20 replies to this topic

[savj14]

I have a VBS script to create a Local User and adds them to the Administrator Group. I am trying to convert that script to AutoIt. I will eventually make a GUI and make it look nice. I can't get it to work though.

Here is what I have so far.

AutoIt        expandcollapse  popup

#include <GUIConstants.au3>

; RETRIEVE Computer Name
Dim $objNetwork, $strComputerName
$objNetwork = ObjCreate("WScript.Network")
$strComputer = $objNetwork.ComputerName

$strUserName = ("testuser")
$strFullName = ("Test User")
$strPassword = ("password")
$strGroup = ("administrator")

; Code To add User
$objSystem = ObjGet("WinNT://" & $strComputer)
$objUser = $objSystem.Create("user", $strUserName)
$objUser.FullName = $strFullName
$objUser.SetPassword ($strPassword)
$objUser.SetInfo

; Code to add User to Group
$objGroup = ObjGet("WinNT://" & $strComputer & "/" & $strGroup)
$objGroup.Add("WinNT://" (& $strComputer & "/" & $strUserName))
Exit

I can't seem to get it to work properly and add the user

[danwilli]

I know that you can add a user like this localy

$username = InputBox( "Input", "User Name: " )
$password = InputBox( "Input", "Password: " )
Run(@ComSpec & " /c " & 'Net User ' & $username & " " & $password & " /add", "", @SW_HIDE)
Run(@ComSpec & " /c " & "Net Localgroup Administrators " & $username & " /add", "", @SW_HIDE)

But I don't know if you are trying to do this remotely or not....

Maybe this helps, maybe not, either way free bump

[evilertoaster]

$objSystem = ObjGet("WinNT://localhost")
$objUser = $objSystem.Create("user", $strUserName)
$objUser.FullName = "Test User"
$objUser.SetPassword ("password")
$objUser.SetInfo
$objGroup = ObjGet("WinNT://localhost/Administrators")
$objGroup.Add("WinNT://"&$strUserName)

[savj14]

All right so I am doing all right with adding the user and adding the user to certain groups.

Now I am wondering if I can check addition options when creating a user. The following options are available when creating a user account via Computer Management and would like to incorporate these in my script.

Options Are:

• User must change password at next logon
• User cannot change password
• Password never expires
• Account is disabled

I'm sure there is a way to do this I just have no clue how to code it.

Any ideas?

[ptrex]

@savj14

Maybe this can get you started.

ADSI Object Model for WinNT Providers

regards,

ptrex

[savj14]

How would I go about checking to see if a user account already exists?

I'd like to do this check so I can give an error message back if the user account I am trying to add already exists

[Jos]

something to study

Plain Text        expandcollapse  popup

; Init objects
Const $ADS_UF_DONT_EXPIRE_PASSWD = 0X10000
Const $ADS_UF_PASSWD_CANT_CHANGE = 0X40
$UserName = 'Fred'
$Password = 'Wilma123'
$oMyError = ObjEvent("AutoIt.Error","MyErrFunc"); Install a custom error handler 
$strComputer = @ComputerName
; Check if account exists .. if not create it 
$objUser = ObjGet("WinNT://" & $strComputer & "/" & $UserName)
If @Error then 
    $colAccounts = ObjGet("WinNT://" & $strComputer & "")
    $objUser = $colAccounts.Create("user", $UserName)
    $objUser.SetPassword ($Password)
    $objUser.Put ("Fullname", "Test User")
    $objUser.Put ("Description", "Test User description")
    $objUser.SetInfo
EndIf
;
; Read current settings and Bitor to ensure the "Don't expire password swith is on" 
$oldFlags = $objUser.Get("UserFlags")
$newFlags = BitOR($oldFlags,$ADS_UF_DONT_EXPIRE_PASSWD)
$objUser.Put ("UserFlags", $newFlags) ;expire the password
$objUser.SetInfo
msgBox(262144,'Debug line ~' & @ScriptLineNumber,'Selection:' & @lf & ' dont Password Expired');### Debug MSGBOX
;
; Read current settings and Xor to ensure the "Don't expire password swith is off" 
$oldFlags = $objUser.Get("UserFlags")
$newFlags = BitXOR($oldFlags,$ADS_UF_DONT_EXPIRE_PASSWD)
$objUser.Put ("UserFlags", $newFlags) ;expire the password
$objUser.SetInfo
; Set the Password expire now
$objUser.Put ("PasswordExpired", 1) ;expire the password
$objUser.SetInfo
msgBox(262144,'Debug line ~' & @ScriptLineNumber,'Selection:' & @lf & 'PasswordExpired');### Debug MSGBOX
;
; Disable User ACcount
$objUser.AccountDisabled=1
$objUser.SetInfo
;
;Add User to group 
;$objGroup = ObjGet("WinNT://" & $strComputer & "/Administrators,group")
;$objGroup.Add($objUser.ADsPath)
;
;
; This is my custom error handler 

