Sign in to follow this  
Followers 0
DicatoroftheUSA

[solved] Check Credentials?

4 posts in this topic

#1 ·  Posted (edited)

I am trying to put together a script, that runs from a local group policy start up. I want to set an ability to be easily switched to a "training" mode but only after asking for credentials that it can compare against a local system user, to see if it a member of the administrators group.

Any advice would be appreciated.

What it does now, is close unrecognized processes. By name only, can't have the hard drive thrashing.

---

extra but maybe not necessary background info:

The scenario is, we have laptops that are going out in the wild, we do not want unknown applications from running on these laptops, however at the same time, my hands are tied, because I have to make sure the script does not use much resources. Also, they will VPN over wireless internet into an otherwise sealed network, and this network if infected will cost me my job. And the project wasn't even one I approved of, I think the whole thing is a raw deal. The laptops are also running McAfee.

Be careful if you want to run the following code use it with a -t paremeter (shift+f8) first. And it makes use of pskill.

pskill: http://technet.microsoft.com/en-us/sysinternals/bb896683.aspx

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****


#AutoIt3Wrapper_Version=beta
#AutoIt3Wrapper_outfile=\\lcmail02\common\custom utilities\Whitelist\whitelist.exe
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
;~ #NoTrayIcon


#include<array.au3>
$train = 0
If $CmdLine[0] <> 0 Then
    For $x = 0 To UBound ($CmdLine )- 1
        Select
            Case $CmdLine[$x] = "-t"or "/t"or "t"
                $train = 1
        EndSelect
    Next
EndIf


If @Compiled Then
    Const $OWN_PROCESS = 16
    Const $NOT_INTERACTIVE = True

    $strComputer = "."

    $objWMIService = ObjGet("winmgmts:" _
             & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
    $objService = $objWMIService.Get("Win32_BaseService")
    $errReturn = $objService.Create("_AUService", "Personnel AU Service", _
            "c:\windows\system32\AU3_ServiceTest.exe", $OWN_PROCESS, 2, "Automatic", $NOT_INTERACTIVE, ".\LocalSystem", "")
EndIf

Global $sList = @ScriptDir & "\whitelist.ini"
Global $aWhitelist = IniReadSection($sList, "whitelist")
Global $iAns = ""
Global $log = @ScriptDir & "\log.ini"


While 1
    Sleep(10)
    $aaPrcoesses = ProcessList()

    For $x = 1 To UBound($aaPrcoesses, 1) - 1

        If $aaPrcoesses[$x][0] = "[System Process]" Then ContinueLoop
        If $aaPrcoesses[$x][0] = "System" Then ContinueLoop
        For $y = 1 To UBound($aWhitelist, 1) - 1


            If $aaPrcoesses[$x][0] = "$aaPrcoesses[$x][0]" Then ContinueLoop
            If StringLower($aaPrcoesses[$x][0]) == StringLower($aWhitelist[$y][0]) Then
                Sleep(5)
                If $aWhitelist[$y][1] = 0 Then ContinueLoop (2)
                If $aWhitelist[$y][1] = 1 Then

                    kill($aaPrcoesses[$x][0])
                    ContinueLoop (2)
                EndIf

            EndIf

        Next

        kill($aaPrcoesses[$x][0])
    Next

WEnd



Func kill($sProcess)
    If $train = 0 Then
        If ProcessExists($sProcess) Then ProcessClose($sProcess)
        Sleep(400)

        If ProcessExists($sProcess) Then
            Run(@ScriptDir & "\pskill.exe -t " & $sProcess, Default, @SW_HIDE)
            Sleep(400)
        EndIf
        If ProcessClose($sProcess) Then
            ProcessClose("explorer.exe")
            ProcessClose("iexplorer.exe")
            ProcessClose($sProcess)
            Run("explorer.exe")
            Sleep(100)
        EndIf

        Run("eventcreate /T Information /ID 100 /L Application /SO WhiteList /D " & _
                Chr(34) & $sProcess & " Was closed by whitelist if this is wanted ADD IT TO THE WHITELIST.INI" & @CRLF & "http://www.google.com/search?&q=" & $sProcess & @CRLF & "the whitelist is located at " & $sList & Chr(34), "", @SW_HIDE, 2)

    Else
        IniWrite($sList, "whitelist", $sProcess, 0)
    EndIf
EndFunc   ;==>kill
Edited by DicatoroftheUSA

Share this post


Link to post
Share on other sites



#3 ·  Posted (edited)

here you have an example how to check userid/password and groupmembership:

$oMyError = ObjEvent("AutoIt.Error", "ComError")
msgbox(0,"Validate",UserValidate(@ComputerName,"unknown-user","userpwd"))
msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd"))
msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd","groupdoesnotexist"))
msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd","groupexist"))
Exit
; Check Valid User/Password and optionally in a group 
Func UserValidate($domain, $UserName, $Password, $InGroup="")
    Local $NameSpace = ObjGet("WinNT:")
    Local $ADS_SECURE_AUTHENTICATION = 0x0001
    ; Check the userid/password combination and on error return a 0
    Local $DomObj = $NameSpace.OpenDSObject("WinNT://" & $domain , $UserName, $Password, $ADS_SECURE_AUTHENTICATION)
    If @error <> 0 Then Return 0
    ; Optionally check the group membership
    If $InGroup <> "" Then
        $objUser = ObjGet("WinNT://" & $Domain & "/" & $UserName)
        For $oGroup in $objUser.Groups
            If $oGroup.Name = $InGroup Then 
                Return 1
            EndIf
        Next
        Return 0
    EndIf
    Return 1
EndFunc 
;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError
Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

here you have an example how to check userid/password and groupmembership:

$oMyError = ObjEvent("AutoIt.Error", "ComError")
msgbox(0,"Validate",UserValidate(@ComputerName,"unknown-user","userpwd"))
msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd"))
msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd","groupdoesnotexist"))
msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd","groupexist"))
Exit
; Check Valid User/Password and optionally in a group 
Func UserValidate($domain, $UserName, $Password, $InGroup="")
    Local $NameSpace = ObjGet("WinNT:")
    Local $ADS_SECURE_AUTHENTICATION = 0x0001
    ; Check the userid/password combination and on error return a 0
    Local $DomObj = $NameSpace.OpenDSObject("WinNT://" & $domain , $UserName, $Password, $ADS_SECURE_AUTHENTICATION)
    If @error <> 0 Then Return 0
    ; Optionally check the group membership
    If $InGroup <> "" Then
        $objUser = ObjGet("WinNT://" & $Domain & "/" & $UserName)
        For $oGroup in $objUser.Groups
            If $oGroup.Name = $InGroup Then 
                Return 1
            EndIf
        Next
        Return 0
    EndIf
    Return 1
EndFunc 
;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
        SetError($HexNumber)
    Else
        SetError(1)
    EndIf
    Return 0
EndFunc   ;==>ComError

Thank you, that is exactly what I was looking for.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0