Page 1 of 1 1
Topic Options
#91052 - 2003-01-16 02:50 PM winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
I'm hoping someone can help me. The background to my problem is I need to restrict users on my domain to one login. It's a windows 2000 domain. Microsoft's recommended solution is to use Cconnect.exe which maintains a list of logged on users in an SQL database. But this list immediately becomes inacurate if a user doesn't loggof properly. with 15,000+ users many of them with basic IT skills only, resseting the logon count for people who dont loggof correctly will be a nightamre...

So I'm trying to write a Kix script which checks a particular drive share on a server to see if there is a session from that user already and if so logs them off. The following works fine for me.

$lanserv = GetObject("WinNT://servername/LanmanServer")

if @error <> 0
? @error + " / " @serror
else
for each $session in $lanserv.sessions
if $session.user = "username"
logoff(1)
end if
next
endif

But normal users dont have permissions to access the winNT object on the server.

Is there a way to specify a username to use when connecting to the object? Anyone have any ideas? Help would be very much appreciated!

Thanx
Talwyn

Top
#91053 - 2003-01-16 02:53 PM Re: winNT:// object authentication.
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
The oldest trick in the book is to limit the number of users on their homeshare. Then just see if their homeshare mapped OK and if not log them off.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#91054 - 2003-01-16 03:00 PM Re: winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
Ahhh I forgot to mention....

With 10,000+ shares (approximately) windows NT4, Windows 2000, (and probably win .NET) blue screens, because the size of the .system registry file becomes too big to load into memory when the server boots up (16mb limit for registry and kernel at that point - yes shit i know!)

So i've had to use DFS, hence can't use the "oldest trick in the book", but thank you anyway!!

Top
#91055 - 2003-01-16 03:06 PM Re: winNT:// object authentication.
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I can't believe you'd have 10,000 shares on one server!

The second oldest trick, albeit less accurate, is to query WINS with NBTSTAT for the UserID. WINS only allows one UserID so if it doesn't return one for the PC you cann assume:
1. the user haqsn't logged off
2. there is another user with the same NetBIOS name
3. the record hasn't aged out of WINS

Don't tell me... you're running without WINS...

This topic has been discussed several times. Try using the search tools.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#91056 - 2003-01-16 03:09 PM Re: winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
heheh, yes i'm running WINS, I will give that a try, thanx.
Top
#91057 - 2003-01-16 03:26 PM Re: winNT:// object authentication.
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Well, seeing as you laugh at my humor...

Topic: Roaming profile

BTW, Welcome to the board.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#91058 - 2003-01-16 04:21 PM Re: winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
Thanks again... but I don't see how it is going to work. When I try nbtstat on both the first and second machine i log onto i get the same result, it says my username is registered. Also when I check the WINS server database, while it does only have one record it is updated by the last machine i logged onto. So there is no way (that I can see) of determining from WINS if I am logged on elsewhere....?
Top
#91059 - 2003-01-16 04:24 PM Re: winNT:// object authentication.
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
IIRC, the WINS entry will point to the first computer a user logged into. The NET SEND is using this to resolve where to send a message to. If you are logged into two computers at the same time, then the computer where you logged into the first time will receive the NET SEND message.
_________________________
There are two types of vessels, submarines and targets.

Top
#91060 - 2003-01-16 04:29 PM Re: winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
No it's not, it is pointing to the LAST computer i logged onto....
Top
#91061 - 2003-01-16 04:31 PM Re: winNT:// object authentication.
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
DOn't know what to say... it works for me. Have you modified the code?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#91062 - 2003-01-16 04:39 PM Re: winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
Break on
$ShellCMD='%comspec% /c NBTSTAT -S |FIND /I "<03>"|FIND /I " '+@UserID+' "'
Shell $ShellCMD
If not @Error
'@@UersID - '+@UserID+' found!'
EndIf
get $_

Thats what I tried, and got the same output on both logged on PC's....

sigh [Frown]

ahhh well, i guess it not me who will be resseting that SQL database with Cconnect.exe... [Smile]

I just wont ever get invited to the pub by the helpdesk techies again...!

But back to my original query, is it possible at all to use different credentials to connect to that COM object?

Top
#91063 - 2003-01-16 04:41 PM Re: winNT:// object authentication.
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
what do you get... 'found' or nothing?
Is the userID in the computername?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#91064 - 2003-01-16 04:45 PM Re: winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
THAYES <03> Listening
@UersID - thayes found!

thats the exact output... on both PC's

the computer names are TEH-1667 and BURNBABY repectively... so if thats what you mean, no the username is different from the computer name.

Top
#91065 - 2003-01-16 04:49 PM Re: winNT:// object authentication.
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Spark up a DOS box and enter:
NBTSTAT -S

What does it show?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#91066 - 2003-01-16 04:52 PM Re: winNT:// object authentication.
Bonji Offline
Starting to like KiXtart

Registered: 2001-09-28
Posts: 169
Loc: Virginia
You can run the script with different credentials by using RUNAS (WindowsXP). Other then that, I do not know of a way. However, this usually involves including the password in a script which is not preferred. I've seen information on a service that can be used to run scripts with different credentials as the service itself is initialized with the necessary ID.

Hope this helps.

-Ben
http://www.rgcweb.org/kix

Top
#91067 - 2003-01-16 04:53 PM Re: winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
Node IpAddress: [my IP address] Scope Id: []

NetBIOS Connection Table

Local Name State In/Out Remote Host Input Output

----------------------------------------------------------------------------

TEH-1667 <03> Listening
THAYES <03> Listening

Exactly the same on the second machine only differing on the IP and name of the machine.

Top
#91068 - 2003-01-16 05:03 PM Re: winNT:// object authentication.
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I'm stumped... anyone?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#91069 - 2003-01-16 05:41 PM Re: winNT:// object authentication.
ItsaCat Offline
Fresh Scripter

Registered: 2003-01-16
Posts: 9
Thanx Ben for the idea,

I think you mean srvany.exe which runs an application as a service, but I would have the same problem in that the user would then need permissions to start the service to run the script.

RunAs is included in windows 2000 too, but it doesn't allow you to put the password in as a parameter using the command line. I am going to try and get kix to pass it over using SENDKEYS.

T

Top
#91070 - 2003-01-16 05:47 PM Re: winNT:// object authentication.
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
RunAs and SendKeys() is a security risk unless you encrypt. There is an wrapper for RunAS in the PD and/or AutoIT in place of SendKeys.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#91071 - 2003-01-22 11:56 PM Re: winNT:// object authentication.
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
I have had luck using RunAS in conjuntion with SendKeys and then using the KixCrypt.exe program to convert it to an .exe file. You can search the board and find all kinds of stuff on KixCrypt.exe.
Top
Page 1 of 1 1


Moderator:  Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.099 seconds in which 0.051 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org