;~ $OldUser = "Fred"
;~ $NewUser = "Fredrenamed"
;~ $oUser = ObjGet("WinNT://" & @ComputerName & "/" _
;~               & $OldUser & ",user")
;~ $oComputer = ObjGet("WinNT://" & @ComputerName)
;~                                                                  MsgBox(262144,'Debug line ~25','Selection:' & @lf & '$oComputer' & @lf & @lf & 'Return:' & @lf & $oComputer & @lf & @lf & '@Error:' & @lf & @Error);### Debug MSGBOX
;~; rename user
;~ $oNewUser = $oComputer.MoveHere($oUser.ADsPath, $NewUser)


Func MyErrFunc() 
   $HexNumber=hex($oMyError.number,8) 
   Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
                "Number is: " & $HexNumber & @CRLF & _
                "Linenbr is: " & $oMyError.scriptline  & @CRLF & _
                "Description is: " & $oMyError.description  & @CRLF & _
                "Windescription is: " & $oMyError.windescription ) 

   SetError(1); something to check for when this function returns 
Endfunc

[ptrex]

@all


My 2 cents

This returns all the Users. If one exists you could check upon this returned list and EXIT.

AutoIt        expandcollapse  popup

#include <Array.au3>

Dim $strDomain

Do
    $strDomain = inputbox( "Please enter a domainname", "Input" )
until $strDomain <> ""

ListUsers( $strDomain )

Func ListUsers( $strDomain )
    $objComputer = ObjGet("WinNT://" & $strDomain )
    $objComputer.Filter = _ArrayCreate( "User" )
    For $objUser In $objComputer
        Consolewrite( "Name: " & $objUser.Name & @CRLF)
        Consolewrite( "Fullname: " & $objUser.Fullname & @CRLF)
        Consolewrite( "Description: " & $objUser.Description & @CRLF)
        Consolewrite( "AccountDisabled: " & $objUser.AccountDisabled & @CRLF)
        Consolewrite( "IsAccountLocked: " & $objUser.IsAccountLocked & @CRLF)
        Consolewrite( "Profile: " & $objUser.Profile & @CRLF)
        Consolewrite( "LoginScript: " & $objUser.LoginScript & @CRLF)
        Consolewrite( "HomeDirectory: " & $objUser.HomeDirectory & @CRLF)
        Consolewrite( @CRLF)    
    Next
EndFunc

regards,

ptrex

[savj14]

What I have so far will find the existing User if it is typed into the GUI, and shoot back the Msgbox. Except after it still continues and tries to add the user instead of returning until the user is not found.

Here is what I have.

;Check to see if User Already Exists 
$strComputer = @ComputerName
    $objComputer = ObjGet("WinNT://" & $strComputer)
    $objComputer.Filter = _ArrayCreate( "User" )
    For $objUser In $objComputer
        If $objUser.Name = GuiCtrlRead($username) Then
            MsgBox(0,"Error", "Found You")
        ContinueLoop
        EndIf
        Next

What am I doing wrong?

[savj14]

Anyone???

[Jos]

Anyone???

my last posted script has a simple way to test the existence of the userid... have you tried ?

Jos

[weaponx]

Dude the answer was in the script above:

; Check if account exists .. if not create it
$objUser = ObjGet("WinNT://" & $strComputer & "/" & $UserName)
If @Error then
    $colAccounts = ObjGet("WinNT://" & $strComputer & "")
    $objUser = $colAccounts.Create("user", $UserName)
    $objUser.SetPassword ($Password)
    $objUser.Put ("Fullname", "Test User")
    $objUser.Put ("Description", "Test User description")
    $objUser.SetInfo
EndIf

[ynbIpb]

;Add User to group
;$objGroup = ObjGet("WinNT://" & $strComputer & "/Administrators,group")
;$objGroup.Add($objUser.ADsPath)

How do I know what groups exist on the local machine?
For example, administrators at other locales written differently

[ptrex]

@ynbIpb

Maybe this can help.

#include <Array.au3>

$strComputer = "."
$colGroups = ObjGet("WinNT://" & $strComputer & "")
$colGroups.Filter = _ArrayCreate("group")

For $objGroup In $colGroups
    For $objUser in $objGroup.Members
        ;If $objUser.name = "UserName" Then
        If $objGroup.Name = "Administrators" Then
            ConsoleWrite("Local Group " & $objGroup.Name & " Local User " & $objUser.name & @CRLF) 
        EndIf
    Next
Next

rgds

ptrex

[MJPollard]

How do I know what groups exist on the local machine?
For example, administrators at other locales written differently

Microsoft has a KB article that lists the SIDs for all of the standard accounts/groups.

