Exposing User Account Login Workstations - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Exposing User Account Login Workstations

Page 1 of 2

1

Topic Options

#20583 - 2002-04-25 10:36 AM Exposing User Account Login Workstations
ash wilson (kyosei) ash wilson (kyosei) Getting the hang of it Registered: 2002-04-22 Posts: 58 Loc: auckland new zealand	As part of our network security we restrict the number of workstations that users can logon to through their NT user account. I have a need to read/change the number/names of workstations that any user can logon to by editing each users account during the logon process. Would appreciate any help. _________________________ KYOSEI. There are only three groups of people that can count. Those that can, and those that can't.
Top

#20584 - 2002-04-25 01:59 PM Re: Exposing User Account Login Workstations
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	kyosei, Why do you need to hide all of the login windows? If I was logging in and my system was still doing something like a registry modification, you could potentially "kill" a workstation. Let's see here. To do what you want.. You could do it as a Scheduled Task (or WINAT/AT) or you could use the Resource Kit Utilities - INSTSRV and SRVANY. But this does not work on login. Back to your point.. Are you displaying a form for the users to fill out when they login? Is there something that is being shown to them? If so, you should be able to suppress it. Hmmm.. Changing Account Login information - wouldn't that be a Domain Admin Function? You could change that stuff in User Manager and Active Directory Users and Computers. I guess I maybe jumping to some conclusions here and need additional clarification. Can you post your script that is causing you to question this? Thanks! - Kent [ 25 April 2002, 14:04: Message edited by: kdyer ] _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#20585 - 2002-04-26 02:22 AM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Kent, Have y'ever gone moose hunting? Reading you reply is like trying to follow a moose's footprints in the snow. kyosei, If I understand you correct, you want to modify the User Manager property "Logon Workstations" on the fly. First problem... unless the user's a domain admin, they can't do it. That said, there is an ADSI IADsUser Property Method property called "LoginWorkstations" that could do it for you albeit not on the fly. The reasoning is that when the user is in the script, (s)he is already authenticated. If an ordinary user need trigger the request you'd have to hand it off to an admin "proxy" script for processing. Maybe if you could fill us in on what exactly you're trying to accomplish we may be in a postion to better advise. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#20586 - 2002-04-26 02:46 AM Re: Exposing User Account Login Workstations
ash wilson (kyosei) ash wilson (kyosei) Getting the hang of it Registered: 2002-04-22 Posts: 58 Loc: auckland new zealand	kdyer, Thanks for reply. I think you are replying here to this post plus another I also have, but that's ok. 1. Hide login boxes. Various pressures are at work here wanting IT to reduce the number of screens that a user sees during login, to zero. The current Kix login script is extremely stable and has functioned without problems across all our platforms for over a year but should we require to change it significantly then we would expose information screens for that part of the script, like installing or modifying an application. HR have some Company philosphy type screens that they want as wallpapers but desktop icons clutter the screens. W2k has the 'show desktop icons' if active desktop is enabled but even this is not acceptable as it leaves the user able to effectively bypass the 'message'. So I need a way to remove desktop icons for a period long enough for the 'message' to be effective and perhaps even pop the same message up at some regular or irregular interval. I would like to know how to schedule such things too! 2.Workstations User can Login to. (User Manager) True it is an admin function but the Microsoft interface is very cumbersome. We regularly give temp access to workstations for various reasons so the 'initial' security can get broken if admin staff fail to remove the changes they made once they are no longer needed. I wanted a way to extract, and check against a master list, the workstations in each user account report any variances. This does not necessarily have to be done in the login script as it could be a separate sscript run by admin staff. Every user has at least 2 workstations listed in their user account, their own plus a dummy end marker. Any entries after the dummy are temp and should be removed asap. There are other things I check/change from the SAM also, like dial-in access and settings. Access to internet access is also controlled by this method as is VPN access, so even in a small network, to manually look through all user accounts for possible errors is just too cumbersome and not really even practical. I have played around somewhat with a VBS script to expose some of the AD objects using.. Set Domain = GetObject("WinNT://" & DomainName) Domain.Filter = Array("User") ..and reading User.LoginWorkstations. If there is NO workstation entries or ONLY 1 workstation in the list, it works fine but for anymore than 1 it gives an error like 'multi-valued string'. The string is actually a list of the workstations separated with the # char but I have not yet been able to extract the entries, probably because there is some special way to extract that string. (or is it an array?) Hope all this is clear and that someone can help. rgds _________________________ KYOSEI. There are only three groups of people that can count. Those that can, and those that can't.
Top

