Jump to content

Help Authenticating to Remote Workstations

porthos

By porthos,
in AutoIt General Help and Support

 Share

Recommended Posts

porthos Seeker

porthos

Posted
Posted

Hello,

I have recently taken over as part of my company's workstation security functions (there was no one before). Historically The support techs had complete control of the local administrator account and have been renaming the account and changing the password. I have worked with thier managers to get a near complete list of the account and password information and to stop this mess. Due to corporate polical reasons the managers of the call center (1st level support) and the support techs are seperate entities within the company (they do not work with each other). I need a way for the help desk to quickly authenticate to a workstation without giving them access to the passwords (dictated from my management). Further complicating everything the company is still using Novell and will not be migrating fully to AD for another year.

I have been looking through the help file but I not very experienced with here is what I have thought of this far.

I have a DOS batch file that basically given a workstation name goes through all variations I know and tries to net use them.. Once help desk gets access to the machine they can change the password and help the customer.

Sorry if this is too long.

P

CODE
#include <GUIConstantsEx.au3>

Opt('MustDeclareVars', 1)

Example()

Func Example()

Local $input1, $btn1, $msg, $btn2, $val1

GUICreate(" Authenticate to a Workstation. ", 320, 120, @DesktopWidth / 2 - 160, @DesktopHeight / 2 - 45, -1, 0x00000018); WS_EX_ACCEPTFILES

GUICtrlCreateLabel("Enter the C-# of the workstation.",10,10)

$input1 = GUICtrlCreateInput("", 10, 30, 300, 20)

$btn1 = GUICtrlCreateButton("Ok", 40, 75, 60, 20)

$btn2 = GUICtrlCreateButton("Exit", 200, 75, 60, 20)

GUISetState()

$msg = 0

While $msg <> $GUI_EVENT_CLOSE

$msg = GUIGetMsg()

$val1 = 2

Select

Case $msg = $btn1

$val1 = RunWait(@ComSpec & "/c"&"net use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\admin password1",@SW_HIDE)

If GUICtrlRead($val1) <> 0 Then

MsgBox(1,"Success","Success! Please reset Administrator Account and Password to Current Standards")

ExitLoop

EndIf

; Current Password and Account

$val1 = RunWait(@ComSpec & "/c"&"net use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\admin password5",@SW_HIDE)

If GUICtrlRead($val1) <> 0 Then

MsgBox(1,"Success","Success! Userid and Password meets current standards.")

ExitLoop

EndIf

If GUICtrlRead($val1) = 0 Then

MsgBox(1,"Failure","Unknown Administrator Account and Password Combination")

ExitLoop

EndIf

Case $msg = $btn2

ExitLoop

EndSelect

WEnd

EndFunc ;==>Example

All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above.

Link to comment
Share on other sites
porthos Seeker

porthos

Posted
  • Author
Posted

Basically when I run that code I do not get a successfull return when I test against a workstation that I know the user id and password to. Any ideas?

All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above.

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

This makes no sense: 

If GUICtrlRead($val1) <> 0 Then

GuiCtrlRead() takes a control ID as input. Instead, you are passing the exit code returned from a RunWait(). Can you explain your use of $val1?

;)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
Bert Universalist

Bert

Posted
Posted (edited)

Hello,

I have recently taken over as part of my company's workstation security functions (there was no one before). Historically The support techs had complete control of the local administrator account and have been renaming the account and changing the password. I have worked with thier managers to get a near complete list of the account and password information and to stop this mess. Due to corporate polical reasons the managers of the call center (1st level support) and the support techs are seperate entities within the company (they do not work with each other). I need a way for the help desk to quickly authenticate to a workstation without giving them access to the passwords (dictated from my management). Further complicating everything the company is still using Novell and will not be migrating fully to AD for another year.

I have been looking through the help file but I not very experienced with here is what I have thought of this far.

I have a DOS batch file that basically given a workstation name goes through all variations I know and tries to net use them.. Once help desk gets access to the machine they can change the password and help the customer.

Sorry if this is too long.

