Jump to content

Recommended Posts

Overkill

Hi all,

I am working on a GUI program to update Google's Dynamic DNS (API at https://support.google.com/domains/answer/6147083?authuser=1&hl=en if you scroll to bottom). I am not a programmer by any means - just a sysadmin who has picked up on some things along the way. I am sure that there's better ways to do a lot of things in this script; I'm just going with what I know.

My challenge right now is that I'd like a better way to store the credentials both in memory as well as in system registry or INI file (not sure which way I want to go for local storage). How should I convert the passwords to a secure string in a manner that can't be easily reversed, yet is still accessible to the script? Is that even an option in AutoIt?

Can anybody provide me with links to good reference posts, or coding suggestions for how best to achieve this in the script below? I am using the WinHTTP UDF (https://github.com/dragana-r/autoit-winhttp/releases) to make my API calls.

#include<WinHTTP.au3>
#include<GUIConstantsEx.au3>
#include<EditConstants.au3>
#include<iNet.au3>
#include<Array.au3>

DIM $aDomainList[1][4]
$aDomainList[0][0] = 0

$gMainGUI = GUICreate("Overkill's Google DNS Updater",800,800)

    $gDomainLabel = GUICtrlCreateLabel("FQDN",21,8)
    $gDomainInput = GUICtrlCreateInput("",60,5,300)

    $gUserLabel = GUICtrlCreateLabel("Username",5,36)
    $gUserInput = GUICtrlCreateInput("",60,32,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD))

    $gPasswordLabel = GUICtrlCreateLabel("Password",6,64)
    $gPassInput = GUICtrlCreateInput("",60,60,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD))

    $gAddButton = GUICtrlCreateButton("ADD DOMAIN",200,31,160,52)

    $gCurrentIP = GUICtrlCreateLabel("Current IP: " & _CheckIP(),5,780)

    $gDomainList = GUICtrlCreateListView("Domain | Resolved IP | Update Status",5,120,600,600)


GUISetState(@SW_SHOW,$gMainGUI)

while 1

    $m = GUIGetMsg()
    IF $M = $GUI_EVENT_CLOSE then Exit

    IF $M = $gAddButton Then
        $sAddDomain = GUICtrlRead($gDomainInput)
        $sAddUser = GUICtrlRead($gUserInput)
        $sAddPass = GUICtrlRead($gPassInput)
        $sResolveIP = _DNSCheck($sAddDomain)

        ;Google wants you to avoid sending updates when there are no changes
        If StringCompare($sResolveIP,_CheckIP()) = 0 Then
            $sStatus = "No change, not sending update"
        Else
            $sStatus = _DNSUpdate($sAddDomain,$sAddUser,$sAddPass)
        EndIf

        ;Check to make sure all fields are completed before continuing
        IF StringLen($sAddDomain) = 0 OR StringLen($sAddUser) = 0 OR StringLen($sAddPass) = 0 Then

            MsgBox(0,"","Please complete all fields")

        Else ; If the fields all have data, then continue

            ;Check to see if the entry exists in the array already
            $iSanity = _ArraySearch($aDomainList,$sAddDomain)

            IF $iSanity = 0 Then
                _ArrayAdd($aDomainList,$sAddDomain & "|" & $sAddUser & "|" & $sAddPass )
                    If @error = 0 Then
                        $aDomainList[0][0] += 1
                        $aDomainList[$aDomainList[0][0]][3] = GUICtrlCreateListViewItem($sAddDomain & "|" & $sResolveIP & "|" & $sStatus,$gDomainList)
                    Else
                        MsgBox(0,"","Error adding input to list")
                    EndIf
            Else ; If $iSanity <> 0
                    ; Update existing info in array and listviewitem
                    $aDomainList[$iSanity][0] = $sAddDomain
                    $aDomainList[$iSanity][1] = $sAddUser
                    $aDomainList[$iSanity][2] = $sAddPass
                    GUICtrlSetData($aDomainList[$iSanity][3],$sAddDomain & "|" & $sResolveIP & "|" & $sStatus)
            EndIf ; If $iSanity = 0

        EndIf ; If StringLen...


    EndIf ; If $m = $gaddbutton


WEnd

;----------------------------------------------------------------------------------------

Func _DNSCheck($sFQDN)
    $sJSON = _INetGetSource("https://dns.google.com/resolve?name=" & $sFQDN & "&cd=1")
    ConsoleWrite($sJSON & @CRLF)
    $sIPAddress = StringRegExpReplace($sJSON,'^.*data": "(.*?)".*?$',"\1")
    Return $sIPAddress
EndFunc

;----------------------------------------------------------------------------------------

Func _DNSUpdate($sFQDN,$sUser,$sPass)

    Local $sGoogleAPIURI = "https://domains.google.com"

    Local $hOpen = _WinHttpOpen()
    Local $hConnect = _WinHttpConnect($hOpen, $sGoogleAPIURI)
    Local $sHeader = _
        'Authorization: Basic ' & _Base64Encode($sUser & ":" & $sPass) & @CRLF & _
        'Accept: */*' & @CRLF & _
        'User-Agent: AutoITScript/' & @AutoItVersion & @CRLF & _
        'Content-Type: application/x-www-form-urlencoded'
    Local $aHTTPResponse = _WinHttpSimpleSSLRequest($hConnect, "POST", "/nic/update", Default, "hostname=" & $sFQDN, $sHeader, True, Default, Default, Default, True)

    _WinHttpCloseHandle($hConnect)
    _WinHttpCloseHandle($hOpen)

    If IsArray($aHTTPResponse) Then
        $sHTTPResponse = "Header:" & @CRLF & $aHTTPResponse[0] & @CRLF & "Data:" & @CRLF & $aHTTPResponse[1] & @CRLF & @CRLF & @CRLF
        Return $aHTTPResponse[1]
    Else
        $sHTTPResponse = "NO REPLY"
        Return "No reply from " & $sGoogleAPIURI
    EndIf

