#91052 - 2003-01-16 02:50 PM
winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
I'm hoping someone can help me. The background to my problem is I need to restrict users on my domain to one login. It's a windows 2000 domain. Microsoft's recommended solution is to use Cconnect.exe which maintains a list of logged on users in an SQL database. But this list immediately becomes inacurate if a user doesn't loggof properly. with 15,000+ users many of them with basic IT skills only, resseting the logon count for people who dont loggof correctly will be a nightamre...
So I'm trying to write a Kix script which checks a particular drive share on a server to see if there is a session from that user already and if so logs them off. The following works fine for me.
$lanserv = GetObject("WinNT://servername/LanmanServer")
if @error <> 0 ? @error + " / " @serror else for each $session in $lanserv.sessions if $session.user = "username" logoff(1) end if next endif
But normal users dont have permissions to access the winNT object on the server.
Is there a way to specify a username to use when connecting to the object? Anyone have any ideas? Help would be very much appreciated!
Thanx Talwyn
|
Top
|
|
|
|
#91054 - 2003-01-16 03:00 PM
Re: winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
Ahhh I forgot to mention....
With 10,000+ shares (approximately) windows NT4, Windows 2000, (and probably win .NET) blue screens, because the size of the .system registry file becomes too big to load into memory when the server boots up (16mb limit for registry and kernel at that point - yes shit i know!)
So i've had to use DFS, hence can't use the "oldest trick in the book", but thank you anyway!!
|
Top
|
|
|
|
#91056 - 2003-01-16 03:09 PM
Re: winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
heheh, yes i'm running WINS, I will give that a try, thanx.
|
Top
|
|
|
|
#91058 - 2003-01-16 04:21 PM
Re: winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
Thanks again... but I don't see how it is going to work. When I try nbtstat on both the first and second machine i log onto i get the same result, it says my username is registered. Also when I check the WINS server database, while it does only have one record it is updated by the last machine i logged onto. So there is no way (that I can see) of determining from WINS if I am logged on elsewhere....?
|
Top
|
|
|
|
#91060 - 2003-01-16 04:29 PM
Re: winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
No it's not, it is pointing to the LAST computer i logged onto....
|
Top
|
|
|
|
#91062 - 2003-01-16 04:39 PM
Re: winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
Break on $ShellCMD='%comspec% /c NBTSTAT -S |FIND /I "<03>"|FIND /I " '+@UserID+' "' Shell $ShellCMD If not @Error '@@UersID - '+@UserID+' found!' EndIf get $_
Thats what I tried, and got the same output on both logged on PC's....
sigh
ahhh well, i guess it not me who will be resseting that SQL database with Cconnect.exe...
I just wont ever get invited to the pub by the helpdesk techies again...!
But back to my original query, is it possible at all to use different credentials to connect to that COM object?
|
Top
|
|
|
|
#91064 - 2003-01-16 04:45 PM
Re: winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
THAYES <03> Listening @UersID - thayes found!
thats the exact output... on both PC's
the computer names are TEH-1667 and BURNBABY repectively... so if thats what you mean, no the username is different from the computer name.
|
Top
|
|
|
|
#91066 - 2003-01-16 04:52 PM
Re: winNT:// object authentication.
|
Bonji
Starting to like KiXtart
Registered: 2001-09-28
Posts: 169
Loc: Virginia
|
You can run the script with different credentials by using RUNAS (WindowsXP). Other then that, I do not know of a way. However, this usually involves including the password in a script which is not preferred. I've seen information on a service that can be used to run scripts with different credentials as the service itself is initialized with the necessary ID.
Hope this helps.
-Ben http://www.rgcweb.org/kix
|
Top
|
|
|
|
#91067 - 2003-01-16 04:53 PM
Re: winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
Node IpAddress: [my IP address] Scope Id: []
NetBIOS Connection Table
Local Name State In/Out Remote Host Input Output
----------------------------------------------------------------------------
TEH-1667 <03> Listening THAYES <03> Listening
Exactly the same on the second machine only differing on the IP and name of the machine.
|
Top
|
|
|
|
#91069 - 2003-01-16 05:41 PM
Re: winNT:// object authentication.
|
ItsaCat
Fresh Scripter
Registered: 2003-01-16
Posts: 9
|
Thanx Ben for the idea,
I think you mean srvany.exe which runs an application as a service, but I would have the same problem in that the user would then need permissions to start the service to run the script.
RunAs is included in windows 2000 too, but it doesn't allow you to put the password in as a parameter using the command line. I am going to try and get kix to pass it over using SENDKEYS.
T
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
1 registered
(Allen)
and 466 anonymous users online.
|
|
|