P

CODE
#include <GUIConstantsEx.au3>

Opt('MustDeclareVars', 1)

Example()

Func Example()

Local $input1, $btn1, $msg, $btn2, $val1

GUICreate(" Authenticate to a Workstation. ", 320, 120, @DesktopWidth / 2 - 160, @DesktopHeight / 2 - 45, -1, 0x00000018); WS_EX_ACCEPTFILES

GUICtrlCreateLabel("Enter the C-# of the workstation.",10,10)

$input1 = GUICtrlCreateInput("", 10, 30, 300, 20)

$btn1 = GUICtrlCreateButton("Ok", 40, 75, 60, 20)

$btn2 = GUICtrlCreateButton("Exit", 200, 75, 60, 20)

GUISetState()

$msg = 0

While $msg <> $GUI_EVENT_CLOSE

$msg = GUIGetMsg()

$val1 = 2

Select

Case $msg = $btn1

$val1 = RunWait(@ComSpec & "/c"&"net use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\admin password1",@SW_HIDE)

If GUICtrlRead($val1) <> 0 Then

MsgBox(1,"Success","Success! Please reset Administrator Account and Password to Current Standards")

ExitLoop

EndIf

; Current Password and Account

$val1 = RunWait(@ComSpec & "/c"&"net use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\admin password5",@SW_HIDE)

If GUICtrlRead($val1) <> 0 Then

MsgBox(1,"Success","Success! Userid and Password meets current standards.")

ExitLoop

EndIf

If GUICtrlRead($val1) = 0 Then

MsgBox(1,"Failure","Unknown Administrator Account and Password Combination")

ExitLoop

EndIf

Case $msg = $btn2

ExitLoop

EndSelect

WEnd

EndFunc ;==>Example

I'm assuming you have a domain controller, right? (They are windows PCs, right?)

I'm being thick...Didn't read the post the first time correctly... ;)

Edited by Volly

The Vollatran project

 

My blog: http://www.vollysinterestingshit.com/

Link to comment
Share on other sites
porthos Seeker

porthos

Posted
  • Author
Posted

PsaltyDS -

I am using the $val1 to see if the command was successfull to prompt the user and exit the loop. Should I not use the GUICtrlRead and instead just use $val1?

Volly -

Unfortuneately until we move from Novell (where ever user has admin rights) to AD this is only a stop gap measure since I cannot leave the script in place as it slows down login times (which is very important to management).

P

All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above.

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

PsaltyDS -

I am using the $val1 to see if the command was successfull to prompt the user and exit the loop. Should I not use the GUICtrlRead and instead just use $val1?

That works for this part: 
$val1 = RunWait(@ComSpec & "/c" & "net use \\" & GUICtrlRead($input1) & "\admin$ /user:" & GUICtrlRead($input1) & "\admin password1", @SW_HIDE)

Net.exe will return 0 for success or non-zero for errors, so that is a good test of username\password.

But your test of the return value makes no sense. You should get $val1 = 0 for success, or $val1 <> 0 for failure. Neither should be passed as an input parameter to GuiCtrlRead(), as I pointed out earlier: 

; Wrong:
;If GUICtrlRead($val1) <> 0 Then
;   MsgBox(1, "Success", "Success! Please reset Administrator Account and Password to Current Standards")
;   ExitLoop
;EndIf

;Corrected:
If $val1 = 0 Then
    MsgBox(1, "Success", "Successful test of username\password.")
    ExitLoop
Else
    MsgBox(16, "Error", "Error! Username\password did not work.")
EndIf

The definition of success is up to you. If you want the NET USE to fail (indicating the username\password have already been changed, maybe) then use $val1 <> 0.

;)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
porthos Seeker

porthos

Posted
  • Author
Posted

That works for this part: 

$val1 = RunWait(@ComSpec & "/c" & "net use \\" & GUICtrlRead($input1) & "\admin$ /user:" & GUICtrlRead($input1) & "\admin password1", @SW_HIDE)

Net.exe will return 0 for success or non-zero for errors, so that is a good test of username\password.

But your test of the return value makes no sense. You should get $val1 = 0 for success, or $val1 <> 0 for failure. Neither should be passed as an input parameter to GuiCtrlRead(), as I pointed out earlier: 

; Wrong:
;If GUICtrlRead($val1) <> 0 Then
;   MsgBox(1, "Success", "Success! Please reset Administrator Account and Password to Current Standards")
;   ExitLoop
;EndIf

;Corrected:
If $val1 = 0 Then
    MsgBox(1, "Success", "Successful test of username\password.")
    ExitLoop
Else
    MsgBox(16, "Error", "Error! Username\password did not work.")
EndIf

The definition of success is up to you. If you want the NET USE to fail (indicating the username\password have already been changed, maybe) then use $val1 <> 0.

