Page 1 of 1 1
Topic Options
#195691 - 2009-08-31 03:13 PM Can InGroup() check whether a Computer Account is member of a group
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
 Originally Posted By: KiXtart Manual

INGROUP
Action


Checks whether the current user is a member of one or more groups.

Can InGroup() be changed so that it checks whether the current account is member of one or more groups?
Account can be "User Account" or "Computer Account".
If a KiXtart script is run by a "User Account", membership is checked for this "user Account".
If a KiXtart script is run by the "System Account" on a computer, it would be nice to know whether the computer is member of a (Global Security) group.

Top
#195692 - 2009-08-31 03:52 PM Re: Can InGroup() check whether a Computer Account is member of a group [Re: Witto]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Maybe a second optional parameter to specify a user or computer account would be an option. If not specified check the user account.

 Code:
;Second parameter not given so use default and check the user account.
If InGroup("SomeUserGroup")
	?"User is a member."
EndIf

;Second parameter is given so check the computer account.
If InGroup("SomeComputerGroup", 1)
	?"Computer is a member."
EndIf
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#195699 - 2009-08-31 05:56 PM Re: Can InGroup() check whether a Computer Account is member of a group [Re: Mart]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
Than you can use ComputerInGroup()
That is what I will try to use now. But it should not matter whether the account is a user or a computer. What matters is the account that runs the script.

Top
#195853 - 2009-09-10 04:48 PM Re: Can InGroup() check whether a Computer Account is member of a group [Re: Witto]
Witto Offline
MM club member
*****

Registered: 2004-09-29
Posts: 1828
Loc: Belgium
In Thread 84541 there is a quote from Ruud
 Originally Posted By: Ruud

Regarding the AD Compuer Groups part:

Well, this is on the todo-list, but it's not as easy as you might think: KIX32 runs in the security context of the user, so it can't just use the computer token to retrieve group information. The only way to get at any information on the computer account is to query Active Directory, and this can become really expensive, considering the Universal and nested Global groups. I'm looking into the options, but I can't promise anything yet.

--Ruud

When kix32.exe or wkix32.exe is used in startup or shutdown scripts, it runs in the security context of the system account (the computer). So I would think the computer token can be used to retrieve group information.

Top
#204489 - 2012-03-16 03:19 PM Re: Can InGroup() check whether a Computer Account is member of a group [Re: Witto]
Luub Offline
Just in Town

Registered: 2008-06-26
Posts: 1
I copied dsquery.exe and dsget.exe to our NETLOGON-share and use the following UDF:
 Code:
function ComputerInGroup ($group)
dim $false, $true
$false = 0
$true = not $false

shell '%comspec% /c %logonserver%\netlogon\dsquery /? >nul 2>nul'
if @error
   $computeringroup = $false
   exit $true
endif

shell '%comspec% /c %logonserver%\netlogon\dsget /? >nul 2>nul'
if @error
   $computeringroup = $false
   exit $true
endif

shell '%comspec% /c %logonserver\netlogon\squery computer -name @wksta |%logonserver%\netlogon\dsget computer -memberof -expand |find /i "$group" >nul 2>nul'
if @error
   $computeringroup = $false
else
   $computeringroup = $true
endif
return
endfunction


Edited by Allen (2012-03-16 03:29 PM)
Edit Reason: added code tags

Top
#204492 - 2012-03-16 03:35 PM Re: Can InGroup() check whether a Computer Account is member of a group [Re: Luub]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
In addition to Luub's UDF, there are three others that get the same info:

ComputerInGroup() - WinNT Provider
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=84539

ComputerInGroup() - LDAP Provider
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=195717

fnInGroupAD - Works with Users or Computers
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=144167

Top
#213829 - 2020-02-26 07:13 PM Re: Can InGroup() check whether a Computer Account is member of a group [Re: Luub]
srm11671 Offline
Fresh Scripter

Registered: 2020-02-21
Posts: 5
Loc: FL
how would the syntax look if trying to CALL something based on if the PC is a member of a group, as there is sometimes some nesting that doesn't show the PC object directly, if that make sense
thanks

Top
Page 1 of 1 1


Moderator:  Lonkero, ShaneEP, Jochen, Radimus, Glenn Barnas, Allen, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 248 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.06 seconds in which 0.024 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org