Jump to content
Sign in to follow this  
sublimnl

Can this be done in AutoIt?

Recommended Posts

sublimnl

I found the following function on the MSDN site and would like to use it within a tool I am currently writing. Basically I need a way to force a remote machine to refresh group policy.

http://msdn2.microsoft.com/en-us/library/aa374401.aspx

I have never attempted anything like this before in AutoIt so I am at a loss as to how to get started. Any help would be appreciated!

BTW, I decided against remotely executing gpupdate because gpupdate /force will sometimes come back with a Y/N prompt. I need something that will be completely silent and not leave a process running in the background on the remote machine. I figured it would be best to find a way to do this natively without external tools.

Edited by sublimnl

Share this post


Link to post
Share on other sites
tAKTelapis

You could pipe a No response directly after the GPupdate.

Then it will not leave it hanging at the prompt.

This should force a GPupdate, with a No response to the prompt, and a completely blank CMD prompt showing, you could always use AutoIt to supress the CMD window though, and just go with the gpupdate.

@echo off
echo N | gpupdate /force > NUL
exit

Share this post


Link to post
Share on other sites
sublimnl

right, but in some circumstances there will be two prompts (one for reboot, one for logoff) depending on the state of group policy. is there a way to pipe in two replies?

Share this post


Link to post
Share on other sites
lordofthestrings

erm..

I'm sure you know this as you sound knowledgeable but GPUpdate has an option to perform it's actions against remote computers..

you can simply use send() to fill in the prompts using AdlibEnable() to loop at a specified interval

Syntax:  GPUpdate [/Target:{Computer | User}] [/Force] [/Wait:<value>]
     [/Logoff] [/Boot] [/Sync]

Share this post


Link to post
Share on other sites
sublimnl

The /Target option is not for sending the command to remote computers unfortunately. It is to specify whether to update the local user or computer policy.

Share this post


Link to post
Share on other sites
lordofthestrings

whoops.. that's a silly mistake of me..


Share this post


Link to post
Share on other sites
November

Hi there,

You can try to do this in the machine:

secedit /refreshpolicy machine_policy /enforce

I dont know if its suitable for what you want, bur is an addiconal info.

You can use it to refresh users too:

secedit /refreshpolicy user_policy /enforce

Cheers,


Old Scriptology

Visual Ping 1.8 - Mass Ping Program with export to txt delimited.

Desktop 2 RGB and YMCK - Pick a color in the desktop and get the RGB and YMCK code.

Desktop 2 RGB - Pick a color in the desktop and get the RGB code.

ShootIT 1.0 - Screen Capture full and partial screen

[font="'Arial Black';"]Remember Remember The Fifth of November.[/font]

Share this post


Link to post
Share on other sites
sublimnl

thanks, but that will only work on win2k systems. secedit is no longer used for group policy refresh on winxp and above. anyone know how to implement the win32 function from my original post?

Share this post


Link to post
Share on other sites
The Kandie Man

Here you go:

Global Const $RP_FORCE = 1
Global Const $True = 1
Global Const $False = 0

$bMachine = $True
;[in] Specifies whether to refresh the computer policy or user policy. If this value is TRUE, the system refreshes the computer policy. If this value is FALSE, the system refreshes the user policy.

Dim $Return

$Return = DllCAll("Userenv.dll","int","RefreshPolicyEx","int",$bMachine,"int",$RP_FORCE)

If IsArray($Return) Then
    ConsoleWrite("Function Returned: " & $Return[0] & @LF)
    Msgbox(64,"The Function Returned:","The function returned : " & $Return[0] & @CRLF & "If the value returned was not zero then the function succeeded.")
Else
    ConsoleWrite("DllCall didn't return an array.  The call was therefore unsuccessful." & @LF)
    MsgBox(16,"Error!","The Dll Call was unsuccessful because it did not return an array.")
EndIf

This worked for my anyway. Let me know if you have any questions.

- The Kandie Man ;-)


"So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire

Share this post


Link to post
Share on other sites
sublimnl

KandieMan, thanks so much. That works on my local machine! One step closer...I just have to figure out how to run it against a remote machine now. :)

Share this post


Link to post
Share on other sites
The Kandie Man

In case you don't know about Sysinternals:

http://www.microsoft.com/technet/sysintern...ng/PsTools.mspx

This is the utility in particular that allows remote execution:

http://www.microsoft.com/technet/sysintern...ies/psexec.mspx

Hope that helps.

- The Kandie Man ;-)


"So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire

Share this post


Link to post
Share on other sites
sublimnl

thanks. yep, used sysinternals for years now. just wanted to do it all natively for a change to build up my knowledge. :) plus psexec is quarantined by mcafee in some companies I have been to in the past, so i figure best to just not rely on it. thanks for the nudge in the right direction on the script though!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.