;)

Thanks.... Looks like I was making it too complicated.

P

All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above.

Link to comment
Share on other sites
porthos Seeker

porthos

Posted
  • Author
Posted

Thanks.... Looks like I was making it too complicated.

P

Seems i don't have it quite right. I am not exactly sure what value I am looking for in $val. RunWait command returns a 0 on failure so Should I be looking for a non 0 for a success?

I simplified my code to read like follows

CODE

; This is my control box... I have manually set the admin password to this.

$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin dork",@SW_HIDE)

If $val1 <> 0 Then

MsgBox(1,"Success","Success! Userid and Password meets current standards. " & $val1)

ExitLoop

EndIf

$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin password1",@SW_HIDE)

If $val1 <> 0 Then

MsgBox(1,"Success","Please reset Administrator Account and Password to Current Standards, Reference 1" & $val1)

Endif

$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin password5",@SW_HIDE)

If $val1 = 0 Then

MsgBox(1,"Failure","Unknown Administrator Account and Password Combination " & $val1)

ExitLoop

EndIf

In my logic (which maybe flawed) if the net use command works then the RunWait command should return a value of something other than 0.

What I am seeing is that no matter what the net use results is the RunWait command returns a 0.

Thanks for the help.

P

All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above.

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted (edited)

Seems i don't have it quite right. I am not exactly sure what value I am looking for in $val. RunWait command returns a 0 on failure so Should I be looking for a non 0 for a success?

I simplified my code to read like follows 

; This is my control box... I have manually set the admin password to this.
$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin dork",@SW_HIDE)               
    If $val1 <> 0 Then
        MsgBox(1,"Success","Success!  Userid and Password meets current standards. " & $val1)
        ExitLoop
    EndIf

$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin password1",@SW_HIDE)
     If $val1 <> 0 Then
         MsgBox(1,"Success","Please reset Administrator Account and Password to Current Standards, Reference 1" & $val1)
     Endif

$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin password5",@SW_HIDE)
    If $val1 = 0 Then
        MsgBox(1,"Failure","Unknown Administrator Account and Password Combination " & $val1)
     ExitLoop
     EndIf

In my logic (which maybe flawed) if the net use command works then the RunWait command should return a value of something other than 0.

What I am seeing is that no matter what the net use results is the RunWait command returns a 0.

Thanks for the help.

P

Let's be more careful here...

RunWait() always returns 0 if there is a failure to execute the command at all (like a typo in the command line).

RunWait() also returns 0 if that happens to be the return code from successfully running the command.

So, how to tell the difference? Do that by monitoring @error. If @error = 0, then the RunWait() succeeded and whatever you got back was the exitcode (which is usually 0 = success for console commands). If the returned value is 0, you still have to check @error to know if that was the return code or if the RunWait() itself failed.

NET USE returns 0 for success, and non-zero for errors, but if you get a 0 back check @error before assuming it worked.

If you get non-zero back from RunWait() for a NET USE command, the RunWait() worked, but the NET USE command failed.

;)

Edited by PsaltyDS
Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
porthos Seeker

porthos

Posted
  • Author
Posted

Let's be more careful here...

RunWait() always returns 0 if there is a failure to execute the command at all (like a typo in the command line).

RunWait() also returns 0 if that happens to be the return code from successfully running the command.

So, how to tell the difference? Do that by monitoring @error. If @error = 0, then the RunWait() succeeded and whatever you got back was the exitcode (which is usually 0 = success for console commands). If the returned value is 0, you still have to check @error to know if that was the return code or if the RunWait() itself failed.

NET USE returns 0 for success, and non-zero for errors, but if you get a 0 back check @error before assuming it worked.

If you get non-zero back from RunWait() for a NET USE command, the RunWait() worked, but the NET USE command failed.

;)

thank you for the clarification after testing some more. it seems that

ShellExecuteWait("net.exe"," use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\administrator administrator",@SW_HIDE)

Seems to be working better than the RunWait. I am also using

If $val1 = 0 AND @error = 0 Then

and

If $val1 = 0 AND @error <> 0 Then

As my conditional checks

thanks for the the help.

One thought: if make this a function in a later project can i just pass the variable $input1 by calling the function like so : authent($input1) where $input1 = (a name) ?

All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...