Solved

VB Script to list of users for “Log on as a service” on PCs

Posted on 2014-01-19
5
702 Views
Last Modified: 2014-01-29
Hi Everybody,

I need to write a VB script which would check and create report with member of users or groups for “Log on as a Service” policy on local PCs. Company I work for would like to know who has access to “Log on as a Service” policy on each PCs?

Is anybody will able to give me some idea or sample VB script?

Thanks,
0
Comment
Question by:Szuromi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39793617
the AccessChk sysinternals should do it
http://blogs.technet.com/b/secguide/archive/2008/07/21/how-to-use-accesschk-exe-for-security-compliance-management.aspx

C:\tools>accesschk -a  SeBatchLogonRight

Accesschk v5.11 - Reports effective permissions for securable objects
Copyright (C) 2006-2012 Mark Russinovich
Sysinternals - www.sysinternals.com

        BUILTIN\Performance Log Users
        BUILTIN\Backup Operators
        BUILTIN\Administrators
        DOMAIN\user
        BATH\SQLServer2005MSSQLUser$BATH$VEEAM

C:\tools>


if you want to run this on every pc, i would add it as a Logon script that echos to a log file.
0
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39793634
may need to run this at startup (not logon) so it runs as System user, with full access.

rem '-------------------------------------------------	
rem ' robberbaron
rem needs accesschk.exe in local folder or search path
rem '----------------------


@echo off
rem '--- set up files & log ---------
set LogFldr="AccessList.log" 

for /F "tokens=2*" %%i in ('date /t') do set datex=%%i
for /F "tokens=1*" %%i in ('time /t') do set timex=%%i

VER | findstr /i "5.0." > nul
IF %ERRORLEVEL% EQU 0 set version=2000

VER | findstr /i "5.1." > nul
IF %ERRORLEVEL% EQU 0 set version=XP

VER | findstr /i "5.2." > nul
IF %ERRORLEVEL% EQU 0 set version=2003

VER | findstr /i "6.0." > nul
IF %ERRORLEVEL% EQU 0 set version=Vista

VER | findstr /i "6.1." > nul
IF %ERRORLEVEL% EQU 0 set version=Win7

VER | findstr /i "6.2." > nul
IF %ERRORLEVEL% EQU 0 set version=Win8

VER | findstr /i "6.3." > nul
IF %ERRORLEVEL% EQU 0 set version=Win8

if %version%==Vista goto ok
if %version%==XP goto ok
if %version%==Win7 goto ok
if %version%==Win8 goto ok

echo %datex% %timex% FAILED -- %USERNAME% : %COMPUTERNAME% >> %LogFldr%
goto end

:OK
echo %datex% %timex% -- %USERNAME% : %COMPUTERNAME% >> %LogFldr%
accesschk -a -q SeBatchLogonRight >> %LogFldr%
if errorlevel 0 echo "---ok---" >> %LogFldr%
:end

Open in new window

0
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39795661
also can use the psExec  tool to run remotely on a list of computers provided you have the access rights.
0
 
LVL 32

Accepted Solution

by:
Robberbaron (robr) earned 500 total points
ID: 39795682
actually  it should be   SeServiceLogonRight  that you check,

C:\tools>accesschk -a  SeServiceLogonRight -q
        NT SERVICE\ALL SERVICES
        BORN\Administrator
        BATH\SQLServer2005MSSQLUser$BATH$VEEAM
        BATH\SQLServer2005SQLBrowserUser$BATH

C:\tools>

where BORN is my domainname, and BATH is the local PC name.
0
 

Author Closing Comment

by:Szuromi
ID: 39818719
Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article we want to have a look at the directory attributes which are used by Microsoft to store the so called Security Identifiers (SID). These SIDs plays an important role in delegating and granting permissions and in authentication of trus…
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question