------------------- ; END OF Local Admin Audit Script ;-------------------------------------------------------------------- Edited by clementp1 (2005-09-29 10:10 AM)
Top

#148689 - 2005-09-29 11:50 AM

Re: Am I just being stupid? Which is likely..

NTDOC

Administrator

Registered: 2000-07-28
Posts: 11631
Loc: CA

Not fully tested, but should be something more like this.

;-------------------------------------------------------------------- 
; Local Admin Audit  
;-------------------------------------------------------------------- 
;Title 
; 
? "Local Admin Audit #3 "
;----------------------------------------------- 
;Declaring Variables. 
; 
DIM $lgroup, $admin, $output
  
;----------------------------------------------- 
;Cheack if PC has aready Audited 
  
"Checking Registry key..." ?
  
If ReadValue ("HKCU\Software\kix","AuditLog3")
  "- PC aready Audited!" ?
  Exit 1
EndIf
  
;----------------------------------------------- 
;Win2k/XP Audit 
  
If @PRODUCTTYPE = "Windows 2000 Professional"
  Or @PRODUCTTYPE= "Windows XP Professional"
  "Starting " + @PRODUCTTYPE + " Audit" ?
  
  If InGroup(@WKSTA+'\'+SidToName('S-1-5-32-544'))
    $output="Administrator"
  Else
    $output="User"
  EndIf
  
  "Creating Audit Logs" ?
  
  If Open( 3 , "\\zeus\kixlog$\LOG3_$output.TXT" , 5 ) = 0
    $x = "____________________________________________________ " + @CRLF
    $x = $x + "Logged on " + @DATE + @CRLF
    $x = $x + " at " + @TIME + @CRLF)
    $x = $x + "Username - " + @USERID + @CRLF
    $x = $x + "Workstation - " + @WKSTA + @CRLF
    $x = $x + "Local Group Membership - " + $output + @CRLF
    $x = WriteLine(3,"Kix Version - " + @KIX + $x + @CRLF)
    $x = Close(3)
  EndIf
  
  If Open( 4 , "\\zeus\kixlog$\EXCEL3_$output.TXT" , 5 ) = 0
    $x = "," + @CRLF
    $x = $x + "," + @DATE
    $x = $x + "," + @TIME)
    $x = $x + "," + @USERID)
    $x = $x + "," + @WKSTA)
    $x = $x + "," + $output + @CRLF)
    $x = WriteLine(4,"," + @KIX + $x + @CRLF)
    $x = Close(4)
  EndIf
  
  ;----------------------------------------------- 
  ;Setting Audited flag 
  
  "Creating Registry Keys " ?
  $x = WriteValue("HKCU\Software\kix","AuditLog3","1",REG_SZ)
  "Audit complete" ?
  Exit 1
EndIf
;----------------------------------------------- 
;Win98 Audit 
  
If @PRODUCTTYPE = "Windows 98"
  "Starting @PRODUCTTYPE Audit" ?
  If Not ReadValue("HKCU\Software\kix","AuditLog3")
    If Open(5, "\\zeus\kixlog$\LOG3_Win98.TXT" , 5 ) = 0
      $x = "____________________________________________________ " + @CRLF
      $x = $x + "Logged on ," + @DATE + @CRLF
      $x = $x + "Username ," + @USERID + @CRLF
      $x = $x + "Workstation ," + @WKSTA + @CRLF
      $x = $x + "OS ," + @PRODUCTTYPE + @CRLF
      $x = WriteLine(5,"Kix Version" + @KIX + $x + @CRLF)
      $x = Close(5)
    EndIf
  EndIf
  ;----------------------------------------------- 
  ;Setting Audited flag 
  
  "Creating Registry Keys " ?
  $x = WriteValue("HKCU\Software\kix","AuditLog3","1",REG_SZ)
  "Audit complete" ?
  Exit 1
EndIf
  
;-------------------------------------------------------------------- 
; END OF Local Admin Audit Script 
;--------------------------------------------------------------------

Top

#148690 - 2005-09-29 12:03 PM Re: Am I just being stupid? Which is likely..
clementp1 clementp1 Fresh Scripter Registered: 2005-06-28 Posts: 12	Thanks NTDOC
Top

#148691 - 2005-09-29 12:16 PM Re: Am I just being stupid? Which is likely..
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	code tags would be nice when posting script code... _________________________ ! download KiXnet
Top

#148692 - 2005-09-30 09:26 AM Re: Am I just being stupid? Which is likely..
Jochen Jochen KiX Supporter Registered: 2000-03-17 Posts: 6380 Loc: Stuttgart, Germany	Quote: Jochen, You got an unlonkenizer If so, how to also get it? Afaik they are very rare. If you just google on lonkenizer you get just on link pointing to korg ´Can't have my brain, 's mine _________________________
Top

Page 1 of 1

Previous Topic View All Topics

Index Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org