Sign in to follow this  
Followers 0
mgroen

How to check if current user has blank password in Windows

15 posts in this topic

#1 ·  Posted (edited)

Is there a way to check if the current user that is loged in windows has a password or no password.

I am making a script for automatic installation of the logmein software. When you install the software it checks if the current user has a Null password.

If the user has a null password the installation ask for an Access code. With this code you can start the remote session.

I a useraccount has a password it don't ask for a Access code but ask for the login and password for windows when you start the remote session.

The problem is that when i help family with remote support they must always give me there username and password.

I solved that problem by making an extra user account. Then i can use that account for the remote session.

My problem is that my script needs to check if a user has a password. I the user has a password only then i want to create the extra useraccount. I the user has a blank password i must skip the part of creating a new account.

So i only have to know how to check if a useraccount has a blank password.

The Script

;------------------------------------------------------------------------------------------------------------------------------------------
;Choose a Access Code for connecting to a computer
$Accesscode = "Choose a default access code"

;Login for www.logmein.com
$email = "your email adress of logmein"
$password = "your password of logmein"

;Messagebox text to check Adminrights
$Error = "Stop"
$Message = "U Windows account heeft geen administrator rechten. Meld u in Windows aan met een account wat administratorrechten heeft om de software te kunnen installeren."

;Change password for LogMeIn Useraccount
$Password1 = 'password for the useraccount'
;------------------------------------------------------------------------------------------------------------------------------------------
;Do not change anything below

#NoTrayIcon
Opt("WinTitleMatchMode", 2)

If Not FileInstall("logmein.msi", @TempDir & "\logmein.msi", 1) Then
    Exit 1
EndIf

If Not IsAdmin() Then
    MsgBox(16, $Error, $Message)
    Exit 1
Endif

$pid = Run(@ComSpec & " /c msiexec /i logmein.msi", @TempDir, @SW_HIDE)

;Dialog Begin Screen
WinWait("LogMeIn", "Logo")
    ControlClick("LogMeIn", "Logo", 1001)

;Dialog License Agreement
WinWait("LogMeIn License Agreement")
    ControlClick("LogMeIn License Agreement", "", 1001)

;Dialog Software options
WinWait("LogMeIn", "Software options")
    ControlClick("LogMeIn", "Software options", 392)
        ControlClick("LogMeIn", "Software options", 1001)

;Dialog Computer Description
WinWait("LogMeIn", "Computer Description")
    ControlClick("LogMeIn", "Computer Description", 1001)

;Dialog Computer Access Code
; Check if Windows current user has null password (it knows)
; send Access Code to Dialog
    If WinExists("LogMeIn", "Computer Access Code") Then
        WinWait("LogMeIn", "Computer Access Code")
            WinActivate("LogMeIn", "Computer Access Code")
                WinWaitActive("LogMeIn", "Computer Access Code")
            ControlFocus("LogMeIn", "", 1119)
                Sleep(1000)
                    ControlSend("LogMeIn", "Computer Access Code", 1119, $Accesscode)
            ControlFocus("LogMeIn", "", 1125)
                Sleep(1000)
                    ControlSend("LogMeIn", "Computer Access Code", 1125, $Accesscode)
        ControlClick("LogMeIn", "Computer Access Code", 1001)
    EndIf

;Dialog LogMeIn Account Details
WinWait("LogMeIn", "LogMeIn Account Details")
    WinActivate("LogMeIn", "LogMeIn Account Details")
        WinWaitActive("LogMeIn", "LogMeIn Account Details")
            ControlFocus("LogMeIn", "", 1174)
                Sleep(1000)
                    ControlSend("LogMeIn", "LogMeIn Account Details", 1174, $email)
            ControlFocus("LogMeIn", "", 1119)
                Sleep(1000)
                    ControlSend("LogMeIn", "LogMeIn Account Details", 1119, $password)
        ControlClick("LogMeIn", "LogMeIn Account Details", 590)
ControlClick("LogMeIn", "LogMeIn Account Details", 1001)

;Dialog Choose Destination Location
WinWait("LogMeIn", "Choose Destination Location")
    ControlClick("LogMeIn", "Choose Destination Location", 1001)

;Dialog Setup Completed
WinWait("LogMeIn", "Setup Completed")
    WinActivate("LogMeIn", "Setup Completed")
        WinWaitActive("LogMeIn", "Setup Completed")
            ControlClick("LogMeIn", "Setup Completed", 1018)


ProcessWaitClose($pid)

;------- This part only needs to run if the useracocunt have a password ------------
;Create LogMeIn UserAccount in windows
RunWait(@ComSpec & ' /c ' & _
'Net User ' & 'LogMeInRemoteUser' & ' ' & $Password1 & ' /add &&' & _
'Net LocalGroup ' & 'Administrators' & ' ' & 'LogMeInRemoteUser' & ' /add &' & _
'Net LocalGroup ' & 'Users' & ' ' & 'LogMeInRemoteUser' & ' /delete &' & _
'Net LocalGroup ' & 'Gebruikers' & ' ' & 'LogMeInRemoteUser' & ' /delete &' & _
'Net Accounts /MaxPwAge:UnLimited', '', @SW_HIDE)

