List User Profiles, Look for criteria, write to network log file

[Coyote270WSM]

Hi All,

Normally I work in Autoit due to its ease of use, however, I am trying something new today. I have an urgent need to attach a script to a GPO that will read all of the user profiles on a domain PC, look for the existance of two specific users and then if both exist on a system output the computer name, the users name and last logon to that system to a log file stored in a network location.

I am willing to go out on a limb and ask if anyone has already written this and would be willing to share it only because of the time hack I am facing.

Otherwise, I have already found a code example on how to read the profiles list in the registry. It Wscript.Echo's the results. Any input on the best choices for commands to finish out the script so that I can start researching would be greatly appreciated.

V/r

Coyote270WSM

 

[mrmovie]

if your existing script echos out the results you want then cant you just redirect stdout to your network log file?

cscript.exe myscript.vbs >> \\myserver\myshare\myfile.log

 

[Coyote270WSM]

Yes, as far as the output goes this would work. However, when I create things I like to have to provide as least amount of input to put them into motion. Most of my information gathering scripts all log to the same folder so hard coding the network location isn't that big of a deal and it saves me time in the future.

My thing is that if you have looked at the AutoIt help files you can see how a newbie can comprehend and catch up pretty quick. I am finding similarities between the two but not enough creative examples. So I am struggling.

Here is what I am up against and why I am doing this. Like some organizations I see email traffic come down from above. Sometimes we have to respond to an event and are not provided enough information. Yet we are expected to identify a system and make sure it is clean. So after starting to look for a system that was only identified by IP some 15 days ago, the only record I could find was an IIS log that happened to provide the user names for the IP on the given day. So now I am wanting to scan a range of computers or the whole network for a list of users to see if I can find a system that has the profiles modified on or after the date in question so that I know which system to scan.

I did choose the wrong time to try and learn some VB. For what it is worth I was able to do it in DOS and get by.

I probably still need to write this one for future use. If there are any ideas on how to start or what commands would work best for a given portion I would appreciate the input.

In my mind the finished VBS would have done the following.

1. Create a variable to store the path to the network log file. (Note: all logging would write in comma seperated values)

2. Read from a text file of user names and create an array.

3. Read from a list of computer names and create an array.

4. For each user name in the array, either remotely read the registry or recursively list the folder names in C:\Users (Vista) on each computer in the array.

If all the users in the user names array have a profile on a given computer in the array then log to the network log file " %computername% is high priority - Immediate virus scan needed" @CRLF %username% & the date the profile was last modified and size @CRLF & so on for the remaining users having profiles on the given system. . End if.

If any of the users in the array have a profile on a given system but not all and not just one, log to the network log just like above but make it a mediu, value target.

If one and only one user account has a profile on a given system then log as low value and include the profile last modified and size info.

_____

Thanks

 

[mrmovie]

'i have deliberately left out lots of things.
'FSO isnt initiated, variables arent dim'd, no option explicit, no opening of a text file for user names, no actively getting a list of target machines, no error checking on the GetFolder...etc.
i have at least answered (a)

strLogFile = "\\myserver\myshare\myfile.log"
Set dicUsers = CreateObject("Scripting.Dictionary")
Set dicMachines = CreateObject("Scripting.Dictionary")
'add the users
dicUsers.Add "john"
dicUsers.Add "jim"
'add the machines? where from? net view? domain search?
dicMachines.Add "machine1"
dicMachines.Add "machine2"
'enum machines
For Each aMachine In dicMachines
Set objFolder = FSO.GetFolder("\\" & aMachine & "\C$\users")
For Each aFolder In objFolder.SubFolders
If dicUsers.Exists(LCase(aFolder.Name)) Then
Msgbox "quick user " & LCase(aFolder.Name) & " has logged on to " & aMachine
End If
Next
Set objFolder = Nothing
Next

 

[Coyote270WSM]

Thank you for taking the time to provide this. I will research what you provided to ensure that I understand what is going on. Any modifications I discover how to make I will post back here with comments to help the next poor soul who bites off more than he can chew at the last second.

Thanks again.

 

[mrmovie]

'please change the lines...
dicUsers.Add "john", "0"
dicUsers.Add "jim", "0"
'add the machines? where from? net view? domain search?
dicMachines.Add "machine1", "0"
dicMachines.Add "machine2", "0