Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > BgInfo
  New Posts New Posts RSS Feed - Suggestion, Password expires
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Suggestion, Password expires

 Post Reply Post Reply
Author
Message
chris2012 View Drop Down
Newbie
Newbie


Joined: 24 November 2012
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote chris2012 Quote  Post ReplyReply Direct Link To This Post Topic: Suggestion, Password expires
    Posted: 24 November 2012 at 9:30am
hi all,
we love BGInfo because our User don't find the hostname without BGINFO and we need the hostname to remote desktop. Now we show the Hostname on Desktop and it is easy on telephon to tell it the service desk.
We run bginfo daily at logon.
 
We have a suggestion: If It was posible, it would be helpful for many people to see the password expires time.
Example: if you go into the holiday and your password expired you can't sync mails with handy. But if you see that you password will expired on the next 10 days you will change it manually.
 
 
thanks.
Back to Top
Reiniger View Drop Down
Newbie
Newbie


Joined: 05 December 2012
Status: Offline
Points: 7
Post Options Post Options   Thanks (0) Thanks(0)   Quote Reiniger Quote  Post ReplyReply Direct Link To This Post Posted: 05 December 2012 at 5:04pm
You have to change this a bit.
Now it is standalone and it opens a requester with the infos.

Gruß,
Chris


Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
 
Set objUserLDAP = GetObject _
  ("LDAP://CN=testbenutzer,OU=Technik,OU=Koeln,DC=dom,DC=sonehow")
intCurrentValue = objUserLDAP.Get("userAccountControl")
 
If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
    Wscript.Echo "The password does not expire."
Else
    dtmValue = objUserLDAP.PasswordLastChanged
    Wscript.Echo "The password was last changed on " & _
        DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
            "The difference between when the password was last set" &  _
                "and today is " & int(now - dtmValue) & " days"
    intTimeInterval = int(now - dtmValue)
 
    Set objDomainNT = GetObject("WinNT://COMAG")
    intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
    If intMaxPwdAge < 0 Then
        WScript.Echo "The Maximum Password Age is set to 0 in the " & _
            "domain. Therefore, the password does not expire."
    Else
        intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
        Wscript.Echo "The maximum password age is " & intMaxPwdAge & " days"
        If intTimeInterval >= intMaxPwdAge Then
          Wscript.Echo "The password has expired."
        Else
          Wscript.Echo "The password will expire on " & _
              DateValue(dtmValue + intMaxPwdAge) & " (" & _
                  int((dtmValue + intMaxPwdAge) - now) & " days from today" & _
                      ")."
        End If
    End If
End If


Back to Top
WindowsStar View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 June 2010
Status: Offline
Points: 608
Post Options Post Options   Thanks (0) Thanks(0)   Quote WindowsStar Quote  Post ReplyReply Direct Link To This Post Posted: 05 December 2012 at 11:05pm
Here is another:
 
' PwdLastSet.vbs
' VBScript program to retrieve password information for a user.
' This includes the date the password was last set, the domain maximum
' password age policy, and whether the user can change their password.
'
' ----------------------------------------------------------------------
' Copyright (c) 2002 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - December 5, 2002
' Version 1.1 - March 7, 2003 - Standardize Hungarian notation.
' Version 1.2 - April 27, 2003 - Retrieve pwdLastSet from one DC.
' Version 1.3 - May 9, 2003 - Account for error in IADsLargeInteger
'                             property methods HighPart and LowPart.
' Version 1.4 - December 29, 2009 - Modify function Integer8Date.
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.

Option Explicit

Dim objUser, strUserDN, objShell, lngBiasKey, lngBias, k
Dim objRootDSE, strDNSDomain, objDomain, objMaxPwdAge, intMaxPwdAge
Dim objDate, dtmPwdLastSet, lngFlag, blnPwdExpire, blnExpired
Dim lngHighAge, lngLowAge

Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

' Hard code user Distinguished Name.
strUserDN = "cn=TestUser,ou=Sales,dc=MyDomain,dc=com"
Set objUser = GetObject("LDAP://" & strUserDN)

' Obtain local time zone bias from machine registry.
' This bias changes with Daylight Savings Time.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
    & "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
    lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
End If

' Determine domain maximum password age policy in days.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)
Set objMaxPwdAge = objDomain.MaxPwdAge