EndFunc

;----------------------------------------------------------------------------------------

Func _Base64Encode($sData)
    Local $oXml = ObjCreate("Msxml2.DOMDocument")
    If Not IsObj($oXml) Then
        SetError(1, 1, 0)
    EndIf

    Local $oElement = $oXml.createElement("b64")
    If Not IsObj($oElement) Then
        SetError(2, 2, 0)
    EndIf

    $oElement.dataType = "bin.base64"
    $oElement.nodeTypedValue = Binary($sData)
    Local $sReturn = $oElement.Text

    If StringLen($sReturn) = 0 Then
        SetError(3, 3, 0)
    EndIf

    Return $sReturn
EndFunc

;----------------------------------------------------------------------------------------

Func _CheckIP()
    Return _INetGetSource("https://domains.google.com/checkip")
EndFunc

;----------------------------------------------------------------------------------------

 

Share this post


Link to post
Share on other sites
Overkill

Running back into this issue for a different script...same concept though. Anybody have input on this? Should I be looking at a full programming language that I can compile in instead?

Share this post


Link to post
Share on other sites
JLogan3o13
Posted (edited)

@Overkill unfortunately this has been asked and answered dozens if not hundreds of times on the forum. You are sadly never going to get 100% obfuscation/encryption/etc. from an AutoIt script; any determined person can either decompile the code or pull the contents out of memory fairly easily. If you need 100% security, you are going to have to go with a different language.

That said: if you accept a certain degree of risk, there are a number of threads in which people have talked about different methods they have employed - from storing in an encrypted file and including the file in the script to trying to link up to a remote server for authentication. You can do a forum search and come across these discussions pretty easily; it all boils down to the level of risk you are willing to accept.

Edit: On a Mod note, we typically lock threads that go around and around the subject of obfuscating or encrypting passwords, for the very reason I give above. I am happy at the moment to leave this topic open if others would like to offer suggestions on what they have done. If, however, the Moderation team senses the release of the Oozlum bird, the topic will die quickly.

Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
careca

In theory you could save the password encrypted, then you program asks for the passcode at startup and the credentials are de-encrypted and used.


Spoiler

Paster - Main function is to paste text, but has more functions. (No longer mantained, switched to String Trigger)

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Firefox Profile Backup - Backup/restore previously saved profile.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • colombeen
      By colombeen
      Hi everyone, I created a function to gather bitlocker information. It can tell you whether or not a drive is protected, which encryption method is being used, ...
      I tried to cover all the details in the function description
       
