WMIC help

[herrasher at gmail.com (Kennith Asher)]

Thanks Tim, and thanks again to all of you who replied.

Ken

On Fri, Jun 12, 2009 at 4:52 AM, Tim Mugherini <gbugbear at gmail.com> wrote:

> I like the idea of powershell (havn't had much time to play with it).
>
> Anyways this vbs is tested against my envrionment. Three pop-ups. Age of
> password. Current Password Age Policy. And Expire Date. You can tweak it the
> way you see fit.
>
> Just edit the LDAP query and Set objDomainNT with appropiate user, OU, and
> domain name.
>
> Const SEC_IN_DAY = 86400
> Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
>
> Set objUserLDAP = GetObject _
>   ("LDAP://CN=user,OU=ou,DC=domain,DC=com")
> intCurrentValue = objUserLDAP.Get("userAccountControl")
>
> If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
>   wscript.echo "The password does not expire."
> Else
>   dtmValue = objUserLDAP.PasswordLastChanged
>   Wscript.echo "The password was last changed on " & _
>   DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
>   "The difference between when the password was last set" & VbCrLf & _
>   "and today is " & int(now - dtmValue) & " days"
>   intTimeInterval = int(now - dtmValue)
>
>   Set objDomainNT = GetObject("WinNT://domain")
>   intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
>   If intMaxPwdAge < 0 Then
>     WScript.Echo "The Maximum Password Age is set to 0 in the " & _
>       "domain. Therefore, the password does not expire."
>   Else
>     intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
>     Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"
>     If intTimeInterval >= intMaxPwdAge Then
>       Wscript.echo "The password has expired."
>     Else
>       Wscript.echo "The password will expire on " & _
>       DateValue(dtmValue + intMaxPwdAge) & " (" & _
>       int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."
>     End If
>   End If
> End If
>
>
> On Fri, Jun 12, 2009 at 1:24 AM, Jody & Jennifer McCluggage <
> j2mccluggage at adelphia.net> wrote:
>
> >  You should be able to get at this using ADSI (Active Directory Services
> > Interfaces).  You can probably script this with PowerShell using either ADSI
> > or the free Quest Active Directory snap-in.  I think something roughly like
> > this may get at it:
> >
> >
> >
> > [adsi]?WinNT://ComputerName?.psbase.children | where
> > {$_.pbase.schemaclassname ?eq ?user?}  | foreach {
> >
> >             $_.name ; $_.AccountExpirationDate.value  }
> >
> >
> >
> > This should return the password expiration date for all user objects (this
> > is just a rough guess and has not been tested to see if it works).  I will
> > play with this a bit when I am back in the office.
> >
> >
> >
> > Jody
> >
> >
> >  ------------------------------
> >
> > *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
> > pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Brian Gray
> > *Sent:* Thursday, June 11, 2009 4:39 PM
> > *To:* PaulDotCom Security Weekly Mailing List
> > *Subject:* Re: [Pauldotcom] WMIC help
> >
> >
> >
> > I realize it's not wmic but wouldn't it be just as simple to use something
> > like
> >
> >
> >
> > net user username /dom | find "Password expires"
> >
> > Maybe you need wmic for a specific reason I don't know... I believe as
> > long as you are logging in as a user within that domain it should pull the
> > information without issue. I can think of a dozen other ways depending on
> > what the end result you are looking for is.
> >
> >
> >
> > On Thu, Jun 11, 2009 at 12:46 PM, Raffi Jamgotchian <
> > raffi at flossyourmind.com> wrote:
> >
> > i've used VBscript to do it. If you're interested, Ill dig it out. it
> > was run against the domain controller if I remember correctly.
> >
> >
> > On Jun 11, 2009, at 12:42 PM, Michael Douglas wrote:
> >
> > > Bah.  This doesn't work... you have to enter the actual user's
> > > password.
> > >
> > > Sorry for the bum advice!
> > > - Mick
> > >
> > >
> > >
> > > On Wed, Jun 10, 2009 at 8:55 PM, Michael
> > > Douglas<mick at pauldotcom.com> wrote:
> > > > If you're an admin, you should be able to force the wmic check to
> > > > happen in the scope of another user.
> > > >
> > > > wmic /user:"domain\user" netlogin get passwordexpires
> > > > (note you'll likely need to keep the quotes in the line above. wmic
> > > > is
> > > > very picky about global flag values.)
> > > >
> > > > I believe this will work... But I'm not VPNed into my lab at work
> > > > right now to test and see.  Please let us know if this works as you
> > > > wanted it to.
> > > >
> > > > My answers might be wrong, but they're FAST!   ;-)
> > > > - Mick
> > > >
> > > > On Wed, Jun 10, 2009 at 4:29 PM, Kennith Asher<herrasher at gmail.com>
> > > > wrote:
> > > > > Hey all you WMIC gurus out there.  I'm trying to find a
> > > > > straightforward
> > > > > means of identifying when a domain user's password will expire.
> > > > > Is there a
> > > > > modifier or switch I can set to bring back password expiry for
> > > > > another
> > > > > domain user?
> > > > >
> > > > > I know I can use:
> > > > >
> > > > > Wmic netlogin get passwordexpires
> > > > >
> > > > > to find when my password expires, can this be done for another
> > > > > domain user?
> > > > > Assume I have admin privileges.
> > > > >
> > > > > Oh, and just so that we're clear here, this is for the domain we
> > > > > use at
> > > > > work, I am doing this on behalf of a user I support.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Ken
> > > > >
> > > > > _______________________________________________
> > > > > Pauldotcom mailing list
> > > > > Pauldotcom at mail.pauldotcom.com
> > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > > Main Web Site: http://pauldotcom.com
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> >
> >
> >
> > --
> > -Brian W. Gray
> >
> > No virus found in this incoming message.
> > Checked by AVG - www.avg.com
> > Version: 8.5.364 / Virus Database: 270.12.64/2170 - Release Date: 06/11/09
> > 17:59:00
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090612/eecebfa2/attachment.htm