Solved

Get Current Users SID

Posted on 2008-06-12
24
3,117 Views
Last Modified: 2012-06-27
I'm looking for a script that can get the current logged on users SID and present into a variable to be called from a DOS program.
0
Comment
Question by:S31B1
  • 10
  • 7
  • 4
  • +1
24 Comments
 
LVL 16

Expert Comment

by:Dale Harris
Comment Utility
I have a script that tells you who's logged into a computer and you supply the computer name to look for.  It can be done locally as well if you type in (.) period.  It presents it as "Domain\user" or "computername\user".  If you want, I can pass that on and it might get you further in your quest.

-Dale Harris
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 100 total points
Comment Utility
Hi, you can download GetSID.exe tool from here:
http://download.microsoft.com/download/win2000platform/Getsid/1.0/NT5/EN-US/getsid.exe

Then this VBS script will get the SID of a user account that you specify.  You can use VBS to do whatever you need with the SID.

Regards,

Rob.
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objShell = CreateObject("WScript.Shell")

strGetSID = "C:\Temp\Scripts\GetSID\GetSID.exe"

strGetSID = objFSO.GetFile(strGetSID).ShortPath

strServer = InputBox("Enter a server name to obtain the SID from:", "Server", objShell.ExpandEnvironmentStrings("%LOGONSERVER%"))

If Left(strServer, 2) <> "\\" Then strServer = "\\" & strServer

strUser = InputBox("Enter a user to obtain the SID of:", "User", objShell.ExpandEnvironmentStrings("%USERNAME%"))

Set objExec = objShell.Exec(strGetSID & " " & strServer & " " & strUser & " " & strServer & " " & strUser)

While objExec.Status = 0

	WScript.Sleep 100

Wend

strOutput = objExec.StdOut.ReadAll

If InStr(strOutput, "can't be found") > 0 Then

	MsgBox "\\" & strServer & "\" & strUser & " was not found."

Else

	strSID = Mid(strOutput, InStrRev(strOutput, " is ") + 4)

	MsgBox strSID

End If

Open in new window

0
 
LVL 4

Author Comment

by:S31B1
Comment Utility
@DaleHarris
I think I'm going to need that script!

If I combine it with the script presented by the second poster I can hopefully get closer to what I need to do!
0
 
LVL 16

Assisted Solution

by:Dale Harris
Dale Harris earned 150 total points
Comment Utility
Like I said, this script is pulled randomly from the Net, I have no idea who created it.  I don't claim to have made this.  Although I have modified it for my own uses.  IP's don't work with it, only computer names :(
If you input the . (period) symbol, you will be checking against your own local computer.

Good luck :)

-Dale Harris

Feel free to make any changes.
'VBS Script

'Rename as Who is logged in.vbs (optional name for the file)

Main()

sub Main

strComputer = inputbox("Enter the name of the computer to see who is logged in")

if strComputer = "" then strComputer = "."
 

Set objWMIService = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 
 

Set colComputer = objWMIService.ExecQuery _

    ("Select * from Win32_ComputerSystem")

 

For Each objComputer in colComputer

    Wscript.Echo "Logged-on user: " & objComputer.UserName

Next

end sub

Open in new window

0
 
LVL 18

Assisted Solution

by:BSonPosh
BSonPosh earned 250 total points
Comment Utility
Here it is in Powershell

([Security.Principal.WindowsIdentity]::GetCurrent()).User.Value
0
 
LVL 4

Author Comment

by:S31B1
Comment Utility
@BSonPosh
Does that give me the user name or the SID?
0
 
LVL 16

Expert Comment

by:Dale Harris
Comment Utility
That gives the SID.

You gotta love Powershell.
0
 
LVL 16

Expert Comment

by:Dale Harris
Comment Utility
You could probably modify it to do multiple computers from a text doc.  PowerShell wins again.
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
For a remote session you cannot use Security.Principal.WindowsIdentity.

You could use WMI, but I am not sure what the OP intent is.
0
 
LVL 4

Author Comment

by:S31B1
Comment Utility
I only need to do it on the local machine, I've now some more info on what is required. Intially one of my colleagues had asked me to get the sid and store it in a Environment Variable.

What they are actully tring to do is fix a couple of registry keys that are baised on the current users sid.

I'm thinking that I should be able to do this all in PoewrShell?

I've not used much VBscript, I've never used powershell so how would I write a Powershelll script? I've seen that I can "Open" (for example) the HKey Local Machine with cd HKLM: how would I bring all that together into a script that could be run by a user from a desktop icon?

Objectives

1) Get Current User
2) Open Section in the registry
3) Delete a Subkey
4) Rename another
5) Terminate
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
As long as you stay within your HKCU and HKLM this is simple
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
I will need more data to help you specifically.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
Hey BSonPosh, here's something for you.....you're one line PowerShell....translates to 95 lines of VBScript!  Gotta love that (NOT)

Maybe there's a .NET Framework 2 or 3 object that can do all this behind the scenes, but I haven't found it....

Then, S31B1, there's lots of resources on here about reading and writing registry values with VBScript.

Regards,

Rob.
Set objAD = CreateObject("ADSystemInfo")

Set objUser = GetObject("LDAP://" & objAD.UserName)

arrSid = objUser.objectSid

strSidHex = OctetToHexStr(arrSid)

strSidDec = HexSIDtoSDDL(strSidHex)
 

InputBox "The SID for " & objUser.samAccountName & " is in the variable strSidDec and is below:", "Title", strSidDec
 

'Function to convert OctetString (byte array) to Hex string.

