Suggestion, Password expires

Author

Message

Topic Search

Topic Options

chris2012

Newbie

Joined: 24 November 2012
Status: Offline
Points: 3

Post Options

Post Reply

Quote chris2012

Report Post

Thanks(0)

Quote

Topic: Suggestion, Password expires
Posted: 24 November 2012 at 9:30am

hi all,

we love BGInfo because our User don't find the hostname without BGINFO and we need the hostname to remote desktop. Now we show the Hostname on Desktop and it is easy on telephon to tell it the service desk.

We run bginfo daily at logon.

We have a suggestion: If It was posible, it would be helpful for many people to see the password expires time.

Example: if you go into the holiday and your password expired you can't sync mails with handy. But if you see that you password will expired on the next 10 days you will change it manually.

thanks.

Reiniger

Newbie

Joined: 05 December 2012
Status: Offline
Points: 7

Post Options

Post Reply

Quote Reiniger

Report Post

Thanks(0)

Quote

Posted: 05 December 2012 at 5:04pm

You have to change this a bit.
Now it is standalone and it opens a requester with the infos.

Gruß,
Chris


Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
 
Set objUserLDAP = GetObject _
  ("LDAP://CN=testbenutzer,OU=Technik,OU=Koeln,DC=dom,DC=sonehow")
intCurrentValue = objUserLDAP.Get("userAccountControl")
 
If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
    Wscript.Echo "The password does not expire."
Else
    dtmValue = objUserLDAP.PasswordLastChanged 
    Wscript.Echo "The password was last changed on " & _
        DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
            "The difference between when the password was last set" &  _
                "and today is " & int(now - dtmValue) & " days"
    intTimeInterval = int(now - dtmValue)
  
    Set objDomainNT = GetObject("WinNT://COMAG")
    intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
    If intMaxPwdAge < 0 Then
        WScript.Echo "The Maximum Password Age is set to 0 in the " & _
            "domain. Therefore, the password does not expire."
    Else
        intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
        Wscript.Echo "The maximum password age is " & intMaxPwdAge & " days"
        If intTimeInterval >= intMaxPwdAge Then
          Wscript.Echo "The password has expired."
        Else
          Wscript.Echo "The password will expire on " & _
              DateValue(dtmValue + intMaxPwdAge) & " (" & _
                  int((dtmValue + intMaxPwdAge) - now) & " days from today" & _
                      ")."
        End If
    End If
End If

WindowsStar View Drop Down

Senior Member

Joined: 30 June 2010
Status: Offline
Points: 497

Post Options

Post Reply

Quote WindowsStar

Report Post

Thanks(0)

Quote

Posted: 05 December 2012 at 11:05pm

Here is another:

' PwdLastSet.vbs
' VBScript program to retrieve password information for a user.
' This includes the date the password was last set, the domain maximum
' password age policy, and whether the user can change their password.
'
' ----------------------------------------------------------------------
' Copyright (c) 2002 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - December 5, 2002
' Version 1.1 - March 7, 2003 - Standardize Hungarian notation.
' Version 1.2 - April 27, 2003 - Retrieve pwdLastSet from one DC.
' Version 1.3 - May 9, 2003 - Account for error in IADsLargeInteger
'                             property methods HighPart and LowPart.
' Version 1.4 - December 29, 2009 - Modify function Integer8Date.
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.

