Dizzy Posted July 3, 2008 Share Posted July 3, 2008 Hi I found an older script to manage the secpol.msc with PaulIA' AU3Lib. But i didn't find the right syntax to migrate it to the actual AutoIt version. Can someone help me? muttley Here's the original: expandcollapse popup#include <A3LListView.au3> #include <A3LTreeView.au3> Opt("MustDeclareVars", 1) Global $hTree, $hNode, $hList, $iIndex ; Open "Local Security Settings" ShellExecute("secpol.msc") _Lib_WinWaitActive("Local Security Settings") ; Find the TreeView control $hTree = ControlGetHandle("Local Security Settings", "", "SysTreeView321") if @Error then _Lib_ShowError("Unable to find TreeView") ; Find "User Rights Assignment" node $hNode = _TreeView_FindNodeEx($hTree, "Security Settings|Local Policies|User Rights Assignment") if $hNode = 0 then _Lib_ShowError("Unable to find User Rights Assignment") _TreeView_Click($hTree, $hNode) Sleep(1000) ; Find the ListView control $hList = ControlGetHandle("Local Security Settings", "", "SysListView321") if @Error then _Lib_ShowError("Unable to find ListView") ; Select "Act as part of the operating system" $iIndex = _ListView_FindInText($hList, "Act as part of the operating system") if $iIndex = -1 then _Lib_ShowError("Unable to find ListView item") ; Open up item _ListView_ClickItem($hList, $iIndex, "left", False, 2) _Lib_WinWaitActive("Act as part of the operating system") ; Click on "Add User or Group" ControlClick("Act as part of the operating system", "", "Add &User or Group...") _Lib_WinWaitActive("Select Users or Groups") ; Add a user ControlSend("Select Users or Groups", "", "RichEdit20W1", "YourUserName") ControlClick("Select Users or Groups", "", "OK") Thanks for you help! Dizzy Link to comment Share on other sites More sharing options...
PsaltyDS Posted July 3, 2008 Share Posted July 3, 2008 Hi I found an older script to manage the secpol.msc with PaulIA' AU3Lib. But i didn't find the right syntax to migrate it to the actual AutoIt version. Can someone help me? Here's the original: expandcollapse popup#include <A3LListView.au3> #include <A3LTreeView.au3> Opt("MustDeclareVars", 1) Global $hTree, $hNode, $hList, $iIndex ; Open "Local Security Settings" ShellExecute("secpol.msc") _Lib_WinWaitActive("Local Security Settings") ; Find the TreeView control $hTree = ControlGetHandle("Local Security Settings", "", "SysTreeView321") if @Error then _Lib_ShowError("Unable to find TreeView") ; Find "User Rights Assignment" node $hNode = _TreeView_FindNodeEx($hTree, "Security Settings|Local Policies|User Rights Assignment") if $hNode = 0 then _Lib_ShowError("Unable to find User Rights Assignment") _TreeView_Click($hTree, $hNode) Sleep(1000) ; Find the ListView control $hList = ControlGetHandle("Local Security Settings", "", "SysListView321") if @Error then _Lib_ShowError("Unable to find ListView") ; Select "Act as part of the operating system" $iIndex = _ListView_FindInText($hList, "Act as part of the operating system") if $iIndex = -1 then _Lib_ShowError("Unable to find ListView item") ; Open up item _ListView_ClickItem($hList, $iIndex, "left", False, 2) _Lib_WinWaitActive("Act as part of the operating system") ; Click on "Add User or Group" ControlClick("Act as part of the operating system", "", "Add &User or Group...") _Lib_WinWaitActive("Select Users or Groups") ; Add a user ControlSend("Select Users or Groups", "", "RichEdit20W1", "YourUserName") ControlClick("Select Users or Groups", "", "OK") Thanks for you help! Dizzy This is updated for the functions from PaulIA's AU3 Library collection that have been incorporated into AutoIt standard UDFs: expandcollapse popup#include <GuiListView.au3> #include <GuiTreeView.au3> Opt("MustDeclareVars", 1) Global $hTree, $hNode, $hList, $iIndex ; Open "Local Security Settings" ShellExecute("secpol.msc") WinWaitActive("Local Security