Function OctetToHexStr(arrbytOctet)

	Dim k

	OctetToHexStr = ""

	For k = 1 To Lenb(arrbytOctet)

		OctetToHexStr = OctetToHexStr & Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)

	Next

End Function
 

' Function to convert hex Sid to decimal (SDDL) Sid.

Function HexSIDtoSDDL(strHexSID)

	Dim i

	Dim strA, strB, strC, strD, strE, strF, strG

	ReDim arrTemp(Len(strHexSID)/2 - 1)

	

	'Create an array, where each element contains a single byte from the hex number

	For i = 0 To UBound(arrTemp)

		arrTemp(i) = Mid(strHexSID, 2 * i + 1, 2)

	Next
 

	'Move through the array to get each section, then convert it to decimal format

	strA = CInt(arrTemp(0))

	For i = 0 To UBound(arrTemp) 'Forward cycle for big-endian format

		Select Case i

			Case 2 strB = strB & arrTemp(i)

			Case 3 strB = strB & arrTemp(i)

			Case 4 strB = strB & arrTemp(i)

			Case 5 strB = strB & arrTemp(i)

			Case 6 strB = strB & arrTemp(i)

			Case 7 strB = strB & arrTemp(i)

		End Select

	Next

	strB = CInt("&H" & strB)
 

	For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format

		Select Case i

			Case 11 strC = strC & arrTemp(i)

			Case 10 strC = strC & arrTemp(i)

			Case 9 strC = strC & arrTemp(i)

			Case 8 strC = strC & arrTemp(i)

		End Select

	Next

	strC = CInt("&H" & strC)
 

	For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format

		Select Case i

			Case 15 strD = strD & arrTemp(i)

			Case 14 strD = strD & arrTemp(i)

			Case 13 strD = strD & arrTemp(i)

			Case 12 strD = strD & arrTemp(i)

		End Select

	Next

	strD = CLng("&H" & strD)
 

	For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format

		Select Case i

			Case 19 strE = strE & arrTemp(i)

			Case 18 strE = strE & arrTemp(i)

			Case 17 strE = strE & arrTemp(i)

			Case 16 strE = strE & arrTemp(i)

		End Select

	Next

	strE = CLng("&H" & strE)
 

	For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format

		Select Case i

			Case 23 strF = strF & arrTemp(i)

			Case 22 strF = strF & arrTemp(i)

			Case 21 strF = strF & arrTemp(i)

			Case 20 strF = strF & arrTemp(i)

		End Select

	Next

	strF = CLng("&H" & strF)
 

	For i = UBound(arrTemp) To 0 Step -1 'Reverse cycle for little-endian format

		Select Case i

			Case 27 strG = strG & arrTemp(i)

			Case 26 strG = strG & arrTemp(i)

			Case 25 strG = strG & arrTemp(i)

			Case 24 strG = strG & arrTemp(i)

		End Select

	Next

	strG = CLng("&H" & strG)
 

	HexSIDtoSDDL = "S-" & strA & "-" & strB & "-" & strC & "-" & strD & "-" & strE & "-" & strF & "-" & strG
 

End Function

Open in new window

0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
ah yes... I remeber the old ways :)

Although Rob... if there was a question there I missed it :)
0
 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
No no, no question, just FYI....

Just giving alternate options, that's all.

Rob.
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
Oh.. then stick around... that was only part one :)
0
 
LVL 16

Expert Comment

by:Dale Harris
Comment Utility
I can't wait for the action to unfold.

*Hits F5 repeatedly to see if BSonPosh posted a reply*

Okay, I'll have to do something else with my time.

-Dale
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
ATM we are waiting for the OP to get some details :)
0
 
LVL 16

Expert Comment

by:Dale Harris
Comment Utility
Hey btw, I found a replacement to my "Who's logged in" script in Powershell:

http://www.myitforum.com/articles/40/view.asp?id=11217

I'll be updating accordingly.
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
I would be careful with that one.. UserName isn't always populated.
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
Is there anything else left here?
0
 
LVL 16

Expert Comment

by:Dale Harris
Comment Utility
I thought we were waiting for more information so you could make an awesome script?
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
So did I.. OP?
0
 
LVL 4

Accepted Solution

by:
S31B1 earned 0 total points
Comment Utility
Apologies, I've been called to focus on other work.

I don't have much more at present that hasn't already been provided.

I've put together my initial script which for the time being is sufficient.

I've attached it bellow and will close this question.
#Get the current User SID

$SID = ([Security.Principal.WindowsIdentity]::GetCurrent()).User.Value
 

#Get the current username

$UNAME = ([Security.Principal.WindowsIdentity]::GetCurrent()).Name

$UNAME = $UNAME.Substring($UNAME.IndexOf('\')+1)
 

#Define the Registry base location

$ProfileListKey = 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\ProfileList'
 

#Define the New ProfilePath

$NewProfilePath = 'C:\Documents and Settings\' + $UNAME
 

#Set the User Profile to the required directory

sp $ProfileListKey\$SID ProfileImagePath $NewProfilePath

Open in new window

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
A procedure for exporting installed hotfix details of remote computers using powershell
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now