Vista - Anyone know how to write code for 1 username, multiple possiblepasswords?

I am using a script using WMI to collect inventory from remote
computers on a subnet. The machines use the administrator account, but
have 7 possible passwords.

Can anyone help me. I appreciate it!

<fseklecki@xxxxxx> wrote in message
news:967737a0-eb8a-42f6-9295-64b5d6395a76@xxxxxxI am able to use WMI to inventory remote computers if they are joined to a
domain and I use a domain account that is a member of the Domain Admins
group. When a computer is joined to an AD domain, by default the Domain
Admins group is added to the local Administrators group on the computer.

If you need to use alternate credentials and use the local Administrator
user account (because you do not have a domain), you will need to use error
trapping to try all possible passwords. I would expect a significant timeout
period for each attempted password. It would help a lot to make all
administrator passwords the same, or at least have a file of computer names
and correct passwords that can be read by the script. Or, the password for
each computer could be hard coded in your script.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

On Jan 27, 1:34*pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:Thank You! I actually had this task fall on me and have little
scripting experience. I am actually unsure of the proper syntax, but
have been doing OK so far. Can you help with the syntax for using the
local admin account with a series of password attempts? Thanks a
million for your response!

hi,

--
Can you help with the syntax for using the
local admin account with a series of password attempts? Thanks a
million for your response!
--

have a look at this one. I think it may satisfy your needs :-)

The script uses two input files. One for the passwords, one for the
clients..
The passwordfile is a csv with ";" as delimiter.
The serverfile needs one server per line.

The script tries to map a networkdrive . If this succesfuly happens, a wmi
connection is build.

-- begin --

Const cpassfile = "\passlist.txt"
Const cSrvlist = "\serverlist.txt"
Const sLwb = "B:"

Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oNetw = CreateObject("WScript.Network")

Set oFolder = oFSO.GetFolder(".")
sPassfile = oFolder & cpassfile
If oFSO.FileExists(sPassfile) Then
Set oPWread = oFSO.OpenTextFile(sPassfile)
sTmpread = oPWread.ReadAll
aPassword = Split(sTmpread, ";")
oPWread.Close
Set oPWread = Nothing
sSrvfile = oFolder & cSrvlist
Set oSRVread = oFSO.OpenTextFile(sSrvfile)
Do Until oSRVread.AtEndOfStream
sClient = oSRVread.ReadLine
For x = LBound(aPassword) To UBound(aPassword)
sUser = "Administrator"
sPassword = aPassword(x)
sShare = "\\"& sClient &"\C$"
On Error Resume Next
oNetw.MapNetworkDrive ""& sLwb &"", _
""& sShare &"","True",""& sUser & "","" _
& sPassword &""
WScript.Sleep(1500)
MsgBox "using password " & sPassword
If oFSO.DriveExists(sLwb) Then
oNetw.RemoveNetworkDrive ""& sLwb &"" _
,True,True
MsgBox "success ! User: "&sUser&" pass:" & _
sPassword &" on client " &sClient
bhit = True
Err.Clear
Exit For
Else
bhit = False
Err.Clear
End If
Next
If bhit Then
GetLocal_user sUser, sPassword, sClient
Else
MsgBox "No hit for computer " &sClient
End If
Loop
End If
Set oFSO = Nothing

Function GetLocal_user(user, pass, Computer)
Set objLocator = CreateObject _
("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(Computer, _
"root\cimv2", user, pass)

Set colItems = objWMIService.ExecQuery _
("Select * from Win32_UserAccount "_
& "Where LocalAccount = True")

For Each objItem in colItems
'Wscript.Echo "Account Type: " & objItem.AccountType
'Wscript.Echo "Caption: " & objItem.Caption
Wscript.Echo "Name: " & objItem.Name
Wscript.Echo "Description: " & objItem.Description
Wscript.Echo "Disabled: " & objItem.Disabled
'Wscript.Echo "Domain: " & objItem.Domain
Wscript.Echo "Full Name: " & objItem.FullName
'Wscript.Echo "Local Account: " & objItem.LocalAccount
Wscript.Echo "Lockout: " & objItem.Lockout
Wscript.Echo "Password Changeable: " _
& objItem.PasswordChangeable
Wscript.Echo "Password Expires: " _
& objItem.PasswordExpires
Wscript.Echo "Password Required: " _
& objItem.PasswordRequired
Wscript.Echo "SID: " & objItem.SID
Wscript.Echo "SID Type: " & objItem.SIDType
'Wscript.Echo "Status: " & objItem.Status
Wscript.Echo
Next
Set objLocator = Nothing
Set colItems = Nothing
Set objWMIService = Nothing
End Function