Read KB 243330.

The SID for the Administrators group is S-1-5-32-544 and always will be regardless of the name.

[NDog]

Ok I am trying to modify this script for my own needs. I am not able to query WinNT://. so therefore cannot get any usable data from it

What I am trying to do is to determine if there are at least one administrator account which is not disabled.

First I need to loop through $objGroup.Members and get administrators and add them to an array
Secondly I need to loop through $objComputer using the administrator as a loop and then determining if the account is disabled or enabled.
If at least one admin account is enabled I can return a good value otherwise return a bad value.

I am having difficulty getting whether the account is enabled of not since the for loop is not working properly. I am new to arrays and probably am doing it wrong.

please help!

Plain Text        expandcollapse  popup

#include <Array.au3>
Dim $Array[1]

$strComputer = "."
$colGroups = ObjGet("WinNT://" & $strComputer & "")
$colGroups.Filter = _ArrayCreate("group")
For $objGroup In $colGroups
    For $objUser in $objGroup.Members
        ;If $objUser.name = "UserName" Then
        If $objGroup.Name = "Administrators" Then
            ;ConsoleWrite("Local Group " & $objGroup.Name & " Local User " & $objUser.name & @CRLF)
   _ArrayAdd($Array, $objUser.name)
        EndIf
    Next
Next

;Msgbox(0,"",Ubound($Array)-1)
$Array[0] = Ubound($Array)-1
;Msgbox(0,"",$Array[0])
;_ArrayDisplay($Array)

;~ For $i = 1 to $Array[0]
;~  ConsoleWrite($Array[$i] & @LF)
;~ Next


Dim $2Array[1]
Dim $strDomain
;Do
;   $strDomain = inputbox( "Please enter a domainname", "Input" )
;until $strDomain <> ""
$strDomain = "localhost"
ListUsers( $strDomain )
Func ListUsers( $strDomain )
    $objComputer = ObjGet("WinNT://" & $strDomain )
    $objComputer.Filter = _ArrayCreate( "User" )

    For $objUser In $objComputer
  For $i = 1 to $Array[0]
   ;ConsoleWrite($Array[$i] & @LF)
   If $objUser.Name = $Array[$i] Then
     Consolewrite( "Name: " & $objUser.Name & " AccountDisabled: " & $objUser.AccountDisabled & @CRLF)
     ;_ArrayAdd($2Array, $objUser.name & $objUser.AccountDisabled)
   EndIf
  Next
        ;Consolewrite( "Name: " & $objUser.Name & @CRLF)
        ;Consolewrite( "Fullname: " & $objUser.Fullname & @CRLF)
        ;Consolewrite( "Description: " & $objUser.Description & @CRLF)
        ;Consolewrite( "AccountDisabled: " & $objUser.AccountDisabled & @CRLF)
        ;Consolewrite( "IsAccountLocked: " & $objUser.IsAccountLocked & @CRLF)
        ;Consolewrite( "Profile: " & $objUser.Profile & @CRLF)
        ;Consolewrite( "LoginScript: " & $objUser.LoginScript & @CRLF)
        ;Consolewrite( "HomeDirectory: " & $objUser.HomeDirectory & @CRLF)
        ;Consolewrite( @CRLF)  
    Next
EndFunc

[Pennsta39]

Hey guys, dumb question...
Everytime i copy onme of these scripts into Primalscript(New VBScript), i get invalid character errors. Im sure im doing something stupid, but what is it?

[JLogan3o13]

Hi, Pennsta39, welcome to the forum. This is an AutoIt forum, and these are AutoIt scripts, not vbscripts. If you copy directly into PrimalScript you are going to have issues. They would need to be converted from AutoIt to vbscript (although why you would want to do that is beyond me). If you would like to use these scripts, you'll need to download and install AutoIt to use them natively.

[Pennsta39]

Thank you for the response J. I want to run a script to add a local user into the login scrpt of one of out Domain admin acounts, so that when i login to a computer with the Domain Admin account(which has local admin rights), a new local admin account is created. I surely do not want to have to download Autoit program on every computer(would i even need to do that, or just make the script with the program, and it would run on other computers?) Any additional advice on how to accomplish my goal is greatly appreciated!

[Pennsta39]

easy, run batch file at login script


net user admin password01 /add
net localgroup Administrators admin /add