none
OpenDSObject 10 second wait for validation of user credentials RRS feed

  • Question

  • Hello,

    I'm trying to validate user credentials locally, not on a domain, on a PC running Windows 7 Pro x64 (fully patched).

    The following code works, but it takes 10 seconds to see the MsgBox. (The same wait was confirmed in a Windows 7 Home Premium x64 VM. In a Windows XP Pro SP3 VM, the same code takes less than a second to run.) What's the reason for the wait under Windows 7? Can it be avoided?

    regards, AndyA

    Dim oIADS
    Dim oNetWk : Set oNetwk = CreateObject("WScript.Network")
    Dim strAdminUserName : strAdminUserName = "admin_name_here"
    Dim strAdminPassword : strAdminPassword = "admin_pw_here"
    Dim intErrNum

    Const ADS_SECURE_AUTHENTICATION = 1

    On Error Resume Next

     Set oIADS = GetObject("WinNT:").OpenDSObject("WinNT://" &_
      oNetWk.ComputerName & "/" &_
      strAdminUserName & ",user", strAdminUserName, strAdminPassword, _
      ADS_SECURE_AUTHENTICATION)

     intErrNum = Err.Number

    On Error Goto 0

    If intErrNum = 0 then
     MsgBox "The credentials are OK"
    Else
     MsgBox "The credentials are bad; the error number is: " & intErrNum
    End If



    • Edited by AAronoff Tuesday, April 29, 2014 11:37 AM
    Tuesday, April 29, 2014 11:34 AM

Answers

All replies

  • Couple of things.

    You cannot validate to the local system.  This only works remotely do to the restriction on local access/impersonation.

    This is a simpler, less squirelly version.  Try it remotely.  When it succeeds it is very fast against any system.  When it fails it takes from 3 to 10 seconds on any system.

    strAdminUserName = "testuser"
    strAdminPassword = "testpassword"
    strComputer = "someremotepc"  ' cannot be local system
    
    On Error Resume Next
    Set oIADS = GetObject("WinNT:").OpenDSObject("WinNT://" & strComputer & "/" & strAdminUserName & ",user", strAdminUserName, strAdminPassword, 1) 'ADS_SECURE_AUTHENTICATION)
    If Err Then  
        MsgBox Err.Description
    Else
        MsgBox "Validated"
    End If
    


    ¯\_(ツ)_/¯

    Tuesday, April 29, 2014 11:59 AM
  • Thanks for your reply.

    Am I correct to assume, then, that there is no means to quickly validate via script to the local system under Windows 7 x64? (Again, it's fast under XP.)

    regards, AndyA

    Wednesday, April 30, 2014 1:21 PM
  • Try adding the domain or workgroup name to the WinNT path.

    -- Bill Stewart [Bill_Stewart]

    Wednesday, April 30, 2014 2:45 PM
    Moderator
  • Thanks, Bill, that works very well. Correct credentials are acknowledged immediately. Incorrect credentials incur a delay of several seconds, but that's a reasonable penalty for a rare occurrence.

    For form, here's the revised OpenDSObject statement section:

    Dim colOS, oOS, strWorkGroup

    Set colOS = GetObject("winmgmts:root\cimv2").ExecQuery _
     ("Select * from Win32_ComputerSystem")

    For Each oOS In colOS
     strWorkGroup = oOS.Domain : Exit For
    Next

    On Error Resume Next

     Set oIADS = GetObject("WinNT:").OpenDSObject("WinNT://" &_
       strWorkGroup & "/" & oNetWk.ComputerName & "/" &_
       strAdminUserName & ",user", strAdminUserName, strAdminPassword, _
       ADS_SECURE_AUTHENTICATION)

     intErrNum = Err.Number

    On Error Goto 0

    regards, AndyA

    • Edited by AAronoff Wednesday, April 30, 2014 5:05 PM
    Wednesday, April 30, 2014 5:02 PM
  • That still won't work locally in a workgroup on Windows 7 or later.

    I have no issues with this:

    Set oIADS = GetObject("WinNT:").OpenDSObject("WinNT://" & strComputer & "/" & strAdminUserName & ",user", strAdminUserName, strAdminPassword, 1) 'ADS_SECURE_AUTHENTICATION)

    On Windows 7 it is fast except when the account  authentication fails.  Adding the extra computername into the path causes a path not found failure in a workgroup.


