Macros
asked on
Command line for Bad logon attempt count.
I want to check the bad logon attempt count for users on the network without running a full report (ie Bindview)
Is there a command I can run from the cmd line?
Steve
Is there a command I can run from the cmd line?
Steve
You could turn on auditing in NT and bad logon attemps will show up in your security log. Just make sure you configure auditing so that every single security event is not logged.
If you have ADSI 2.5 installed, it should be possible to get this info with this little script:
'MyScript.vbs
set oArgs = WScript.Arguments
set oUsr = GetObject("WinNT://MyDomai
WScript.Echo oUsr.BadLoginCount
You run this with this cmd:
myscript.vbs Username
'MyScript.vbs
set oArgs = WScript.Arguments
set oUsr = GetObject("WinNT://MyDomai
WScript.Echo oUsr.BadLoginCount
You run this with this cmd:
myscript.vbs Username
ASKER
I tried that script (I have ADSI 2.5 installed) but I get an error:
The Active Directory property cannot be found in the cache.
in line 3 column 0. I've checked for typos - none and I put in the name of our domain but no joy. Any ideas?
The Active Directory property cannot be found in the cache.
in line 3 column 0. I've checked for typos - none and I put in the name of our domain but no joy. Any ideas?
I'm myself quite new to VBScript and at the moment I have no access to the domain (as I had yesterday evening - TZ=MET), so I can't check it. But I've found a sample script, that lists some other properties and it doesn't differ much from mine. So I suspect, there is either a problem with oArgs(0) - it's a zero - or there is a wrong argument (username), this has to be the SAM name, not the full name. It's also possible, that BadLoginCount isn't a supported property (though not listed as unsupported). And "WinNT" has to be written exactly this way
set oArgs = WScript.Arguments
wscript.echo chr(34) & oArgs(0) & chr(34)
if you run
myscript.vbs jsmith
the messagebox should display : "jsmith" (no spaces)
And here is the other sample (as I see it, the only difference is that I used the optional argument "user", which defines the object class - and mine was quick and dirty, not so nice formatted):
Set UserObj = GetObject("WinNT://" & DomainString & "/" & lstrUserName)
wscript.echo "UserAuthor: " & UserObj.Name
wscript.echo "Full Author: " & UserObj.FullName
wscript.echo "Login ~~Script~~. " & UserObj.LoginScript
wscript.echo "Description: " & UserObj.Description
wscript.echo "Home Directory: " & UserObj.HomeDirectory
wscript.echo "Profile Path: " & UserObj.Profile
wscript.echo "Account Locked: " & UserObj.IsAccountLocked
wscript.echo "Account Disabled: " & UserObj.AccountDisabled
btw: if you use the "user" argument, no space is allowed between the comma and user.
set oArgs = WScript.Arguments
wscript.echo chr(34) & oArgs(0) & chr(34)
if you run
myscript.vbs jsmith
the messagebox should display : "jsmith" (no spaces)
And here is the other sample (as I see it, the only difference is that I used the optional argument "user", which defines the object class - and mine was quick and dirty, not so nice formatted):
Set UserObj = GetObject("WinNT://" & DomainString & "/" & lstrUserName)
wscript.echo "UserAuthor: " & UserObj.Name
wscript.echo "Full Author: " & UserObj.FullName
wscript.echo "Login ~~Script~~. " & UserObj.LoginScript
wscript.echo "Description: " & UserObj.Description
wscript.echo "Home Directory: " & UserObj.HomeDirectory
wscript.echo "Profile Path: " & UserObj.Profile
wscript.echo "Account Locked: " & UserObj.IsAccountLocked
wscript.echo "Account Disabled: " & UserObj.AccountDisabled
btw: if you use the "user" argument, no space is allowed between the comma and user.
ASKER
It seems that BadLoginCount isn't supported. Other scripts (including your test echo) work fine. I still get the same error in line 3.
So do I. I logged on and supplied a wrong password in order to initialize this count, but no joy.
In my ADSI docu it is explicitly stated as supported by the WinNT provider, but on every page I have this line:
[This is preliminary documentation and subject to change.]
So maybe BadLoginCount isn't supported. Sorry.
I'll check, if there is a newer docu on msdn.microsoft.com (or maybe an additional article that deals with it)
In my ADSI docu it is explicitly stated as supported by the WinNT provider, but on every page I have this line:
[This is preliminary documentation and subject to change.]
So maybe BadLoginCount isn't supported. Sorry.
I'll check, if there is a newer docu on msdn.microsoft.com (or maybe an additional article that deals with it)
Nothing changed on MSDN. I have no idea why this property doesn't work.
I will try to get or write a script, that lists all supported properties of the user object. But since I have to do some other work too, it will last some time.
A good source for NT scripts is http://cwashington.reachnet.net.
I will try to get or write a script, that lists all supported properties of the user object. But since I have to do some other work too, it will last some time.
A good source for NT scripts is http://cwashington.reachnet.net.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nice of them to actually tell people when they move the goalposts. That works fine. I can tweak the script now to my own format.
Thanks for all the help schmiegu.
Thanks for all the help schmiegu.