      The function (and 3 "internal" functions) :
      ; #FUNCTION# ==================================================================================================================== ; Name...........: _BitlockerDriveInfo ; Description ...: Get Bitlocker information for one or multiple drives ; Syntax.........: _BitlockerDriveInfo([$sDrive[, $sComputer = @ComputerName[, $bDebug = False]]]) ; Parameters ....: $sDrive - Optional: The drive. Allowed values are: ; |"" - Get the info for all available drives ; |Letter: - Get the info for the specific drive ; $sComputer - Optional: The computer from which the info should be requested ; $bDebug - Optional: Shows the hex ReturnValue from the WMI methods if set to True ; Return values .: Success - Returns a 2D array with the following information ; |[string] Drive Letter ; |[string] Drive Label ; |[string] Volume Type ; |[bool] Initialized For Protection ; |[string] Protection Status ; |[string] Lock Status ; |[bool] Auto Unlock Enabled ; |[bool] Auto Unlock Key Stored ; |[string] Conversion Status ; |[string] Encryption Method ; |[int] Encryption Percentage ; |[string] Wiping Status ; |[int] Wiping Percentage ; |[array] Key Protectors (Or [string] "None" if the drive isn't protected) ; Failure - 0, sets @error to: ; |1 - There was an issue retrieving the COM object. @extended returns error code from ObjGet ; |2 - The specified drive in $Drive doesn't exist ; |3 - There was an issue running the WMI query ; Author ........: colombeen ; Modified.......: ; Remarks .......: Requires to be run with admin elevation. Windows Vista or newer! ; A BIG THANKS to everyone from the community who contributed! ; Related .......: ; Link ..........: ; Example .......: #include <Array.au3> ; $Header = "Drive Letter|Drive Label|Volume Type|Initialized For Protection|Protection Status|" & _ ; "Lock Status|Auto Unlock Enabled|Auto Unlock Key Stored|Conversion Status|Encryption " & _ ; "Method|Encryption Percentage|Wiping Status|Wiping Percentage|Key Protectors" ; _ArrayDisplay(_BitlockerDriveInfo(), "Bitlocker Drive Info", "", 64, Default, $Header) ; =============================================================================================================================== Func _BitlockerDriveInfo($sDrive = "", $sComputer = @ComputerName, $bDebug = False) Local $aConversionStatusMsg[7] = ["Unknown", "Fully Decrypted", "Fully Encrypted", "Encryption In Progress", "Decryption In Progress", "Encryption Paused", "Decryption Paused"] Local $aEncryptionMethodMsg[9] = ["Unknown", "None", "AES_128_WITH_DIFFUSER", "AES_256_WITH_DIFFUSER", "AES_128", "AES_256", "HARDWARE_ENCRYPTION", "XTS_AES_128", "XTS_AES_256"] Local $aKeyProtectorTypeMsg[11] = ["Unknown or other protector type", "Trusted Platform Module (TPM)", "External key", "Numerical password", "TPM And PIN", "TPM And Startup Key", "TPM And PIN And Startup Key", "Public Key", "Passphrase", "TPM Certificate", "CryptoAPI Next Generation (CNG) Protector"] Local $aLockStatusMsg[3] = ["Unknown", "Unlocked", "Locked"] Local $aProtectionStatusMsg[3] = ["Unprotected", "Protected", "Unknown"] Local $aVolumeTypeMsg[3] = ["Operating System Volume", "Fixed Data Volume", "Portable Data Volume"] Local $aWipingStatusMsg[5] = ["Unknown", "Free Space Not Wiped", "Free Space Wiped", "Free Space Wiping In Progress", "Free Space Wiping Paused"] Local $iRow = 0 Local $sRunMethod, $objWMIService, $objWMIQuery, $sDriveFilter, $iProtectionStatus, $iLockStatus, $bIsAutoUnlockEnabled, $bIsAutoUnlockKeyStored, $iConversionStatus, $iEncryptionPercentage, $iEncryptionFlags, $iWipingStatus, $iWipingPercentage, $iEncryptionMethod, $aVolumeKeyProtectorID, $aVolumeKeyProtectors, $iKeyProtectorType $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\" & $sComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") If @error Then Return SetError(1, @error, 0) If $sDrive <> "" Then Local $iDriveType = _WMIPropertyValue("DriveType", "Win32_LogicalDisk", "WHERE DeviceID='" & $sDrive & "'", Default, $sComputer) If @error Or ($iDriveType <> 2 And $iDriveType <> 3) Then Return SetError(2, 0, 0) $sDriveFilter = " WHERE DriveLetter='" & $sDrive & "'" EndIf $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume" & $sDriveFilter, "WQL", 0) If Not IsObj($objWMIQuery) Then Return SetError(3, 0, 0) Local $aResult[$objWMIQuery.count][14] For $objDrive In $objWMIQuery If $bDebug Then ConsoleWrite(@CRLF & "+> " & $objDrive.DriveLetter & @CRLF) If _WMIMethodExists($objDrive, "GetConversionStatus") Then $sRunMethod = $objDrive.GetConversionStatus($iConversionStatus, $iEncryptionPercentage, $iEncryptionFlags, $iWipingStatus, $iWipingPercentage) If $bDebug Then ConsoleWrite("!> GetConversionStatus 0x" & Hex($sRunMethod) & @CRLF) Else $iConversionStatus = -1 $iWipingStatus = -1 $iEncryptionPercentage = 0 $iWipingPercentage = 0 EndIf If _WMIMethodExists($objDrive, "GetEncryptionMethod") Then $sRunMethod = $objDrive.GetEncryptionMethod($iEncryptionMethod) If $bDebug Then ConsoleWrite("!> GetEncryptionMethod 0x" & Hex($sRunMethod) & @CRLF) Else $iEncryptionMethod = 0 EndIf If _WMIMethodExists($objDrive, "GetKeyProtectors") Then $sRunMethod = $objDrive.GetKeyProtectors("0", $aVolumeKeyProtectorID) If $bDebug Then ConsoleWrite("!> GetKeyProtectors 0x" & Hex($sRunMethod) & @CRLF) Else $aVolumeKeyProtectorID = 0 EndIf If _WMIMethodExists($objDrive, "GetLockStatus") Then $sRunMethod = $objDrive.GetLockStatus($iLockStatus) If $bDebug Then ConsoleWrite("!> GetLockStatus 0x" & Hex($sRunMethod) & @CRLF) Else $iLockStatus = -1 EndIf If _WMIMethodExists($objDrive, "GetProtectionStatus") Then $sRunMethod = $objDrive.GetProtectionStatus($iProtectionStatus) If $bDebug Then ConsoleWrite("!