none
guest status revisited

    Question

  • I was given this code as an example on how to go through a domain and identify each machines local accounts and account status:

    'This script uses Active Directory to find and connect to all Windows and check the status of the Guest account, Enabled or Disabled.
    'Will return "True" if the account is Disabled

    On Error Resume Next

    Const ForWriting = 2
    set objFSO = CreateObject("scripting.filesystemobject")
    set objFile = objFSO.createtextfile(".\AuditGuestAccountStatus.txt")
    objFile
    .WriteLine "Name;Disabled;sID;Error"

    domain
    = "DC=Domain,DC=Com"
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection
    .Provider = "ADsDSOObject"
    objConnection
    .Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand
    .CommandText = _
    "SELECT distinguishedName, Name, Location, operatingSystem, operatingSystemservicepack FROM " _
    & "'LDAP://" & domain & "' WHERE objectClass='computer' " _
    & "and operatingSystem = '*server*'"

    objCommand
    .Properties("Timeout") = 30

    Set objRecordSet = objCommand.Execute()
    Do Until objRecordSet.EOF
       
        strComputer
    =objRecordSet.Fields("Name").Value
       
    'set objWMIDateTime = CreateObject("WbemScripting.SWbemDateTime")
       
    'set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")


    If Err.Number <> 0 Then 
    objFile
    .WriteLine strComputer & ";" & ";" & ";" & Err.Description
    Err
    .Clear
    Else


    Set colItems = objWMIService.ExecQuery _
    ( "Select * from Win32_UserAccount Where LocalAccount = True AND Name='Guest' " )

    'Set colGroups = GetObject("WinNT://" & strComputer & "")

    For Each objItem in colItems
       
    objFile
    .WriteLine strComputer & ";" & objItem.Disabled & ";" & objItem.SID

       
    'Wscript.Echo "Account Type: " & objItem.AccountType
       
    'Wscript.Echo "Caption: " & objItem.Caption
       
    'Wscript.Echo "Description: " & objItem.Description
       
    'Wscript.Echo "Disabled: " & objItem.Disabled
       
    'Wscript.Echo "Domain: " & objItem.Domain
       
    'Wscript.Echo "Full Name: " & objItem.FullName
       
    'Wscript.Echo "Local Account: " & objItem.LocalAccount
       
    'Wscript.Echo "Lockout: " & objItem.Lockout
       
    'Wscript.Echo "Name: " & objItem.Name
       
    'Wscript.Echo "Password Changeable: " & objItem.PasswordChangeable
       
    'Wscript.Echo "Password Expires: " & objItem.PasswordExpires
       
    'Wscript.Echo "Password Required: " & objItem.PasswordRequired
       
    'Wscript.Echo "SID: " & objItem.SID
       
    'Wscript.Echo "SID Type: " & objItem.SIDType
       
    'Wscript.Echo "Status: " & objItem.Status
       
    'Wscript.Echo
    Next



    end if
    objRecordSet
    .MoveNext
    Loop

    objFile.WriteLine "Complete"

    --

    This was on the thread: http://social.technet.microsoft.com/Forums/en/ITCG/thread/3aa4d428-2531-4e1c-82f1-9af203773a56

    However, do I need to edit a paramter anywhere in the code to specify our domain? Please keep your answers basic.


    It doesnt seem to work. It ran for 5 hours and created an almost 500Mb notepad file. In the end I cancelled it, opened the file and it just lists thousands of rows of just

    ;;;;

    ;;;;

    Any assistance welcome.

    Friday, February 24, 2012 9:06 AM

Answers

  • The following line needs to be changed for your domain (e.g. domain = "DC=ABC,DC=COM")

    domain = "DC=Domain,DC=Com"

    Regards qSilverx

    • Marked as answer by cf090 Friday, February 24, 2012 2:44 PM
    Friday, February 24, 2012 11:30 AM

All replies

  • The following line needs to be changed for your domain (e.g. domain = "DC=ABC,DC=COM")

    domain = "DC=Domain,DC=Com"

    Regards qSilverx

    • Marked as answer by cf090 Friday, February 24, 2012 2:44 PM
    Friday, February 24, 2012 11:30 AM
  • Thanks qSilverx

    If our domain was called "mydomain.net", how would it need entering on that line?

    would it be:

    domain = "DC=mydomain, DC=net"

    ?

    Friday, February 24, 2012 12:09 PM
  • domain = "DC=mydomain,DC=net"

    No spaces

    Friday, February 24, 2012 12:16 PM
  • domain = "DC=mydomain,DC=net"

    No spaces

    Thanks it worked fine. Can you see anything in the code that would limit it to just query servers? I wanted it to do everything in the domain if possible, i.e. both servers and workstations, but it completes and only seems to report on servers, no workstations. Any ideas?

    Friday, February 24, 2012 2:17 PM
  • objCommand.CommandText = _
    "SELECT distinguishedName, Name, Location, operatingSystem, operatingSystemservicepack FROM " _
    & "'LDAP://" & domain & "' WHERE objectClass='computer' " _
    & "and operatingSystem = '*server*'"

    Above line indicates the operatingSystem attribute should contain 'server'.


    Regards qSilverx

    Friday, February 24, 2012 2:37 PM
  • objCommand.CommandText = _
    "SELECT distinguishedName, Name, Location, operatingSystem, operatingSystemservicepack FROM " _
    & "'LDAP://" & domain & "' WHERE objectClass='computer' " _
    & "and operatingSystem = '*server*'"

    Above line indicates the operatingSystem attribute should contain 'server'.


    Regards qSilverx

    Would it be as simple as changing that to:

    & "and operatingSystem = '*windows*'"

    If we just wanted to audit workstations?

    Or should I just delete that line of code?


    • Edited by cf090 Friday, February 24, 2012 2:40 PM
    Friday, February 24, 2012 2:39 PM
  • I would just remove the operatingsystem all together as it is not required at all. 
    Friday, February 24, 2012 2:41 PM
  • I dont think this script works. Ive set it running and for the first 50 machines it finds I get:

    The remote server machine does not exist or is unavailable

    I have pinged about 5 of these and get a response.

    Any ideas?

    Tuesday, February 28, 2012 2:41 PM