porthos Posted August 28, 2008 Share Posted August 28, 2008 Hello, I have recently taken over as part of my company's workstation security functions (there was no one before). Historically The support techs had complete control of the local administrator account and have been renaming the account and changing the password. I have worked with thier managers to get a near complete list of the account and password information and to stop this mess. Due to corporate polical reasons the managers of the call center (1st level support) and the support techs are seperate entities within the company (they do not work with each other). I need a way for the help desk to quickly authenticate to a workstation without giving them access to the passwords (dictated from my management). Further complicating everything the company is still using Novell and will not be migrating fully to AD for another year. I have been looking through the help file but I not very experienced with here is what I have thought of this far. I have a DOS batch file that basically given a workstation name goes through all variations I know and tries to net use them.. Once help desk gets access to the machine they can change the password and help the customer. Sorry if this is too long. P CODE#include <GUIConstantsEx.au3> Opt('MustDeclareVars', 1) Example() Func Example() Local $input1, $btn1, $msg, $btn2, $val1 GUICreate(" Authenticate to a Workstation. ", 320, 120, @DesktopWidth / 2 - 160, @DesktopHeight / 2 - 45, -1, 0x00000018); WS_EX_ACCEPTFILES GUICtrlCreateLabel("Enter the C-# of the workstation.",10,10) $input1 = GUICtrlCreateInput("", 10, 30, 300, 20) $btn1 = GUICtrlCreateButton("Ok", 40, 75, 60, 20) $btn2 = GUICtrlCreateButton("Exit", 200, 75, 60, 20) GUISetState() $msg = 0 While $msg <> $GUI_EVENT_CLOSE $msg = GUIGetMsg() $val1 = 2 Select Case $msg = $btn1 $val1 = RunWait(@ComSpec & "/c"&"net use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\admin password1",@SW_HIDE) If GUICtrlRead($val1) <> 0 Then MsgBox(1,"Success","Success! Please reset Administrator Account and Password to Current Standards") ExitLoop EndIf ; Current Password and Account $val1 = RunWait(@ComSpec & "/c"&"net use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\admin password5",@SW_HIDE) If GUICtrlRead($val1) <> 0 Then MsgBox(1,"Success","Success! Userid and Password meets current standards.") ExitLoop EndIf If GUICtrlRead($val1) = 0 Then MsgBox(1,"Failure","Unknown Administrator Account and Password Combination") ExitLoop EndIf Case $msg = $btn2 ExitLoop EndSelect WEnd EndFunc ;==>Example All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above. Link to comment Share on other sites More sharing options...
porthos Posted August 29, 2008 Author Share Posted August 29, 2008 Basically when I run that code I do not get a successfull return when I test against a workstation that I know the user id and password to. Any ideas? All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above. Link to comment Share on other sites More sharing options...
PsaltyDS Posted August 29, 2008 Share Posted August 29, 2008 This makes no sense: If GUICtrlRead($val1) <> 0 Then GuiCtrlRead() takes a control ID as input. Instead, you are passing the exit code returned from a RunWait(). Can you explain your use of $val1? Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Bert Posted August 29, 2008 Share Posted August 29, 2008 (edited) Hello,I have recently taken over as part of my company's workstation security functions (there was no one before). Historically The support techs had complete control of the local administrator account and have been renaming the account and changing the password. I have worked with thier managers to get a near complete list of the account and password information and to stop this mess. Due to corporate polical reasons the managers of the call center (1st level support) and the support techs are seperate entities within the company (they do not work with each other). I need a way for the help desk to quickly authenticate to a workstation without giving them access to the passwords (dictated from my management). Further complicating everything the company is still using Novell and will not be migrating fully to AD for another year.I have been looking through the help file but I not very experienced with here is what I have thought of this far.I have a DOS batch file that basically given a workstation name goes through all variations I know and tries to net use them.. Once help desk gets access to the machine they can change the password and help the customer.Sorry if this is too long.PCODE#include <GUIConstantsEx.au3>Opt('MustDeclareVars', 1)Example()Func Example() Local $input1, $btn1, $msg, $btn2, $val1 GUICreate(" Authenticate to a Workstation. ", 320, 120, @DesktopWidth / 