using tclib library to change passwords - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » using tclib library to change passwords

Page 1 of 1

Topic Options

#183698 - 2007-12-16 01:10 AM using tclib library to change passwords
brewdude6 brewdude6 Hey THIS is FUN Registered: 2000-10-21 Posts: 280 Loc: Nashville, TN	I'm trying to use this code to change passwords for a user if a task is scheduled on the system by that user. For testing purposes, I'm trying to change the user as well. I'm getting the error : TRIGGER : Array name undefined! for each task in the arrray. I'm pretty sure all arrays have been named. Any help would be appreciated. Code: Call @SCRIPTDIR + '\tcLib.kxf' $Tasks = tcGetTasks($target) For Each $Task in $Tasks tcInit(1) tcGetEvent($target, $Task) If InStr($a_tcTASK[20], $olduser) tcSetEventCredentials($target, $Task, $newuser, $password) EndIf Next _________________________ I could have made a neat retort but didn't, for I was flurried and didn't think of it till I was downstairs. -Mark Twain
Top

#183699 - 2007-12-16 06:23 AM

Re: using tclib library to change passwords [Re: brewdude6]

Glenn Barnas Offline

KiX Supporter

Registered: 2003-01-28
Posts: 4401
Loc: New Jersey

You need to call tcInit() before you call any tcLib functions. tcInit() will declare the arrays the first time it is called, and initialize them with appropriate values on each subsequent call. Simply follow the Call statement with a tcInit() function call and your problem will be resolved.

You're calling the tcGetTasks without an initial call to tcInit. The real problem is that tcInit not only initializes the task arrays, but several common parameters, such as the location of JT.EXE.

Glenn

PS - here's an example script that will gather the tasks from a remote system, locate tasks with a specific user ID and change the credentials:


break on
 
; Define the old/new credentials 
$OldUser = 'OldUser'
$NewUser = 'NewUser'
$NewPass = 'password123'	
 
; Must be the correct path, such as '.\tclib.kxf' or 'c:\lib\tclib.kxw' 
Call 'C:\Local\Lib\tclib.kxf'
; Always follow the library load with a tcInit to define all the constants and arrays 
tcInit()
 
; Define ONE computer to test the code 
; Once it has been tested, wrap the code between the START and END tags with code 
; to enumerate a list (array or file contents) of computers 
$Computer = 'TestServer'
 
; ## START ## 
  $Events = tcGetTasks($Computer)
  @SERROR ?
  For Each $Event in $Events
    'Processing ' $Event ?
    tcInit(1)
    tcGetEvent($Computer, $Event)
    ' Current UserID: ' $a_tcTask[20] ?
    If $a_tcTask[20] = $OldUser
      tcSetEventCredentials($Computer, $Event, $NewUser, $NewPass)
    EndIf
  Next
 
; ## END ##

_________________________
Actually I am a Rocket Scientist! $\:D$

Top

#183718 - 2007-12-16 04:14 PM Re: using tclib library to change passwords [Re: Glenn Barnas]
brewdude6 brewdude6 Hey THIS is FUN Registered: 2000-10-21 Posts: 280 Loc: Nashville, TN	Thanks Glenn! I used your example and this seemingly works, but there must be something within task scheduler that I don't understand. I put a print statement before the "tcSetEventCredentials" call and an @serror? immediately following. The command did complete successfully for the task I was testing. There must be a flaw in the way I'm trying to test though. I'm looking for tasks that are running as local administrator, if I find any, I'm changing those to a bogus password and then trying to start the task after the script runs. I'm still able to run the task. I'm wondering if it's because the currently logged in users credentials can run the task? _________________________ I could have made a neat retort but didn't, for I was flurried and didn't think of it till I was downstairs. -Mark Twain
Top

#183725 - 2007-12-16 05:27 PM Re: using tclib library to change passwords [Re: brewdude6]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4401 Loc: New Jersey	Were the tasks originally created with "AT.exe"? While all versions of the task scheduler support AT, the later tools like JT and SCHTASK can't always reliably read the parameters of AT. Also - AT did not specify user credentials - it runs in the context of the local SYSTEM account. It's possible that you aren't really updating the task parameters completely. If you aren't sure, I'd read and display the task parameters to make sure the JT based library can read the data values. If they look OK, just update the UID and PWD parameters with tcDefineTask("UID=user PWD=passwd). Then, delete the task ( tcDelEvent() ) and re-save it ( tcSetEvent() ). This way, you'll know that it has the correct format to be managed moving forward. We depreacated the use of AT years ago, so I really haven't done too much testing for backward compatibility. Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#183730 - 2007-12-16 06:24 PM Re: using tclib library to change passwords [Re: Glenn Barnas]
brewdude6 brewdude6 Hey THIS is FUN Registered: 2000-10-21 Posts: 280 Loc: Nashville, TN	Definitely not AT tasks. I had just created the task to run calc.exe as the local administrator account. I set the script to change the password for that user within the task to a bogus password but the task can still run even though I've set the incorrect password. Next step is to do what you say and display the JT parameters. _________________________ I could have made a neat retort but didn't, for I was flurried and didn't think of it till I was downstairs. -Mark Twain
Top

