Jump to content

Recommended Posts

Has anyone had success managing LAPS with AutoIT?  (LAPS is Microsoft's Local Admin Password Solution.)

I am running v3.3.14.2 and Powershell 5.1.17134.858 on Windows 10 1803 build 17134.885.

I have read the entire AutoIT Help file, all of the AD UDF scripts and supporting HTML files, and a large part of the Internet and have researched myself into paralysis.

My company has more than one domain with two-way trusts and use LAPS on each domain.  At present, we remote in to a jump box in each domain when we need to manage a device there. I want to build a multiple-domain console that works just like the LAPS UI, but allows the user to select a domain via pull-down. 

At this point, I can't even get the crazy thing to work on the current domain.  

If I feed it $sComputername = 'T4211BLC1' 

$sComputerName = GUICtrlRead($idComputerName)
    
    $iPID = Run('powershell.exe -executionpolicy bypass Get-AdmPwdPassword "' & $sComputerName & '"', "c:\", @SW_Show, $STDOUT_CHILD)
    ; Wait until the process has closed using the PID returned by Run.
    ProcessWaitClose($iPID)
    ; Read the Stdout stream of the PID returned by Run.
    While 1
        $sOutput = StdoutRead($iPID)
        if @error then ExitLoop
        if $sOutput <> "" Then $sStdout = $sStdout & @CRLF & $sOutput
    WEnd

sends this to the console:

Get-AdmPwdPassword : The term 'Get-AdmPwdPassword' is not recognized as the name of a cmdlet, function, script file, 
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and 
try again.
At line:1 char:1
+ Get-AdmPwdPassword T4211BLC1
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-AdmPwdPassword:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

But if I put this on the Windows command line:

powershell.exe -executionpolicy bypass Get-AdmPwdPassword "T4211BLC1"

...it runs perfectly.

ComputerName         DistinguishedName                             Password           Expiration
                                                                                      Timestamp
------------         -----------------                             --------           ----------
T4211BLC1            CN=T4211BLC1,OU=GPO Computers Testing OU,O... YQc7Cl39wFrIF5     6/10/20...

So (if you're still awake),

  1. Why can't Powershell find 'Get-AdmPwdPassword' when called from within AutoIT?
  2. Why can't I read STDOUT?

FYI - I've tried ShellExecute, and calling a .ps1 from the script, even Run('cmd /k ...) and I get the same result - Powershell doesn't recognize the cmdlet.

Thanks in advance!!

Share this post


Link to post
Share on other sites

Did you try @Comspec as described in the help file?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-03-26 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-03-21 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

Here is the code I use, we only have a single domain but you should be able to just change the parameters to connect to different domain.

Share this post


Link to post
Share on other sites
1 hour ago, water said:

Did you try @Comspec as described in the help file?

Yes, as 

$iPID = Run(@ComSpec & ' /c ' & 'powershell.exe -executionpolicy bypass Get-AdmPwdPassword "' & $sComputerName & '"', "c:\", @SW_Show, $STDOUT_CHILD)

and I get the same result as above.

 

1 hour ago, Subz said:

Here is the code I use, we only have a single domain but you should be able to just change the parameters to connect to different domain.

The code is missing, but I'd love to see what you have that works!

Share this post


Link to post
Share on other sites

Sorry have the flu so brains a bit fuzzy at the mo :)

#include <AD.au3>
Global $g_sComputerName = $CmdLine[0] > 0 ? $CmdLine[1] : @ComputerName
MsgBox(4096, "LAPS Password", _GetLAPSPassword($g_sComputerName))