#20587 - 2002-04-26 03:29 AM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Well... I'm no programmer, but here's a start. code: break on $domain = "@LDOMAIN" $userid = "@UserID" $user = getobject("WinNT://$domain/$userid,user") if $user For each $Object in $User.LoginWorkstations ? $Object Next endif ? "Done" get $_ _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#20588 - 2002-04-26 09:48 AM Re: Exposing User Account Login Workstations
ash wilson (kyosei) ash wilson (kyosei) Getting the hang of it Registered: 2002-04-22 Posts: 58 Loc: auckland new zealand	Les, Thanks for your reply. I have just tried your code and got the following error.... Script error : Error in expression: Dispatch pointers not allowed in expressions. ! For each $Object in $User.LoginWorkstations ...any suggestions? Appreciate any help. rgds _________________________ KYOSEI. There are only three groups of people that can count. Those that can, and those that can't.
Top

#20589 - 2002-04-26 01:30 PM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Hmmm... are you running 4.02? Known prob with older betas. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#20590 - 2002-04-27 09:51 AM Re: Exposing User Account Login Workstations
ash wilson (kyosei) ash wilson (kyosei) Getting the hang of it Registered: 2002-04-22 Posts: 58 Loc: auckland new zealand	Les, I wasn't, but I am now, and it works just great!!! Thank you for that, it's opened up a whole new range of scripted admin control for me. Once again thanks for your help. rgds ash _________________________ KYOSEI. There are only three groups of people that can count. Those that can, and those that can't.
Top

#20591 - 2002-04-28 12:00 AM Re: Exposing User Account Login Workstations
ash wilson (kyosei) ash wilson (kyosei) Getting the hang of it Registered: 2002-04-22 Posts: 58 Loc: auckland new zealand	Les, Can you advise how to write data back to the object please. rgds _________________________ KYOSEI. There are only three groups of people that can count. Those that can, and those that can't.
Top

#20592 - 2002-04-27 03:46 PM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	ash, Like I said, I'm no programmer. So far I've only just read objects. We need to send out the secret ADSI signal. Where's our resident ADSI expert when we really need him? Help me out here guys. I've pretty much risen to my level of incompetence. I can talk the walk but not walk the talk. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#20593 - 2002-04-27 04:00 PM Re: Exposing User Account Login Workstations
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Would you settle for Tonto ? Use the setinfo method of ADSI objects to write information back: break on $domain = "@LDOMAIN" $userid = "@UserID" $user = getobject("WinNT://$domain/$userid,user") if $user $user.description = "This is a new description" $user.setinfo $user = 0 endif -Shawn [ 27 April 2002, 16:01: Message edited by: Shawn ]
Top

#20594 - 2002-04-27 04:46 PM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Eh Khemosabi, Could you dribble me a tad more info? In the case of a returned array (see my code above), how do I build a new array and write it back? Your example, I believe only works for a single value object. And what about the .Put before the .SetInfo. Is that not needed? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#20595 - 2002-04-27 04:55 PM Re: Exposing User Account Login Workstations
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	This worky ? $user.loginworkstations = "tassie","shawn","lori" $user.setinfo -Shawn Best bet, would be to read in the loginworkstations array, then maybe redim preserve + 1 or copy to another array and add a new workstation, then write it back ? Just thinking out loud. --Shawn [ 27 April 2002, 16:59: Message edited by: Shawn ]
Top

