I want to get information on a user. I did the statement below to get properties of users.
properties of type “user”
logged on user of : logged on user
sid of : security identifier
name of : string
active directory user of : active directory local user
password age of : time interval
guest privilege of : boolean
user privilege of : boolean
admin privilege of : boolean
home directory of : string
home directory folder of : folder
comment of : string
script flag of : boolean
account disabled flag of : boolean
home directory required flag of : boolean
no password required flag of : boolean
password change disabled flag of : boolean
locked out flag of : boolean
password expiration disabled flag of : boolean
normal account flag of : boolean
temporary duplicate account flag of : boolean
workstation trust account flag of : boolean
server trust account flag of : boolean
interdomain trust account flag of : boolean
logon script of : string
print operator flag of : boolean
communications operator flag of : boolean
server operator flag of : boolean
accounts operator flag of : boolean
full name of : string
user comment of : string
application parameter string of : string
allowed workstations string of : string
last logon of : time
last logoff of : time
account expiration of : time
maximum storage of : integer
bad password count of : integer
logon count of : integer
logon server of : string
country code of : integer
code page of : integer
id of : integer
user id of : integer
primary group id of : integer
profile folder of : string
home directory drive of : string
password expired of : boolean
domain of : string
winrt packages of : winrt package
When I do this it works.
(names of it) of users
Administrator
DefaultAccount
Guest
usrTemplate
This works as well.
(last logons of it) of users
Sat, 22 Jan 2022 12:01:00 -0700
Fri, 28 May 2021 06:31:55 -0700
Tue, 23 May 2017 12:47:30 -0700
When I try to combine them it fails. I have tried this so many different ways and I get different errors.
(names of it & " - " & last logons of it as string) of users
Its because you are trying to join plural strings. You would need to use singular strings to join the results, eg
Q: (name of it & " - " & (last logon of it as string | "No Login")) of users
A: DefaultAccount - No Login
A: Guest - No Login
A: Administrator - Mon, 11 Mar 2019 17:41:26 +0000
A: MyLocal - Fri, 17 Dec 2021 11:34:02 +0000
T: 4.462 ms
I: plural string
Nice. So I changed it a little.
(name of it & " - " & (last logon of it as string | “No Login”) & " - " & (last logoff of it as string | “No Logoff”)) of users
Looks good.
Now the next question, why can’t I do the same with Domain Users instead of users.
When I do properties of type “Domain User” I get the error below. I’d rather use domain users over just users to get the same type of information.
You lost me. How did you get that? I see if I keep scrolling it shows a bunch of properties of Users but is there an easier way to see if an object has properties?
So there are a few things at play here.
The domain user type inherits from user so all the properties are available.
The inspectors though rely on Windows actually filling out a structure completely ( the struct is https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/ns-lmaccess-user_info_3 ) and for various reasons it leaves them blank a lot especially on the domain user requests probably due to reasons that have been mentioned before (overloading the domain controller).
An additional wrinkle is that on a domain controller, all the domain users are “local” to the system so therefore are regular users.
I actually started with local users because that is what I am trying to do, pull a list of domain users from a domain controller, specifically only the PDC. I was trying to work with domain users though to see if the filtering is any better. Looks like it’s just easier to keep going with the local users though.
How do I make “Windows” not case sensitive? I’m guessing case insensitive regular expression but not sure how to write it out.
(name of it & " - " & (last logon of it as string | “No Login” & " -" & (comment of it as string) & " - " & (last logoff of it as string | “No Logoff”))) of users whose (comment of it contains “Windows” as string)
That’s to convert both the actual ‘comment’ value and the literal ‘Windows’ string to lowercase, so they’ll both match.
You could have also changed the literal yourself, as
(comment of it as lowercase contains “windows”)
I prefer explicitly forcing both to lowercase, as someone modifying the relevance later may not know they have to enter an all lowercase string.
I found out we have some admins that are trying to set their passwords to never expire in customer domains so I need to expand this. I’m having trouble with the AND searching for the boolean “False”. It ends up finding an account that doesn’t have password set to never expire because it has OneNeck in the name and ignores the AND condition. What am I doing wrong here?
(full name of it & " - " & (last logon of it as string | "No Login" & " -" & (comment of it as string) & " - " & (last logoff of it as string | "No Logoff") & " - Disabled=" & account disabled flag of it as string & " - Password Never Expires=" & password expiration disabled flag of it as string )) of users whose ((comment of it as lowercase contains "windows" as lowercase) OR (comment of it as lowercase contains "oneneck" as lowercase) AND (password expiration disabled flag of it as string contains "False"))
I edited my initial response to use & to join the results