;Hide LogMeIn UserAccount from Loginscreen
RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" ,"LogMeInRemoteUser", "REG_DWORD", 00000000)
;--------end-------------------------------------------------------------------------

FileDelete(@TempDir & '\logmein.msi')
Exit
Edited by mgroen

Share this post


Link to post
Share on other sites



you cant . at least after my researches , 2..3 months ago .

but can you be more specific ,

which is the part who bother you ? [ ... ]

Share this post


Link to post
Share on other sites

To check credentials use RunAs() to run a CMD at @SW_HIDE ... if it fails with blank password credentials then there must be a password...

$err = RunAs(@UserName,@LogonDomain,"",2,"cmd /c","",@SW_HIDE)

MsgBox(4096,"",$err & @LF & @error)

1 person likes this

f_mrcleansmalm_77ce002.jpgAutoIt has helped make me wealthy

Share this post


Link to post
Share on other sites

I agree. Attempt to run something with a blank pwd. If it fails then not a blank pwd. The M$ Scripting Guy http://www.microsoft.com/technet/scriptcen...05/hey1006.mspx suggests attempting to change the pwd form blank to blank. I like Larry's choice better.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

removed. Reply was taking a long time and at the end my reply was double.

Edited by mgroen

Share this post


Link to post
Share on other sites

you cant . at least after my researches , 2..3 months ago .

but can you be more specific ,

which is the part who bother you ? [ ... ]

@oneLess

It is the last part of the script. I used ;------- This part only needs to run if the useracocunt have a password ------------ to define the part.

@LarryDalooza and @spudw2k

Thankt for this i wil try this and let you know

Share this post


Link to post
Share on other sites

The code in not working. RunAs was noy recognized as a command. After i installed the Beta of AutoIt the code RunAs was recognized as a command but i still get the following error.

$err = RunAs(@UserName, @LogonDomain, "", 2, "cmd /c", "", @SW_HIDE)
MsgBox(4096,"",$err & @LF & @error)

C:\logmein\logmein2.au3(95,68) : ERROR: RunAs(): undefined function.

$err = RunAs(@UserName, @LogonDomain, "", 2, "cmd /c", "", @SW_HIDE)

Hope you have some advice for this.

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

This would be the safer solution as a failed login attempt may lock out the users account.

Interesting observation Big_Daddy. I wasn't aware that a bad password change didn't have the same effect as a bad login.

Edited by spudw2k

Share this post


Link to post
Share on other sites

I agree. Attempt to run something with a blank pwd. If it fails then not a blank pwd. The M$ Scripting Guy http://www.microsoft.com/technet/scriptcen...05/hey1006.mspx suggests attempting to change the pwd form blank to blank. I like Larry's choice better.

That part is to difficult for me. I have no programming experience and i am learing bit by bit.

Share this post


Link to post
Share on other sites

Should look close to this, although this has an error.

C:\Documents and Settings\-----\Desktop\New AutoIt v3 Script.au3 (15) : ==> The requested action with this object has failed.:

$objUser.ChangePassword($strPassword, $strPassword)

;On Error Resume Next
Opt("RunErrorsFatal", 0)

Dim $objNetwork = ObjCreate("Wscript.Network")
$strComputer = $objNetwork.ComputerName

$strPassword = ""

Dim $colAccounts = ObjGet("WinNT://" & $strComputer)
Dim $Array[1] = ["user"]
$colAccounts.Filter = $Array
;$colAccounts.Filter = Array("user")

For $objUser In $colAccounts
    $objUser.ChangePassword($strPassword, $strPassword)
    If @Error Then
        ConsoleWrite($objUser.Name & " is using a blank password.")
    EndIf
Next

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

1 - mgroen

ok , i see your point now

this is the part you are interested from my script

[ i have a while loop , and i wait for showing Computer Access Code part or not

is enough this ?

; ---------------
        GUICtrlSetData ($tz, 25)
        $text__04 = "Enter a brief description to help identify this computer"
        ActWin ( $title_01 , $text__04 )
            ControlClick    ( $title_01 , $text__04 , "Button2")
; ---------------
        GUICtrlSetData ($tz, 30)
        $text__05 = "Verify Computer Access Code"
        $text__06 = "Enter your LogMeIn account information"
        $_need_password = True
        While $_need_password
            Sleep ( 10 )
            If WinExists ( $title_01 , $text__05 ) Then
                    ActWin ( $title_01 , $text__05 )
                Send ( $_access__code & "{TAB}" & $_access__code )
                    Sleep ( 100 )
                ControlClick   ( $title_01 , $text__05 , "Button2" )
                $_need_password = False
            EndIf
            If WinExists ( $title_01 , $text__06 ) Then
                $_need_password = False
            EndIf
        WEnd
; ---------------
        GUICtrlSetData ($tz, 40)
        ActWin ( $title_01 , $text__06 )
            ControlClick    ( $title_01 , $text__06 , "RichEdit20W1" )
                Sleep ( 50 )
            Send ( $_account_name & "{TAB}" & $_account_pass    )
                Sleep ( 120 )
            ControlClick ( $title_01 , $text__06 , "Button5"    )
                Sleep ( 120 )
            ControlClick ( $title_01 , $text__06 , "Button1"    )
; ---------------

you can insert your script with create a new account in the while loop.