-- end --

greetings from Germany

Dirk

<fseklecki@xxxxxx> schrieb im Newsbeitrag
news:8095dd3a-3165-458e-bda7-597e11bf2793@xxxxxx
On Jan 27, 1:34 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxx> wrote:errortimeoutnamesThank You! I actually had this task fall on me and have little
scripting experience. I am actually unsure of the proper syntax, but
have been doing OK so far. Can you help with the syntax for using the
local admin account with a series of password attempts? Thanks a
million for your response!

I would use SWbemLocator to specify alternate credentials. In the example
below I use an array of passwords and try each until there is no error. Once
the object objSWbemServices is bound, you don't need to repeat the process
for that computer. You can use it for each WMI class you need on the
computer:
=========
Dim strComputer, strUser, strPassword
Dim objSWbemLocator, objSWbemServices
Dim colSWbemObjectSet, objSWbemObject
Dim arrPasswords, blnConnect

' Specify NetBIOS name of computer.
strComputer = "TestComputer"

' Specify local user name on computer.
strUser = "Administrator"

' Specify array of possible passwords.
arrPasswords = Array("xYz$321w", "PaS$w0Rd!", "yUui&!xc")

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")

' Try each password.
blnConnect = False
For Each strPassword In arrPasswords
' Trap possible error.
On Error Resume Next
Set objSWbemServices = objSWbemLocator.ConnectServer _
(strComputer, "root\cimv2", strUser, strPassword)
If (Err.Number = 0) Then
' No error, password correct, continue.
On Error GoTo 0
blnConnect = True
Exit For
End If
On Error GoTo 0
Next

If (blnConnect = True) Then
Set colSWbemObjectSet = objSWbemServices.InstancesOf("Win32_Service")
For Each objSWbemObject In colSWbemObjectSet
Wscript.Echo "Name: " & objSWbemObject.Name
Next
Else
Wscript.Echo "Unable to connect to " & strComputer
End If
============
A reference for SWbemLocator:

http://www.microsoft.com/technet/scr..._wmi_ciga.mspx

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Dirk Stegemann" <dsgrafik@xxxxxx> wrote in message
news:Oido8GVgJHA.5328@xxxxxx

Just a thought: can computer objects be subject to lockout after a specific
number of failed attempts? If so...

/Al

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in
message news:ePYroYWgJHA.1172@xxxxxx

Hi Al,

i have tested your thought....

My security policy states the following...
Account lockout:
duration 30 min
lockout threshold: 5 invalid attempts
reset account.. 30 min
local policy --> audit policy
account logon attempts s/f
logon events s/f

the 7'th password was the match..
I can see 6 failures in my eventlog(security) then a success.

Looks like mapping a networkdrive is not a crime ;-)

--
can computer objects be subject to lockout after a specific--

I could not see any setting to enforce a rule like that in the local
security policy.
But if somthing like that could be configured, it would be nice to know :-)

greetings

Dirk



"Al Dunbar" <alandrub@xxxxxx> schrieb im Newsbeitrag
news:ezeS1UZgJHA.956@xxxxxxspecificnews:8095dd3a-3165-458e-bda7-597e11bf2793@xxxxxxnews:967737a0-eb8a-42f6-9295-64b5d6395a76@xxxxxxbuttoAdminsDomaincomputer.Administrator

"Dirk Stegemann" <dsgrafik@xxxxxx> wrote in message
news:%23c9SueagJHA.1248@xxxxxxBut it would be if you were using a user account, as exceeding the lockout
threshhold with bad password guesses while mapping a network share *will*
cause a user account to be locked.

So it would appear that the lockout policy is strictly for user accounts.

/Al