Option Explicit

Dim objUser, strUserDN, objShell, lngBiasKey, lngBias, k
Dim objRootDSE, strDNSDomain, objDomain, objMaxPwdAge, intMaxPwdAge
Dim objDate, dtmPwdLastSet, lngFlag, blnPwdExpire, blnExpired
Dim lngHighAge, lngLowAge

Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

' Hard code user Distinguished Name.
strUserDN = "cn=TestUser,ou=Sales,dc=MyDomain,dc=com"
Set objUser = GetObject("LDAP://" & strUserDN)

' Obtain local time zone bias from machine registry.
' This bias changes with Daylight Savings Time.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
    & "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
    lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
End If

' Determine domain maximum password age policy in days.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objMaxPwdAge = objDomain.MaxPwdAge

' Account for bug in IADslargeInteger property methods.
lngHighAge = objMaxPwdAge.HighPart
lngLowAge = objMaxPwdAge.LowPart
If (lngLowAge < 0) Then
    lngHighAge = lngHighAge + 1
End If
intMaxPwdAge = -((lngHighAge * 2^32) _
    + lngLowAge)/(600000000 * 1440)

' Retrieve user password information.
' The pwdLastSet attribute should always have a value assigned,
' but other Integer8 attributes representing dates could be "Null".
If (TypeName(objUser.pwdLastSet) = "Object") Then
    Set objDate = objUser.pwdLastSet
    dtmPwdLastSet = Integer8Date(objDate, lngBias)
Else
    dtmPwdLastSet = #1/1/1601#
End If
lngFlag = objUser.Get("userAccountControl")
blnPwdExpire = True
If ((lngFlag And ADS_UF_PASSWD_CANT_CHANGE) <> 0) Then
    blnPwdExpire = False
End If
If ((lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0) Then
    blnPwdExpire = False
End If

' Determine if password expired.
blnExpired = False
If (blnPwdExpire = True) Then
    If (DateDiff("d", dtmPwdLastSet, Now()) > intMaxPwdAge) Then
        blnExpired = True
    End If
End If

' Display password information.
Wscript.Echo "User: " & strUserDN & vbCrLf & "Password last set: " _
    & dtmPwdLastSet & vbCrLf & "Maximum password age (days): " _
    & intMaxPwdAge & vbCrLf & "Can password expire? " & blnPwdExpire _
    & vbCrLf & "Password expired? " & blnExpired

Function Integer8Date(ByVal objDate, ByVal lngBias)
    ' Function to convert Integer8 (64-bit) value to a date, adjusted for
    ' local time zone bias.
    Dim lngAdjust, lngDate, lngHigh, lngLow
    lngAdjust = lngBias
    lngHigh = objDate.HighPart
    lngLow = objdate.LowPart
    ' Account for error in IADsLargeInteger property methods.
    If (lngLow < 0) Then
        lngHigh = lngHigh + 1
    End If
    If (lngHigh = 0) And (lngLow = 0) Then
        lngAdjust = 0
    End If
    lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
        + lngLow) / 600000000 - lngAdjust) / 1440
    ' Trap error if lngDate is ridiculously huge.
    On Error Resume Next
    Integer8Date = CDate(lngDate)
    If (Err.Number <> 0) Then
        On Error GoTo 0
        Integer8Date = #1/1/1601#
    End If
    On Error GoTo 0
End Function

chris2012

Newbie

Joined: 24 November 2012
Status: Offline
Points: 3

Post Options

Post Reply

Quote chris2012

Report Post

Thanks(0)

Quote

Posted: 06 December 2012 at 9:06am

how can I connect BG-INFO and your code?

I have found also a little bit smaler version

On Error Resume Next
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Const ONE_HUNDRED_NANOSECOND    = .000000100
Const SECONDS_IN_DAY            = 86400
Const NO_EXPIRE                 = 99999

'**************************************************************
'* Function to get number of days left before password change *
'**************************************************************

Function PasswordDaysLeft()

'Default to zero days left...an error can occur if the user
'is forced to change their password. This will cover that
PasswordDaysLeft = 0

Set objADSystemInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)

intUserAccountControl = objUser.Get("userAccountControl")
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
   PasswordDaysLeft = NO_EXPIRE
   Exit Function
Else
    dtmValue = objUser.PasswordLastChanged
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
      PasswordDaysLeft = NO_EXPIRE
   Exit Function
    Else
        intTimeInterval = Int(Now - dtmValue)
    End If