2 - 160, @DesktopHeight / 2 - 45, -1, 0x00000018); WS_EX_ACCEPTFILES GUICtrlCreateLabel("Enter the C-# of the workstation.",10,10) $input1 = GUICtrlCreateInput("", 10, 30, 300, 20) $btn1 = GUICtrlCreateButton("Ok", 40, 75, 60, 20) $btn2 = GUICtrlCreateButton("Exit", 200, 75, 60, 20) GUISetState() $msg = 0 While $msg <> $GUI_EVENT_CLOSE $msg = GUIGetMsg() $val1 = 2 Select Case $msg = $btn1 $val1 = RunWait(@ComSpec & "/c"&"net use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\admin password1",@SW_HIDE) If GUICtrlRead($val1) <> 0 Then MsgBox(1,"Success","Success! Please reset Administrator Account and Password to Current Standards") ExitLoop EndIf ; Current Password and Account $val1 = RunWait(@ComSpec & "/c"&"net use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\admin password5",@SW_HIDE) If GUICtrlRead($val1) <> 0 Then MsgBox(1,"Success","Success! Userid and Password meets current standards.") ExitLoop EndIf If GUICtrlRead($val1) = 0 Then MsgBox(1,"Failure","Unknown Administrator Account and Password Combination") ExitLoop EndIf Case $msg = $btn2 ExitLoop EndSelect WEndEndFunc ;==>ExampleI'm assuming you have a domain controller, right? (They are windows PCs, right?)I'm being thick...Didn't read the post the first time correctly... Edited August 29, 2008 by Volly The Vollatran project  My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
Bert Posted August 29, 2008 Share Posted August 29, 2008 Could you use a logon script to change the ID and password of the admin account to fix it? Make the script run a AutoIt script to fix it. That way no one will see what is entered in the password field when it is changed. The Vollatran project  My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
porthos Posted September 2, 2008 Author Share Posted September 2, 2008 PsaltyDS - I am using the $val1 to see if the command was successfull to prompt the user and exit the loop. Should I not use the GUICtrlRead and instead just use $val1? Volly - Unfortuneately until we move from Novell (where ever user has admin rights) to AD this is only a stop gap measure since I cannot leave the script in place as it slows down login times (which is very important to management). P All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above. Link to comment Share on other sites More sharing options...
PsaltyDS Posted September 2, 2008 Share Posted September 2, 2008 PsaltyDS - I am using the $val1 to see if the command was successfull to prompt the user and exit the loop. Should I not use the GUICtrlRead and instead just use $val1? That works for this part: $val1 = RunWait(@ComSpec & "/c" & "net use \\" & GUICtrlRead($input1) & "\admin$ /user:" & GUICtrlRead($input1) & "\admin password1", @SW_HIDE) Net.exe will return 0 for success or non-zero for errors, so that is a good test of username\password. But your test of the return value makes no sense. You should get $val1 = 0 for success, or $val1 <> 0 for failure. Neither should be passed as an input parameter to GuiCtrlRead(), as I pointed out earlier: ; Wrong: ;If GUICtrlRead($val1) <> 0 Then ; MsgBox(1, "Success", "Success! Please reset Administrator Account and Password to Current Standards") ; ExitLoop ;EndIf ;Corrected: If $val1 = 0 Then MsgBox(1, "Success", "Successful test of username\password.") ExitLoop Else MsgBox(16, "Error", "Error! Username\password did not work.") EndIf The definition of success is up to you. If you want the NET USE to fail (indicating the username\password have already been changed, maybe) then use $val1 <> 0. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
porthos Posted September 2, 2008 Author Share Posted September 2, 2008 That works for this part: $val1 = RunWait(@ComSpec & "/c" & "net use \\" & GUICtrlRead($input1) & "\admin$ /user:" & GUICtrlRead($input1) & "\admin password1", @SW_HIDE) Net.exe will return 0 for success or non-zero for errors, so that is a good test of username\password. But your test of the return value makes no sense. You should get $val1 = 0 for success, or $val1 <> 0 for failure. Neither should be passed as an input parameter to GuiCtrlRead(), as I pointed out earlier: ; Wrong: ;If GUICtrlRead($val1) <> 0 Then ; MsgBox(1, "Success", "Success! Please reset Administrator Account and Password to Current Standards") ; ExitLoop ;EndIf ;Corrected: If $val1 = 0 Then MsgBox(1, "Success", "Successful test of username\password.") ExitLoop Else MsgBox(16, "Error", "Error! Username\password did not work.") EndIf The definition of success is up to you. If you want the NET USE to fail (indicating the username\password have already been changed, maybe) then use $val1 <> 0. Thanks.... Looks like I was making it too complicated. P All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above. Link to comment Share on other sites More sharing options...