Func _GetLAPSPassword($_sComputerName, $_sUserId = "", $_sPassword = "", $_sDNSDomain = "", $_sHostServer = "", $_sConfiguration = "", $_iSecurity = 0)
    _AD_Open($_sUserId, $_sPassword, $_sDNSDomain, $_sHostServer, $_sConfiguration, $_iSecurity)
        If @error Then Return SetError(1, @error, "Error: _AD_Open() - See @extended for error code.")
    Local $sFQDN = _AD_SamAccountNameToFQDN($_sComputerName & "$")
        If @error Then Return SetError(2, @error, "Error: _AD_SamAccountNameToFQDN() - See @extended for error code.")
    Local $sLAPSPassword = _AD_GetObjectAttribute($sFQDN, "ms-mcs-admpwd")
        If @error Then Return SetError(3, @error, "Error: _GetObjectAttribute() - See @extended for error code.")
    _AD_Close()
        If @error Then Return SetError(4, @error, "Error: _AD_Close - See @extended for error code.")
    Return SetError(0, 0, $sLAPSPassword)
EndFunc

 

Share this post


Link to post
Share on other sites

Holy Crap, Subz!

I don't even have the flu so I have no excuse for overlooking this option, but good use of _AD_GetObjectAttribute.  Next question, since you may have already solved this: I'd like to reset the password in the GUI as well.  I already have the date/time picker sorted, now I just need the AD equivalent to Powershell:

Reset-AdmPwdPassword -ComputerName:MyComputer -WhenEffective:"7.28.2019 15:00"

I know _AD_SetPassword will reset the computer account password, but not the Local Admin password. 

Share this post


Link to post
Share on other sites

Holy Crap, Subz!

I don't even have the flu so I have no excuse for overlooking this option, but good use of _AD_GetObjectAttribute.  Next question, since you may have already solved this: I'd like to reset the password in the GUI as well.  I already have the date/time picker sorted, now I just need the AD equivalent to Powershell:

Reset-AdmPwdPassword -ComputerName:MyComputer -WhenEffective:"7.28.2019 15:00"

I know _AD_SetPassword will reset the computer account password, but not the Local Admin password. 

Also - HUGE Thank You to Water for creating the AD UDF to begin with.  I have used it in many other projects. 

Share this post


Link to post
Share on other sites

Sorry we don't tend to reset the password on our systems, we just use it for viewing, however the attribute that is required is:

"ms-Mcs-AdmPwdExpirationTime"

If you change it to 0 the password will be reset on the next GPUpdate.

Share this post


Link to post
Share on other sites

_AD_ModifyAttribute is the function you are looking for :)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2020-03-26 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2020-03-21 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Exit
      For my next project I would like to send files with "alternate data streams" by email in ZIP format.
      I can not use any external program like 7-Zip or WinRAR. (They would fit😥)
      Who knows how to create a ZIP file with "alternate data streams" included with the Powershell command "Compress-Archive"? 
      Here a test script:  (save as "ADSTester.cmd")
      @rem Try to create a zip file with alternate data streams (ADS) included @rem Housekeeping @cls @del ADSTester.zip >nul: @RD /S /Q Extracted >nul: @del ADSTester.txt >nul: @rem End of Housekeeping echo This is the ADSTester.txt file >ADSTester.txt echo This is the ADSTester.txt:Part1 file >ADSTester.txt:Part1 echo This is the ADSTester.txt:Part2 file >ADSTester.txt:Part2 dir /r ADSTester.txt @rem See the 3 files @rem **************************************************************** @rem **************************************************************** @rem Please alter the next lines to include the alternate data streams. powershell Compress-Archive -Path .\ADSTester.txt -Update -DestinationPath ADSTester.zip powershell Expand-Archive -Path ADSTester.zip -DestinationPath .\Extracted\ dir /r Extracted\ADSTester.txt @rem Only one file left :-( pause  
    • By ur
      Which Powershell command in the PowerCLI module for VMware ESX used to interact with UI apps?
       
      When I launch any exe/any exeutable using powercli on guest VM using powercli command.
      Invoke-VMScript, I am able to run them in the background but not in the foreground.
       
      i.e., UI apps are not launching but showing the background as running in the task manager.
       
      We need our UI Automation scripts to execute in the VM, but it is not working.
       