[of course , i can put here the all script]

2 - can anyone conform that M$ Scripting script is working ?

maybe publish here a translate into autoit ?

3 - LarryDalooza

To check credentials use RunAs() to run a CMD at @SW_HIDE ... if it fails with blank password credentials then there must be a password...

i wonder , if exist a password , if you run RunAs() with OTHER password , blank or not , it fails OR not ?

4 - I HAVE A NEWS HERE [ i will apply on my script soon ]

tested TWICE , first on mistake , second TODAY for verifying first observations

Check if Windows current user has null password (it knows)

i think they DO NOT KNOW , or DO NOT KNOW 100% , [or may know 100% and want protect you anyway !?]

because, if you run logmein setup , unattended or not

on a computer with an account who HAVE a password different than BLANK

BUT , this account is set for autolog ON

RegWrite ( "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" , "AutoAdminLogon" , "REG_SZ" , "0" )

logmein setup will ask you for Computer Access Code instead of username + password .

tested twice like i said , RESTARTED after AutoAdminLogon = on , i will test soon without restart .

SO , technicaly , if my remote client run there my script

if have a password or not , i will set AutoAdminLogon = on

[i dont know now if is ok without restart]

my script will run logmein_setup

and sometime , after my script is finishing the setup , or in time when i will be logged in remote computer

i will put again AutoAdminLogon = off

CAN ANYONE CONFIRM this ?

with or w/o restart [after set AutoAdminLogon]?

Edited by oneLess

Share this post


Link to post
Share on other sites

Thanks for all the reply's. I go away for a few days of holiday and will test it next week.

Share this post


Link to post
Share on other sites

get blank password accounts and accounts violating changed password group policy

as per http://www.microsoft.com/technet/scriptcen...05/hey1006.mspx

(minimum password length, password complexity and password history)

Opt("MustDeclareVars", 1)
Global $array[1] = ["User"]
Global $oMyError     = ObjEvent("AutoIt.Error", "ComErrorHandler")
Global $objNetwork   = ObjCreate("Wscript.Network")
Global $strComputer = $objNetwork.ComputerName
Global $strPassword = "", $colAccounts

ConsoleWrite(@CRLF & '>  $strComputer = ' & $strComputer & @CRLF & @CRLF)
$colAccounts = ObjGet("WinNT://" & $strComputer & "")
$colAccounts.Filter = $array

For $objUser In $colAccounts
    SetError(0)
    $objUser.ChangePassword($strPassword, $strPassword)
    ;@error set to 1 if password change fails or blank password violates changed group policy **
    ;remains set to 0 if blank password set successful for $objUser
    ;use COM error handler for blank password policy violation
    If Not @error Then
        ConsoleWrite("!  " & $array[0] & ": " & $objUser.Name & _
        @CRLF & "!  Is using a blank password." & @CRLF & @CRLF)
    EndIf
Next

Func ComErrorHandler()
    Dim $oMyError
    Local $Flag = 1
    Local $sHexNumber = Hex($oMyError.number,8)
    Local $sDesc = StringStripWS($oMyError.windescription, 2) 
    Switch $sDesc
        Case "Access is denied."
            ContinueCase
        Case "The specified network password is not correct."
            ConsoleWrite("+> " & $array[0] & ": " & $objUser.Name & _
            @CRLF & "+> " & $oMyError.windescription & @CRLF)
            $Flag = 0
    EndSwitch
    If StringInStr($sDesc,"The password does not meet the password policy requirements.") Then
        $sDesc = StringReplace($sDesc, ".", "." & @CRLF & "-> ", 1)
        ConsoleWrite("->  " & $array[0] & ": " & $objUser.Name & @CRLF & _
        "->  Is using a blank or group policy violating password." & @CRLF & "->  " & $sDesc & @CRLF & @CRLF)
        $Flag = 0
    EndIf
    If $flag Then ;COM errors other than password change
        Msgbox(0,"AutoItCOM Test","We intercepted a COM Error !"        & @CRLF & @CRLF & _
                 "err.description is: "    & @TAB & $oMyError.description       & @CRLF & _
                 "err.windescription:"     & @TAB & $oMyError.windescription    & @CRLF & _
                 "err.number is: "         & @TAB & $sHexNumber                 & @CRLF & _
                 "err.scriptline is: "     & @TAB & $oMyError.scriptline        & @CRLF)
    EndIf
    $oMyError.clear
    SetError(1)
Endfunc

I see fascists...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0