    ¯\_(ツ)_/¯

    Wednesday, April 30, 2014 5:30 PM
  • You said:
    That still won't work locally in a workgroup on Windows 7 or later.

    The code I posted using Bill's suggestion is working locally in a workgroup on Windows 7 Pro x64. I found that your code was not fast -- there was a delay of 5-10 seconds when authentication succeeded. That's why I posted my followup question, which Bill answered. The addition of the workgroup name enabled an instantaneous response when authentication succeeded; I can accept a several-second delay when authentication fails.

    regards, AndyA

    Wednesday, April 30, 2014 6:04 PM
  • It fails faster but does not validate locally.  It will work when querying remote systems.  If you alter the local policies then it will work but the system will be less secure.


    ¯\_(ツ)_/¯

    Wednesday, April 30, 2014 6:27 PM
  • This code does nothing at all:

    Dim colOS, oOS, strWorkGroup 
    
    Set colOS = GetObject("winmgmts:root\cimv2").ExecQuery _
      ("Select * from Win32_ComputerSystem") 
    
    For Each oOS In colOS
      strWorkGroup = oOS.Domain : Exit For
     Next
    
    On Error Resume Next
    
     Set oIADS = GetObject("WinNT:").OpenDSObject("WinNT://" &_
        strWorkGroup & "/" & oNetWk.ComputerName & "/" &_
        strAdminUserName & ",user", strAdminUserName, strAdminPassword, _
        ADS_SECURE_AUTHENTICATION)
    
     intErrNum = Err.Number
    
    On Error Goto 0
    

    It just runs a terminates very quickly.


    ¯\_(ツ)_/¯

    Wednesday, April 30, 2014 6:29 PM
  • Take out the On Error and it fails quickly:

    Dim colOS, oOS, strWorkGroup 
    
    Set colOS = GetObject("winmgmts:root\cimv2").ExecQuery _
      ("Select * from Win32_ComputerSystem") 
    
    For Each oOS In colOS
      strWorkGroup = oOS.Domain : Exit For
     Next
    
    
     Set oIADS = GetObject("WinNT:").OpenDSObject("WinNT://" &_
        strWorkGroup & "/" & oNetWk.ComputerName & "/" &_
        strAdminUserName & ",user", strAdminUserName, strAdminPassword, _
        ADS_SECURE_AUTHENTICATION)
    
    

    test.vbs(24, 2) Microsoft VBScript runtime error: Object required: 'oNetWk'


    I cannot see what good that does.


    ¯\_(ツ)_/¯

    Wednesday, April 30, 2014 6:30 PM
  • This works but it only works for admin accounts:

    strAdminUserName = "admin"
    strAdminPassword = "adminpwd"
    strUsertofind = "xxxxx"
    
    strComputer = CreateObject("WScript.Network").ComputerName
    Set colOS = GetObject("winmgmts:root\cimv2").ExecQuery("Select * from Win32_ComputerSystem") 
    For Each oOS In colOS
      strWorkGroup = oOS.Domain
    Next
    
    strAdsPath= "WinNT://" & strWorkGroup & "/" & strComputer & "/" & strUsertofind
    On Error Resume Next
    Set oIADS = GetObject("WinNT:").OpenDSObject(strAdsPath & ",user", strAdminUserName, strAdminPassword, 1)
    If Err Then
        MsgBox Err.Description
    Else
        MsgBox "Account valid"
    End If
    
    

    When searching for a regular account it still takes 3 to 10 seconds to fail. If the account is found it is immediate.

    Doing it this way is actually faster for some reason.

    strAdsPath= "WinNT://" & strWorkGroup & "/" & strComputer & "/" & strUsertofind
    On Error Resume Next
    Set oIADS = GetObject("WinNT:").OpenDSObject(strAdsPath, strAdminUserName, strAdminPassword, 1)
    If Err Then
        MsgBox Err.Description
    Else
        MsgBox "Account valid"
    End If
    
    

    Note I removed ",user" which is no needed when using a full aDSPath.


    ¯\_(ツ)_/¯

    Wednesday, April 30, 2014 6:47 PM