Solved

VB Script to list of users for “Log on as a service” on PCs

Posted on 2014-01-19
5
708 Views
Last Modified: 2014-01-29
Hi Everybody,

I need to write a VB script which would check and create report with member of users or groups for “Log on as a Service” policy on local PCs. Company I work for would like to know who has access to “Log on as a Service” policy on each PCs?

Is anybody will able to give me some idea or sample VB script?

Thanks,
0
Comment
Question by:Szuromi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39793617
the AccessChk sysinternals should do it
http://blogs.technet.com/b/secguide/archive/2008/07/21/how-to-use-accesschk-exe-for-security-compliance-management.aspx

C:\tools>accesschk -a  SeBatchLogonRight

Accesschk v5.11 - Reports effective permissions for securable objects
Copyright (C) 2006-2012 Mark Russinovich
Sysinternals - www.sysinternals.com

        BUILTIN\Performance Log Users
        BUILTIN\Backup Operators
        BUILTIN\Administrators
        DOMAIN\user
        BATH\SQLServer2005MSSQLUser$BATH$VEEAM

C:\tools>


if you want to run this on every pc, i would add it as a Logon script that echos to a log file.
0
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39793634
may need to run this at startup (not logon) so it runs as System user, with full access.

rem '-------------------------------------------------	
rem ' robberbaron
rem needs accesschk.exe in local folder or search path
rem '----------------------


@echo off
rem '--- set up files & log ---------
set LogFldr="AccessList.log" 

for /F "tokens=2*" %%i in ('date /t') do set datex=%%i
for /F "tokens=1*" %%i in ('time /t') do set timex=%%i

VER | findstr /i "5.0." > nul
IF %ERRORLEVEL% EQU 0 set version=2000

VER | findstr /i "5.1." > nul
IF %ERRORLEVEL% EQU 0 set version=XP

VER | findstr /i "5.2." > nul
IF %ERRORLEVEL% EQU 0 set version=2003

VER | findstr /i "6.0." > nul
IF %ERRORLEVEL% EQU 0 set version=Vista

VER | findstr /i "6.1." > nul
IF %ERRORLEVEL% EQU 0 set version=Win7

VER | findstr /i "6.2." > nul
IF %ERRORLEVEL% EQU 0 set version=Win8

VER | findstr /i "6.3." > nul
IF %ERRORLEVEL% EQU 0 set version=Win8

if %version%==Vista goto ok
if %version%==XP goto ok
if %version%==Win7 goto ok
if %version%==Win8 goto ok

echo %datex% %timex% FAILED -- %USERNAME% : %COMPUTERNAME% >> %LogFldr%
goto end

:OK
echo %datex% %timex% -- %USERNAME% : %COMPUTERNAME% >> %LogFldr%
accesschk -a -q SeBatchLogonRight >> %LogFldr%
if errorlevel 0 echo "---ok---" >> %LogFldr%
:end

Open in new window

0
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39795661
also can use the psExec  tool to run remotely on a list of computers provided you have the access rights.
0
 
LVL 32

Accepted Solution

by:
Robberbaron (robr) earned 500 total points
ID: 39795682
actually  it should be   SeServiceLogonRight  that you check,

C:\tools>accesschk -a  SeServiceLogonRight -q
        NT SERVICE\ALL SERVICES
        BORN\Administrator
        BATH\SQLServer2005MSSQLUser$BATH$VEEAM
        BATH\SQLServer2005SQLBrowserUser$BATH

C:\tools>

where BORN is my domainname, and BATH is the local PC name.
0
 

Author Closing Comment

by:Szuromi
ID: 39818719
Thanks
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question