' Account for bug in IADslargeInteger property methods.
lngHighAge = objMaxPwdAge.HighPart
lngLowAge = objMaxPwdAge.LowPart
If (lngLowAge < 0) Then
    lngHighAge = lngHighAge + 1
End If
intMaxPwdAge = -((lngHighAge * 2^32) _
    + lngLowAge)/(600000000 * 1440)

' Retrieve user password information.
' The pwdLastSet attribute should always have a value assigned,
' but other Integer8 attributes representing dates could be "Null".
If (TypeName(objUser.pwdLastSet) = "Object") Then
    Set objDate = objUser.pwdLastSet
    dtmPwdLastSet = Integer8Date(objDate, lngBias)
Else
    dtmPwdLastSet = #1/1/1601#
End If
lngFlag = objUser.Get("userAccountControl")
blnPwdExpire = True
If ((lngFlag And ADS_UF_PASSWD_CANT_CHANGE) <> 0) Then
    blnPwdExpire = False
End If
If ((lngFlag And ADS_UF_DONT_EXPIRE_PASSWD) <> 0) Then
    blnPwdExpire = False
End If

' Determine if password expired.
blnExpired = False
If (blnPwdExpire = True) Then
    If (DateDiff("d", dtmPwdLastSet, Now()) > intMaxPwdAge) Then
        blnExpired = True
    End If
End If

' Display password information.
Wscript.Echo "User: " & strUserDN & vbCrLf & "Password last set: " _
    & dtmPwdLastSet & vbCrLf & "Maximum password age (days): " _
    & intMaxPwdAge & vbCrLf & "Can password expire? " & blnPwdExpire _
    & vbCrLf & "Password expired? " & blnExpired

Function Integer8Date(ByVal objDate, ByVal lngBias)
    ' Function to convert Integer8 (64-bit) value to a date, adjusted for
    ' local time zone bias.
    Dim lngAdjust, lngDate, lngHigh, lngLow
    lngAdjust = lngBias
    lngHigh = objDate.HighPart
    lngLow = objdate.LowPart
    ' Account for error in IADsLargeInteger property methods.
    If (lngLow < 0) Then
        lngHigh = lngHigh + 1
    End If
    If (lngHigh = 0) And (lngLow = 0) Then
        lngAdjust = 0
    End If
    lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
        + lngLow) / 600000000 - lngAdjust) / 1440
    ' Trap error if lngDate is ridiculously huge.
    On Error Resume Next
    Integer8Date = CDate(lngDate)
    If (Err.Number <> 0) Then
        On Error GoTo 0
        Integer8Date = #1/1/1601#
    End If
    On Error GoTo 0
End Function
Back to Top
chris2012 View Drop Down
Newbie
Newbie


Joined: 24 November 2012
Status: Offline
Points: 3
Post Options Post Options   Thanks (0) Thanks(0)   Quote chris2012 Quote  Post ReplyReply Direct Link To This Post Posted: 06 December 2012 at 9:06am
how can I connect BG-INFO and your code?
I have found also a little bit smaler version
 
On Error Resume Next
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ONE_HUNDRED_NANOSECOND    = .000000100
Const SECONDS_IN_DAY            = 86400
Const NO_EXPIRE                 = 99999
'**************************************************************
'* Function to get number of days left before password change *
'**************************************************************
Function PasswordDaysLeft()
 'Default to zero days left...an error can occur if the user
 'is forced to change their password. This will cover that
 PasswordDaysLeft = 0
 Set objADSystemInfo = CreateObject("ADSystemInfo")             
 Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)  

 intUserAccountControl = objUser.Get("userAccountControl")
 If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
   PasswordDaysLeft = NO_EXPIRE
   Exit Function
 Else
    dtmValue = objUser.PasswordLastChanged
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
      PasswordDaysLeft = NO_EXPIRE
   Exit Function
    Else
        intTimeInterval = Int(Now - dtmValue)
    End If
    Set objDomain = GetObject("LDAP://" & objADSystemInfo.DomainDNSName)
    Set objMaxPwdAge = objDomain.Get("maxPwdAge")
    If objMaxPwdAge.LowPart = 0 Then
   PasswordDaysLeft = NO_EXPIRE
      Exit Function
    Else
        dblMaxPwdNano = Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
        dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND
        dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)
        If intTimeInterval >= dblMaxPwdDays Then
         PasswordDaysLeft = 0
        Else
         PasswordDaysLeft = Int((dtmValue + dblMaxPwdDays) - Now)
        End If
    End If
 End If
End Function
'**************************************************************
'* Main Application Loop                                      *
'**************************************************************
if PasswordDaysLeft() <= 7 then
 MsgBox("Passwort expires in " & PasswordDaysLeft() & " days")
end if
Back to Top
Reiniger View Drop Down
Newbie
Newbie