> GetProtectionStatus 0x" & Hex($sRunMethod) & @CRLF) Else $iProtectionStatus = 2 EndIf If _WMIMethodExists($objDrive, "IsAutoUnlockEnabled") Then $sRunMethod = $objDrive.IsAutoUnlockEnabled($bIsAutoUnlockEnabled) If $bDebug Then ConsoleWrite("!> IsAutoUnlockEnabled 0x" & Hex($sRunMethod) & @CRLF) Else $bIsAutoUnlockEnabled = "Unknown" EndIf If _WMIMethodExists($objDrive, "IsAutoUnlockKeyStored") Then $sRunMethod = $objDrive.IsAutoUnlockKeyStored($bIsAutoUnlockKeyStored) If $bDebug Then ConsoleWrite("!> IsAutoUnlockKeyStored 0x" & Hex($sRunMethod) & @CRLF) Else $bIsAutoUnlockKeyStored = "Unknown" EndIf If IsArray($aVolumeKeyProtectorID) And UBound($aVolumeKeyProtectorID) > 0 Then Dim $aVolumeKeyProtectors[UBound($aVolumeKeyProtectorID)][2] For $i = 0 To UBound($aVolumeKeyProtectorID) - 1 $aVolumeKeyProtectors[$i][0] = $aVolumeKeyProtectorID[$i] If _WMIMethodExists($objDrive, "GetKeyProtectorType") Then If $objDrive.GetKeyProtectorType($aVolumeKeyProtectorID[$i], $iKeyProtectorType) = 0 Then $aVolumeKeyProtectors[$i][1]= $aKeyProtectorTypeMsg[$iKeyProtectorType] Else $aVolumeKeyProtectors[$i][1]= "Unknown" EndIf Else $aVolumeKeyProtectors[$i][1] = "Unknown" EndIf Next Else $aVolumeKeyProtectors = "None" EndIf ; DriveLetter $aResult[$iRow][0] = $objDrive.DriveLetter ; DriveLabel $aResult[$iRow][1] = _WMIPropertyValue("VolumeName", "Win32_LogicalDisk", "WHERE DeviceID='" & $objDrive.DriveLetter & "'", Default, $sComputer) ; VolumeType If _WMIPropertyExists($objDrive, "VolumeType") Then $aResult[$iRow][2] = $aVolumeTypeMsg[$objDrive.VolumeType] Else If $objDrive.DriveLetter = _WMIPropertyValue("SystemDrive", "Win32_OperatingSystem", "", Default, $sComputer) Then $aResult[$iRow][2]= $aVolumeTypeMsg[0] ElseIf _WMIPropertyValue("DriveType", "Win32_LogicalDisk", "WHERE DeviceID='" & $objDrive.DriveLetter & "'", Default, $sComputer) = 3 Then $aResult[$iRow][2]= $aVolumeTypeMsg[1] ElseIf _WMIPropertyValue("DriveType", "Win32_LogicalDisk", "WHERE DeviceID='" & $objDrive.DriveLetter & "'", Default, $sComputer) = 2 Then $aResult[$iRow][2]= $aVolumeTypeMsg[2] Else $aResult[$iRow][2]= "Unknown" EndIf EndIf ; IsVolumeInitializedForProtection If _WMIPropertyExists($objDrive, "IsVolumeInitializedForProtection") Then $aResult[$iRow][3] = $objDrive.IsVolumeInitializedForProtection Else $aResult[$iRow][3] = "Unkown" EndIf ; ProtectionStatus $aResult[$iRow][4] = $aProtectionStatusMsg[$iProtectionStatus] ; LockStatus $aResult[$iRow][5] = $aLockStatusMsg[$iLockStatus + 1] ; IsAutoUnlockEnabled $aResult[$iRow][6] = $bIsAutoUnlockEnabled ; IsAutoUnlockEnabled $aResult[$iRow][7] = $bIsAutoUnlockKeyStored ; ConversionStatus $aResult[$iRow][8] = $aConversionStatusMsg[$iConversionStatus + 1] ; EncryptionMethod $aResult[$iRow][9] = $aEncryptionMethodMsg[$iEncryptionMethod + 1] ; EncryptionPercentage $aResult[$iRow][10] = $iEncryptionPercentage ; WipingStatus $aResult[$iRow][11] = $aWipingStatusMsg[$iWipingStatus + 1] ; WipingPercentage $aResult[$iRow][12] = $iWipingPercentage ; KeyProtectors $aResult[$iRow][13] = $aVolumeKeyProtectors $iRow += 1 Next _ArraySort($aResult) Return $aResult EndFunc ;==>_BitlockerDriveInfo Func _WMIPropertyExists($Object, $Property) If Not IsObj($Object) Then Return False For $sProperty In $Object.Properties_ If $sProperty.Name = $Property Then Return True Next Return False EndFunc ;==>_WMIPropertyExists Func _WMIMethodExists($Object, $Method) If Not IsObj($Object) Then Return False For $sMethod In $Object.Methods_ If $sMethod.Name = $Method Then Return True Next Return False EndFunc ;==>_WMIMethodExists Func _WMIPropertyValue($sProperty = "", $sClass = "", $sFilter = "", $sNamespace = Default, $sComputer = @ComputerName) Local $objWMIService, $objWMIQuery If $sClass = "" Or $sProperty = "" Then Return SetError(1, 0, 0) If $sFilter <> "" Then $sFilter = " " & $sFilter If $sNamespace = Default Then $sNamespace = "\root\CIMV2" $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\\" & $sComputer & $sNamespace) If @error Then Return SetError(2, @error, 0) $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM " & $sClass & $sFilter, "WQL", 0x30) If Not IsObj($objWMIQuery) Then Return SetError(3, 0, 0) For $objItem In $objWMIQuery For $Property In $objItem.Properties_ If $Property.Name = $sProperty Then Return $Property.Value EndIf Next Next Return SetError(4, 0, 0) EndFunc ;==>_WMIPropertyValue  
      Example 1:
      #RequireAdmin #include <array.au3> ; Get information on all available drives Global $test = _BitlockerDriveInfo() If @error Then ConsoleWrite("!> _BitlockerDriveInfo() error: " & @error & ". extended: " & @extended & @CRLF) ElseIf IsArray($test) Then _ArrayDisplay($test, "Bitlocker Drive Info", "", 64, Default, "Drive Letter|Drive Label|Volume Type|Initialized For Protection|Protection Status|Lock Status|Auto Unlock Enabled|Auto Unlock Key Stored|Conversion Status|Encryption Method|Encryption Percentage|Wiping Status|Wiping Percentage|Key Protectors") ; Display the Key Protectors for the first record If IsArray($test[0][13]) Then _ArrayDisplay($test[0][13]) EndIf Example 2:
      #RequireAdmin #include <array.au3> ; Get information on the C-drive of the current computer + show extra information in the console Global $test = _BitlockerDriveInfo("C:", @ComputerName, True) If @error Then ConsoleWrite("!> _BitlockerDriveInfo() error: " & @error & ". extended: " & @extended & @CRLF) ElseIf IsArray($test) Then ConsoleWrite("Bitlocker information on the " & $test[0][0] & " drive" & @CRLF) ConsoleWrite("Protection Status: " & $test[0][4] & @CRLF) EndIf  
      Screenshot for the first example:

       
      Suggestions? Bugs?
      Just let me know
       
      TODO:
      ???  
      Version 1.0:
      Initial release Version 1.1:
      Fixed: Drive Label will not work when you request the information from a remote system (currently using DriveGetLabel) Fixed: The current fix for the missing VolumeType property in some Windows versions will only work locally Added: New internal function (_WMIPropertyValue()) Version 1.2:
      Fixed: The drive exists & drive type check only worked locally when a drive was specified in $sDrive
    • colombeen
      By colombeen
      Hi guys,
      I'm trying to get some information using WMI, from the Win32_EncryptableVolume class.
      I exec my query, filter out the C-drive, but when I need more info using the objects methods, I only get 1 value back and I can't seem to retrieve the other out params that should be there.
      A very minimal version of what I'm trying to do (no error checking etc, very basic). You need to start SciTE as admin or you won't see any results in the console!
      #RequireAdmin $strComputer = @ComputerName $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\CIMV2\Security\MicrosoftVolumeEncryption") $objWMIQuery = $objWMIService.ExecQuery("SELECT * FROM Win32_EncryptableVolume WHERE DriveLetter='C:'", "WQL", 0) For $objDrive In $objWMIQuery ConsoleWrite("> " & $objDrive.GetConversionStatus() & @CRLF) ConsoleWrite("> " & $objDrive.GetConversionStatus().ConversionStatus & @CRLF) ConsoleWrite("> " & $objDrive.GetConversionStatus().EncryptionPercentage & @CRLF) Next The result from the console is : 
      > 0 > > What I'm expecting to get back is : 
      > 0 > 0 > 0 When using powershell I get this (run as admin is required!!!) : 
      PS C:\WINDOWS\system32> (Get-WmiObject -namespace "Root\cimv2\security\MicrosoftVolumeEncryption" -ClassName "Win32_Encryptablevolume" -Filter "DriveLetter='C:'").GetConversionStatus() ... ConversionStatus : 0 EncryptionFlags : 0 EncryptionPercentage : 0 ReturnValue : 0 ... All I seem to be getting is the ReturnValue when I use the method.
      I've tried this on multiple methods, always ending up with the same result
      Anyone here who has experience with this type of thing?
       
      Greetz
      colombeen
    • careca
      By careca
      Let's say you have some files you dont want anyone to know what they are,
      and you dont want anyone to be able to open them, you could encrypt them,
      but if the files are big it'll take a long time to do the operations for you to be able to open those files.
      I made this to make this process faster, and still not easy for someone to open the files, or even know what type they are.
      What it does is change the filename to a random number with 8 digits and .inc extension.
      The original filename is encrypted in the file itself, with a PIN provided by the user up to 4 digits, this PIN is also a number that's going to be used to split the file and change it internally, so the end result is a file with a header that's got the original filename encrypted, and the rest of the file scrambled a bit.
      The way it works is simple, place the application in a folder where you want to hide the files, it will ask for a pin, after you press ok, the application asks :
      Encrypt or decrypt?
      If encrypt, the files will become the 8 digit .inc files.
      The originals will stay, the user can delete the originals or do whatever.
      Then to open the files back, same process, but this time choose decrypt, and a listview will show the random filenames and the corresponding decrypted/original filenames and extension, uppon double click they open with whatever application is the default for them. There's a search feature, and an "extract all" button, to get all files back to original/unencrypted versions.
      Feedback is wellcome.
    • Gowrisankar
      By Gowrisankar
      Dear members of the forum,
      I need to open excel files that may or may not need a password and finally move the files that needs password to manual queue.
      Is there a fastest way to do this?
       
