Hack 29 Check for Passwords that Never Expire
| < Day Day Up > |
| Here's a handy script that makes it simple to find user accounts with nonexpiring passwords . User accounts set to never expire are sometimes used for permanent employees of a company, while temporary employees are assigned accounts that expire after a specified period of time. Ever wish you could quickly and simply find out which user accounts have their passwords set to never expire, along with the dates the flags were set? Here is a sample script that accomplishes this and more. This script prompts for the desired domain, checks all user accounts in the domain to see if their passwords are set to never expire, and reports the date the flags were set. It then writes the output to a CSV file called PWDNeverExpired.csv , creating this file in the same directory where the script itself is located. If the password is not set to expire, the script instead records a No and the date the password will expire. The CodeTo use the script, type it into Notepad (with Word Wrap turned off) and save it with a .vbs extension as PWDNeverExpired.vbs : ' Set WshShell Set WshShell = WScript.CreateObject("WScript.Shell") strVer = "Ver 1.0 " Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject") Set oFile = FileSystem.CreateTextFile("PWDNeverExpired.csv", true) ' Pull Environment variables for domain/user strDomain = WshShell.ExpandEnvironmentStrings("%USERDOMAIN%") strUserName = WshShell.ExpandEnvironmentStrings("%USERNAME%") strOS = WshShell.ExpandEnvironmentStrings("%OS%") strMessage = strMessage & "Hit Cancel or enter a blank to quit" strTitle = "Domain to Search" 'get resource domain name, domain default UserDomain = InputBox(strMessage, strTitle, strDomain) strMessage = "" strTitle = "" 'strMessage = "Please enter the USER Login ID" & vbCrLf & vbCrLf & _ '"Default is: " & strUserName & vbCrLf & vbCrLf 'strMessage = strMessage & "Hit Cancel or enter a blank to quit" 'strTitle = "USER Login ID" 'get resource domain name, domain default via input box 'objUserName = InputBox(strMessage, strTitle, strUserName) ' Display Just a minute! strMessage = "This may take a few seconds. . ." WshShell.Popup strMessage,2,"One moment please. . . " strMessage = "" Set ObjDomain = GetObject("WinNT://" & UserDomain) ObjDomain.Filter = Array("User") For Each ObjUser In ObjDomain 'Attempt to bind to the user 'Set objUser = GetObject("WinNT://"& UserDomain &"/"& objUser.Name, user) Set UserName = GetObject("WinNT://" & UserDomain & "/" & ObjUser.Name & _ ",User") ' Is password set to NEVER expire? objPwdExpires = UserName.Get("UserFlags") If (objPwdExpires And &H10000) <> 0 Then objPwdExpiresTrue = "Yes" strPwdExpires = "Date Set: " msgPwdExpires = "Password Set to Never Expire: " Else objPwdExpiresTrue = "No" strPwdExpires = "Password Expires: " msgPwdExpires = "Password Set to Never Expire: " End If oFile.WriteLine (UserName.fullname & "," & UserName.name & "," & _ msgPwdExpires & objPwdExpiresTrue & "," & strPwdExpires & _ objUser.PasswordExpirationDate) 'Wscript.Echo "Full Name: " & UserName.fullname & vbCrlf &_ '"Account Name: " & UserName.name & vbCrlf &_ 'msgPwdExpires & objPwdExpiresTrue & vbCrlf &_ 'strPwdExpires & objUser.PasswordExpirationDate & vbCrlf Set UserName = Nothing Next Wscript.Echo "Done Cheking Accounts" Running the HackTo run this hack, simply create a shortcut to the script and double-click on the shortcut. Figure 3-4 shows a sample CSV output file for the script, viewed in Excel. Figure 3-4. Sample output from running PWDNeverExpired.vbs Hans Schefske |
| < Day Day Up > |
