DicatoroftheUSA Posted October 13, 2010 Share Posted October 13, 2010 (edited) I am trying to put together a script, that runs from a local group policy start up. I want to set an ability to be easily switched to a "training" mode but only after asking for credentials that it can compare against a local system user, to see if it a member of the administrators group. Any advice would be appreciated. What it does now, is close unrecognized processes. By name only, can't have the hard drive thrashing. --- extra but maybe not necessary background info: The scenario is, we have laptops that are going out in the wild, we do not want unknown applications from running on these laptops, however at the same time, my hands are tied, because I have to make sure the script does not use much resources. Also, they will VPN over wireless internet into an otherwise sealed network, and this network if infected will cost me my job. And the project wasn't even one I approved of, I think the whole thing is a raw deal. The laptops are also running McAfee. Be careful if you want to run the following code use it with a -t paremeter (shift+f8) first. And it makes use of pskill. pskill: http://technet.microsoft.com/en-us/sysinternals/bb896683.aspx expandcollapse popup#Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Version=beta #AutoIt3Wrapper_outfile=\\lcmail02\common\custom utilities\Whitelist\whitelist.exe #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ;~ #NoTrayIcon #include<array.au3> $train = 0 If $CmdLine[0] <> 0 Then For $x = 0 To UBound ($CmdLine )- 1 Select Case $CmdLine[$x] = "-t"or "/t"or "t" $train = 1 EndSelect Next EndIf If @Compiled Then Const $OWN_PROCESS = 16 Const $NOT_INTERACTIVE = True $strComputer = "." $objWMIService = ObjGet("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2") $objService = $objWMIService.Get("Win32_BaseService") $errReturn = $objService.Create("_AUService", "Personnel AU Service", _ "c:\windows\system32\AU3_ServiceTest.exe", $OWN_PROCESS, 2, "Automatic", $NOT_INTERACTIVE, ".\LocalSystem", "") EndIf Global $sList = @ScriptDir & "\whitelist.ini" Global $aWhitelist = IniReadSection($sList, "whitelist") Global $iAns = "" Global $log = @ScriptDir & "\log.ini" While 1 Sleep(10) $aaPrcoesses = ProcessList() For $x = 1 To UBound($aaPrcoesses, 1) - 1 If $aaPrcoesses[$x][0] = "[System Process]" Then ContinueLoop If $aaPrcoesses[$x][0] = "System" Then ContinueLoop For $y = 1 To UBound($aWhitelist, 1) - 1 If $aaPrcoesses[$x][0] = "$aaPrcoesses[$x][0]" Then ContinueLoop If StringLower($aaPrcoesses[$x][0]) == StringLower($aWhitelist[$y][0]) Then Sleep(5) If $aWhitelist[$y][1] = 0 Then ContinueLoop (2) If $aWhitelist[$y][1] = 1 Then kill($aaPrcoesses[$x][0]) ContinueLoop (2) EndIf EndIf Next kill($aaPrcoesses[$x][0]) Next WEnd Func kill($sProcess) If $train = 0 Then If ProcessExists($sProcess) Then ProcessClose($sProcess) Sleep(400) If ProcessExists($sProcess) Then Run(@ScriptDir & "\pskill.exe -t " & $sProcess, Default, @SW_HIDE) Sleep(400) EndIf If ProcessClose($sProcess) Then ProcessClose("explorer.exe") ProcessClose("iexplorer.exe") ProcessClose($sProcess) Run("explorer.exe") Sleep(100) EndIf Run("eventcreate /T Information /ID 100 /L Application /SO WhiteList /D " & _ Chr(34) & $sProcess & " Was closed by whitelist if this is wanted ADD IT TO THE WHITELIST.INI" & @CRLF & "http://www.google.com/search?&q=" & $sProcess & @CRLF & "the whitelist is located at " & $sList & Chr(34), "", @SW_HIDE, 2) Else IniWrite($sList, "whitelist", $sProcess, 0) EndIf EndFunc ;==>kill Edited October 19, 2010 by DicatoroftheUSA Statism is violence, Taxation is theft. Autoit Wiki Link to comment Share on other sites More sharing options...
DicatoroftheUSA Posted October 15, 2010 Author Share Posted October 15, 2010 Bump? Sorry wouldn't normally but I am getting running into a deadline and can't figure this out. Statism is violence, Taxation is theft. Autoit Wiki Link to comment Share on other sites More sharing options...
Developers Jos Posted October 15, 2010 Developers Share Posted October 15, 2010 (edited) here you have an example how to check userid/password and groupmembership: $oMyError = ObjEvent("AutoIt.Error", "ComError") msgbox(0,"Validate",UserValidate(@ComputerName,"unknown-user","userpwd")) msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd")) msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd","groupdoesnotexist")) msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd","groupexist")) Exit ; Check Valid User/Password and optionally in a group Func UserValidate($domain, $UserName, $Password, $InGroup="") Local $NameSpace = ObjGet("WinNT:") Local $ADS_SECURE_AUTHENTICATION = 0x0001 ; Check the userid/password combination and on error return a 0 Local $DomObj = $NameSpace.OpenDSObject("WinNT://" & $domain , $UserName, $Password, $ADS_SECURE_AUTHENTICATION) If @error <> 0 Then Return 0 ; Optionally check the group membership If $InGroup <> "" Then $objUser = ObjGet("WinNT://" & $Domain & "/" & $UserName) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndIf Return 1 EndFunc ;COM Error function Func ComError() If IsObj($oMyError) Then $HexNumber = Hex($oMyError.number, 8) SetError($HexNumber) Else SetError(1) EndIf Return 0 EndFunc ;==>ComError Edited October 15, 2010 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
DicatoroftheUSA Posted October 19, 2010 Author Share Posted October 19, 2010 here you have an example how to check userid/password and groupmembership: $oMyError = ObjEvent("AutoIt.Error", "ComError") msgbox(0,"Validate",UserValidate(@ComputerName,"unknown-user","userpwd")) msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd")) msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd","groupdoesnotexist")) msgbox(0,"Validate",UserValidate(@ComputerName,"Okuser","userpwd","groupexist")) Exit ; Check Valid User/Password and optionally in a group Func UserValidate($domain, $UserName, $Password, $InGroup="") Local $NameSpace = ObjGet("WinNT:") Local $ADS_SECURE_AUTHENTICATION = 0x0001 ; Check the userid/password combination and on error return a 0 Local $DomObj = $NameSpace.OpenDSObject("WinNT://" & $domain , $UserName, $Password, $ADS_SECURE_AUTHENTICATION) If @error <> 0 Then Return 0 ; Optionally check the group membership If $InGroup <> "" Then $objUser = ObjGet("WinNT://" & $Domain & "/" & $UserName) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndIf Return 1 EndFunc ;COM Error function Func ComError() If IsObj($oMyError) Then $HexNumber = Hex($oMyError.number, 8) SetError($HexNumber) Else SetError(1) EndIf Return 0 EndFunc ;==>ComError Thank you, that is exactly what I was looking for. Statism is violence, Taxation is theft. Autoit Wiki Link to comment Share on other sites More sharing options...
jaja714 Posted September 18, 2020 Share Posted September 18, 2020 Sorry to resurrect an old post but does this still work anymore? My validation always returns 1, even with password 'qiuwehiouh'. ConsoleWrite("Validate " & UserValidate(@ComputerName,@username,"qiuwehiouh") &@CRLF) ConsoleWrite("Validate " & UserValidate(@ComputerName,@username,$realPass) &@CRLF) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now