      We are able to do in virtualbox and hyper-v but not in vmware esx using powercli.
       
      Please suggest.
    • By ambad4u
      Hello and Good Day to All!
      I am trying to install .NET 3.5 on Windows 10 x64bit via autoit (via ShellExecuteWait + PowerShell).
      If I run this line, it will runs without issues:
      ShellExecuteWait('PowerShell.exe', '-executionpolicy Bypass -File "' & @ScriptDir & '\OJP83BU523.ps1' & '"') "OJP83BU523.ps1" contains: DISM /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\Sources\sxs /LimitAccess
      However, since I won't know in advance the drive letter of the "sources" folder, I created a script to generate a PowerShell Script to give a correct path for it.
      With the modified script below, PowerShell only blinks and nothing happens
      ShellExecuteWait('PowerShell.exe', '-executionpolicy Bypass -File "' & @ScriptDir & '\' & $filename & '"') or
      ShellExecuteWait('PowerShell.exe', '-executionpolicy Bypass -File "' & $filename & '"')  
      I wish I know the difference with "$filename" and "\OJP83BU523.ps1" usage, as for me, it should be the same.
      Attached is my entire autoit script.
      any help is appreciated!, many thanks in advance!
      test.au3
    • By JLogan3o13
      There are a number of posts on the forum regarding use of Selenium in AutoIt. I recently had a go at using the PowerShell Selenium module, and was amazed at how easy it is. Thought I would post an example here; if anyone is interested this could probably be incorporated into AutoIt code pretty easily. 
      Pre-Req - The true star of this script is the ChroPath extension, available for Edge, Chrome and FireFox. With it installed, you just click on the element, select Inspect, and then ChroPath generates the XPath to the element for you. Here is an example based on a simple form I created on one of my sites.
      $myForm = Start-SeChrome -StartURL "http://logancomputerser.com/Appointment.html" -Maximized $firstName = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_First']" $lastName = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_Last']" $address = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_Street1']" $city = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_City']" $zip = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_Zip']" $state = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//select[@id='formElement_State']" $phoneDay = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_DaytimePhone']" $phoneNight = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_EveningPhone']" $email = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_liamE']" $user = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_48564']" $pw = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='formElement_f403c']" $submit = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='wstForm_Contact_Submit']" $reset = Find-SeElement -Driver $myForm -Timeout 30 -XPath "//input[@id='wstForm_Contact_Reset']" Send-SeKeys -Element $firstName -Keys "Joe" Send-SeKeys -Element $lastName -Keys "Blow" Send-SeKeys -Element $address -Keys "111 S. Main St." Send-SeKeys -Element $city -Keys "AnyCity" Send-SeKeys -Element $zip -Keys "90210" Send-SeKeys -Element $state -Keys "CA" Send-SeKeys -Element $phoneDay -Keys "555.867.5309" Send-SeKeys -Element $phoneNight -Keys "555.888.1212" Send-SeKeys -Element $email -Keys "1Adam12@gmail.com" Send-SeKeys -Element $user -Keys "JBlow" Send-SeKeys -Element $pw -Keys "MyPassword" Start-Sleep 1 Invoke-SeClick -Element $submit Stop-SeDriver -Driver $myForm  
      As mentioned, this is just another way to skin the cat, but I found it a pretty fast way to initiate some easy testing in Selenium, and have used it a couple of times in projects now, both straight through PowerShell and wrapped in AutoIt.
    • By antonioj84
      I need some help with the powershell code below
      #include <AutoItConstants.au3> #include <Array.au3> #RequireAdmin $PS='Get-NetConnectionProfile | Where-Object { $_.NetworkCategory -match "$Public" } | Set-NetConnectionProfile -NetworkCategory Private' $sCommands = "powershell -Command " & $PS &"" $iPID = Run(@ComSpec & " /k " & $sCommands, "", @SW_SHOW , $stdout_child)  
×
×
  • Create New...