Set objDomain = GetObject("LDAP://" & objADSystemInfo.DomainDNSName)
Set objMaxPwdAge = objDomain.Get("maxPwdAge")

    If objMaxPwdAge.LowPart = 0 Then
   PasswordDaysLeft = NO_EXPIRE
      Exit Function
    Else
        dblMaxPwdNano = Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
        dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND
        dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)

        If intTimeInterval >= dblMaxPwdDays Then
         PasswordDaysLeft = 0
        Else
         PasswordDaysLeft = Int((dtmValue + dblMaxPwdDays) - Now)
        End If
    End If
End If

End Function

'**************************************************************
'* Main Application Loop *
'**************************************************************

if PasswordDaysLeft() <= 7 then
MsgBox("Passwort expires in " & PasswordDaysLeft() & " days")
end if

Reiniger

Newbie

Joined: 05 December 2012
Status: Offline
Points: 7

Post Options

Post Reply

Quote Reiniger

Report Post

Thanks(0)

Quote

Posted: 06 December 2012 at 12:31pm

for 'my' script:
(I did not check the other scripts!)

to get it run with BGInfo you have to:

- replace wscript.echo with echo in the Script (6 Times)

- create a bginfo config with a "Custom Field":
Click Cutom..., click New..., name the Identifier: "CustomField Password", mark VBScript file, Browse to the VBSScript, Ok, Ok

Chenge the BGInfo Text:
Password Information: <CustomField Password>

Thats it!

Chris

Reiniger

Newbie

Joined: 05 December 2012
Status: Offline
Points: 7

Post Options

Post Reply

Quote Reiniger

Report Post

Thanks(0)

Quote

Posted: 06 December 2012 at 12:47pm

bginfo text:

Password will expire in <CustomField Password>

Chris

Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objUserLDAP = GetObject _
("LDAP://CN=testbenutzer,OU=Technik,OU=Koeln,DC=something,DC=com")
intCurrentValue = objUserLDAP.Get("userAccountControl")

If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
    Echo "The password does not expire."
Else
    dtmValue = objUserLDAP.PasswordLastChanged
    rem Echo VbCrLf & "Last changed.: " & _
    rem    DateValue(dtmValue) & " " & TimeValue(dtmValue) & VbCrLf & _
    rem        "Last set....: " & int(now - dtmValue) & " days"
    intTimeInterval = int(now - dtmValue)

    Set objDomainNT = GetObject("WinNT://COMAG")
    intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
    If intMaxPwdAge < 0 Then
        Echo "The Maximum Password Age is set to 0 in the " & _
            "domain. Therefore, the password does not expire."
    Else
        intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
       rem Echo VbCrLf & "The maximum password age is " & intMaxPwdAge & " days"
        If intTimeInterval >= intMaxPwdAge Then
          Echo "The password has expired."
        Else
          rem Echo VbCrLf & "Password will expire in : " & int((dtmValue + intMaxPwdAge) - now) & " days."
          Echo int((dtmValue + intMaxPwdAge) - now) & " days"
          End If
    End If
End If

Edited by Reiniger - 06 December 2012 at 12:48pm

WindowsStar View Drop Down

Senior Member

Joined: 30 June 2010
Status: Offline
Points: 497

Post Options

Post Reply

Quote WindowsStar

Report Post

Thanks(0)

Quote

Posted: 06 December 2012 at 11:27pm

Reiniger wrote:

for 'my' script:
(I did not check the other scripts!)

to get it run with BGInfo you have to:

- replace wscript.echo with echo in the Script (6 Times)

- create a bginfo config with a "Custom Field":
Click Cutom..., click New..., name the Identifier: "CustomField Password", mark VBScript file, Browse to the VBSScript, Ok, Ok

Chenge the BGInfo Text:
Password Information: <CustomField Password>

Thats it!

Chris

+1 Yup that should help you out. -WS