#183732 - 2007-12-16 06:33 PM Re: using tclib library to change passwords [Re: brewdude6]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4401 Loc: New Jersey	This will dump the arrays: Code: ; Obvious: For $ = 0 to 26 $ ' - ' $a_tcTASK[$] ? Next ; slightly less obvious: For $Trig = 0 to 9 ; Only display triggers that are defined If $a_tcTRIG[$Trig, 10] <> "F" 'Processing trigger ' $Trig + 1 ? For $ = 0 to 10 $ ' - ' $a_tcTRIG[$Trig, $] ? Next EndIf Next Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#183943 - 2007-12-19 04:36 PM Re: using tclib library to change passwords [Re: Glenn Barnas]
brewdude6 brewdude6 Hey THIS is FUN Registered: 2000-10-21 Posts: 280 Loc: Nashville, TN	Thanks Glenn. This has been working the whole time, you just can't set a password to a bogus password. I suppose that error is not trapped anywhere. Thanks for you help. _________________________ I could have made a neat retort but didn't, for I was flurried and didn't think of it till I was downstairs. -Mark Twain
Top

#183945 - 2007-12-19 05:28 PM Re: using tclib library to change passwords [Re: brewdude6]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4401 Loc: New Jersey	I'll review the code and see if JT returns an error that I can pass back. I never tried to use bad passwords, but realize now that you can't use invalid credentials, even with the GUI, as it validates it on saving. Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#184028 - 2007-12-20 04:02 PM Re: using tclib library to change passwords [Re: Glenn Barnas]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4401 Loc: New Jersey	Getting to the bottom of this... I used the script in my first post to search for a task event with my userID - one I had just created to test this. I then ran the script - the only modifications were to search for my userID, and to query my test server. Here's the results: Code: TECHSERV14 - C:\temp>jt.exe /SM \issp01 /SAC "test" /SC "NewUser" "pass word123" [TRACE] Setting target computer to '\\issp01' [TRACE] Activating job 'test' [TRACE] Setting account information [FAIL ] IPersistFile::Save hr=0x80041310 TECHSERV14 - C:\temp>echo %ERRORLEVEL% 0 Clearly, JT is issuing an error MESSAGE, but is not setting its EXIT CODE. The hex message does translate to "Unable to establish existence of the account specified", so this does make sense. It will take some significant (ie - more than 30 minutes) effort to rewrite the calls to JT to properly parse the messages. I'll probably have time to do this over the holiday week coming up. If you need a quick fix, you can edit the USER DEFINED lines in the tcInit() function - specifically - $tcOUTPUT = ' >"NUL:"' Change "NUL:" to a path, or even a pipeline. Something like $tcOUTPUT = ' \|find "[FAIL ]" >"C:\temp\tcOUT.txt"' With this example, the tcOUT.txt file will be empty on success, and contain the error message on failure. I'll have to rethink some of the error handling methods in the library, as there are some custom messages that need to be taken into account. Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#184197 - 2007-12-23 04:27 PM Re: using tclib library to change passwords [Re: Glenn Barnas]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4401 Loc: New Jersey	Well - I've resolved the JT error message issue, and now properly get an Error 5 (Access Denied) when trying to save an event with an invalid password. I reworked how JT is invoked, now using WSH, so it's faster as a side benefit, and no more need for intermediate files. Another cool thing is you can define $tcOUTPUT now, and it will write the JT command lines and the results to the file specified by $tcOUTPUT! Really helps in troubleshooting, or just understanding what JT does and how it works (not to mention seeing how truly complex the JT command lines are!) I'll be running regression tests on the library for a day or so, and have updated most of the documentation and samples to reflect the new error handling methods. I should have version 1.1 posted here and on my web site by the end of the week. Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

Page 1 of 1

Previous Topic View All Topics

Index Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org