      PS: I have a huge respect for the rules of this forum. I am not asking assistance to override any security measure. I just need to segregate the files that needs passwords.
    • t0nZ
      By t0nZ
      Today I want to share this little project made to check and  notify the expiration of domain users password, in a Microsoft domain.
      Briefly, the script check users domain password expiration and takes actions.
      The script can work on multiple domain groups, taking different actions for every group, there is an .ini file with some options.
      Groups to be checked are defined in the .ini, and the groups must contain only users no other groups.
      The list of users of every group is obtained and if the password expiration in (remaining) days is matched (two possibilities) an email is sent.
      It can be a mail sent directly to the user (ini file : tomail=user) or it can be a mail sent to only one address (ini file : tomail=the@mail.it) (like domain admins...) and in this case the mail contains a report with the users approaching expiration.
      An operation log is always generated.
      In the ini (also the posted one) you can set to have no mail sent (for testing) and/or to have a GUI, but also the GUI is intended only for test, this script is scheduled on a server not logged in, so normally no GUI .
      Update 2018/03/16 : added switch to reset the password expiration, useful if you have for example an user (or 500) with psw expiration withing 3 days and you want to restore expiration within 90 days WITHOUT changing password.
      Used the way as advised by Microsoft  (see the link), but with sth AD.au3 , the fantastic Active Directory UDF
      # First change the pwdlastset to 0 because Microsoft wants it this way $todouser.pwdLastSet = 0 Set-ADUser -Instance $todouser # Change the pwdlastset to the current date/time of the associate DC $todouser.pwdLastSet = -1 Set-ADUser -Instance $todouser Why you should act this way ? Big companies have strange policies listen to me ...
      The code:
      #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Icon=Icone\Faenza\117.ico #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ; PEG ; Password Expiration Guardian ; (C) NSC 2018 ; check user domain password expiration and takes actions ; the script can work on multiple domain groups, taking differente actions for every group. ; the groups must contains only users no other groups ; the list of users of every group is obtained and if the password expiration in day is matched (two possibilities) an email is sent. ; It can be a mail sent directly to the user (ini file : tomail=user) ; or it can be a mail sent to only one address (ini file : tomail=the@mail.it) ; and in this case the mail contains a report with the users approaching expiration ; V.0.5 check based on one domain group ; V.1.0 ini file and check based on multiple domain groups ; V.1.5 ini file with general section to activate "test" GUI, and to enable disable mail send ; V.1.6 march 2018 italian "home made" translation of days and months in date ; V.1.7 added flag pwdLastSet to reset pass expiration - intended to use like a one time on/off switch to reset psw expiration #include <AD.au3> #include <File.au3> #include <GuiEdit.au3> #include <_zip.au3> #include <Date.au3> #include <Inet.au3> #include <GUIConstantsEx.au3> #include <GuiEdit.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <Debug.au3> Global $appname = "PEG", $appver = "V.1.7" Global $inifile = @ScriptDir & "\" & $appname & ".ini" Global $geleft = 5, $getop = 5, $gewidth = 790, $geheight = 540 Global $gollogcount = 0, $lastlog = "sicrlf", $cachelog = "", $guititle = "PEG " & $appver, $Gollogedit, $logfile = @ScriptDir & "\" & $appname & "_LOG_", $months2NOTzip = 3 Global $INIgroup, $INItomail, $INImailsubject, $INIsmpt, $INIfromname, $INIfromaddress, $INIdays1, $INIdays2, $INItosend, $arrayINIsections, $guiactive, $flagITA, $flagpwdLastSet ; START program GOLLOG(">>>>>> " & $appname & " " & $appver & " START >>>>>>") CFGctrl() If $guiactive = 1 Then GUI() $groupnumber = 0 While $groupnumber < $arrayINIsections[0] $groupnumber += 1 If $arrayINIsections[$groupnumber] <> "general" Then CFGload($arrayINIsections[$groupnumber]) loaduserS() EndIf WEnd If $guiactive = 1 Then While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE GOLLOG("<<<< STOP <<<<") Exit EndSwitch WEnd EndIf GOLLOG("<<<<<< PEG STOP <<<<<<<") Exit ;STOP program Func GUI() GUICreate($guititle, 800, 560, 100, 200, -1) GUISetBkColor(0x693F54) ; will change background color $Gollogedit = GUICtrlCreateEdit("", $geleft, $getop, $gewidth, $geheight, BitOR($ES_AUTOVSCROLL, $ES_AUTOHSCROLL, $ES_WANTRETURN, $WS_BORDER, $WS_VSCROLL)) GUICtrlSetBkColor(-1, 0xC7BBC1) GUICtrlSetData(-1, "" & @CRLF) GUICtrlSetFont(-1, 9, 800, 0, "consolas") GUICtrlSetColor(-1, 0x090608) GUISetState(@SW_SHOW) GOLLOG("PEG " & $appver & " gui STARTED") EndFunc ;==>GUI Func loaduserS() GOLLOG("workin on group: " & $INIgroup) Local $Nscad = 0 Dim $report[1] = ["Report:"] Local $singlereport = "" Local $usermail = "" Local $username = "" Local $datediff = "" Local $arrayuserpsw Local $iErr _AD_Open() $search1 = _AD_GetGroupMembers($INIgroup) ;$search1 = _AD_RecursiveGetGroupMembers($INIgroup); testing recursive .. in the future maybe If @error = 0 Then Local $conta1 = 0 While $search1[0] > $conta1 $conta1 += 1 $arrayuserpsw = _AD_GetPasswordInfo($search1[$conta1]) $datediff = _DateDiff("D", _NowCalc(), $arrayuserpsw[9]) GOLLOG("USER: " & $search1[$conta1]) GOLLOG("Password expires on: " & $arrayuserpsw[9] & " in " & $datediff & " days") If $datediff = $INIdays1 Or $datediff = $INIdays2 Then GOLLOG("expiration match !") If $INItomail = "user" Then ; this IF is relative to .ini file parameter TOSEND $usermail = _AD_GetObjectAttribute($search1[$conta1], "mail") GOLLOG("sending mail to: " & $usermail) If $flagITA = 1 Then $dataITA = dataITA($arrayuserpsw[9]) Else $dataITA = _DateTimeFormat($arrayuserpsw[9], 1) EndIf Dim $report[1] = ["La tua password scadra' " & $dataITA & ", entro " & $datediff & " giorni."] _ArrayAdd($report, "Modificala per tempo !") If $INItosend = 0 Then GOLLOG("Not sent mail " & $Nscad & ": ") GOLLOG("from :" & $INIfromname & " | " & $INIfromaddress) GOLLOG("to :" & $usermail & " | subject: " & $INImailsubject) Local $reporttext = _ArrayToString($report) GOLLOG("text :" & $reporttext) Else Local $iResponse = _INetSmtpMail($INIsmpt, $INIfromname, $INIfromaddress, $usermail, $INImailsubject, $report, "EHLO " & @ComputerName, "-1") ; perla pearl mail send HS smtp (ehlo required) $iErr = @error If $iResponse = 1 Then GOLLOG("Success! " & "Mail to user sent") Else GOLLOG("Error! " & "Mail failed with error code " & $iErr) EndIf EndIf Else $username = _AD_GetObjectAttribute($search1[$conta1], "displayname") _ArrayAdd($report, "USER: " & $username) _ArrayAdd($report, "Password expires on: " & $arrayuserpsw[9] & " in " & $datediff & " days") $Nscad += 1 If $flagpwdLastSet = 1 Then ; warning : auto pass set GOLLOG("Re-set password expiration for " & $search1[$conta1]) If _AD_ModifyAttribute($search1[$conta1], "pwdLastSet", "0") Then GOLLOG("pwdLastSet to 0 - OK") Else GOLLOG("pwdLastSet to 0 - ERROR " & @error) EndIf If _AD_ModifyAttribute($search1[$conta1], "pwdLastSet", "-1") Then GOLLOG("pwdLastSet to -1 - OK") Else GOLLOG("pwdLastSet to -1 - ERROR " & @error) EndIf EndIf EndIf EndIf WEnd If $Nscad > 0 And $INItomail <> "user" Then _ArrayAdd($report, $Nscad & " user passwords near expiration") If $INItosend = 0 Then GOLLOG("Not sent mail " & $Nscad & ": ") GOLLOG("from :" & $INIfromname & " | " & $INIfromaddress) GOLLOG("to :" & $INItomail & " | subject: " & $INImailsubject) Local $reporttext = _ArrayToString($report) GOLLOG("text :" & $reporttext) Else Local $iResponse = _INetSmtpMail($INIsmpt, $INIfromname, $INIfromaddress, $INItomail, $INImailsubject, $report, "EHLO " & @ComputerName, "-1") ; perla pearl mail send HS smtp (ehlo required) Local $iErr = @error If $iResponse = 1 Then GOLLOG("Success! " & "Mail sent") Else GOLLOG("Error! " & "Mail failed with error code " & $iErr) EndIf EndIf EndIf GOLLOG("checked n° " & $conta1 & " users") Else GOLLOG("error in user search " & @error) EndIf _AD_Close() EndFunc ;==>loaduserS Func dataITA($inputdate) ; Input date in the format "YYYY/MM/DD[ HH:MM:SS]", and translates Tuesday 8 May 2018 -> Martedì 8 maggio 2018 - perla pearl Local $stringaDATAita = _DateTimeFormat($inputdate, 1) Select Case StringInStr($stringaDATAita, "Monday") $stringaDATAita = StringReplace($stringaDATAita, "Monday", "lunedi'") Case StringInStr($stringaDATAita, "Tuesday") $stringaDATAita = StringReplace($stringaDATAita, "Tuesday", "martedi'") Case StringInStr($stringaDATAita, "Wednesday") $stringaDATAita = StringReplace($stringaDATAita, "Wednesday", "mercoledi'") Case StringInStr($stringaDATAita, "Thursday") $stringaDATAita = StringReplace($stringaDATAita, "Thursday", "giovedi'") Case StringInStr($stringaDATAita, "Friday") $stringaDATAita = StringReplace($stringaDATAita, "Friday", "venerdi'") Case StringInStr($stringaDATAita, "Saturday") $stringaDATAita = StringReplace($stringaDATAita, "Saturday", "sabato") Case StringInStr($stringaDATAita, "Sunday") $stringaDATAita = StringReplace($stringaDATAita, "Sunday", "Domenica") EndSelect Select Case StringInStr($stringaDATAita, "January") $stringaDATAita = StringReplace($stringaDATAita, "January", "gennaio") Case StringInStr($stringaDATAita, "February") $stringaDATAita = StringReplace($stringaDATAita, "February", "febbraio") Case StringInStr($stringaDATAita, "March") $stringaDATAita = StringReplace($stringaDATAita, "March", "marzo") Case StringInStr($stringaDATAita, "April") $stringaDATAita = StringReplace($stringaDATAita, "April", "aprile") Case StringInStr($stringaDATAita, "May") $stringaDATAita = StringReplace($stringaDATAita, "May", "maggio") Case StringInStr($stringaDATAita, "June") $stringaDATAita = StringReplace($stringaDATAita, "June", "giugno") Case StringInStr($stringaDATAita, "July") $stringaDATAita = StringReplace($stringaDATAita, "July", "luglio") Case StringInStr($stringaDATAita, "August") $stringaDATAita = StringReplace($stringaDATAita, "August", "agosto") Case StringInStr($stringaDATAita, "September") $stringaDATAita = StringReplace($stringaDATAita, "September", "settembre") Case StringInStr($stringaDATAita, "October") $stringaDATAita = StringReplace($stringaDATAita, "October", "ottobre") Case StringInStr($stringaDATAita, "November") $stringaDATAita = StringReplace($stringaDATAita, "November", "novembre") Case StringInStr($stringaDATAita, "December") $stringaDATAita = StringReplace($stringaDATAita, "December", "dicembre") EndSelect Return ($stringaDATAita) EndFunc ;==>dataITA Func GOLLOG($logtext) ; Gollog V.2.3 gestione CRLF si o no ; gestione a capo automatico oltre i xx caratteri; gestione pulitura ogni totmila char Perla pearl ; basta aggiungere |nocrlf50 a fine stringa, dove 50 sono gli xx caratteri, conta la prima riga dove si supera quel limite. ; to declare $gollogcount = 0,$lastlog="sicrlf",$cachelog="",$guititle = "nomegui",$Gollogedit,$logfile = @ScriptDir & "\GOLLOG_LOG_", $months2NOTzip = 3 ; e anche le misure dell'edit: $geleft = 32, $getop = 32, $gewidth = 553, $geheight = 377 ; #include <File.au3> #include <GuiEdit.au3> #include <_zip.au3> ; to insert FUNCs: GOLLOG CLEANEDIT GOLzipZIP $gollogcount += StringLen($logtext) ;Local $logfile = @ScriptDir & "\GOLLOG_LOG_" ; now global Local $logfiletimerange = @YEAR & @MON Local $linelimit = StringRight($logtext, 2) If StringRight($logtext, 9) = "|nocrlf" & $linelimit Then $logtext = StringTrimRight($logtext, 9) Local $acapo = "no" Else Local $acapo = "si" $gollogcount += 4 If $gollogcount > 13000 Then Sleep(3000) cleanedit() ; MsgBox(64, "debug", $conta) $gollogcount = 0 EndIf EndIf If $acapo = "no" And (StringLen($cachelog) <= $linelimit) Then ;pearl perla non a capo se If $lastlog = "nocrlf" Then If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, $logtext) EndIf Else If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, @MDAY & "/" & @MON & "_" & @HOUR & ":" & @MIN & " " & $logtext) EndIf EndIf $cachelog = $cachelog & $logtext $lastlog = "nocrlf" Else If $lastlog = "nocrlf" Then If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, $logtext & @CRLF) EndIf $cachelog = $cachelog & $logtext _FileWriteLog($logfile & $logfiletimerange & ".txt", $cachelog) $cachelog = "" Else If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, @MDAY & "/" & @MON & "_" & @HOUR & ":" & @MIN & " " & $logtext & @CRLF) EndIf _FileWriteLog($logfile & $logfiletimerange & ".txt", $logtext) EndIf $lastlog = "sicrlf" EndIf EndFunc ;==>GOLLOG Func cleanedit() ; cleaning of edit every n° lines (in program put if $nlines > xlines then this function) GUICtrlDelete($Gollogedit) $Gollogedit = GUICtrlCreateEdit("", $geleft, $getop, $gewidth, $geheight) ;, BitOR($ES_AUTOVSCROLL, $ES_AUTOHSCROLL, $ES_WANTRETURN, $WS_BORDER)) GUICtrlSetData(-1, "" & @CRLF) GUICtrlSetFont(-1, 9, 800, 0, "consolas") GUICtrlSetColor(-1, 0090608) GUICtrlSetBkColor(-1, 0xF0DAE5) GUICtrlSetCursor(-1, 3) EndFunc ;==>cleanedit Func GOLzipLOG($months2NOTzip) ; zipping old log leaving unzipped only n months GOLLOG("Starting old logs zipping..") ; path extraction zone Local $logfiletimerange = @YEAR & @MON Local $sDrive = "", $sDir = "", $sFileName = "", $sExtension = "" Local $arraylogpath = _PathSplit($logfile & $logfiletimerange & ".txt", $sDrive, $sDir, $sFileName, $sExtension) Local $logpath = $arraylogpath[1] & $arraylogpath[2] Local $hSearch = FileFindFirstFile($logfile & "*.txt") ; searching for logs Local $logconta = 0 While 1 ; single file processing cycle Local $sFileName = FileFindNextFile($hSearch) ; If there is no more file matching the search. If @error Then ExitLoop Local $stringtime = StringTrimRight(StringRight($sFileName, 10), 4) ;obtaining year-month like 201609 If $logfiletimerange - $stringtime > $months2NOTzip Then ;zipping If Not FileExists($logfile & ".zip") Then If Not _Zip_Create($logfile & ".zip", 1) Then GOLLOG("Error " & @error & " creating " & $logfile & ".zip") Else GOLLOG("Created new log archive: " & $logfile & ".zip") EndIf Else GOLLOG("adding to archive: " & $logfile & ".zip") EndIf If Not _zip_additem($logfile & ".zip", $logpath & $sFileName) Then GOLLOG("Error " & @error & " zipping: " & $logpath & $sFileName) Else GOLLOG("Added: " & $logpath & $sFileName) $logconta += 1 If Not FileDelete($logpath & $sFileName) Then GOLLOG("ERROR - Unable to DELETE log file " & $logpath & $sFileName) EndIf EndIf EndIf WEnd GOLLOG("Finished = " & $logconta & " log files zipped") EndFunc ;==>GOLzipLOG Func CFGctrl() ; check ini files and load section names GOLLOG("checkin' INI file..|nocrlf50") If FileExists($inifile) Then $guiactive = IniRead($inifile, "general", "GUI", "?") If $guiactive = "?" Then GOLLOG("INI incomplete, missing section 'general', value GUI") ExitwithError() EndIf $flagITA = IniRead($inifile, "general", "dataITA", "?") If $flagITA = "?" Then GOLLOG("INI incomplete, missing section 'general', value dataITA") ExitwithError() EndIf $flagpwdLastSet = IniRead($inifile, "general", "pwdLastSet", "?") If $flagpwdLastSet = "?" Then GOLLOG("INI incomplete, missing section 'general', value pwdLastSet") ExitwithError() EndIf GOLLOG("reading section names...|nocrlf50") $arrayINIsections = IniReadSectionNames($inifile) GOLLOG("N°" & $arrayINIsections[0] - 1 & " groups to process") Else $message1 = "error: no saved settings !?" GOLLOG($message1) ExitwithError() EndIf GOLLOG("..completed") EndFunc ;==>CFGctrl Func CFGload($section) ; load single ini file section values $INIgroup = IniRead($inifile, $section, "group", "?") $INItomail = IniRead($inifile, $section, "tomail", "?") $INItosend = IniRead($inifile, $section, "tosend", "?") $INIdays1 = IniRead($inifile, $section, "days1", "?") $INIdays2 = IniRead($inifile, $section, "days2", "?") $INImailsubject = IniRead($inifile, $section, "mailsubject", "?") $INIsmpt = IniRead($inifile, $section, "smtp", "?") $INIfromname = IniRead($inifile, $section, "fromname", "?") $INIfromaddress = IniRead($inifile, $section, "fromaddress", "?") EndFunc ;==>CFGload Func ExitwithError() GOLLOG("**********ERROR and STOP****************") Exit EndFunc ;==>ExitwithError The example .ini:
       
      [group1] group=G_IT_PASSWORD_MONITORED days1=5 days2=2 tomail=yourgroup@yourdomain.it ;tosend=user; send mails to the domain user mail address, otherwise send to specified address tosend=0 ;tosend ;1 send mails, 0 disable mails for testing mailsubject=Domain users going to expire passwords smtp=smtp.your.own.server fromname=Password Expiration Guardian fromaddress=PEG@NSC.it [group2] group=G_IT_PASSWORD_NOTIFIED days1=5 days2=2 tomail=user ;tosend=user; send mails to the domain user mail address, otherwise send to specified address tosend=0 ;tosend ;1 send mails, 0 disable mails for testing mailsubject=Password is expiring ! smtp=smtp.your.own.server fromname=Password Expiration Guardian fromaddress=PEG@NSC.it [general] GUI=1 ;1 gui ON for testing, 0 gui disabled dataITA = 1 ;1 translates datetime in italian, 0 for ENG pwdLastSet = 0 ;1 tries to reset the 'pwdLastSet' attribute (you must have permissions), 0 do nothing  
       
×