Settings") ; Find the TreeView control $hTree = ControlGetHandle("Local Security Settings", "", "SysTreeView321") if @Error then MsgBox(16, "Error", "Unable to find TreeView") ; Find "User Rights Assignment" node $hNode = _GUICtrlTreeView_FindItemEx($hTree, "Security Settings|Local Policies|User Rights Assignment") if $hNode = 0 then MsgBox(16, "Error", "Unable to find User Rights Assignment") _GUICtrlTreeView_ClickItem($hTree, $hNode) Sleep(1000) ; Find the ListView control $hList = ControlGetHandle("Local Security Settings", "", "SysListView321") if @Error then MsgBox(16, "Error", "Unable to find ListView") ; Select "Act as part of the operating system" $iIndex = _GUICtrlListView_FindInText($hList, "Act as part of the operating system") if $iIndex = -1 then MsgBox(16, "Error", "Unable to find ListView item") ; Open up item _GUICtrlListView_ClickItem($hList, $iIndex, "left", False, 2) WinWaitActive("Act as part of the operating system") ; Click on "Add User or Group" ControlClick("Act as part of the operating system", "", "Add &User or Group...") WinWaitActive("Select Users or Groups") ; Add a user ;ControlSend("Select Users or Groups", "", "RichEdit20W1", "YourUserName") ;ControlClick("Select Users or Groups", "", "OK") The final changes were commented out so it can be test run without changing anything. It crashes on my XP Pro load because some dialogs do not allow some automation like _GUICtrlListView_ClickItem(). Supposedly a security "feature/not a bug" I guess. I ran into the same thing automating some of IE's config dialogs. You might get the rectangle for the item and MouseClick() the coordinates instead, if you see the same issue. muttley Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Dizzy Posted July 6, 2008 Author Share Posted July 6, 2008 (edited) OK - i found a starting point in another file ... What did i want: I need the seetings from "User Rights Assignment" and want to store them in an file. So, my way is to open the secpol.msc, look for the node "Local Policy", Look for the Node "User Rights Assignment", make a right click on it and export the list as a cvs-file. Here is the start with a _WinAPI-ReadProcessMemory-Error : Access is denied Why? #include <GuiConstantsEx.au3> #include <GuiTreeView.au3> #include <WindowsConstants.au3> #include <GuiImageList.au3> Opt('MustDeclareVars', 1) Opt('WinTitleMatchMode', 4) DIM $hWin, $hMain, $hMain_Item, $iCount, $hItem_Text, $hChildCount ShellExecute("secpol.msc") WinWait("[CLASS:MMCMainFrame; TITLE:Local Security Settings]") $hWin = WinGetHandle("[CLASS:MMCMainFrame; TITLE:Local Security Settings]") WinActivate($hWin) WinWaitActive($hWin) $hMain = ControlGetHandle($hWin, "", "SysTreeView321") $iCount = _GUICtrlTreeView_GetCount($hMain) ConsoleWrite("Debug = Total Items $iCount = " & $iCount & @CRLF) $hMain_Item = _GUICtrlTreeView_GetFirstItem($hMain) ConsoleWrite("Debug = Top Item $hMain_Item = " & $hMain_Item & @CRLF) MsgBox(64, "-1- ", "OK, up to this point") $hItem_Text = _GUICtrlTreeView_GetText($hMain, $hMain_Item) ConsoleWrite("Debug = Top Item $hSTV_Item = " & $hItem_Text & @CRLF) ;$hChildCount = _GUICtrlTreeView_GetChildCount($hMain, $hMain_Item) ;ConsoleWrite("Debug = Item Chield $IChildCount = " & $hChildCount & @CRLF) ;$hChildNode = _GUICtrlTreeView_FindItem($hMain, "Local Policy", True, $hMain_Item) ;If $hChildNode = 0 Then ; MsgBox(16, "Error", "Node not found") ; Exit ;EndIf ;ConsoleWrite("Debug = Local Policy = " & $hChildNode & @crlf) ;_GUICtrlTreeView_Expand($hMain, $hChildNode, True) ;_GUICtrlTreeView_SelectItem($hMain, $hChildNode, True) ;_GUICtrlTreeview_clickItem($hMain, $hChildNode) exit I'm using Production 3.2.12.1 and i've tested it with Beta 3.2.13.3 - same error. Anyone with ideas? Thanks Dizzy Edited July 9, 2008 by Dizzy Link to comment Share on other sites More sharing options...
