Link to home
Start Free TrialLog in
Avatar of Szuromi
SzuromiFlag for United States of America

asked on

VB Script to list of users for “Log on as a service” on PCs

Hi Everybody,

I need to write a VB script which would check and create report with member of users or groups for “Log on as a Service” policy on local PCs. Company I work for would like to know who has access to “Log on as a Service” policy on each PCs?

Is anybody will able to give me some idea or sample VB script?

Thanks,
Avatar of Robberbaron (robr)
Robberbaron (robr)
Flag of Australia image

the AccessChk sysinternals should do it
http://blogs.technet.com/b/secguide/archive/2008/07/21/how-to-use-accesschk-exe-for-security-compliance-management.aspx

C:\tools>accesschk -a  SeBatchLogonRight

Accesschk v5.11 - Reports effective permissions for securable objects
Copyright (C) 2006-2012 Mark Russinovich
Sysinternals - www.sysinternals.com

        BUILTIN\Performance Log Users
        BUILTIN\Backup Operators
        BUILTIN\Administrators
        DOMAIN\user
        BATH\SQLServer2005MSSQLUser$BATH$VEEAM

C:\tools>


if you want to run this on every pc, i would add it as a Logon script that echos to a log file.
may need to run this at startup (not logon) so it runs as System user, with full access.

rem '-------------------------------------------------	
rem ' robberbaron
rem needs accesschk.exe in local folder or search path
rem '----------------------


@echo off
rem '--- set up files & log ---------
set LogFldr="AccessList.log" 

for /F "tokens=2*" %%i in ('date /t') do set datex=%%i
for /F "tokens=1*" %%i in ('time /t') do set timex=%%i

VER | findstr /i "5.0." > nul
IF %ERRORLEVEL% EQU 0 set version=2000

VER | findstr /i "5.1." > nul
IF %ERRORLEVEL% EQU 0 set version=XP

VER | findstr /i "5.2." > nul
IF %ERRORLEVEL% EQU 0 set version=2003

VER | findstr /i "6.0." > nul
IF %ERRORLEVEL% EQU 0 set version=Vista

VER | findstr /i "6.1." > nul
IF %ERRORLEVEL% EQU 0 set version=Win7

VER | findstr /i "6.2." > nul
IF %ERRORLEVEL% EQU 0 set version=Win8

VER | findstr /i "6.3." > nul
IF %ERRORLEVEL% EQU 0 set version=Win8

if %version%==Vista goto ok
if %version%==XP goto ok
if %version%==Win7 goto ok
if %version%==Win8 goto ok

echo %datex% %timex% FAILED -- %USERNAME% : %COMPUTERNAME% >> %LogFldr%
goto end

:OK
echo %datex% %timex% -- %USERNAME% : %COMPUTERNAME% >> %LogFldr%
accesschk -a -q SeBatchLogonRight >> %LogFldr%
if errorlevel 0 echo "---ok---" >> %LogFldr%
:end

Open in new window

also can use the psExec  tool to run remotely on a list of computers provided you have the access rights.
ASKER CERTIFIED SOLUTION
Avatar of Robberbaron (robr)
Robberbaron (robr)
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Szuromi

ASKER

Thanks