Also when I remove the existing conditions and replace with “whose (password expiration disabled flag” I get a singular expression error. So I think it’s tripping out here and just spitting out results when the conditions are combined.
I use the ‘single clause’ tab of the Fixlet Debugger, then press to format the code
Doing this, part of your code looks like
users
whose
(
(
comment of it as lowercase contains "windows" as lowercase
)
OR
(
comment of it as lowercase contains "oneneck" as lowercase
)
AND
(
password expiration disabled flag of it as string contains "False"
)
)
I don’t actually know which of AND & OR takes precedence here - I just add braces to ensure the evaluation is what I want (and I’m not even sure which you want).
The options seem to be
users
whose
(
(
comment of it as lowercase contains "windows" as lowercase
)
OR
(
(
comment of it as lowercase contains "oneneck" as lowercase
)
AND
(
password expiration disabled flag of it as string contains "False"
)
)
)
users
whose
(
(
(
comment of it as lowercase contains "windows" as lowercase
)
OR
(
comment of it as lowercase contains "oneneck" as lowercase
)
)
AND
(
password expiration disabled flag of it as string contains "False"
)
)Where is format code?
I was able to figure it out by looking at what you did. I just needed to add some extra parenthesis and change it to true. I don’t know why I had false in there.
Single clause tab, then CTRL- D
1 Like
Back to this one. I created another analysis that looks for our users in customer domains who have flagged their accounts to not expire. This runs in 77 domains almost flawlessly. There are two domains that come back with Singular expression error. I believe they are both 2008 R2 domain controllers. Is there a way to suppress the error and report what it gets?
The only property I see there that is not error trapped is “full name” - is it possible a “full name” doesn’t exist for an account?
Try
(Full name of it | "NoName")
1 Like
Like this?
(full name of it | “NoName” & " - " & (last logon of it as string | “No Login” & " -" & (comment of it as string) & " - " & (last logoff of it as string | “No Logoff”) & " - Disabled=" & account disabled flag of it as string & " - Password Never Expires=" & password expiration disabled flag of it as string )) of users whose (((comment of it as lowercase contains “windows” as lowercase) OR (comment of it as lowercase contains “oneneck” as lowercase)) AND (password expiration disabled flag of it as string contains “True”))
I’m also trying to expand to remove service accounts but I’m getting an error that my parenthesis don’t match. What am I doing wrong here?
(full name of it & " - " & (last logon of it as string | “No Login” & " -" & (comment of it as string) & " - " & (last logoff of it as string | “No Logoff”) & " - Disabled=" & account disabled flag of it as string & " - Password Never Expires=" & password expiration disabled flag of it as string )) of users whose ((((comment of it as lowercase contains “windows” as lowercase) OR (comment of it as lowercase contains “oneneck” as lowercase)) AND (full name of it not contains “svc”) AND (password expiration disabled flag of it as string contains “True”))
Highlighted is what I added.
Use the debugger to highlight each parenthesis and it should show you the matching close…looks like “Last Login Time”.is missing a close-parenthesis.
I think I got it. I was trying not contains, I think it needs to be does not contain. Going to test on a machine with a service account now.
1 Like
Today I got asked if I could get all the results for a domain into one row per user. Currently the way this works it puts the domain in one column, all users for that domain in the next column in a single row, and the domain controller name in a column. Again, all in a single row. Is it possible to do this where it keeps listing the server, and domain over and over with a single user on it’s own row? Otherwise they have to mess with word wrap to get it into a viewable state.
Those are already separate results - it’s just the Web Reports style that merges them into one cell.
In Web Reports, when you add the column to the table in the “Manage Columns” button, click the “+” beside the column name and it will expand those results into separate rows.
I use web reports. The problem is when you export it to csv it puts all the results for each server in a single row, since in web reports it’s all in the same row as well. I have reports setup to automatically go to our security team and wanted to make it easier for them to read.
Fixing that is easy - just select to expand the data for that property: Edit Columns → Current Columns → Click the “+” next to the property you want to expand. Just don’t do it with multiple properties at the same time (it starts creates permutations of every feasible value matches between the properties.
The tricky bit is to split the data from one column to multiple - then you need to start writing custom reports with session relevance…
It had to be something that simple. That did it. Thank you.