PsaltyDS Posted July 7, 2008 Share Posted July 7, 2008 OK - i found a starting point in another file ... What did i want: I need the seetings from "User Rights Assignment" and want to store them in an file. So, my way is to open the secpol.msc, look for the node "Local Policy", Look for the Node "User Rights Assignment", make a right click on it and export the list as a cvs-file. Here is the start with a _WinAPI-ReadProcessMemory-Error : Access is denied Why? I'm using Production 3.2.12.1 and i've tested it with Beta 3.2.13.3 - same error. Anyone with ideas? Thanks Dizzy These setting are easier to set than to list programatically. You can use NTRIGHTS.exe (syntax here) to change them in local policy, but it won't just list them. The GUI has been changed to crash on attempts to automate it directly. The RSOP_* (Resultant Set of Policy) stuff in Scriptomatic WMI doesn't list anything for me XP, though it runs without errors. For example: $strComputer = "." $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\rsop\computer") $colItems = $objWMIService.ExecQuery("Select * from RSOP_AuditPolicy") $sMsg = "Computer = " & $strComputer & @CRLF & "========================================" & @CRLF For $objItem in $colItems $sMsg &= "Category: " & $objItem.Category & @CRLF $sMsg &= "Precedence: " & $objItem.Precedence & @CRLF $sMsg &= "Failure: " & $objItem.Failure & @CRLF $sMsg &= "Success: " & $objItem.Success & @CRLF & @CRLF Next MsgBox(64, "Results", $sMsg) So I'm not sure where that leaves you. There are third-party tools out there, and I guess you'll have to look into them. muttley Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Dizzy Posted July 7, 2008 Author Share Posted July 7, 2008 Thanks for your reply PsaltyDS! If i'm right, NTRIGHTS.EXE will just have the possibility to grant or revoke settings. I need the >> actual << setting. But i'm looking for exactly for THIS kind of script or exe to get the infos from a commandline Due to the problems with the secpol.msc (i make a workaround with installing an old autoit-version to build "a little piece of code" to get my information) i'll be happy to get solutions with WMI or something else. Secpol.msc won't work for me, 'cause it needs to have someone "ON" the server to work with the gui ... I can't get it work in a scheduled task - bad ... Your piece of code give me just 2 lines back: . ================ Hmm - can we try to fill this with information? muttley Thanks Dizzy Link to comment Share on other sites More sharing options...
Dizzy Posted July 7, 2008 Author Share Posted July 7, 2008 OK - i found a workaround and will discribe it tomorrow ... if someone is curiously Link to comment Share on other sites More sharing options...
Dizzy Posted July 8, 2008 Author Share Posted July 8, 2008 (edited) Here go.It wasn't easy to find a way to get "my" policy settings, but this did it for me:1.) Install the 5mb gpmc.msi from Microsoft (why? 'cause this will install some dll's which we can use to get an html file)2.) Create and start a vbs-script to make the html file; create temp VBA-Script $vbsfile = FileOpen(@ScriptDir & "\look.vbs", 2) If $vbsfile = -1 Then MsgBox(0, "Error", "Unable to open file.") Exit EndIf FileWriteLine($vbsfile, "Set oGpm = CreateObject(""GPMGMT.GPM"")" ) FileWriteLine($vbsfile, "Set oGpConst = oGpm.GetConstants()" ) FileWriteLine($vbsfile, "Set oRSOP = oGpm.GetRSOP( oGpConst.RSOPModeLogging, """" , 0)" ) FileWriteLine($vbsfile, "strpath = Left(Wscript.ScriptFullName, InStrRev(Wscript.ScriptFullName,""\"", -1, vbTextCompare) ) " ) FileWriteLine($vbsfile, "oRSOP.LoggingFlags = 0" ) FileWriteLine($vbsfile, "oRSOP.CreateQueryResults()" ) FileWriteLine($vbsfile, "Set oResult = oRSOP.GenerateReportToFile( oGpConst.ReportHTML, strPath & ""rsop.html"")" ) FileWriteLine($vbsfile, "oRSOP.ReleaseQueryResults()" ) FileWriteLine($vbsfile, "WScript.Quit()" ) FileClose($vbsfile) RunWait("wscript.exe look.vbs ") Sleep(500) FileDelete(@ScriptDir & "\look.vbs")3.) If everything is inside the html - perfect .. muttley If not, the use "secedit /export /cfg " & @scriptdir & "\sec-out.txt" to get the rest4.) Examine the sec-out.txt for the missing settings and insert it to the html-file (i use _filereadtoarray and _filewritefromarray to make my change in ram)I spend time to get the settings for:- "Log on as a batch job"- "Log on as a service"- "Network access: Allow anonymous SID/Name translation"So here they are: SeBatchLogonRight = "Log on as a batch job"SeServiceLogonRight = "Log on as a service"LSAAnonymousNameLookup = "Network access: Allow anonymous SID/Name translation"For translating the SIDs i use this:#Include <Security.au3> ;for example _SID("SeBatchLogonRight") Func _SID($Wert) For $i = 1 to $aRecords[0] If StringInStr($aRecords[$i],$Wert) Then $List = StringSplit($aRecords[$i],",") If $List[0] > 0 Then For $x = 1 to $List[0] $List[$x] = StringMid($List[$x],(StringInStr($List[$x],"S-"))) Next EndIf EndIf Next $Back = "" If $List[0] > 0 Then For $x = 1 to $List[0] $aAcct=_Security__LookupAccountSid($List[$x]) if $x = 1 then $Back = $aAcct[0] if $x > 1 then $Back = $Back & ", " & $aAcct[0] Next EndIf ConsoleWrite("Result = " & $Back & @crlf) EndFuncIn a second script i check the settings against guidelines and write the results (ok, missing some settings, wrong setting ...) to an excel-file.Maybe its helpful Have also a look here (script without VBS) : http://www.autoitscript.com/forum/index.php?showtopic=75547CUDizzy Edited July 16, 2008 by Dizzy Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now