#20596 - 2002-04-27 05:05 PM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Ah nih nah... No go. Also tried $Allowed = Split("999-51-595,999-51-596,999-51-597") ;and then $user.Put("LoginWorkstations",$Allowed) $user.SetInfo $user.Put("LoginWorkstations","") will wipe it out _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#20597 - 2002-04-27 05:10 PM Re: Exposing User Account Login Workstations
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Seems to work for me (I think) - are you just trying to add one workstation ? Might have to the old null string trick : $user.loginworkstations = "tassie","" or $Allowed = Split("999-51-595,999-51-596,999-51-597","") Haven't tried it -Shawn
Top

#20598 - 2002-04-27 05:25 PM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I made a mistake on the default delim for Split(). Thought it was a comma but it's a space. Didn't help though. Also tried your null thingie... still no luck. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#20599 - 2002-04-27 06:34 PM Re: Exposing User Account Login Workstations
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Les, I guess im a little disconnected in terms of what you and kyosei are trying to do. What are you trying to do exactly (add, modify, delete?) wkstns ? What code do you have so far (I'll run it on my side because it appears to work for me) -Shawn p.s. Im running this stuff on a network disconnected XP machine, eg, Im changing local workstation accounts. And although the concept of allowed wkstns might seem strange to local accounts, it still seems to work here, eg, I can populate and enumerate this field in ADSI. But there is no way I know of, through local user mgr, to actually see them in the GUI. [ 27 April 2002, 18:37: Message edited by: Shawn ]
Top

#20600 - 2002-04-27 07:08 PM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Shawn, Sorry, hi-pri HoneyDo job tore me away... Basically, everything is in this thread. I believe kyosei wants to not only read the object (as per my script) but also add/modify (i.e. change allowed wks). I am dialed in to my work LAN and testing against my NT4 domain account without much luck. I set allowed wks on my account via user manager and can clear it via ADSI, but haven't been able to add/modify. Would you share the full code you say works for you? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#20601 - 2002-04-27 07:24 PM Re: Exposing User Account Login Workstations
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Yeah, HoneyDo is keeping me on and off today as well. Just to keep things simple, here's a script that displays the current set of allowed wkstns, then assigns three new random wkstn names: break on srnd((-1)*@ticks) $domain = "@LDOMAIN" $userid = "@UserID" $user = getobject("WinNT://$domain/$userid,user") if not $user ?"No user info for $user" quit(1) endif ?"List old workstations ..." For each $WkStn in $User.LoginWorkstations ? $WkStn Next ?"Hit return to assign new workstations..." gets$ $user.loginworkstations = "wkstn"+rnd(100),"wkstn2"+rnd(100),"wkstn3"+rnd(100) $user.setinfo ?"List new workstations ..." For each $WkStn in $User.LoginWorkstations ? $WkStn Next exit 1 The output I get is this: F:\>kix32 test List old workstations ... wkstn57 wkstn220 wkstn382 Hit return to assign new workstations... List new workstations ... wkstn1 wkstn250 wkstn332 F:\>kix32 test List old workstations ... wkstn1 wkstn250 wkstn332 Hit return to assign new workstations... List new workstations ... wkstn46 wkstn214 wkstn365 F:\> Does this work for you ? -Shawn
Top

#20602 - 2002-04-27 07:43 PM Re: Exposing User Account Login Workstations
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Great! Works a charm... I think I know where I may have been going wrong... I was trying to .setinfo in the FOR EACH loop... DOH! Seems so obvious now... Darn, HoneyDo calls... Thanks kyosei, I trust this will get you going. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Who's Online

1 registered (Allen) and 483 anonymous users online.

Newest Members

batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users

Generated in 0.078 seconds in which 0.029 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking