لطفا منتظر باشید ...
Hack 29 Check for Passwords that Never Expire
Here's a handy script that
makes it simple to find user accounts with nonexpiring
passwords.
User accounts set to never expire are sometimes
used for permanent employees of a company, while temporary employees
are assigned accounts that expire after a specified period of time.
Ever wish you could quickly and simply find out which user accounts
have their passwords set to never expire, along with the dates the
flags were set? Here is a sample script that accomplishes this and
more.
This script prompts for the desired domain, checks all user accounts
in the domain to see if their passwords are set to never expire, and
reports the date the flags were set. It then writes the output to
a CSV file called
PWDNeverExpired.csv, creating this file in the
same directory where the script itself is located. If the password is
not set to expire, the script instead records a
No and the date the password will expire.
The Code
To use the script, type it into Notepad (with Word Wrap turned off)
and save it with a .vbs extension
as
PWDNeverExpired.vbs:
' Set WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")
strVer = "Ver 1.0 "
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set oFile = FileSystem.CreateTextFile("PWDNeverExpired.csv", true)
' Pull Environment variables for domain/user
strDomain = WshShell.ExpandEnvironmentStrings("%USERDOMAIN%")
strUserName = WshShell.ExpandEnvironmentStrings("%USERNAME%")
strOS = WshShell.ExpandEnvironmentStrings("%OS%")
strMessage = strMessage & "Hit Cancel or enter a blank to quit"
strTitle = "Domain to Search"
'get resource domain name, domain default
UserDomain = InputBox(strMessage, strTitle, strDomain)
strMessage = "
strTitle = "
'strMessage = "Please enter the USER Login ID" & vbCrLf & vbCrLf & _
'"Default is: " & strUserName & vbCrLf & vbCrLf
'strMessage = strMessage & "Hit Cancel or enter a blank to quit"
'strTitle = "USER Login ID"
'get resource domain name, domain default via input box
'objUserName = InputBox(strMessage, strTitle, strUserName)
' Display Just a minute!
strMessage = "This may take a few seconds. . ."
WshShell.Popup strMessage,2,"One moment please. . . "
strMessage = "
Set ObjDomain = GetObject("WinNT://" & UserDomain)
ObjDomain.Filter = Array("User")
For Each ObjUser In ObjDomain
'Attempt to bind to the user
'Set objUser = GetObject("WinNT://"& UserDomain &"/"& objUser.Name, user)
Set UserName = GetObject("WinNT://" & UserDomain & "/" & ObjUser.Name & _ ",User")
' Is password set to NEVER expire?
objPwdExpires = UserName.Get("UserFlags")
If (objPwdExpires And &H10000) <> 0 Then
objPwdExpiresTrue = "Yes"
strPwdExpires = "Date Set: "
msgPwdExpires = "Password Set to Never Expire: "
Else objPwdExpiresTrue = "No"
strPwdExpires = "Password Expires: "
msgPwdExpires = "Password Set to Never Expire: "
End If
oFile.WriteLine (UserName.fullname & "," & UserName.name & ","
& _ msgPwdExpires & objPwdExpiresTrue & "," & strPwdExpires & _
objUser.PasswordExpirationDate)
'Wscript.Echo "Full Name: " & UserName.fullname & vbCrlf &_
'"Account Name: " & UserName.name & vbCrlf &_
'msgPwdExpires & objPwdExpiresTrue & vbCrlf &_
'strPwdExpires & objUser.PasswordExpirationDate & vbCrlf
Set UserName = Nothing
Next
Wscript.Echo "Done Cheking Accounts"
Running the Hack
To run this hack, simply create a shortcut to the script and
double-click on the shortcut. Figure 3-4 shows
a sample CSV output file for the
script, viewed in Excel.
Figure 3-4. Sample output from running PWDNeverExpired.vbs
Hans Schefske
