Manipulating User Login Hours

   

Manipulating User Login Hours

As shown in Figure 4.3, Windows NT allows you to define specific times during which a user will have access to domain resources. With a bit of programming knowledge and a whole lot of patience, you can query and set the values of the User Logon hours field in a user SAM record using the LoginHours property of the IADsUser interface.

Figure 4.3. User Logon Hours dialog box in User Manager for Domains

graphics/04fig03.gif

ADSI returns a variant array that can be stepped through using a For Each loop. In this array, a total of 21 values will be returned (7 days made up of 24 bits each). ADSI returns values ranging from 0 to 255, each representing a specific set of hours in the day. If you are weak with binary math (as most of us are!) this will certainly prove to be a significantly difficult endeavor.

For the purpose of discussion in this text, most administrators will most likely want to query only whether an account has any user logon hours that may be restricting the user from logging on.

By taking this true/false approach to querying the logon hours for a user record, only values of less than 255 will prevent a user from logging in. If you enumerate all values in search of those of less than 255, you can quickly determine whether the user account has any time restrictions placed upon it. This eliminates the need to relearn the binary math principles that are required to manipulate this field.

Querying User Logon Hours Using Visual Basic

Use the following Visual Basic code segment as a guide to determine if a user account has logon hour restrictions placed upon it:

 Dim User as IADsUser Dim UserName as String Dim UserDomain as String UserDomain = "  Target_User_Domain  " UserName = "Target_User_Name" Set User = GetObject("WinNT://" & UserDomain & "/" & UserName & ",user") Dim TimeEntry As Variant Dim Restriction As Integer For Each TimeEntry In User.LoginHours     If TimeEntry < 255 Then Restriction = 1 Next If Restriction = 1 Then     Debug.Print "User account " & UserDomain & "\" & UserName & " has time restrictions graphics/ccc.gif placed upon it." Else     Debug.Print "There are no time restrictions affecting user account " & UserDomain & graphics/ccc.gif "\" & UserName & "." End If 

Note

This code should be run only for domain accounts; local SAMs do not define logon hours for an account .



   
Top


Windows NT. 2000 ADSI Scripting for System Administration
Windows NT/2000 ADSI Scripting for System Administration
ISBN: 1578702194
EAN: 2147483647
Year: 2000
Pages: 194
Authors: Thomas Eck

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net