×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

Hey, I found a better command,

WMIC USERACCOUNT WHERE "Name='PutUserNameHere' and Domain='PutDomainNameHere'" GET Lockout

The above command will get back a "FALSE" response. But one more question, if I run this command in VBScript, how can I get back the result "FLASE" inside the script?

~~~
set WshShell = CreateObject("WScript.Shell")
rc=WshShell.Run("WMIC USERACCOUNT WHERE 'Name='PutUserNameHere' and Domain='PutDomainNameHere'' GET Lockout")
#rc==0 if command success.
# How to get the command output here? If not writing to a file.
# I want to send an email if it's not "FLASE"
~~

Thanks.
Report

Replies, comments and Discussions:

  • 工作学习 / 专业技术讨论 / 如何写个VB程序看Windows domain ID是否被lock住了?
    Our application does not support Windows OS hibernate mode. That causes the domain ID used by our application being locked out frequently, due to maybe more than 3 times failed login.

    Security can't do anything else but ask ourselve to write a VB program to check the status of that domain ID, and send an email to ourselve if it's locked.

    I've done VB programming 5 years ago and know some basics. Can anyone tell me what kind of function is avaiable to do the above job, and how? Really appreciate if you can give an example code or point me to any resources on the web.

    Thanks a lot.
    • ADSI (Active Directory Service Interface) is a good choice, although most of cases are through VBScript. http://www.microsoft.com/technet/scriptcenter/guide/sas_vbs_dcot.mspx?mfr=true
      • Thanks but I don't think I can have any access to AD or any other servers. All what I can do is from client side.
        I am thinking of simply using the command "runas" to check if the account has been locked from my workstation.

        What's the VB object to run this "runas" command? Thanks.
    • you can use the sampe inside with little change. what you only need to do is to find out which bit in "userAccountControl" is locking flag.
      Const ADS_UF_ACCOUNTDISABLE = 2

      Set objUser = GetObject _
      ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
      intUAC = objUser.Get("userAccountControl")

      If intUAC AND ADS_UF_ACCOUNTDISABLE Then
      Wscript.Echo "The account is disabled"
      Else
      Wscript.Echo "The account is enabled"
      End If
      • I have no experience with LDAP. Question: will security allow me to inquire LDAP server like this? I mean if this small .vbs is running on my machine?
        • if you don't have permission, you can't do anything about it regardless what tool you use
          • See, I am thinking a different way.
            Look at this "runas" DOS command. All I want to do is write a .bat or .vbs to run this "runas" command and get back the response. I just don't know how to write such a script.

            C:\Documents and Settings\jihu>runas /user:BNS\JIHu notepad
            Enter the password for BNS\JIHu:
            Attempting to start notepad as user "BNS\JIHu" ...
            RUNAS ERROR: Unable to run - notepad
            1326: Logon failure: unknown user name or bad password.

            C:\Documents and Settings\jihu>
            • runas is not different than other executables, you just have to either hard-code password in script (not a good idea) or type in while it runs.
              • Thank you very much for all your help. But I just found out that "runas" is not scriptable.
                I am out of idea now.

                Do you know if there is an VB object which can do a logon to domain? See, we just need to mimic a logon and get the response, with script.
                • I didn't try it myself, but you should be able to do "runas" within vbscript by embeding it into anohter shell host. "runas /user:SAS\SAFSBILLING c:\windows\system32\cscript.exe c:\full_path\add_domainuser2localadmin.vbs"
                  google runas vbscript, there are plenty examples.
                  • That's great. Now I have a rough idea. Thank you so much.
                    rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)

                    I can check this rc.
      • Hey, I found a better command,
        WMIC USERACCOUNT WHERE "Name='PutUserNameHere' and Domain='PutDomainNameHere'" GET Lockout

        The above command will get back a "FALSE" response. But one more question, if I run this command in VBScript, how can I get back the result "FLASE" inside the script?

        ~~~
        set WshShell = CreateObject("WScript.Shell")
        rc=WshShell.Run("WMIC USERACCOUNT WHERE 'Name='PutUserNameHere' and Domain='PutDomainNameHere'' GET Lockout")
        #rc==0 if command success.
        # How to get the command output here? If not writing to a file.
        # I want to send an email if it's not "FLASE"
        ~~

        Thanks.
        • This /OUTPUT writes to the Windows CLIPBOARD, now I just need to find out how to get it from CLIPBOARD in VBS.
          C:\Documents and Settings\Owner>WMIC /OUTPUT:CLIPBOARD USERACCOUNT WHERE "Name='Owner'" get Lockout
          • Then found this from this URL, it works well.
            Set objIE = CreateObject("InternetExplorer.Application")
            objIE.Navigate("about:blank")
            strURL = objIE.document.parentwindow.clipboardData.GetData("text")
            objIE.Quit
            Wscript.Echo strURL
            • Now my job can be nicely done, and they are paying me thousands of dollars on this. Haha.
              • Shit, WMIC is not avaiable in Window2000. Have to use something else.