Joined: 05 December 2012
Status: Offline
Points: 7
Post Options Post Options   Thanks (0) Thanks(0)   Quote Reiniger Quote  Post ReplyReply Direct Link To This Post Posted: 06 December 2012 at 12:31pm
for 'my' script:
(I did not check the other scripts!)

to get it run with BGInfo you have to:

- replace wscript.echo with echo in the Script (6 Times)

- create a bginfo config with a "Custom Field":
Click Cutom..., click New..., name the Identifier: "CustomField Password", mark VBScript file, Browse to the VBSScript, Ok, Ok

Chenge the BGInfo Text:
Password Information: <CustomField Password>

Thats it!

Chris
Back to Top
Reiniger View Drop Down
Newbie
Newbie


Joined: 05 December 2012
Status: Offline
Points: 7
Post Options Post Options   Thanks (0) Thanks(0)   Quote Reiniger Quote  Post ReplyReply Direct Link To This Post Posted: 06 December 2012 at 12:47pm
bginfo text:

Password will expire in <CustomField Password>


Chris


Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
 
Set objUserLDAP = GetObject _
  ("LDAP://CN=testbenutzer,OU=Technik,OU=Koeln,DC=something,DC=com")
intCurrentValue = objUserLDAP.Get("userAccountControl")
 
If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
    Echo "The password does not expire."
Else
    dtmValue = objUserLDAP.PasswordLastChanged
    rem Echo VbCrLf & "Last changed.: " & _
    rem    DateValue(dtmValue) & " " & TimeValue(dtmValue) & VbCrLf & _
    rem        "Last set....: " & int(now - dtmValue) & " days"
    intTimeInterval = int(now - dtmValue)
 
    Set objDomainNT = GetObject("WinNT://COMAG")
    intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
    If intMaxPwdAge < 0 Then
        Echo "The Maximum Password Age is set to 0 in the " & _
            "domain. Therefore, the password does not expire."
    Else
        intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
       rem Echo VbCrLf & "The maximum password age is " & intMaxPwdAge & " days"
        If intTimeInterval >= intMaxPwdAge Then
          Echo "The password has expired."
        Else
          rem Echo VbCrLf & "Password will expire in : " & int((dtmValue + intMaxPwdAge) - now) & " days."
          Echo int((dtmValue + intMaxPwdAge) - now) & " days"
          End If
    End If
End If

Edited by Reiniger - 06 December 2012 at 12:48pm
Back to Top
WindowsStar View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 June 2010
Status: Offline
Points: 608
Post Options Post Options   Thanks (0) Thanks(0)   Quote WindowsStar Quote  Post ReplyReply Direct Link To This Post Posted: 06 December 2012 at 11:27pm
Originally posted by Reiniger Reiniger wrote:

for 'my' script:
(I did not check the other scripts!)

to get it run with BGInfo you have to:

- replace wscript.echo with echo in the Script (6 Times)

- create a bginfo config with a "Custom Field":
Click Cutom..., click New..., name the Identifier: "CustomField Password", mark VBScript file, Browse to the VBSScript, Ok, Ok

Chenge the BGInfo Text:
Password Information: <CustomField Password>

Thats it!

Chris
+1 Yup that should help you out. -WS
Back to Top
jzabrams View Drop Down
Newbie
Newbie


Joined: 05 November 2013
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote jzabrams Quote  Post ReplyReply Direct Link To This Post Posted: 05 November 2013 at 2:12pm
This is a great solution, but I feel like I'm missing something (scripting is not my strong suit)...?
 
Missing something in that I can only make this work for a specific user I specify with CN=, whereas I feel like it's supposed to work for the currently logged on user? 
 
Even if that's not case, this still works for the handful of remote users I really need it for - it'd just be nice to roll it out for everybody.
 
Thanks, -Joe
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down