porthos Posted September 2, 2008 Author Share Posted September 2, 2008 Thanks.... Looks like I was making it too complicated.PSeems i don't have it quite right. I am not exactly sure what value I am looking for in $val. RunWait command returns a 0 on failure so Should I be looking for a non 0 for a success?I simplified my code to read like follows CODE; This is my control box... I have manually set the admin password to this.$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin dork",@SW_HIDE) If $val1 <> 0 Then MsgBox(1,"Success","Success! Userid and Password meets current standards. " & $val1) ExitLoop EndIf$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin password1",@SW_HIDE) If $val1 <> 0 Then MsgBox(1,"Success","Please reset Administrator Account and Password to Current Standards, Reference 1" & $val1) Endif$val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin password5",@SW_HIDE) If $val1 = 0 Then MsgBox(1,"Failure","Unknown Administrator Account and Password Combination " & $val1) ExitLoop EndIfIn my logic (which maybe flawed) if the net use command works then the RunWait command should return a value of something other than 0.What I am seeing is that no matter what the net use results is the RunWait command returns a 0.Thanks for the help.P All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above. Link to comment Share on other sites More sharing options...
PsaltyDS Posted September 2, 2008 Share Posted September 2, 2008 (edited) Seems i don't have it quite right. I am not exactly sure what value I am looking for in $val. RunWait command returns a 0 on failure so Should I be looking for a non 0 for a success? I simplified my code to read like follows ; This is my control box... I have manually set the admin password to this. $val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin dork",@SW_HIDE) If $val1 <> 0 Then MsgBox(1,"Success","Success! Userid and Password meets current standards. " & $val1) ExitLoop EndIf $val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin password1",@SW_HIDE) If $val1 <> 0 Then MsgBox(1,"Success","Please reset Administrator Account and Password to Current Standards, Reference 1" & $val1) Endif $val1 = RunWait(@ComSpec & "/c"&"net use \\Computer1\admin$ /user:Computer1\admin password5",@SW_HIDE) If $val1 = 0 Then MsgBox(1,"Failure","Unknown Administrator Account and Password Combination " & $val1) ExitLoop EndIf In my logic (which maybe flawed) if the net use command works then the RunWait command should return a value of something other than 0. What I am seeing is that no matter what the net use results is the RunWait command returns a 0. Thanks for the help. P Let's be more careful here... RunWait() always returns 0 if there is a failure to execute the command at all (like a typo in the command line). RunWait() also returns 0 if that happens to be the return code from successfully running the command. So, how to tell the difference? Do that by monitoring @error. If @error = 0, then the RunWait() succeeded and whatever you got back was the exitcode (which is usually 0 = success for console commands). If the returned value is 0, you still have to check @error to know if that was the return code or if the RunWait() itself failed. NET USE returns 0 for success, and non-zero for errors, but if you get a 0 back check @error before assuming it worked. If you get non-zero back from RunWait() for a NET USE command, the RunWait() worked, but the NET USE command failed. Edited September 2, 2008 by PsaltyDS Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
porthos Posted September 3, 2008 Author Share Posted September 3, 2008 Let's be more careful here...RunWait() always returns 0 if there is a failure to execute the command at all (like a typo in the command line).RunWait() also returns 0 if that happens to be the return code from successfully running the command.So, how to tell the difference? Do that by monitoring @error. If @error = 0, then the RunWait() succeeded and whatever you got back was the exitcode (which is usually 0 = success for console commands). If the returned value is 0, you still have to check @error to know if that was the return code or if the RunWait() itself failed.NET USE returns 0 for success, and non-zero for errors, but if you get a 0 back check @error before assuming it worked.If you get non-zero back from RunWait() for a NET USE command, the RunWait() worked, but the NET USE command failed. thank you for the clarification after testing some more. it seems that ShellExecuteWait("net.exe"," use \\"& GUICtrlRead($input1)&"\admin$ /user:"&GUICtrlRead($input1)&"\administrator administrator",@SW_HIDE)Seems to be working better than the RunWait. I am also using If $val1 = 0 AND @error = 0 Then andIf $val1 = 0 AND @error <> 0 Then As my conditional checksthanks for the the help.One thought: if make this a function in a later project can i just pass the variable $input1 by calling the function like so : authent($input1) where $input1 = (a name) ? All spelling above is fictional, any resemblance to actual spelling is purely accidental. No dictionaries where harmed in the writing above. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now