iamtheky Posted March 27, 2015 Share Posted March 27, 2015 (edited) expandcollapse popup$Output="" $strComputer = "localhost" $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") If @Error Then $Output = $Output & "Computer: " & $strComputer & ":" & @CRLF & " UNREACHABLE" & @CRLF & @CRLF Else $Output = $Output & "Computer: " & $strComputer & @CRLF $Output = $Output & "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkLoginProfile", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output = $Output & "Caption: " & $objItem.Caption & @CRLF $Output = $Output & "Comment: " & $objItem.Comment & @CRLF $Output = $Output & "LastLogon: " & WMIDateStringToDate($objItem.LastLogon) & @CRLF $Output = $Output & "Name: " & $objItem.Name & @CRLF $Output = $Output & "NumberOfLogons: " & $objItem.NumberOfLogons & @CRLF $Output = $Output & "PasswordAge: " & round($objItem.PasswordAge / 86400) & " days" & @CRLF $Output = $Output & "PasswordExpires: " & WMIDateStringToDate($objItem.PasswordExpires) & @CRLF & @CRLF Next Endif EndIf msgbox(0, '' , $Output) Func WMIDateStringToDate($dtmDate) Return (StringMid($dtmDate, 5, 2) & "/" & _ StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _ & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2)) EndFunc Does password age look right to anyone, its off by many hundreds of days on some, closer on others, but rarely accurate? Any idea how to make this return reliable, or where to go get the actual password age. Edited March 27, 2015 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
iamtheky Posted March 27, 2015 Author Share Posted March 27, 2015 (edited) WinNT object seems to be more accurate. It will probably take some hunting to determine why in our environment networkloginprofile password age would greatly differ from the WinNT entry. $system = "LOCALHOST" $user = "USERNAME" Local $adsPath = "WinNT://" & $system & "/" & $user & ",user" Local $objuser = ObjGet($adsPath) msgbox(0, '' , "System: " & $system & @CRLF & "Name : " & $objuser.name & @CRLF & "Password Age : " & round($objuser.passwordage / 86400) & " days." & @CRLF) Edited March 27, 2015 by boththose Kyan 1 ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Kyan Posted March 28, 2015 Share Posted March 28, 2015 (edited) boththouse, ObjGet is not returning an object for me, I'm using my username and $system = "LOCALHOST" EDIT: Changed to $system = "LOCALHOST" $user = @ComputerName & "\\" & @UserName And keeps not returning an object EDIT2: Change to this and is working $system = @ComputerName $user = @UserName EDIT3: Now I'm curious about this objects thing I discover that using "WinNT://" & ComputerName & "/" & @UserName does the same as "WinNT://" & ComputerName & "/" & @UserName & ",user" This is a bit off topic but how do I get the Processor propriety? https://msdn.microsoft.com/en-us/library/aa746539(v=vs.85).aspx Tried with: Local $adsPath = "WinNT://" & $system & "/" & $user $P = ObjGet($adsPath,"Computer") ConsoleWrite($p.Processor&@LF) but didn't return an object variable Edited March 28, 2015 by Kyan Heroes, there is no such thing One day I'll discover what IE.au3 has of special for so many users using it.C'mon there's InetRead and WinHTTP, way better Link to comment Share on other sites More sharing options...
kylomas Posted March 28, 2015 Share Posted March 28, 2015 (edited) boththose, Is this closer? <code deleted, see below> It looks like the field is a date/time formatted field and the time part (after the decimal) is not used. Just guessing... kylomas Edited March 28, 2015 by kylomas Forum Rules Procedure for posting code "I like pigs. Dogs look up to us. Cats look down on us. Pigs treat us as equals." - Sir Winston Churchill Link to comment Share on other sites More sharing options...
kylomas Posted March 28, 2015 Share Posted March 28, 2015 (edited) boththose, The field appears to be CIM_DATETIME in interval format (see the link below). Try this out... expandcollapse popup$Output="" $strComputer = "localhost" $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $colItems = "" $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2") If @Error Then $Output = $Output & "Computer: " & $strComputer & ":" & @CRLF & " UNREACHABLE" & @CRLF & @CRLF Else $Output = $Output & "Computer: " & $strComputer & @CRLF $Output = $Output & "==========================================" & @CRLF $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_NetworkLoginProfile", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly) If IsObj($colItems) then For $objItem In $colItems $Output = $Output & "Caption: " & $objItem.Caption & @CRLF $Output = $Output & "Comment: " & $objItem.Comment & @CRLF $Output = $Output & "LastLogon: " & WMIDateStringToDate($objItem.LastLogon) & @CRLF $Output = $Output & "Name: " & $objItem.Name & @CRLF $Output = $Output & "NumberOfLogons: " & $objItem.NumberOfLogons & @CRLF $Output = $Output & "PasswordAge: " & _cnvt_interval_format($objItem.passwordage) & @CRLF $Output = $Output & "PasswordExpires: " & WMIDateStringToDate($objItem.PasswordExpires) & @CRLF & @CRLF Next Endif EndIf msgbox(0, '' , $Output) func _cnvt_interval_format($sIntrvl) return stringleft($sIntrvl,8) & ' Days ' & stringmid($sIntrvl,9,2) & ' hours ' & stringmid($sIntrvl,11,2) & ' minutes and ' & stringmid($sIntrvl,13,2) & ' seconds' endfunc Func WMIDateStringToDate($dtmDate) ; reformat date to mm/dd/yyyy hh:mm:ss and zero fill single digit values Return StringRegExpReplace(StringRegExpReplace($dtmDate, '(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2}).*', '$2/$3/$1 $4:$5:$6'), '(?<!\d)(\d/)', '0$1') EndFunc I found the following link about WMI datetime datatypes. https://msdn.microsoft.com/en-us/library/aa390895(v=vs.85).aspx kylomas Edited March 28, 2015 by kylomas Forum Rules Procedure for posting code "I like pigs. Dogs look up to us. Cats look down on us. Pigs treat us as equals." - Sir Winston Churchill Link to comment Share on other sites More sharing options...
iamtheky Posted March 28, 2015 Author Share Posted March 28, 2015 nicely done, thanks. I will confirm that it has widespread accuracy (and test against the WinNT age return) when i run another domain sweep on Monday. Length of time a password has been in effect. This value is measured from the number of seconds elapsed since the password was last changed. https://msdn.microsoft.com/en-us/library/aa394221(v=vs.85).aspx I was not doing myself any favors. I kept reading that as how the data was returned, when it clearly states only how the value is measured. ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now