Solved

VB Script to list of users for “Log on as a service” on PCs

Posted on 2014-01-19
5
694 Views
Last Modified: 2014-01-29
Hi Everybody,

I need to write a VB script which would check and create report with member of users or groups for “Log on as a Service” policy on local PCs. Company I work for would like to know who has access to “Log on as a Service” policy on each PCs?

Is anybody will able to give me some idea or sample VB script?

Thanks,
0
Comment
Question by:Szuromi
  • 4
5 Comments
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39793617
the AccessChk sysinternals should do it
http://blogs.technet.com/b/secguide/archive/2008/07/21/how-to-use-accesschk-exe-for-security-compliance-management.aspx

C:\tools>accesschk -a  SeBatchLogonRight

Accesschk v5.11 - Reports effective permissions for securable objects
Copyright (C) 2006-2012 Mark Russinovich
Sysinternals - www.sysinternals.com

        BUILTIN\Performance Log Users
        BUILTIN\Backup Operators
        BUILTIN\Administrators
        DOMAIN\user
        BATH\SQLServer2005MSSQLUser$BATH$VEEAM

C:\tools>


if you want to run this on every pc, i would add it as a Logon script that echos to a log file.
0
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39793634
may need to run this at startup (not logon) so it runs as System user, with full access.

rem '-------------------------------------------------	
rem ' robberbaron
rem needs accesschk.exe in local folder or search path
rem '----------------------


@echo off
rem '--- set up files & log ---------
set LogFldr="AccessList.log" 

for /F "tokens=2*" %%i in ('date /t') do set datex=%%i
for /F "tokens=1*" %%i in ('time /t') do set timex=%%i

VER | findstr /i "5.0." > nul
IF %ERRORLEVEL% EQU 0 set version=2000

VER | findstr /i "5.1." > nul
IF %ERRORLEVEL% EQU 0 set version=XP

VER | findstr /i "5.2." > nul
IF %ERRORLEVEL% EQU 0 set version=2003

VER | findstr /i "6.0." > nul
IF %ERRORLEVEL% EQU 0 set version=Vista

VER | findstr /i "6.1." > nul
IF %ERRORLEVEL% EQU 0 set version=Win7

VER | findstr /i "6.2." > nul
IF %ERRORLEVEL% EQU 0 set version=Win8

VER | findstr /i "6.3." > nul
IF %ERRORLEVEL% EQU 0 set version=Win8

if %version%==Vista goto ok
if %version%==XP goto ok
if %version%==Win7 goto ok
if %version%==Win8 goto ok

echo %datex% %timex% FAILED -- %USERNAME% : %COMPUTERNAME% >> %LogFldr%
goto end

:OK
echo %datex% %timex% -- %USERNAME% : %COMPUTERNAME% >> %LogFldr%
accesschk -a -q SeBatchLogonRight >> %LogFldr%
if errorlevel 0 echo "---ok---" >> %LogFldr%
:end

Open in new window

0
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39795661
also can use the psExec  tool to run remotely on a list of computers provided you have the access rights.
0
 
LVL 32

Accepted Solution

by:
Robberbaron (robr) earned 500 total points
ID: 39795682
actually  it should be   SeServiceLogonRight  that you check,

C:\tools>accesschk -a  SeServiceLogonRight -q
        NT SERVICE\ALL SERVICES
        BORN\Administrator
        BATH\SQLServer2005MSSQLUser$BATH$VEEAM
        BATH\SQLServer2005SQLBrowserUser$BATH

C:\tools>

where BORN is my domainname, and BATH is the local PC name.
0
 

Author Closing Comment

by:Szuromi
ID: 39818719
Thanks
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question